Scareware, Popups and Tool Bar Takeover

Hello again,

Ran Tdsskiller - Negative results

Question, they have 3 user accounts, do I need to run these programs in each account??

Win7
Scareare, Popups to redirect, and many toolbars

See below logs:

more logs

fss

after running AdwCleaner…is the problem still there?

removal expert is notified…

Yes getting popups still for coupons and ads etc when different pages open.

Lots of toolbars…

Seem to have stopped the scareware for pc antivirus software…

ok…essexboy is online and should assist you soon. :wink:

Hi there, toolbar city

Download the attached fix.txt to your desktop
Run OTL and press Run Fix
A dialogue will open asking for the location of fix.txt
Locate and select the file you just downloaded to the desktop
Press Run Fix again

THEN

Please download Junkware Removal Tool to your desktop.

[]Right-mouse click JRT.exe and select “Run as Administrator” the tool will open and start scanning your system
[
]please be patient as this can take a while to complete depending on your system’s specifications
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[
]post the contents of JRT.txt into your next message.

Once completed then run a fresh OTL scan please

I don’t know how people just always click YES LOL

Here is log from JRT

OK time now to see what is left, could you run a fresh OTL scan please selecting all users

ok see attached. We don’t need to run this for each user just one time correct?

It would be worth running JRT for each user. How is the computer at the moment

seems good, no popups or ads on the first user…

Second user had a bunch of conduit toolbars…

third user seems ok

Only issues, every time I turn computer on from it being off, it goes to the prompt screen saying windows did not load properly, and asks if I want to start windows normally or safe mode…

Trying to get windows updates loaded…there are about 15 right now…

Here are the JRT for all the users.

Silly question but does windows close down properly or does it hang ?

Made a error…hit the system restore point option and restored to a week ago so all the toobars and crap are back :-[

I will post all the logs again shortly… :-\

Did the JRT logs look ok for other users…the user#2 seemed to have toolbars also…

As for the START WINDOWS NORMALLY issue, it seems to shut don fine, sometimes maybe the ‘waiting for program’ to shut off thing…When I restart computer it seems to start fine, but then almost looks like it restarts and I get the error, once I click start normally all is fine…?

Will also let you know shortly about all the updates for windows…some where not installing…

OK the start problem may require a check disc run to clear that

Use JRT under each user

OK…for the admin account here is all the logs again :cry:

mo’ logs

and last of admin account

OK run this from the admin account and then once done let me know what problems remain… As an aside do you use Sendori ? If not I would recommend uninstalling it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
O2 - BHO: (Toolbar BHO) - {06e3475c-5521-4de8-bb12-50720f21631c} - C:\PROGRA~2\RECIPE~2\bar\1.bin\2jbar.dll File not found
O2 - BHO: (Toolbar BHO) - {0709f2cc-d1e6-4b43-9efc-1c0701cb173d} - C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\7ibar.dll (MindSpark)
O2 - BHO: (Toolbar BHO) - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\PROGRA~2\MAPSGA~2\bar\1.bin\39bar.dll File not found
O2 - BHO: (Qwiklinx) - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\gwen\AppData\Roaming\Qwiklinx\Qwiklinx.dll File not found
O2 - BHO: (ShopAtHome.com Cash Back Helper) - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\gwen\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O2 - BHO: (Search Assistant BHO) - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll File not found
O2 - BHO: (no name) - {7736C7FA-512D-11E2-B871-DEC36088709B} - No CLSID value found.
O2 - BHO: (Toolbar BHO) - {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} - C:\PROGRA~2\GAMING~2\bar\2.bin\gtbar.dll File not found
O2 - BHO: (Shop to Win) - {A0D2864A-05FA-91F4-A5CC-DEF70D52F5AF} - C:\Program Files (x86)\Shop to Win 28\Shop to Win 28.dll (Shop To Win, LLC)
O2 - BHO: (Lyrics Fan) - {A8720491-9558-4C0D-9E35-30EED15DFB2B} - C:\Program Files (x86)\LyricsFan\lrcfan.dll (FAN Software)
O2 - BHO: (Toolbar BHO) - {ab56dfde-0c14-45b3-9df6-7b0eba617870} - C:\PROGRA~2\TOTALR~2\bar\1.bin\14bar.dll File not found
O2 - BHO: (Search Assistant BHO) - {ab5d199e-9659-47a2-930b-fc3b69061353} - C:\Program Files (x86)\GamingWonderland\bar\2.bin\gtSrcAs.dll File not found
O2 - BHO: (ArcadeCandy Games) - {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - C:\Users\Cliff\AppData\Local\ArcadeCandy\candyEX.dll (ArcadeCandy LLC)
O2 - BHO: (Search Assistant BHO) - {b7acdf9c-c4f9-4d5d-998e-b147866b4d4c} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jSrcAs.dll (MindSpark)
O2 - BHO: (Norton Family BHO) - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Family\Engine\2.6.0.61\coieplg.dll (Symantec Corporation)
O2 - BHO: (Coupon Savings) - {C3F62D94-EEBB-11E1-B88F-CBBD4CC15727} - C:\Program Files (x86)\Coupon Savings\toolbar.dll ()
O2 - BHO: (Toolbar - Big Fish Games) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll ()
O2 - BHO: (no name) - {df22384f-cf68-4d19-969f-10423715528b} - No CLSID value found.
O2 - BHO: (GetSavin 5.0) - {FCD275B4-BE65-4C74-83F9-47EE13DF963D} - C:\Users\gwen\AppData\Local\getsavin\ie\getsavin_1367960342.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {04628064-BCF8-488F-8139-AF1F44E3573C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PasswordBox) - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\gwen\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (MapsGalaxy) - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll File not found
O3 - HKLM\..\Toolbar: (VideoDownloadConverter) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll File not found
O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (TotalRecipeSearch) - {a0154e07-2b48-475c-a82a-80efd84ea33e} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Toolbar - Big Fish Games) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll ()
O3 - HKLM\..\Toolbar: (Recipe Hub) - {cf51de5b-eb36-4114-bb69-84df63fbadb4} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (PopularScreensavers) - {f339a07f-9578-412d-85e0-b8a80277151a} - C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\7ibar.dll (MindSpark)
O3 - HKU\S-1-5-21-3774201525-2393300572-3973472274-1000\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\gwen\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O3 - HKU\S-1-5-21-3774201525-2393300572-3973472274-1000\..\Toolbar\WebBrowser: (MapsGalaxy) - {364EA597-E728-4CE4-BB4A-ED846EF47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll File not found
O3 - HKU\S-1-5-21-3774201525-2393300572-3973472274-1000\..\Toolbar\WebBrowser: (VideoDownloadConverter) - {48586425-6BB7-4F51-8DC6-38C88E3EBB58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll File not found
O3 - HKU\S-1-5-21-3774201525-2393300572-3973472274-1000\..\Toolbar\WebBrowser: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
O3 - HKU\S-1-5-21-3774201525-2393300572-3973472274-1000\..\Toolbar\WebBrowser: (TotalRecipeSearch) - {A0154E07-2B48-475C-A82A-80EFD84EA33E} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll (MindSpark)
O3 - HKU\S-1-5-21-3774201525-2393300572-3973472274-1000\..\Toolbar\WebBrowser: (Recipe Hub) - {CF51DE5B-EB36-4114-BB69-84DF63FBADB4} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jbar.dll (MindSpark)
O3 - HKU\S-1-5-21-3774201525-2393300572-3973472274-1000\..\Toolbar\WebBrowser: (PopularScreensavers) - {F339A07F-9578-412D-85E0-B8A80277151A} - C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\7ibar.dll (MindSpark)
O4 - HKLM..\Run: [Recipe Hub Search Scope Monitor] "C:\PROGRA~2\RECIPE~2\bar\1.bin\2jsrchmn.exe" /m=2 /w /h File not found
O4 - HKLM..\Run: [RecipeHub_2j Browser Plugin Loader] C:\PROGRA~2\RECIPE~2\bar\1.bin\2jbrmon.exe File not found
O4 - HKU\S-1-5-18..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup File not found
O4 - HKU\S-1-5-18..\Run: [Norton Download Manager{NSME22-B22-4abb-B07C-C084B04B4F12}] C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe /m File not found
O4 - HKU\S-1-5-19..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup File not found
O4 - HKU\S-1-5-20..\Run: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup File not found
[2013/06/13 16:25:33 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Cliff\Desktop\aswMBR.exe
[2013/06/01 17:01:54 | 000,000,000 | ---D | C] -- C:\Users\Cliff\AppData\Local\RecipeHub_2j
[2013/05/27 17:16:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsFan
[2013/06/02 15:13:06 | 000,001,316 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk

:Files
C:\PROGRA~2\MAPSGA~2

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

OK…

Sendori Removed

While in that process there was an adware item that popped up…I attached the URL in the log called ‘crap’ below.

Ran OTL with fixes and then quick scan, see below.

Trying to get last of the windows updates in…will advise.
The startup error is hit or miss…started fine today and restarts no issues…idk :o