Freezing Issues

After installing ImgBurn here is the mbar log.


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.30.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Owner :: OWNER-PC [administrator]

9/30/2013 10:32:09 AM
mbam-log-2013-09-30 (10-32-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207487
Time elapsed: 9 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SEARCHPROTECT (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\SearchProtect|IELastInstalledTBHomepage (PUP.Optional.SearchProtect.A) -> Data: http://search.conduit.com?SearchSource=10&CUI=UN13937234256262690&UM=2&ctid=CT3311875 -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bad: (http://search.conduit.com?SearchSource=10&CUI=UN13937234256262690&UM=2&ctid=CT3311875) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 9
C:\Users\Owner\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\OpenCandy\0C344242B4654DD89AA52C27347C689E (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\plugins (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\xpi\defaults (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3311875 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 36
C:\Users\Owner\AppData\Roaming\OpenCandy\0C344242B4654DD89AA52C27347C689E\StubInstaller_SweetTunes_v4.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\Desktop\SetupImgBurn_2.5.8.0.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\nsgA53A.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\nsp3D9E.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\nsw63D4.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\Conduit\mconduitinstaller.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\ffLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\spff.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\~nsu.tmp\Au_.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\HTRUDCZS\GenericInstaller_v1[1].zip (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\HTRUDCZS\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\HTRUDCZS\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\HTRUDCZS\SweetTunes_wpf[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\O8TROQQA\conduitinstaller[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\O8TROQQA\SweetTunes[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\XRZ7J395\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\conduit.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\CT3311875.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\CT3311875.xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\sl.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\version.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\xpi\install.rdf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3311875\UninstallerUI.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)

Neither one is booting in a way that is easy to understand.

please explain. Did you set the BIOS to boot from the CD?

I'm really starting to wonder if there is bad ram or something with the motherboard because there will be "glitches" as I just do random things and firefox begins to not respond then respond.

That's what appears to be the problem. You should take this opportunity to save all your important data. Please try to run the hard drive diagnostic and the RAM test.

Last edited by Superdave on 5th October 2013, 6:57 pm; edited 1 time in total

None of the hard drive diagnostic tests worked for this model.

I ran 2 full passes on the MEM test and it cleared fine with 0 errors.

I'm thinking it may be a motherboard issue because when the computer get closed to put in standby I can get it back on and when I do a simple shutdown it doesnt shutdown all the way because all the lights stay on.

However the mbam log I previously posted didnt get rid of that conduit search maleware. How do we remove this?

Please run AdwCleaner and Junkware Removal again.

# AdwCleaner v3.006 - Report created 07/10/2013 at 10:11:01
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Owner\AppData\Local\Conduit
Folder Deleted : C:\Users\Owner\AppData\Local\Temp\Conduit
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
File Deleted : C:\END
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\x9og4oxi.default\searchplugins\Conduit.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3311875
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_blklojfklgnogjaijkibhfjepakiocng]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\x9og4oxi.default\prefs.js ]

Line Deleted : user_pref("CT3311875.FF19Solved", "true");
Line Deleted : user_pref("CT3311875.UserID", "UN61629768323755325");
Line Deleted : user_pref("CT3311875.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3311875.fullUserID", "UN61629768323755325.IN.20130929225227");
Line Deleted : user_pref("CT3311875.installDate", "29/09/2013 22:52:31");
Line Deleted : user_pref("CT3311875.installSessionId", "{7D816E06-D801-4831-AF39-BD15E51836C4}");
Line Deleted : user_pref("CT3311875.installSp", "TRUE");
Line Deleted : user_pref("CT3311875.installerVersion", "1.7.1.4");
Line Deleted : user_pref("CT3311875.keyword", "true");
Line Deleted : user_pref("CT3311875.originalHomepage", "about:home");
Line Deleted : user_pref("CT3311875.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3311875.originalSearchEngine", "");
Line Deleted : user_pref("CT3311875.originalSearchEngineName", "");
Line Deleted : user_pref("CT3311875.searchRevert", "false");
Line Deleted : user_pref("CT3311875.searchUserMode", "2");
Line Deleted : user_pref("CT3311875.smartbar.homepage", "true");
Line Deleted : user_pref("CT3311875.versionFromInstaller", "10.20.1.8");
Line Deleted : user_pref("CT3311875.xpeMode", "0");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/Results.aspx?ctid=CT3315039&searchsource=69&UM=2&");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "SweetTunes Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311875&CUI=UN61629768323755325&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "SweetTunes Search");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311875&SearchSource=2&CUI=UN61629768323755325&UM=2&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3311875");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3311875&CUI=UN61629768323755325&UM=2&SearchSource=13");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311875&SearchSource=2&CUI=UN61629768323755325&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3311875");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3311875");
Line Deleted : user_pref("smartbar.machineId", "G2IYBJR26/RESDEFVKO2LJHHREL7+NRAVNZ3DLALAZP4HEQVUL6LYC3AKKPOVJSPFSEED5XV57J0ZDWW+V04DG");

-\\ Google Chrome v30.0.1599.69

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [1600 octets] - [22/09/2013 20:46:10]
AdwCleaner[R1].txt - [1888 octets] - [24/09/2013 11:45:09]
AdwCleaner[R2].txt - [4742 octets] - [07/10/2013 10:09:46]
AdwCleaner[S0].txt - [1967 octets] - [24/09/2013 11:46:09]
AdwCleaner[S1].txt - [4580 octets] - [07/10/2013 10:11:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4640 octets] ##########




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Mon 10/07/2013 at 10:24:11.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B55A76F7-F20B-40D7-AEA2-811AFEB1EB58}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\cre"



~~~ FireFox

Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\x9og4oxi.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/07/2013 at 10:32:01.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

It looks like Conduit is gone but the original still remains.

Original as in? The original problem which from all indications is the motherboard or there is still a problem with maleware?

Is there any particular time when it freezes such as running a certain program?

Not in particular maybe firefox since that is the only program I have been using during my diagnosis next to the maleware programs of course. I'm still having the issues with it when I shut it down and it goes on standby. Shutting down it goes black but the lights are still on and once it goes on standby I can't get it to get off standby.

Itachi21 wrote:

Not in particular maybe firefox since that is the only program I have been using during my diagnosis next to the maleware programs of course. I'm still having the issues with it when I shut it down and it goes on standby. Shutting down it goes black but the lights are still on and once it goes on standby I can't get it to get off standby.

Wow, this is one sick computer. When it freezes can you activate the Task Manager and end the process?

Yeah thats not problem for the usual Firefox freezing due to flash player problem which is the usual on many computers.

I have narrowed it down to the motherboard being bad. Thoughts?

Earlier, I gave you a warning about two AV's active on your computer. Are you certain that only one is active?
Did you create this folder? 2013-09-22 13:49 . 2013-09-22 14:05 -------- d-----w- C:\4519184f08f18547398c671fef29

I have narrowed it down to the motherboard being bad. Thoughts?

It's starting to look like some problem with hardware. Please try running this.
Please download and run MS Fix-it from here.

I don't remember installing any AV. I removed the Trend Micro at your request so all that was left was Microsoft Security Essentials.

The fix it was audio only and no problems came back.

I just spoke with Toshiba and they think reinstalling the OS may fix it if not then it's probably the motherboard. They think the only way to isolate the cause is to see if when the computer was infected that the OS wasn't damaged.

Thoughts?

Itachi21 wrote:

I just spoke with Toshiba and they think reinstalling the OS may fix it if not then it's probably the motherboard. They think the only way to isolate the cause is to see if when the computer was infected that the OS wasn't damaged.

Thoughts?

It looks like that would be a course of action. Good luck.

Thanks for your help!