Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer has been infected by toparcadehits and searchconduit.


  • Please log in to reply
10 replies to this topic

#1 skovie

skovie

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:23 PM

Posted 04 October 2013 - 08:46 PM

My computer is a 64bit Windows 7. I did a careless download using Download.com which subsequently infected me with toparcadehits.com and searchconduit.com which took over my browser and smothered me with pop-up ads, even on my business website. I struggled through numerous ‘fixes’ to get rid of them to no avail. (My mom used to say “And what have you learned from this?”)

 

I do regular backups of my data and my system. So I backed up all my data files as of today (10/4/13), restored my system to a backup restore point on 8/4/13, then restored today’s data backup.

 

I’m up and running again but performance is not good. My website no longer gets pop-ups but I suspect these two villains or others may be hiding somewhere waiting to test my patience.

 

I want to totally cleanse my system, get it back up to speed and save it as a good restore point.

 

I need ‘how to’ help.



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,518 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:23 PM

Posted 04 October 2013 - 09:14 PM

Use the two programs below to find and remove the adware.

When you do a system restore it can cause any recently added programs and updates to go missing.

If you reinstall the program that came with the adware you will likely get the adware installed, too.

Just about ALL free programs today come with adware. Some offer the chance to deny install and some don't.

Always choose 'custom install when offered.

 

AdwCleaner Download

Malwarebytes.org

 

Post the scan logs back here.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 skovie

skovie
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:23 PM

Posted 05 October 2013 - 03:43 PM

Thank you buddy215

 

AdwCleaner log

 

# AdwCleaner v3.006 - Report created 05/10/2013 at 15:19:32
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Karl Laptop - KARLW7LAPTOP
# Running from : C:\Users\Karl Laptop\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Karl Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\4k8lc7gn.default\searchplugins\safesearch.xml
Folder Found : C:\Users\Karl Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\4k8lc7gn.default\Extensions\inboxcomtoolbar@inbox.com
Folder Found C:\Program Files (x86)\Free Offers from Freeze.com
Folder Found C:\Program Files (x86)\Search Toolbar
Folder Found C:\ProgramData\apn
Folder Found C:\Users\Karl Laptop\AppData\Roaming\DriverCure
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E08A9998-D98F-476F-8F5C-37C80FE0A4DA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Zugo
Key Found : [x64] HKCU\Software\Cr_Installer
 
I have not cleaned AdwCleaner or Malwarebytes results pending your directions.
 
Thanks, Skovie
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E08A9998-D98F-476F-8F5C-37C80FE0A4DA}
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\ImInstaller
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16686
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
 
-\\ Mozilla Firefox v21.0 (en-US)
 
[ File : C:\Users\Karl Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\4k8lc7gn.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Karl Laptop\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4906 octets] - [05/10/2013 15:19:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4966 octets] ##########

 

 

 

Malwarebytes log

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.05.06
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Karl Laptop :: KARLW7LAPTOP [administrator]
 
10/5/2013 4:25:21 PM
MBAM-log-2013-10-05 (16-37-07).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204989
Time elapsed: 6 minute(s), 1 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457} (PUP.Optional.SearchToolbar) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} (PUP.Optional.InboxToolBar.A) -> No action taken.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken.
 
Registry Values Detected: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0R1E1H1UtF2YtH0X -> No action taken.
 
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchBar) -> Bad: (http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language) Good: (http://www.google.com/) -> No action taken.
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Users\Karl Laptop\Downloads\freevideoplayer_d750391.exe (PUP.Optional.InstallIQ) -> No action taken.
 
(end)


#4 buddy215

buddy215

  • Moderator
  • 13,518 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:23 PM

Posted 05 October 2013 - 06:38 PM

Allow both scanners to delete what they found.

 

Run an online scan using Free ESET Online Antivirus Scanner

Allow it to remove/ delete whatever it finds. Post the log if it finds anything.

 

Clean up temp files, logs, etc. using Ccleaner and its default settings. Be sure to UNcheck the offer of Yahoo Toolbar

or other if not wanted.  CCleaner - PC Optimization and Cleaning - Free Download


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 skovie

skovie
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:23 PM

Posted 05 October 2013 - 10:31 PM

ESET found nothing. I will run CCleaner tomorrow morning.



#6 skovie

skovie
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:23 PM

Posted 06 October 2013 - 07:14 AM

CCleaner deleted everything it found and I was unable to copy/paste anything to this repy



#7 buddy215

buddy215

  • Moderator
  • 13,518 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:23 PM

Posted 06 October 2013 - 07:37 AM

No need to post what CCleaner removed.

 

Any more problems with the adware?

 

There are a lot of adware free programs listed in the site linked below. You can download the programs without

installing the updater. Your choice. Ninite - Install or Update Multiple Apps at Once


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 skovie

skovie
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:23 PM

Posted 06 October 2013 - 08:31 AM

No more problems with adware that I have noticed. Thank you Buddy 215! What would you say are the top 2 or 3 free adware programs on the Ninite site?


Edited by skovie, 06 October 2013 - 08:31 AM.


#9 buddy215

buddy215

  • Moderator
  • 13,518 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:23 PM

Posted 06 October 2013 - 08:55 AM

The two programs I asked you to scan with in my first response are the two I would recommend. 

You can purchase the MBAM one for real time protection. Adware Cleaner is free but you will need to

download each time you use it as that is how to get the latest updates for it which are frequent as new

adware is constantly being created.

 

Most other security programs don't bother with the adware as it may be a legal issue if they automatically

remove it or block it as the adware purveyor can claim their product is voluntarily installed. That is why

MBAM lists them as PUPS...Potentially Unwanted Programs.

 

You are welcome....surf safe..


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 skovie

skovie
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:23 PM

Posted 06 October 2013 - 09:03 AM

I big time Thank You to you! Since I'm a new comer how can I "like" you?



#11 buddy215

buddy215

  • Moderator
  • 13,518 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:23 PM

Posted 06 October 2013 - 09:23 AM

The 'thank you' is all you can do and is quite enough... :)


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users