[Solved] Conduit redirect
[Solved] Conduit redirect
Hi Fred,
I have a remote Dell Inspiron 1521 Windows 7 x64 laptop computer. I don’t know why but I’m having a heck of a time getting rid of conduit redirect in IE 11. I don’t get it. I’ve never found this to be problematic, but I’m sucking swamp water on this one for some reason. I deleted
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] “Start page=) It comes right back as soon as I open a web page. I used AdwCleaner, it finds it and claims to have deleted it, but it’s not gone. It is not active in safe mode. Will you please give me some advice? Maybe I’ve just lost a brain cell or two, but that’s beside the point.
Bill
I have a remote Dell Inspiron 1521 Windows 7 x64 laptop computer. I don’t know why but I’m having a heck of a time getting rid of conduit redirect in IE 11. I don’t get it. I’ve never found this to be problematic, but I’m sucking swamp water on this one for some reason. I deleted
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] “Start page=) It comes right back as soon as I open a web page. I used AdwCleaner, it finds it and claims to have deleted it, but it’s not gone. It is not active in safe mode. Will you please give me some advice? Maybe I’ve just lost a brain cell or two, but that’s beside the point.
Bill
Play stupid games….win stupid prizes
Re: Conduit redirect
Hi Bill. Can I have a UVK log from that computer?
If not, try the following fixes:
Reset IE and internet settings
Reset Chrome for all users (if chrome installed)
Reset Firefox for all users (if FF installed)
Fix browser shortcuts
Thanks
If not, try the following fixes:
Reset IE and internet settings
Reset Chrome for all users (if chrome installed)
Reset Firefox for all users (if FF installed)
Fix browser shortcuts
Thanks
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.
Fred
Fred
Re: Conduit redirect
Also check out if there are any bad IE BHO or toolbars, in the Autorun manager section, and remove them, including the associated file.
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.
Fred
Fred
Re: Conduit redirect
I did try all those fixes yesterday and again just now without luck. It does show up in auto run manager and I have deleted the entry as well as the file a few times and it just comes back. Here’s a log to take a gander at. Thanks!
NOTE: IE is the only browser that is used on this computer so any entries to all others can be removed.
NOTE: IE is the only browser that is used on this computer so any entries to all others can be removed.
- Attachments
-
- Lake George Tech repair tool Log.txt
- (543.26 KiB) Downloaded 1736 times
Play stupid games….win stupid prizes
Re: Conduit redirect
Do you know what these files are related to?
C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Users\Bunny\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Windows\Temp\ShAeroDisabler.exe
VirusTotal says they are goodware, but I know of many goodware programs that change IE's home page and search providers.
An example is Incredimail.
Maybe worth to kill those processes, reset the home page and try again.
Or temporarily move them to the recycle bin, reset the home page and try again.
Also check if there aren't any root/boot kits with TDSSKiller and aswmbr.
C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Users\Bunny\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Windows\Temp\ShAeroDisabler.exe
VirusTotal says they are goodware, but I know of many goodware programs that change IE's home page and search providers.
An example is Incredimail.
Maybe worth to kill those processes, reset the home page and try again.
Or temporarily move them to the recycle bin, reset the home page and try again.
Also check if there aren't any root/boot kits with TDSSKiller and aswmbr.
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.
Fred
Fred
Re: Conduit redirect
I do know what those are. The first two are something from Nike. She’s a runner and athletic trainer. I don’t know if they are safe or not, but that’s why they are there.
The third one is there because my remote support app can’t see the Dell dock on some computers. That one is safe. I have it on all my dell computers as well as many other Dells.
The third one is there because my remote support app can’t see the Dell dock on some computers. That one is safe. I have it on all my dell computers as well as many other Dells.
Play stupid games….win stupid prizes
Re: Conduit redirect
Well, you won't loose anything by simply killing the processes to check out.
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.
Fred
Fred
Re: Conduit redirect
What happens if you try to set the home page in the Internet setting applet? Does it succeed?
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.
Fred
Fred
Re: Conduit redirect
I ran TDSSKiller, MalwareBytes Anti-Rootkit and McAfee Rootkit Remover and they found nothing.
I’ll kill those and see what happens.
“What happens if you try to set the home page in the Internet setting applet? Does it succeed?” Nope, it doesn’t. It does not give any error either.
I’ll kill those and see what happens.
“What happens if you try to set the home page in the Internet setting applet? Does it succeed?” Nope, it doesn’t. It does not give any error either.
Play stupid games….win stupid prizes
Re: Conduit redirect
IMHO it is a running program that is monitoring the Start page value.
I would also check out the wltrysvc service.
C:\Windows\System32\WLTRYSVC.EXE
I would also check out the wltrysvc service.
C:\Windows\System32\WLTRYSVC.EXE
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.
Fred
Fred
Re: Conduit redirect
I wondered about that one too and Googled WLTRYSVC.EXE and it seems to be related to Broadcom Corporation Wireless, so I’m reluctant to kill it because I would be cut off.
.
I killed and it didn’t make a difference.
C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Users\Bunny\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Windows\Temp\ShAeroDisabler.exe
When I set default home page in internet option it changes to go.microsoft.com something but when you close it and reopen it, it is changed back to conduit.
.
I killed and it didn’t make a difference.
C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Users\Bunny\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Windows\Temp\ShAeroDisabler.exe
When I set default home page in internet option it changes to go.microsoft.com something but when you close it and reopen it, it is changed back to conduit.
Play stupid games….win stupid prizes
Re: Conduit redirect
That is weird.
Please post a new log. this time, before clicking Start scan do the following:
Uncheck Hide all Microsoft files.
Click the text box under Custom to clear its contents and paste the following code:
Please post a new log. this time, before clicking Start scan do the following:
Uncheck Hide all Microsoft files.
Click the text box under Custom to clear its contents and paste the following code:
Code: Select all
<Reg>
HKCU\Software\Microsoft\Internet Explorer
HKLM\Software\Microsoft\Internet Explorer
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.
Fred
Fred
Re: Conduit redirect
Here it is Fred.
- Attachments
-
- Lake George Tech repair tool Log.txt
- (2.04 MiB) Downloaded 1616 times
Play stupid games….win stupid prizes
Re: Conduit redirect
Thanks. I'm gonna have a look now.
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.
Fred
Fred
Re: Conduit redirect
Bill, I'm assuming you already tried setting the IE's start page using UVK, from the Autoruns manager. Is that correct?
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.
Fred
Fred
Re: Conduit redirect
Fred,
OMG! I just figured this out and now feel foolish. SuperAntiSpyware was keeping the home page from being changed. Somehow it got set to conduit and SAS hijack protection was set, the “display notification when home page changed” box wasn’t check so it wasn’t popping up a warning of the change when it was reset. I don’t know why I didn’t think of that. I discovered this because I started to kill processes one by one and when I disabled SAS it magically was fixed, so I started looking at the SAS settings. I do apologize for wasting your time and thank you for all your help. Here’s a screen shot with the box that should have been check circled in red.
Bill
Once again, I have learned something today and would think that this won’t happen to me again.
OMG! I just figured this out and now feel foolish. SuperAntiSpyware was keeping the home page from being changed. Somehow it got set to conduit and SAS hijack protection was set, the “display notification when home page changed” box wasn’t check so it wasn’t popping up a warning of the change when it was reset. I don’t know why I didn’t think of that. I discovered this because I started to kill processes one by one and when I disabled SAS it magically was fixed, so I started looking at the SAS settings. I do apologize for wasting your time and thank you for all your help. Here’s a screen shot with the box that should have been check circled in red.
Bill
Once again, I have learned something today and would think that this won’t happen to me again.
- Attachments
-
- Fred.PNG (79.17 KiB) Viewed 48685 times
Play stupid games….win stupid prizes
Re: Conduit redirect
Can you believe it? I thought about that, launched SAS and couldn't find that option. Didn't search for long, though.
So I thought: Maybe they don't have the option anymore...
Well, glad you figured it out!
Can we mark this topic as Solved?
So I thought: Maybe they don't have the option anymore...
Well, glad you figured it out!
Can we mark this topic as Solved?
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.
Fred
Fred
Re: Conduit redirect
Solved it is. I really appreciate your taking the time to help me and again apologize for wasting your time.
Bill
Bill
Play stupid games….win stupid prizes
Re: Conduit redirect
Oh, you don't have to apologize at all. This happened to you, and could certainly happen to others.
Hopefully other people having the same problem may find the solution in this page.
Hopefully other people having the same problem may find the solution in this page.
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.
Fred
Fred