Guys having a prblem with malware

[Dopey]

Guys having a problem with malware keep getting these 2 up all the time I go on the net and open firefox

 

about:newaddon?id={B21F5E31-B8E8-41CD-B74C-168A71A10E49}

http://search.conduit.com/?ctid=CT3306061&CUI=UN11001944192062176&UM=2&SearchSource=13

 

Tryed CC Cleaner and Malwarebytes Anti-Malware and its still there and Adware??? help me out agin guys to get rid of this rubbish will you?? thanks

[Starbuck]

Hi Dopey,

 

about:newaddon?id={B21F5E31-B8E8-41CD-B74C-168A71A10E49}

ArcadeHits.

 

These 2 programs will help to rid your system of this Adware.

Run both to complete the cleanup.

 

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
  
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  
• The tool will open and start scanning your system.
  
• Please be patient as this can take a while to complete depending on your system's specifications.
  
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  
• Post the contents of JRT.txt into your next message.
  

 

 

 

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
  
• Double click on adwcleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator.
  
• Click on the Scan button.
  
• AdwCleaner will begin to scan your computer.
  
• After the scan has finished...
  
• Click on the Clean button.
  
• Press OK when asked to close all programs and follow the onscreen prompts.
  
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  
• Copy and paste the contents of that logfile in your next reply.
  
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.

[Dopey]

Ok thanks m8 will do it now... your saving me yet again lol

[Starbuck]

That's what we're here for. :)

Let us know how it goes.

[Dopey]

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Windows 7 Ultimate x64

Ran by Tony on 25/11/2013 at 17:30:44.11

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2555688491-1503391189-1753796050-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\defaulttabbho.defaulttabbrowser

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\defaulttabbho.defaulttabbrowser.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{38495740-0035-4471-851E-F5BBB86AB085}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\defaulttab

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\defaulttab

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3306061

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{026E7C5C-1F3F-40EE-BC19-7A6129B58501}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}

 

 

 

~~~ Files

 

Successfully deleted: [File] "C:\end"

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\conduit"

Successfully deleted: [Folder] "C:\Users\Tony\AppData\Roaming\defaulttab"

Successfully deleted: [Folder] "C:\Users\Tony\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\Tony\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"

 

 

 

~~~ FireFox

 

Successfully deleted: [File] C:\Users\Tony\AppData\Roaming\mozilla\firefox\profiles\9o8ce3m0.default-1385380572722\searchplugins\conduit.xml

Successfully deleted the following from C:\Users\Tony\AppData\Roaming\mozilla\firefox\profiles\9o8ce3m0.default-1385380572722\prefs.js

 

user_pref("CT3306061.FF19Solved", "true");

user_pref("CT3306061.browser.search.defaultthis.engineName", "true");

user_pref("CT3306061.installDate", "25/11/2013 14:26:38");

user_pref("CT3306061.installSessionId", "{FA2CA623-ECD8-42EE-9404-BDA384C205EF}");

user_pref("CT3306061.installSp", "TRUE");

user_pref("CT3306061.installUsage", "25/11/2013 16:47:26");

user_pref("CT3306061.installUsageEarly", "25/11/2013 16:47:26");

user_pref("CT3306061.installerVersion", "1.8.1.4");

user_pref("CT3306061.keyword", "true");

user_pref("CT3306061.originalHomepage", "about:home");

user_pref("CT3306061.originalSearchAddressUrl", "");

user_pref("CT3306061.originalSearchEngine", "");

user_pref("CT3306061.originalSearchEngineName", "");

user_pref("CT3306061.searchRevert", "true");

user_pref("CT3306061.searchUninstallUserMode", "2");

user_pref("CT3306061.searchUserMode", "2");

user_pref("CT3306061.smartbar.homepage", "true");

user_pref("CT3306061.toolbarInstallDate", "25-11-2013 14:26:34");

user_pref("CT3306061.versionFromInstaller", "10.22.5.10");

user_pref("CT3306061.xpeMode", "0");

user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource=61&CUI=UN11001944192062176&UM=2&UP=SP0099B4E6-83C3-4D9B-9CB0

user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");

user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");

user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/Result***t.aspx?ctid=CT3306061&CUI=UN11001944192062176&UM=2&SearchSource=3&q={searchTerms}");

user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN11001944192062176&UM=2&SearchSource=13");

user_pref("keyword.URL", "hxxp://search.conduit.com/Result***t.aspx?ctid=CT3306061&SearchSource=2&CUI=UN11001944192062176&UM=2&q=");

user_pref("smartbar.addressBarOwnerCTID", "CT3306061");

user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN11001944192062176&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3306061&oct

user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/Result***t.aspx?ctid=CT3306061&SearchSource=2&CUI=UN11001944192062176&UM=2&q=");

user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");

user_pref("smartbar.homePageOwnerCTID", "CT3306061");

user_pref("smartbar.machineId", "87GL/CE5JL0VWTOCRHTZW/DBHGO5H8DPAOAKJ/EUTRYKFPV47UUHYSZ39R60CRH6ZUEGNWS5YEPV7GETN3GEPQ");

user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN11001944192062176&UM=2&SearchSource=13");

Emptied folder: C:\Users\Tony\AppData\Roaming\mozilla\firefox\profiles\9o8ce3m0.default-1385380572722\minidumps [3 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 25/11/2013 at 17:35:56.35

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Dopey]

# AdwCleaner v3.013 - Report created 25/11/2013 at 17:40:25

# Updated 24/11/2013 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

# Username : Tony - TONY-PC

# Running from : C:\Users\Tony\Downloads\AdwCleaner(2).exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Deleted : C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\0axud4wd.default\Extensions\addon@defaulttab.com.xpi

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Mozilla Firefox v25.0.1 (en-US)

 

[ File : C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\0axud4wd.default\prefs.js ]

 

 

[ File : C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\9o8ce3m0.default-1385380572722\prefs.js ]

 

 

[ File : C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\9xx1rj7u.default\prefs.js ]

 

 

*************************

 

AdwCleaner[R0].txt - [1444 octets] - [25/11/2013 17:39:53]

AdwCleaner[s0].txt - [1367 octets] - [25/11/2013 17:40:25]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1427 octets] ##########

[Dopey]

Seems to have done the trick.... I will just check see if its not in the adons (firefox)

[Dopey]

Went to firefox addons, and its still there, it doesn't give the option to delete it, just to disable it (thats what I have done) strange

[Dopey]

Ok I put this in "greatarcadehits" in search and programs, them see more results, them scanned the computer, it found 2 files, I managed to delete one manually and the other with Malwarebytes Anti-Malware, then reset firefox, and its all gone now.... I hope!!!! thanks again for the help, see you soon lol

[Dopey]

Just one more thing, is there anything free out there that will do a better job with protecting my computer than Microsoft security essentials? its just not picking anything up or doing a good job at all, so a better secure system if there's one out there would give me a lot more confidence... thanks

[Starbuck]

Hi Dopey,

 

is there anything free out there that will do a better job with protecting my computer than Microsoft security essentials? its just not picking anything up or doing a good job at all,

You have to understand that what has just been removed is Adware, (Advertisement Software) it's not Malware. (Malicious Software)

The reason it's not being picked up by the Anti Virus software is that it is also called Potentially Unwanted Programs. (PuPs)

This type of program is normally installed by yourself!

What happens is that when you install a freeware program these extra programs are added by the vendors to help their cashflow.

They actually get paid to add them as extras.

Some programs will make it clear that extras may be added and then give you the option of installing it or not.

Not all vendors are that way inclined though..... some actually make the notification very hard to see, in the hope of getting you to agree the install unknowingly.

This is why we always stress that when you install any freeware programs.... Always read every page fully.

Don't just click next at the bottom of the page.

So because you have been given the option of installing the software, ( even if you don't see the notification) an Anti Virus program will just assume that you installed the program of your own free will.

Some people may even want to install the extra programs. ( though i can never understand why)

So just about every Anti Virus program would have allowed the install of these programs.... not just MSSE.

 

Adware is considered a legitimate alternative offered to consumers who do not wish to pay for software. There are many ad-supported programs, games or utilities that are distributed as adware (or freeware).

http://www.webopedia.com/TERM/A/adware.html

 

Adware, or advertising-supported software, is any software package which automatically renders advertisements in order to generate revenue for its author. The advertisements may be in the user interface of the software or on a screen presented to the user during the installation process

http://en.wikipedia.org/wiki/Adware

 

I hope this helps to explain things a bit.

[Dopey]

OK got you, but I do look.... they must hide it very well, or dont tell you about it, sometimes I untick boxes, and they sill load it!!!

[Starbuck]

they must hide it very well, or dont tell you about it

Unfortunately both may be true.

Another thing to watch is...... a download site that insists that you use their Download Manager or installer.

These are more often than not..... preloaded with Adware.

A lot of people have stopped downloading from sites such as CNet, saying that the actual download has been added to.

If possible always try and download from the actual vendors site instead of a download site.

This isn't 100% foolproof, but is the best way to go.

[Dopey]

Ok I will do that from now on

[Dopey]

Hi all, I think I have found a good part of the problem, my power box went t*ts up a few days ago, I think this is is the cause of most of my troubles, since I changed it, everything has been working fine?? what do you think??

[Starbuck]

I think this is is the cause of most of my troubles, since I changed it, everything has been working fine??

I don't quite see the connection between a PSU and Adware on the system :confused:

A faulty PSU would have given some other problems though.

As long as the system is running fine, that's all that matters.