PUP.Optional.Conduit Returns

Please download OTM by Old Timer and save it to your Desktop.

• Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
• Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
  (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
  the code box

Code:

:Processes
explorer.exe

 
:Files
C:\Program Files (x86)\SearchProtect
C:\Program Files (x86)\Conduit
C:\ProgramData\Conduit
C:\Users\Dad\AppData\LocalLow\Conduit
C:\Users\Dad\AppData\Local\Conduit\BackgroundContainer
C:\Users\Dad\AppData\Local\Conduit

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8660E5B3-6C41-44DE-8503-98D99BBECD41}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
[-HKEY_USERS\S-1-5-21-2723021704-735769738-114540750-1000\Software\AppDataLow\Software\SmartBar]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{68EF4641-F619-4756-B43C-9941ACC9D4A2}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{68EF4641-F619-4756-B43C-9941ACC9D4A2}"
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{83EE44AB-D0A2-4D04-BAAC-864711BE483F}]
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
  ) and choose Paste.
• Now click the large button.
• If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
• Close OTM.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
this log file to your next message.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• You will be prompted to restart your computer. A text file will open after the restart.
• You can just close it. Attach the below log file:
  • C:\AdwCleaner[S1].txt

Now please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Also, please download SystemLook_x64 from one of the links below and save it to your Desktop.
Download Mirror #1

Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  Code:

  :regfind
  Conduit
  BackgroundContainer
  Home Page Guard
  PC Speed Maximizer
  MyPC Backup
  UtilityChest
  :filefind
  Conduit

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. You can just close this notepad window since the log is already saved on your Desktop. Be patient! It may look like it is not doing anything, but it takes awhile for this to scan thru your whole system look for matches.
• Please attach the SystemLook.txt log found on your Desktop to next reply.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• the C:\_OTM\MovedFiles log
• the C:\AdwCleaner[S1].txtlog
• the JRT.TXTlog
• the SystemLook.txtlog
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You're welcome.

The point is, "How is it running now" on your user account. We can discuss your wife's account later.


Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now reboot your PC. After reboot, run the same scan with SystemLook as last time and attach the new log.

 

Okay that looks good. Now reboot your PC and login to your wife's user account ( I want to do this from a clean startup and not from when you have already logged into your account or any other ).

Once in your wife's account, do the below.

Run a scan with Malwarebytes and fix what it finds. Save a log and attach it.

Run the same SystemLook scan as previously run and attach this new log.

Now run thefile by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).

Then attach the new C:\MGlogs.zip


Tell me what current problems you have when using your wife's user account.

 

Malwarebytes should run anyway since it installs a service to obtain admin rights but MGtools will need to be Run As Administrator by right click on it to run it. You may not have to change her account to an admin account. We'll see.

Sorry it was cut out but yes the same as other times >> C:\MGtools\GetLogs.bat

 

It is good enough.



Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Do you know what the below is? It runs at startup.

C:\Program Files (x86)\Carroll\Carroll.exe

 

Okay, thanks for the info. So how is everything running on your wife's account and is everything still okay for yours? If yes then on to the below.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
3. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
5. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others) and running MGclean.bat did not remove them, you can delete these files now. Do this on each user account where a registry patch was used.
8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
9. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
   • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore​
   • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
   • Then we want you to Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome. It was primarily just some junkware that we cleaned up. There were a few files/folders and also some additional related registry keys that were removed. Conduit junkware will hook itself in all over the place and to all installed browsers. Most of the time you can avoid problems like this by being more careful what you allow to install. Many programs these days ( especially free ones ) will come with all kinds of add ons that you need to say no to during installation. If you do not read the popup forums and license agreements then you are the one responsible for allowing the junk to install.

 

It appers that you still have some IObit software installed. Uninstall the below and see if that notice goes away:

IObit Uninstaller

 

You're welcome.

Not a problem. Send your friends here and make sure you send them to the main site ( www.majorgeeks.com ) for their file downloads.