Search.Conduit annoying add on.

[Valinorum]

I don't know how to copy/paste,

If you look at my instruction, there is a select button beside the word code. If you mouse-click on it, the instructions inside the box will be highlighted that is to say that they will be turned blue ( or any custom color if you have changed it). Put your cursor on them while they are selected and right-click and choose Copy. This is called copying.
See attached image below

Run OTL.exe and put your cursor inside the Custom Scans/Fixes box and right-click and choose Paste. You will notice that the highlighted text that you copied has appeared inside the box. This is called pasting.
See attached image below


Un-install SpyBot Search & Destroy for now and you can re-install it if you wish after I clean your system.


Reset Google Chrome by perusing this article.

Regards,
Valinorum

[Valinorum]

Hi daveyden,

• Step #2 Fix with OTL
  
  • Re-run OTL by right clicking and choosing Run as administrator;
    
  • Under the Custom Scans/Fixes Box copy and paste the following contents inside the code box.
    

Code: [Select]

:Commands
[createrestorepoint]

:OTL
[2013/04/26 00:15:21 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2013/04/26 00:15:21 | 000,000,256 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2013/04/26 00:15:21 | 000,000,103 | ---- | C] () -- C:\ProgramData\SetStretch.VBS
[2014/02/16 15:53:34 | 000,656,048 | ---- | C] (WildTangent, Inc.) -- C:\ProgramData\uninstall3214993.exe
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
CHR - homepage: http://search.conduit.com/?gd=&ctid=CT3321139&octid=EB_ORIGINAL_CTID&ISID=M84853D57-5421-4AA4-997F-4CB676FCDF92&SearchSource=55&CUI=&UM=5&UP=SP89898F7C-5041-47E6-8360-60FAA5F112BC&SSPV=
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: C:\Program Files\mcafee\msc\npMcSnFFPl64.dll File not found

:Files
C:\Program Files\mcafee

:Commands
[emptytemp]
[resethosts]


• Click on "Run Fix" and let the program run unhindered;
  
• Your PC will reboot automatically and a log will be opened;
• Please attach it in your next reply.

• Step #3 Fix with AdwCleaner
  
  • Download AdwCleaner by Xplode to your Desktop from the following link.
    
    • Download Link #1
      
    • Download Link #2
  • Right-click on AdwCleaner.exe and choose Run as administrator;
    
  • Click on Scan and let the program run unhindered;
    
  • When done, click on Clean and allow the system to reboot after it is done;
    
  • A log will be opened automatically after the restart;
  • Attach the log in your reply.

• Step #4 Fix with Junkware Removal Tool
  Download Junkware Removal Tool by thisisu to your Desktop from the link below.
  Download Link 1
  Download Link 2
  
  • Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
    
  • Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
    
  • Please be patient as the tool cleans your system;
  • After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
    
  • Attach the log in your next reply.

• Required Log(s):
  
  • OTL Fix log;
  • AdwCleaner Log;
  • Junkware Removal Tool Log

Regards,
Valinorum

[daveyden]

Thanks Valinorum, I've re-set browser settings and all seems to be good for now, if the problem re-occurs I will follow your other steps. Thank you and others very much for your help here.
                                                       Kind Regards,  Daveyden

[Valinorum]

It is recommended that you follow the steps should any remnants are left behind.

[daveyden]

I think the thing was added when I downloaded Frostwire, as when I updated that site today I was given the choice, (in a quite confusing way of course!)...whether or not to allow search conduit to be my main browser setting, and if I want it to be able to stop attempts from any other browser hosts to change this. So they were upfront (if stealthy) about the product, which of course I refused this time around. Cheers, Dave

[Michael (alan1998)]

Don't use BitTorrent apps (Torrenting).  They can lead to re-infection .

[Valinorum]

I think the thing was added when I downloaded Frostwire, as when I updated that site today I was given the choice, (in a quite confusing way of course!)...whether or not to allow search conduit to be my main browser setting, and if I want it to be able to stop attempts from any other browser hosts to change this. So they were upfront (if stealthy) about the product, which of course I refused this time around. Cheers, Dave

Do the earlier steps I mentioned. And un-install Frostwire. I shall provide you with a few reference links, please read them up to know the risks of having a P2P program.

• P2P File-Sharing: Evaluate the Risks
  
• ITSC: Risks in Peer-to-peer File Sharing
  

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

[daveyden]

Thanks for lesson in copy/pasting...here's step 1's logs from otl, will have to complete step 2&3 later...

[Valinorum]

I await the logs.

[daveyden]

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
File C:\ProgramData\SetStretch.exe not found.
File C:\ProgramData\SetStretch.cmd not found.
File C:\ProgramData\SetStretch.VBS not found.
File C:\ProgramData\uninstall3214993.exe not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SDTray not found.
File C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe not found.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions not found.
File C:\Program Files\McAfee\MSK not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mcafee.com/MSC,version=10\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mcafee.com/MSC,version=10\ not found.
========== FILES ==========
File\Folder C:\Program Files\mcafee not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: dave
->Temp folder emptied: 155035376 bytes
->Temporary Internet Files folder emptied: 284680 bytes
->Java cache emptied: 320063 bytes
->Google Chrome cache emptied: 10738453 bytes
->Flash cache emptied: 506 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 532962 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 159.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 04232014_082600

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[daveyden]

# AdwCleaner v3.201 - Report created 23/04/2014 at 08:48:38
# Updated 22/04/2014 by Xplode
# Operating System : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Username : dave - DAVE-PC
# Running from : C:\Users\dave\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Startup_urls] :
Deleted [Startup_urls] :
Deleted [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3321139&octid=EB_ORIGINAL_CTID&ISID=M84853D57-5421-4AA4-997F-4CB676FCDF92&SearchSource=55&CUI=&UM=5&UP=SP89898F7C-5041-47E6-8360-60FAA5F112BC&SSPV=
Deleted [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3321139&octid=EB_ORIGINAL_CTID&ISID=M84853D57-5421-4AA4-997F-4CB676FCDF92&SearchSource=55&CUI=&UM=5&UP=SP89898F7C-5041-47E6-8360-60FAA5F112BC&SSPV=
Deleted [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3321139&octid=EB_ORIGINAL_CTID&ISID=M84853D57-5421-4AA4-997F-4CB676FCDF92&SearchSource=55&CUI=&UM=5&UP=SP89898F7C-5041-47E6-8360-60FAA5F112BC&SSPV=
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [2675 octets] - [17/04/2014 16:11:48]
AdwCleaner[R1].txt - [939 octets] - [17/04/2014 17:56:14]
AdwCleaner[R2].txt - [2991 octets] - [22/04/2014 22:08:51]
AdwCleaner[R3].txt - [3051 octets] - [23/04/2014 08:45:10]
AdwCleaner[S0].txt - [2756 octets] - [17/04/2014 16:17:26]
AdwCleaner[S1].txt - [965 octets] - [17/04/2014 17:58:37]
AdwCleaner[S2].txt - [1776 octets] - [23/04/2014 08:48:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1836 octets] ##########

[daveyden]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Basic x86
Ran by dave on 23/04/2014 at  9:00:25.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/04/2014 at  9:08:08.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[daveyden]

I hope I got it all right, I will check later for any instructions, Kind Regards

[Valinorum]

Are you having any issues which includes but not limited to Conduit, Virtumonde et cetera?

[daveyden]

Not really, My pc crashes now and then, but I put that down to age, on re-boot I can go back to the page I was on.
(The DELL VOSTRO I mean). Also start up is quite slow and light gaming (even point and click games which my daughter enjoys) can be really tedious because of the slow response times.