Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUP.Optional.Conduit.A


  • This topic is locked This topic is locked
15 replies to this topic

#1 Jarod1

Jarod1

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 18 April 2014 - 06:49 PM

2.
I was trying to get a game to play on Voobly working properly which required port forwarding and so, I had to set a static IP and use this tool from portforward.com to test if the ports were opened or not. I was on the phone while installing the software which resulted in me accepting what I thought was a window for going forward with the installation. Two more accept/decline windows followed it and I knew I messed up (I hit decline on those).

 

I ran a full scan using Malwarebytes and it found 9 infections on my computer by the name in the title.  I use firefox and have no toolbar on my windows or in my add-ons. I looked in my "Add or Remove programs" and found nothing new. Should I remove that portforward.com tool? I ask because they seem to be pretty trusted, the optional downloads are what seem to be malicious.

3.
I use windows XP and am planning on upgrading soon.

4.
I ran Malwarebytes.



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:09 PM

Posted 18 April 2014 - 07:24 PM

Hello -

Please run these few programs and Copy / Paste the logs generated. Temporarily Disable Your Anti-virus if needed

 

 

Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If a security program requests permission to access the Internet, allow it to do so.

 

 

Please download MiniToolBox to desktop and run it.
Checkmark the following boxes:

* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

 

Please download and run RKill by Grinler. A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.

At most the tool will run for about 2 minutes

Copt and Paste the log it produces.

 

 

Important: Do not reboot your computer until you complete the next step.

 

 

* Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Click on the Clean button (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

After the reboot please run J.R.T.

Please download Junkware Removal Tool by thisisu and save it to your Desktop.
* Close all open programs and shut down any protection/security software now to avoid potential conflicts.
* Double-click on JRT.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
* Copy and paste the contents of JRT.txt in your next reply.
These tools will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons, browser helper objects (BHOs) and other junkware to include many related registry entires (values, keys)

 

 

 

If you have an old related Malwarebytes Anti-Malware log, please paste it back here.



#3 Jarod1

Jarod1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 19 April 2014 - 03:20 PM

 Results of screen317's Security Check version 0.99.82  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 avast! Free Antivirus    
`````````Anti-malware/Other Utilities Check:`````````
 WinPatrol
 SUPERAntiSpyware     
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 7 Update 51  
 Java version out of Date!
 Adobe Flash Player     13.0.0.182  
 Adobe Reader XI  
 Mozilla Firefox (28.0)
````````Process Check: objlist.exe by Laurent````````  
 WinPatrol winpatrol.exe
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
 BillP Studios WinPatrol winpatrol.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 36% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Jay (administrator) on 19-04-2014 at 14:55:19
Running from "C:\Documents and Settings\Jay\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost


========================= Event log errors: ===============================

Application errors:
==================
Error: (04/18/2014 10:02:46 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (04/11/2014 03:50:56 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 28.0.0.5186, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/11/2014 03:47:55 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 28.0.0.5186, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/26/2014 10:42:35 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/26/2014 10:42:34 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (03/17/2014 07:17:17 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (03/17/2014 07:17:16 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (03/17/2014 07:17:16 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (03/17/2014 07:17:16 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (03/17/2014 07:17:16 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.


System errors:
=============
Error: (04/19/2014 02:28:19 PM) (Source: DCOM) (User: JAY-777)
Description: DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (04/18/2014 04:54:54 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Error: (04/18/2014 04:54:18 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
IntelIde

Error: (04/17/2014 02:06:00 AM) (Source: DCOM) (User: JAY-777)
Description: DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (04/16/2014 11:05:11 PM) (Source: DCOM) (User: JAY-777)
Description: DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (04/16/2014 01:35:39 PM) (Source: DCOM) (User: JAY-777)
Description: DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (04/14/2014 11:38:44 PM) (Source: Service Control Manager) (User: )
Description: The SAS Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (04/14/2014 11:38:44 PM) (Source: Service Control Manager) (User: )
Description: The AT&T Troubleshoot & Resolve service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (04/14/2014 11:38:40 PM) (Source: Service Control Manager) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/14/2014 11:38:40 PM) (Source: Service Control Manager) (User: )
Description: The Pml Driver HPZ12 service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (04/18/2014 10:02:46 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (04/11/2014 03:50:56 PM) (Source: Application Hang)(User: )
Description: firefox.exe28.0.0.5186hungapp0.0.0.000000000

Error: (04/11/2014 03:47:55 PM) (Source: Application Hang)(User: )
Description: firefox.exe28.0.0.5186hungapp0.0.0.000000000

Error: (03/26/2014 10:42:35 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (03/26/2014 10:42:34 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (03/17/2014 07:17:17 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (03/17/2014 07:17:16 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (03/17/2014 07:17:16 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (03/17/2014 07:17:16 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (03/17/2014 07:17:16 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.


========================= Memory info: ===================================

Percentage of memory in use: 18%
Total physical RAM: 3070.08 MB
Available physical RAM: 2503.04 MB
Total Pagefile: 4956.07 MB
Available Pagefile: 4433.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.5 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:232.82 GB) (Free:59.05 GB) NTFS

========================= Users: ========================================

User accounts for \\JAY-777

Administrator            ASPNET                   Guest                    
HelpAssistant            Jay                      SUPPORT_388945a0         
Visitor                  


**** End of log ****
 

 

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/19/2014 02:56:18 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\WINDOWS\system32\HPZipm12.exe (PID: 2600) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
     * C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 04/19/2014 02:57:06 PM
Execution time: 0 hours(s), 0 minute(s), and 48 seconds(s)
 

 

 

# AdwCleaner v3.024 - Report created 19/04/2014 at 14:57:43
# Updated 18/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Jay - JAY-777
# Running from : C:\Documents and Settings\Jay\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.conduit.com/?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&ISID=M8A2A3F93-67C1-4CE7-AD90-BC5E2F6C71B0&SearchSource=55&CUI=&UM=5&UP=SP06036836-8966-4169-BCA9-87D90D2FD0A9&SSPV=

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\9qt35suj.default-1393025895734\prefs.js ]

Line Found : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1397537822165");

[ File : C:\Documents and Settings\Visitor\Application Data\Mozilla\Firefox\Profiles\nbklzpwp.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1413 octets] - [19/04/2014 14:57:43]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1473 octets] ##########
 

 

 

 

# AdwCleaner v3.024 - Report created 19/04/2014 at 15:00:15
# Updated 18/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Jay - JAY-777
# Running from : C:\Documents and Settings\Jay\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\9qt35suj.default-1393025895734\prefs.js ]

Line Deleted : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1397537822165");

[ File : C:\Documents and Settings\Visitor\Application Data\Mozilla\Firefox\Profiles\nbklzpwp.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1553 octets] - [19/04/2014 14:57:43]
AdwCleaner[S0].txt - [1295 octets] - [19/04/2014 15:00:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1355 octets] ##########
 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Jay on Sat 04/19/2014 at 15:04:31.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-448539723-602162358-839522115-1004\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/19/2014 at 15:15:24.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.18.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jay :: JAY-777 [administrator]

4/18/2014 2:23:22 PM
mbam-log-2014-04-18 (14-23-22).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 339347
Time elapsed: 1 hour(s), 32 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bad: (http://search.conduit.com/?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&ISID=M8A2A3F93-67C1-4CE7-AD90-BC5E2F6C71B0&SearchSource=55&CUI=&UM=5&UP=SP06036836-8966-4169-BCA9-87D90D2FD0A9&SSPV=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\System Volume Information\_restore{482EFD7C-8F82-43C4-B2C9-342BCC241213}\RP44\A0013751.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482EFD7C-8F82-43C4-B2C9-342BCC241213}\RP44\A0013752.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482EFD7C-8F82-43C4-B2C9-342BCC241213}\RP44\A0013754.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482EFD7C-8F82-43C4-B2C9-342BCC241213}\RP44\A0013756.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482EFD7C-8F82-43C4-B2C9-342BCC241213}\RP44\A0013757.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482EFD7C-8F82-43C4-B2C9-342BCC241213}\RP44\A0013758.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482EFD7C-8F82-43C4-B2C9-342BCC241213}\RP44\A0013759.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{482EFD7C-8F82-43C4-B2C9-342BCC241213}\RP44\A0013760.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)
 



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:09 PM

Posted 19 April 2014 - 05:39 PM

Hi -

8 files were removed with Conduit.A in them, has this improved anything ?

 

Please re-run  MiniToolBox but only tick * List Installed Programs, that you missed last time.

 

If the system is running a bit slow, please go - Start > Programs > Accessories > System Tools > Defragmenter and run this.

It will take a while to clear up all the Red (fragmented) areas and turn them to Blue (defragmented) -



#5 Jarod1

Jarod1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 19 April 2014 - 06:04 PM

After running all those steps/scans, I didn't get a prompt on start up asking me to change my homepage. The computer is running as fast as it normally does but I'll defrag the drives.

 

Sorry I missed that checkmark, Here's the minitoolbox results;

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Jay (administrator) on 19-04-2014 at 18:00:53
Running from "C:\Documents and Settings\Jay\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost


========================= Event log errors: ===============================

Application errors:
==================
Error: (04/19/2014 04:12:46 PM) (Source: Application Hang) (User: )
Description: Hanging application League of Legends.exe, version 4.5.0.260, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/18/2014 10:02:46 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at:

<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (04/11/2014 03:50:56 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 28.0.0.5186, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/11/2014 03:47:55 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 28.0.0.5186, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/26/2014 10:42:35 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from:

<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/26/2014 10:42:34 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from:

<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (03/17/2014 07:17:17 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at:

<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (03/17/2014 07:17:16 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at:

<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (03/17/2014 07:17:16 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at:

<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (03/17/2014 07:17:16 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at:

<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.


System errors:
=============
Error: (04/19/2014 03:00:17 PM) (Source: Service Control Manager) (User: )
Description: The SAS Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000

milliseconds: Restart the service.

Error: (04/19/2014 03:00:17 PM) (Source: Service Control Manager) (User: )
Description: The AT&T Troubleshoot & Resolve service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in

1000 milliseconds: Restart the service.

Error: (04/19/2014 03:00:15 PM) (Source: Service Control Manager) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/19/2014 03:00:15 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Network Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/19/2014 03:00:14 PM) (Source: Service Control Manager) (User: )
Description: The pcCMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/19/2014 03:00:14 PM) (Source: Service Control Manager) (User: )
Description: The SAS Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000

milliseconds: Restart the service.

Error: (04/19/2014 03:00:14 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Driver Helper Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/19/2014 03:00:14 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000

milliseconds: Restart the service.

Error: (04/19/2014 03:00:14 PM) (Source: Service Control Manager) (User: )
Description: The Machine Debug Manager service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/19/2014 03:00:14 PM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (04/19/2014 04:12:46 PM) (Source: Application Hang)(User: )
Description: League of Legends.exe4.5.0.260hungapp0.0.0.000000000

Error: (04/18/2014 10:02:46 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (04/11/2014 03:50:56 PM) (Source: Application Hang)(User: )
Description: firefox.exe28.0.0.5186hungapp0.0.0.000000000

Error: (04/11/2014 03:47:55 PM) (Source: Application Hang)(User: )
Description: firefox.exe28.0.0.5186hungapp0.0.0.000000000

Error: (03/26/2014 10:42:35 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (03/26/2014 10:42:34 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (03/17/2014 07:17:17 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (03/17/2014 07:17:16 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (03/17/2014 07:17:16 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (03/17/2014 07:17:16 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.


=========================== Installed Programs ============================

2600 (Version: 43.0.217.000)
2600_Help (Version: 43.0.217.000)
2600Trb (Version: 43.0.217.000)
Adobe Flash Player 13 Plugin (Version: 13.0.0.182)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
AiO_Scan (Version: 43.0.217.000)
AiOSoftware (Version: 43.0.217.000)
Any Video Converter 3.4.1
ATT Management Agent (Version: 8.3.1.18)
avast! Free Antivirus (Version: 9.0.2016)
Battle.net
BufferChm (Version: 43.1.5.000)
CCleaner (Version: 4.04)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Content Transfer (Version: 1.3.0.23190)
Copy (Version: 43.1.5.000)
CreativeProjects (Version: 43.1.5.000)
CreativeProjectsTemplates (Version: 43.1.5.000)
CueTour (Version: 43.1.5.000)
Darkstone
Dell Driver Reset Tool (Version: 1.02.0000)
Destinations (Version: 43.1.5.000)
Director (Version: 43.1.5.000)
DocProc (Version: 4.0.0.0)
DocumentViewer (Version: 43.0.217.000)
eReg (Version: 1.20.138.34)
Fax (Version: 43.0.217.000)
Gameforge Live 1.10.1 "Legend" (Version: 1.10.1)
GameRanger
Google Update Helper (Version: 1.3.23.9)
Hearthstone
HP Diagnostic Assistant (Version: 1.0.0.0)
HP Image Zone 4.2 (Version: 4.2)
HP PSC & OfficeJet 4.2
HP Software Update (Version: 2.0.39.20040212)
HPSystemDiagnostics (Version: 1.5.0.0)
InstantShare (Version: 4.0.0.40)
Intel® 537EP V9x DF PCI Modem
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4543)
Intel® PRO Network Adapters and Drivers
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
League of Legends (Version: 3.0.0)
Logitech SetPoint 6.61 (Version: 6.61.15)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Small Business Edition 2003 (Version: 11.0.5614.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Modem Helper (Version: 2.28)
Modem On Hold (Version: 1.12)
Mozilla Firefox 28.0 (x86 en-US) (Version: 28.0)
Mozilla Maintenance Service (Version: 28.0)
MSN
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Control Panel 332.21 (Version: 332.21)
NVIDIA GeForce Experience 1.8.1 (Version: 1.8.1)
NVIDIA Graphics Driver 332.21 (Version: 332.21)
NVIDIA HD Audio Driver 1.3.30.1 (Version: 1.3.30.1)
NVIDIA Install Application (Version: 2.1002.147.1067)
NVIDIA Network Service (Version: 1.0)
NVIDIA nView 140.75 (Version: 140.75)
NVIDIA PhysX (Version: 9.13.0725)
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725)
NVIDIA Update 10.11.15 (Version: 10.11.15)
NVIDIA Update Core (Version: 10.11.15)
Overland (Version: 2.1.5)
Pando Media Booster (Version: 2.6.0.7)
PFPortChecker 1.0.39 (Version: 1.0.39)
PhotoGallery (Version: 43.1.5.000)
PowerDVD 5.3
PrintScreen (Version: 43.1.5.000)
ProductContext (Version: 43.0.217.000)
QFolder (Version: 1.00.0000)
QuickProjects (Version: 43.1.5.000)
Razer Game Booster (Version: 3.7)
Readme (Version: 43.0.217.000)
Revo Uninstaller 1.95 (Version: 1.95)
Runes of Magic (Version: 6.0.2.2664)
Scan (Version: 4.1.0.0)
SkinsHP1 (Version: 43.1.5.000)
SoundMAX (Version: 5.12.01.5246)
StarCraft
StarCraft II
SUPERAntiSpyware (Version: 5.7.1018)
TrayApp (Version: 43.1.5.000)
Unload (Version: 4.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB2934207) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VLC media player 2.1.3 (Version: 2.1.3)
Voobly (Version: Voobly)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 43.1.5.000)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPatrol (Version: 30.0.2014.0)
WinRAR 4.01 (32-bit) (Version: 4.01.0)

========================= Memory info: ===================================

Percentage of memory in use: 18%
Total physical RAM: 3070.08 MB
Available physical RAM: 2502.26 MB
Total Pagefile: 4956.07 MB
Available Pagefile: 4428.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.44 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:232.82 GB) (Free:59.02 GB) NTFS

========================= Users: ========================================

User accounts for \\JAY-777

Administrator            ASPNET                   Guest                    
HelpAssistant            Jay                      SUPPORT_388945a0         
Visitor                  


**** End of log ****
 



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:09 PM

Posted 19 April 2014 - 08:21 PM

Thanks for the extra bit, as I was just looking for bad or problem programs

 

Seems like little problems like Conduit.A have now been cleared, but a Defrag is still a good idea.

 

Keep us updated if there are other problems showing later -



#7 Jarod1

Jarod1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 20 April 2014 - 12:11 PM

OK I defragged the drive. But I analyzed it again and its saying I should still defrag it.

 

The computer doesn't ask me on start up to change my internet explorer's homepage like it was before though.



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:09 PM

Posted 21 April 2014 - 04:01 AM

With your main problem gone (Conduit.A) let it run for a few days now.

 

Always post back if you have other problems.



#9 Jarod1

Jarod1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 21 April 2014 - 11:53 AM

I ran a quick scan using malwarebytes and it found just 1 object left. I should go ahead and do "remove selected" right?

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.21.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jay :: JAY-777 [administrator]

4/21/2014 11:43:45 AM
MBAM-log-2014-04-21 (11-51-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 249275
Time elapsed: 7 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bad: (http://search.conduit.com/?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&ISID=M8A2A3F93-67C1-4CE7-AD90-BC5E2F6C71B0&SearchSource=55&CUI=&UM=5&UP=SP06036836-8966-4169-BCA9-87D90D2FD0A9&SSPV=) Good: (http://www.google.com) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

Ok I did remove selected, restarted my computer and ran another quick scan and it gave the same report as the above.
 


Edited by Jarod1, 21 April 2014 - 01:22 PM.


#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:09 PM

Posted 21 April 2014 - 05:58 PM

  • • Remove Old Versions of Malwarebytes Anti-Malware
    • Please download mbam-clean.exe from Here to your desktop and save it.
    • Please close all open applications and Temporarily Disable Your Anti-virus to avoid any conflicts when running the tool.
    * Note : It will reboot your computer to complete the removal process (Very Important)
     
  •  
  • Download new Malwarebytes Anti-Malware Free 2.0.1 and save it to your desktop
  • Double click the desktop icon, click Run, then OK
  • Click Next
  • Select I accept the agreement then continue to click Next then finally click Install
  • Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
  • If you are notified the Database is out of date click Update Now
  • Click Scan Now >>

----------

  • Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
  • Click Start (Start, Search, All files and folders for Windows XP) then type mbam
  • Double click one of the four following files (if one does not work try the next one, and so on) - A black command window will open. Follow those instructions until the Malwarebytes program starts the scan

mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com

----------

  • When completed click the down arrow on Export Log and select Text file (*.txt)
  • Save the file to your desktop as MBAM
  • Click Apply Actions then restart your computer if requested
  • Copy and past the contents of MBAM.txt in your reply

 

Also re : Pando Media Booster

Below is a quote from Wikipedia on Pando Media Booster and why it should not be used.
Pando shut down its servers and ceased business on August 31, 2013. As of February 24, 2014 the Pando Media Booster has been hijacked and unsuspecting persons who install a prompted update have their internet browsers hijacked and a virus called the "Sweet Page" browser virus is installed on their machine.

Also a topic from League of Legends Gaming Community on  the same program.



#11 Jarod1

Jarod1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 21 April 2014 - 08:36 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/21/2014
Scan Time: 8:58:15 PM
Logfile: MBAM2.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.22.01
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Enabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Jay

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 257119
Time Elapsed: 11 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 1
PUP.Optional.Conduit.A, HKU\S-1-5-21-448539723-602162358-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.conduit.com/?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&ISID=M8A2A3F93-67C1-4CE7-AD90-BC5E2F6C71B0&SearchSource=55&CUI=&UM=5&UP=SP06036836-8966-4169-BCA9-87D90D2FD0A9&SSPV=, Good: (http://www.google.com), Bad: (http://search.conduit.com/?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&ISID=M8A2A3F93-67C1-4CE7-AD90-BC5E2F6C71B0&SearchSource=55&CUI=&UM=5&UP=SP06036836-8966-4169-BCA9-87D90D2FD0A9&SSPV=),,[4c0d77b6e69541f55160b16f8f7556aa]

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Edited by Jarod1, 21 April 2014 - 09:00 PM.


#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:09 PM

Posted 21 April 2014 - 09:59 PM

Hi -

Down to only a few options here for me. Please see below if there are Extensions to Remove from your browser.

 

Open your browser and disable (uncheck) all extensions. Make a list, then one by one, re-enable each extension to see if the pop-ups start appearing again with that particular extension. Once you identify the responsible extension...permanently remove it but let me know which one it was so I can update our lists.
* How to Disable Extensions in Google Chrome - How to Uninstall Extensions in Google Chrome
* How To Disable Individual Plug-ins in Google Chrome <- try only if the above does not work
* How to Disable Extensions and Plugins in Firefox - How to Remove Extensions/Uninstall Plugins in Firefox
* How to Disable Extensions in Internet Explorer
* How to Disable Add-ons/Extensions in Internet Explorer, Firefox and Google Chrome
* How to Disable all add-ons in Firefox, Internet Explorer

If the above did not resolve the problem, then create a new browser user profile.
* How to Create a new browser user profile in Google Chrome
* How to Create a new browser user profile in Firefox
* How to Create a new browser user profile in Opera, Internet Explorer, Firefox, Chrome
 

 

The other option was, did you read the topic from League of Legends Gaming Community on  the Pando Program ??



#13 Jarod1

Jarod1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 21 April 2014 - 10:53 PM

I read about the Pando Media Booster in the link you posted, I'll be sure to uninstall it.

 

What keeps happening is that after I run the Malwarebytes scan, it quarantines it. After about 1 or 2 minutes, a pop-up or prompt appears asking to change the homepage of Internet Explorer to a search engine by conduit. 

 

I opened up Internet Explorer and looked for plug-ins and addons that were unusual but there weren't any listed. I disabled all the ones that were enabled to see if it would work but it still goes to the conduit search engine's homepage. I reset the browser and the pop-up message appeared soon after. I changed the homepage and closed the browser and soon afterwards, the message appeared again.


Edited by Jarod1, 21 April 2014 - 11:14 PM.


#14 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:09 PM

Posted 22 April 2014 - 12:33 AM

Recheck for the same problems as above in Firefox, since it lists that it is active on your system.

 

Well - I have searched for dozens of answers, and only 2 are of any merit -

 

First -

Check - Control Panel > System > Hardware > Device Manager, and open all of the + signs to look for any ( ! ) or ( ? ) marks to show that you need to Reinstall or Update any drivers mainly related to Intel Ide or NVIDIA (your display adaptors).

From above >> OK I defragged the drive. But I analyzed it again and its saying I should still defrag it. << This can also be related

 

 

The other one was -

Microsoft has confirmed that this is a problem in Microsoft Windows XP.
Note : Because there are several versions of Microsoft Windows, the following steps may be different on your computer.

If they are, see your product documentation to complete these steps.

- Create a New User Account
To create a new user account, follow these steps:
1. Start the computer in Safe Mode, and then restart the computer.
a. After the Power On Self Test (POST), press the F8 key.
b. On the Windows Advanced Options menu, use the ARROW keys to select Safe Mode, and then press ENTER.
c. When you are prompted to select the operating system to start, select Windows XP <edition>, where <edition> is the edition of Windows XP that you have installed, and then press ENTER.
2. Log on as Administrator.
a. On the "To begin, click your user name" screen, click Administrator.
b. Type the administrator password, and then press ENTER.

Note In some cases, the Administrator password may be set to a blank password. In this case, do not type a password before you press ENTER.
3. In Control Panel, click User Accounts.
4. Create a new user account. Windows makes a new directory for the account in the Documents and Settings folder.
5. Quit the User Accounts tool, and then restart the computer.

 

 

If we find no real answers here, we may need to get the Experts Area to go over this problem.

Try what is above, but if it will not help, follow the final directions below -

 

Please follow the instructions in THIS PREP GUIDE starting at Step #6.

NOTE - If you cannot complete any step, just skip it and continue.

 

 Once the 2 full DDS logs are created, then make a NEW TOPIC and post it to =>
Virus, Trojan, Spyware, and Malware Removal Logs area -

 

They can use other tools to find the program that I can not use in this area.

 

If HelpBot replies, please follow its Step #1 and the team will be notified.

 

Leave a link if you post the new topic so we can close this one, and only let the Experts work on your problem.



#15 Jarod1

Jarod1
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 23 April 2014 - 07:41 PM

Ok, I'll start the topic in the area you listed






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users