Jump to content

Change Mode

WX Download Deal Finder - Annoyed


Recommended Posts

No doubt this has been asked about numerous times on here but i have been led here through a google search, i have no idea how to get rid of this nuisance of what seems to be adware/spyware virus. Im sure i got rid of it once before by uninstalling it from list of programs, unless it was something similar, but now i cant seem to find a way to kill this one and get rid of it. It's driving me up the wall, sometimes while im on a page it will just change the page on its own to something else i haven't even requested. ive tried running anti adware programs etc , they pick nothing up.Any advice on how to kill this fcker off much appreciated. :angry2: :angry2: :angry2: :angry2: :angry2:

Link to post
Share on other sites

Download AdWareCleaner http://www.bleepingcomputer.com/download/adwcleaner/ to your desktop

1.Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
2.Click on Delete button.
3.Confirm each time with OK.
4.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:AdwCleaner[sn].txt as well - n is the order number.

Posted Image

Link to post
Share on other sites

ok thanks for that .. ive just done that now and the log file is as follows. thanks# AdwCleaner v2.111 - Logfile created 02/05/2013 at 19:13:22# Updated 05/02/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : RV515 - RV515-PC# Boot Mode : Normal# Running from : C:UsersRV515DownloadsAdwCleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] *****File Deleted : C:Program Files (x86)Mozilla Firefoxsearchpluginsask.xmlFile Deleted : C:user.jsFile Deleted : C:UsersRV515AppDataLocalGoogleChromeUser DataDefaultLocal Storagehxxp_apps.conduit.com_0.localstorageFile Deleted : C:UsersRV515AppDataLocalGoogleChromeUser DataDefaultLocal Storagehxxp_apps.conduit.com_0.localstorage-journalFile Deleted : C:UsersRV515AppDataLocalTempUninstall.exeFile Deleted : C:UsersRV515AppDataRoamingMozillaFirefoxProfilesygb3s3s5.defaultextensions{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpiFolder Deleted : C:Program Files (x86)ChatZum ToolbarFolder Deleted : C:Program Files (x86)ConduitFolder Deleted : C:Program Files (x86)uTorrentControl2Folder Deleted : C:ProgramDataInstallMateFolder Deleted : C:ProgramDataPremiumFolder Deleted : C:UsersRV515AppDataLocalAPNFolder Deleted : C:UsersRV515AppDataLocalConduitFolder Deleted : C:UsersRV515AppDataLocalGoogleChromeUser DataDefaultExtensionsjpnbdefcbnoefmmcpelplabbkfmfhlhoFolder Deleted : C:[email protected] Deleted : C:UsersRV515AppDataLocalTempSoftonicFolder Deleted : C:UsersRV515AppDataLocalLowConduitFolder Deleted : C:UsersRV515AppDataLocalLowuTorrentControl2Folder Deleted : C:UsersRV515AppDataRoamingOpenCandy***** [Registry] *****Key Deleted : HKCUSoftwareAPN DTXKey Deleted : HKCUSoftwareAppDataLowSoftwareConduitKey Deleted : HKCUSoftwareAppDataLowSoftwareConduitSearchScopesKey Deleted : HKCUSoftwareAppDataLowSoftwareCrossriderKey Deleted : HKCUSoftwareAppDataLowSoftwareSmartBarKey Deleted : HKCUSoftwareAppDataLowSoftwareuTorrentControl2Key Deleted : HKCUSoftwareAppDataLowSProtectorKey Deleted : HKCUSoftwareAppDataLowToolbarKey Deleted : HKCUSoftwareChatZum ToolbarKey Deleted : HKCUSoftwareConduitKey Deleted : HKCUSoftwareCr_InstallerKey Deleted : HKCUSoftwareIGearSettingsKey Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{687578B9-7132-4A7A-80E4-30EE31099E03}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{687578B9-7132-4A7A-80E4-30EE31099E03}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCUSoftwareSoftonicKey Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}Key Deleted : HKLMSoftwareChatZum ToolbarKey Deleted : HKLMSOFTWAREClassesAppID{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}Key Deleted : HKLMSOFTWAREClassesAppID{7ABBFE1C-E485-44AA-8F36-353751B4124D}Key Deleted : HKLMSOFTWAREClassesAppID{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}Key Deleted : HKLMSOFTWAREClassesAppIDpriam_bho.DLLKey Deleted : HKLMSOFTWAREClassesCrossriderApp0000435.FBApiKey Deleted : HKLMSOFTWAREClassesCrossriderApp0000435.FBApi.1Key Deleted : HKLMSOFTWAREClassesCrossriderApp0000435.SandboxKey Deleted : HKLMSOFTWAREClassesCrossriderApp0000435.Sandbox.1Key Deleted : HKLMSOFTWAREClassesToolbar.CT3072253Key Deleted : HKLMSOFTWAREClassesTypeLib{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLMSoftwareConduitKey Deleted : HKLMSOFTWAREMicrosoftTracingchatzum_nt_RASAPI32Key Deleted : HKLMSOFTWAREMicrosoftTracingchatzum_nt_RASMANCSKey Deleted : HKLMSOFTWAREMicrosoftTracingwajam_install_RASAPI32Key Deleted : HKLMSOFTWAREMicrosoftTracingwajam_install_RASMANCSKey Deleted : HKLMSOFTWAREMicrosoftTracingWajamUpdater_RASAPI32Key Deleted : HKLMSOFTWAREMicrosoftTracingWajamUpdater_RASMANCSKey Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}Key Deleted : HKLMSoftwareSP GlobalKey Deleted : HKLMSoftwareSProtectorKey Deleted : HKLMSoftwareuTorrentControl2Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{687578B9-7132-4A7A-80E4-30EE31099E03}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}Key Deleted : HKLMSOFTWAREWow6432NodeClassesInterface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLMSOFTWAREWow6432NodeGoogleChromeExtensionsjpmbfleldcgkldadpdinhjjopdfpjfjpKey Deleted : HKLMSOFTWAREWow6432NodeGoogleChromeExtensionsjpnbdefcbnoefmmcpelplabbkfmfhlhoKey Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{0FB04F77-FCF2-4211-8D5E-B2C53366C61B}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{35DF5773-A154-4CAF-83A1-78346AE5AF0D}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{628F3201-34D0-49C0-BB9A-82A26AEFB291}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{687578B9-7132-4A7A-80E4-30EE31099E03}Key Deleted : HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstalluTorrentControl2 ToolbarKey Deleted : HKLMSOFTWAREClassesInterface{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLMSOFTWAREClassesInterface{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}Key Deleted : HKLMSOFTWAREClassesInterface{4897BBA6-48D9-468C-8EFA-846275D7701B}Key Deleted : HKLMSOFTWAREClassesInterface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Value Deleted : HKCUSoftwareMicrosoftInternet ExplorerNew WindowsAllow [*.crossrider.com]Value Deleted : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]Value Deleted : HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]Value Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerNew WindowsAllow [*.crossrider.com]Value Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerURLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]Value Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerToolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]***** [internet Browsers] *****- Internet Explorer v9.0.8112.16457Replaced : [HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerMain - Start Page] = hxxp://search.chatzum.com/ --> hxxp://www.google.com- Mozilla Firefox v18.0.1 (en-US)File : C:UsersRV515AppDataRoamingMozillaFirefoxProfilesygb3s3s5.defaultprefs.jsDeleted : user_pref("aol_toolbar.default.homepage.check", false);Deleted : user_pref("aol_toolbar.default.search.check", false);Deleted : user_pref("extensions.50c39212347b9.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);Deleted : user_pref("extensions.wajam.affiliate_id", "3672");Deleted : user_pref("extensions.wajam.firstrun", "false");Deleted : user_pref("extensions.wajam.log_send_info", "true");Deleted : user_pref("extensions.wajam.mappingListJsonString", "{"version":"0.21083","supported_sites":{[...]Deleted : user_pref("extensions.wajam.no_trace", "true");Deleted : user_pref("extensions.wajam.server_current_mapping_version", "0.21083");Deleted : user_pref("extensions.wajam.supported_sites.ebay_product.wajam_se_js", "try {window['APP_LABEL_NAME'[...]Deleted : user_pref("extensions.wajam.supported_sites.ebay_v2.wajam_se_js", "try {window['APP_LABEL_NAME'] = '[...]Deleted : user_pref("extensions.wajam.supported_sites.encryptedgoogle.wajam_google_js", "try {window['APP_LABE[...]Deleted : user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME[...]Deleted : user_pref("extensions.wajam.supported_sites.imdb.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'waj[...]Deleted : user_pref("extensions.wajam.supported_sites.wikipedia.wajam_se_js", "try {window['APP_LABEL_NAME'] =[...]Deleted : user_pref("extensions.wajam.supported_sites.yahoo.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wa[...]Deleted : user_pref("extensions.wajam.supported_sites.youtubesearch.wajam_se_js", "try {window['APP_LABEL_NAME[...]Deleted : user_pref("extensions.wajam.trace_log", "1359235988394 - load - processBrowserLoadn1359235988395 - [...]Deleted : user_pref("extensions.wajam.unique_id", "3EB7FB7A78CDBA44DC1D61B9AEBA6F8D");Deleted : user_pref("extensions.wajam.user_current_mapping_version", "0");Deleted : user_pref("extensions.wajam.version", "1.26");Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");- Google Chrome v24.0.1312.57File : C:UsersRV515AppDataLocalGoogleChromeUser DataDefaultPreferences[OK] File is clean.*************************AdwCleaner[s1].txt - [10574 octets] - [05/02/2013 19:13:22]########## EOF - C:AdwCleaner[s1].txt - [10635 octets] ##########

Link to post
Share on other sites

Please download TFC by Old Timer http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html and save it to your desktop.

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

 

Next, let's see if flushing the DNS cache and restoring MS's Hosts file fixes it.

Copy and paste these lines in Note pad.

 

@Echo on
pushdwindowssystem32driversetc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

 

Save as flush.bat to your desktop.
Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

Link to post
Share on other sites
  • 3 months later...

[Just posting for general info, if this probelm was already resolved.] I had this problem yesterday. It seems to be associated with some toolbars that were added on when I downloaded some drivers. Spybot didn't remove it and my other anti-malware didn't detect it. What I did was use ADVANCED UNINSTALLER freeware that I had. I uninstalled two toolbars that had recently been added (Delta & Babylon), then I was prompted to scan for any residues after the uninstall. I selected the entries oftered, then continued - and the :Deal Finder" malware was gone. I can't be sure if this will work for you, but try it. Just be sure to scan for residues when prompted, otherwise the Deal Finder malware will remain rooted. Here's a link to the CNET download. Good luck! http://download.cnet.com/Advanced-Uninstaller-Pro/3000-2096_4-10069986.html

Edited by David-nj
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...