Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rvzr-a.akamaihd.net Pop-ups taking over browser


  • Please log in to reply
12 replies to this topic

#1 DirtyBo

DirtyBo

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:11 AM

Posted 04 November 2013 - 01:32 AM

Greetings,
 
  I got this pop-up problem with my browser. Every other new window I open I get redirected to different websites. The main website my browser goes to is http://rvzr-a.akamaihd.net. Sometimes 2 or 3 windows open at the same time and I end up closing the page I want to be on while trying to close the 2 or 3 malicious web pages. Please assist me on this.
 
   Thanks ahead. I hope to type to a response to this soon.

Edited by Budapest, 04 November 2013 - 03:43 AM.
Moved from XP ~Budapest


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 33,400 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:11 PM

Posted 04 November 2013 - 03:40 PM

Akamai Technologies is a U.S. Internet Content Delivery Network (CDN) responsible for serving approximately 15-20 percent of all web traffic. Akamai operates a network of servers around the world and rents space to customers who want their web sites to work faster by distributing content from locations close to the user. A CDN receives data and places it on various legitimate servers all over the world. This allows the content (images, music, movies, etc) to load faster because it is delivered to the end user from the nearest server holding the content. Akamai has several CDN networks and akamai.net; akamaiedge.net; akamaihd.net are a few of them.

Facebook, YouTube and Twitter all use akamaihd.net as a CDN to speed up their services. For example, if you upload photos on Facebook they are actually uploaded to akamaihd.net. When someone requests to view a Facebook photo the request is sent to the nearest akamaihd server which returns the photo more quickly than a server at a distant location. This is the reason why you may see an address in the status bar (or a javascript file) which indicates "transferring data from fbstatic-a.akamaihd.net" or "fbcdn-sphotos-f-a.akamaihd.net" when using Facebook, or something similar (i.e. "cdncache1-a.akamaihd.net", "rvzr-a.akamaihd.net", etc) when visiting other websites using Akamai. These addresses are subdomains which show Akamai where visitors go and the percentage of visitors...they are normal but some users have reported this process actually slows thier access to social media sites.Also when accessing web sites like Facebook, Yahoo, Bing, Gmail and Twitter, a message may pop-up with an alert advising that a security issue was detected on "xxx.a.akamaihd.net" and ask that you confirm the certificate. If you attempt to connect to a web site over HTTPS, it will often reveal Akamai. See Akamai and SSL.

I have not been able to find one major anti-virus vendor which reports this issue as being related to malware infection. However, if you conduct a Google search, the results will show numerous sites reporting this as a virus. When searching for malware removal assistance on the Internet, it is not unusual to find numerous hits from untrustworthy and scam sites which mis-classify detections or provide misleading information. This is deliberately done more as a scam to entice folks into buying an advertised fix or removal tool. In some cases if the fix is a free download, users may be enticed to download a malicious file or be redirected to a malicious web site. I have personally contacted the Akamai Support Team for a more official explanation but they have not replied back.

In most cases, browser slowness, crashing or unresponsiveness when attempting to visit Facebook is an issue with Facebook itself, not an indication of malware infection. Permanently blocking anything related to akamaihd.net may result in not being able to view web pages correctly...therefore attempting to do that is not the solution.

Sometimes just clearing the cache and resetting your browser settings to default helps reslove the proglem..
.
If there is pop-up advertising showing "rvzr-a.akamaihd.net" in the address, the issue appears to be due to advertising that happens to redirect to a service which uses that particular Akamai domain for the ads or a "doggy browser extension/software" (PUP related to anything below) doing the same.

BetterSurf
Covert File for Free
Define Ext 1
Download keeper 1.6, DDoowload keeper 1.6, DoWnlOad KeeEper 1.6, DownnlOadd KeepEr 1.6, DowLOAd keePer 1.6
DP1815
DMUninstaller
Feven 1.8
Fwd downloader
LyricsGet, LyricsBuddy-1
Media Player 1.1
MyShooper
PassShow
Plus-HD 1.3, HD-Plus 3.5
PPNGconvvErt, PNGconvert
SafeSaver
Savings Bull
ScorpionSaver
Video player
VisualBee
Voice Search
WatchItNoAds 2.7
Websteroids
WordOv


These are the most common solutions to eliminating the pop-up ads.

1. Go to Add/Remove Programs in Control Panel or Programs and Features if using Vista/Windows 7/8. From within Add/Remove Programs look for anything in the list above and select Remove.

2. Open your browser and disable (uncheck) all extensions. Make a list, then one by one, re-enable each extension to see if the pop-ups start appearing again with that particular extension. Once you identify the responsible extension...permanently remove it but let me know which one it was so I can update the above list.
* How to Disable Extensions in Google Chrome - How to Uninstall Extensions in Google Chrome
* How To Disable Individual Plug-ins in Google Chrome <- try only if the above does not work
* How to Disable Extensions and Plugins in Firefox - How to Remove Extensions/Uninstall Plugins in Firefox
* How to Disable Extensions in Internet Explorer
* How to Disable Add-ons/Extensions in Internet Explorer, Firefox and Google Chrome
* How to Disable all add-ons in Firefox, Internet Explorer

3. The next step is to try clearing the cache and resetting your browser settings to default:
How to reset your browser settings to default in Internet Explorer, Firefox, Google Chrome, Opera, Safari.

4. If the above did not resolve the problem, then create a new browser user profile.
* How to Create a new browser user profile in Google Chrome
* How to Create a new browser user profile in Firefox
* How to Create a new browser user profile in Opera, Internet Explorer, Firefox, Chrome

Note: With most Adware/Junkware/PUPs it is strongly recommended to deal with it like a legitimate program and uninstall from Programs and Features (Add/Remove Programs) in Control Panel or an alternative third party uninstaller like Revo. In many cases, using the uninstaller of the adware not only removes it more effectively, but it also restores many changed configuration settings. After uninstallation, then you can run specialized tools like Malwarebytes Anti-Malware, AdwCleaner and JRT (Junkware Removal Tool) to fix any remaining entries they may find. Furthrt, using these tools too early will not help identify the specific extension responsible for the pop-ups so it's best to wait before using them.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#3 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:11 PM

Posted 04 November 2013 - 05:34 PM

Per the post below this: Please follow the instructions in Post number 2.


ADW Cleaner


Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Edited by cryptodan, 04 November 2013 - 06:31 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 33,400 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:11 PM

Posted 04 November 2013 - 06:27 PM

Dan I don't believe AdwCleaner is going to do anything to get rid of the "rvzr-a.akamaihd.net" issue. I have done an exhausted search the past several weeks and neither it nor JRT have found anything specific related to it...although they do find lots of other crap.

I would like DirtyBo to follow my instructions before using these tools in an attempt to narrow down the specific extension itself. Cleaning them with AdwCleaner and JRT is not going to help with the browser setting changes as it will still remain...at least that is what I have seen thus far while researching this. If I can identify the specific extension I may be able to investigate exactly what settings it is changing. I can then provide that info to Xplode and thisisu.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#5 DirtyBo

DirtyBo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:11 AM

Posted 05 November 2013 - 07:36 AM

The ads pop up like crazy when I click on the member log-ins at Monster.com and Careerbuilder.com. I'll start on the list of things provided by quietman7 and get back to you. Thanks guys.



#6 DirtyBo

DirtyBo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:11 AM

Posted 05 November 2013 - 09:05 AM

I did as instucted and disabled all add-ons in my Firefox browser. While I was doing that, I noticed an an unfamiliar add-on called 'downloade keeeeper'. I uninstalled it and everything appears to be fine, so far. I went to the sites where this was giving me a problem and haven't experience those malicious pop-ups. Thank You again for your assistamce on this and Have a Good Day.



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 33,400 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:11 PM

Posted 05 November 2013 - 09:35 AM

Great. Now if you don't mind, could you run  AdwCleaner as instructed by cryptodan, then post the log.

After that download Junkware Removal Tool thisisujrt.gif by thisisu and save it to your Desktop.

  • Close all open programs and shut down any protection/security software now to avoid potential conflicts.
  • Double-click on JRT.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.

These tools will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons, browser helper objects (BHOs) and other junkware to include many related registry entires (values, keys). I looking to see if we can find any remnants of Download Keeper.
 

 


Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#8 DirtyBo

DirtyBo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:11 AM

Posted 12 November 2013 - 04:10 PM

I've run Malwarebytes, as usual. Is it really necessary to download another "pc cleaner" program and spend the time, again? Malwarebytes found some stuff and cleaned it all up. If you don't believe Malwarebytes is enough, then I'd, respectfully, like to know why.



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 33,400 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:11 PM

Posted 12 November 2013 - 05:36 PM

No single product is 100% foolproof and can prevent, detect and remove all threats at any given time. Every security vendor's lab and program scanning engine is different. Each has its own strengths and weaknesses and they often use a mix of technologies to detect and remove malware. Further, each vendor has its own definition (naming standards) of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Malwarebytes is no exception.

AdwCleaner and JRT are meant to supplement what Malwarebytes does not find and the scans only take a few minutes in most cases.

And by reviewing the logs, they will help me help others with the same problem.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#10 DirtyBo

DirtyBo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:11 AM

Posted 13 November 2013 - 06:00 PM

It does not work... Virus scanner disabled. No applications running. I double click on JRT.exe and get a DOS prompt that flashes on the screen for 1/10 of a second, then nothing.


AND I am logged in as Administrator.



#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 33,400 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:11 PM

Posted 13 November 2013 - 06:58 PM

Ok. Skip it...I will have to report that to the developer. Just run AdwCleaner.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#12 DirtyBo

DirtyBo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:11 AM

Posted 13 November 2013 - 10:03 PM

Damn... WOW... AdwCleaner found and got rid of quite a few things. Here's the log file:

 

 

# AdwCleaner v3.012 - Report created 13/11/2013 at 18:53:49
# Updated 11/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : MyNameis - XPWINDOWS7
# Running from : C:\Documents and Settings\MyNameis\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : vToolbarUpdater17.0.12

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SoftSafe
Folder Deleted : C:\Documents and Settings\All Users\Application Data\StarApp
Folder Deleted : C:\Documents and Settings\All Users\Application Data\BroiWse2save
Folder Deleted : C:\Documents and Settings\All Users\Application Data\BrouwsEe2save
Folder Deleted : C:\Documents and Settings\All Users\Application Data\DownLoade keeepper
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\DownLoade keeepper
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\Plasmoo
Folder Deleted : C:\Documents and Settings\MyNameis\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\MyNameis\Application Data\dvdvideosoftiehelpers
Folder Deleted : C:\Documents and Settings\MyNameis\Application Data\strongvault
Folder Deleted : C:\Documents and Settings\User 2\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\MyNameis\Application Data\Mozilla\Firefox\Profiles\hrifij1g.default\Conduit
[!] Folder Deleted : C:\Documents and Settings\MyNameis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnieiehkjnfhmkbgnjpgcgfelfbcinlg
[!] Folder Deleted : C:\Documents and Settings\MyNameis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlkjdhonhinkanlnlakchbhefegimjma
File Deleted : C:\Documents and Settings\MyNameis\Application Data\Mozilla\Firefox\Profiles\hrifij1g.default\Extensions\addon@defaulttab.com.xpi
File Deleted : C:\Documents and Settings\User 2\Application Data\Mozilla\Firefox\Profiles\69npcsqy.default\.autoreg
File Deleted : C:\Documents and Settings\MyNameis\Application Data\Mozilla\Firefox\Profiles\hrifij1g.default\defaulttab.config
File Deleted : C:\Documents and Settings\MyNameis\Application Data\Mozilla\Firefox\Profiles\hrifij1g.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\MyNameis\Application Data\Mozilla\Firefox\Profiles\hrifij1g.default\searchplugins\search.xml
File Deleted : C:\Documents and Settings\MyNameis\Application Data\Mozilla\Firefox\Profiles\hrifij1g.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2611275
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3241284
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0C58B7D1-D415-492B-A149-E976156BD3B8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4FA1DE3-1602-C207-086F-AE84954E144E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\Spointer
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v15.0.1 (en-US)

[ File : C:\Documents and Settings\MyNameis\Application Data\Mozilla\Firefox\Profiles\hrifij1g.default\prefs.js ]

Line Deleted : user_pref("CT2611275.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2611275.CTID", "ct2611275");
Line Deleted : user_pref("CT2611275.CurrentServerDate", "7-9-2010");
Line Deleted : user_pref("CT2611275.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2611275.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2611275.EMailNotifierPollDate", "Mon Sep 06 2010 15:52:26 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2611275.FirstServerDate", "6-7-2010");
Line Deleted : user_pref("CT2611275.FirstTime", true);
Line Deleted : user_pref("CT2611275.FirstTimeFF3", true);
Line Deleted : user_pref("CT2611275.FirstTimeSettingsDone", true);
Line Deleted : user_pref("CT2611275.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2611275.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2611275.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2611275.Initialize", true);
Line Deleted : user_pref("CT2611275.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2611275.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2611275.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("CT2611275.InstalledDate", "Tue Jul 06 2010 16:41:21 GMT+0700 (SE Asia Standard Time)");
Line Deleted : user_pref("CT2611275.IsGrouping", false);
Line Deleted : user_pref("CT2611275.IsMulticommunity", false);
Line Deleted : user_pref("CT2611275.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT2611275.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2611275.LanguagePackLastCheckTime", "Tue Jul 06 2010 16:41:30 GMT+0700 (SE Asia Standard Time)");
Line Deleted : user_pref("CT2611275.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2611275.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2611275.LastLogin_2.6.0.15", "Tue Jul 06 2010 16:41:28 GMT+0700 (SE Asia Standard Time)");
Line Deleted : user_pref("CT2611275.LastLogin_2.7.2.0", "Mon Sep 06 2010 15:52:26 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2611275.LatestVersion", "2.6.0.15");
Line Deleted : user_pref("CT2611275.Locale", "en");
Line Deleted : user_pref("CT2611275.LoginCache", 4);
Line Deleted : user_pref("CT2611275.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2611275.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2611275.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2611275.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT2611275.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2611275&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT2611275.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2611275.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&q=");
Line Deleted : user_pref("CT2611275.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2611275.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2611275.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2611275.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2611275.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2611275.SettingsLastCheckTime", "Tue Jul 06 2010 16:41:21 GMT+0700 (SE Asia Standard Time)");
Line Deleted : user_pref("CT2611275.SettingsLastUpdate", "1277320599");
Line Deleted : user_pref("CT2611275.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2611275.ThirdPartyComponentsLastCheck", "Tue Jul 06 2010 16:41:21 GMT+0700 (SE Asia Standard Time)");
Line Deleted : user_pref("CT2611275.ThirdPartyComponentsLastUpdate", "1277320599");
Line Deleted : user_pref("CT2611275.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Deleted : user_pref("CT2611275.UserID", "UN95839881817453956");
Line Deleted : user_pref("CT2611275.alertChannelId", "1004080");
Line Deleted : user_pref("CT2611275.clientLogIsEnabled", false);
Line Deleted : user_pref("CT2611275.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2611275.components.1000082", false);
Line Deleted : user_pref("CT2611275.components.1000234", false);
Line Deleted : user_pref("CT2611275.ct2611275.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2611275.ct2611275.FirstTimeSettingsDone", true);
Line Deleted : user_pref("CT2611275.ct2611275.LanguagePackLastCheckTime", "Mon Sep 06 2010 15:52:27 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2611275.ct2611275.Locale", "en");
Line Deleted : user_pref("CT2611275.ct2611275.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=ct2611275&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT2611275.ct2611275.SearchInNewTabLastCheckTime", "Mon Sep 06 2010 15:52:26 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2611275.ct2611275.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2611275.ct2611275.SettingsLastCheckTime", "Mon Sep 06 2010 15:52:24 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2611275.ct2611275.SettingsLastUpdate", "1283351534");
Line Deleted : user_pref("CT2611275.ct2611275.ThirdPartyComponentsLastCheck", "Mon Sep 06 2010 15:52:24 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2611275.ct2611275.ThirdPartyComponentsLastUpdate", "1246790578");
Line Deleted : user_pref("CT2611275.myStuffEnabled", true);
Line Deleted : user_pref("CT2611275.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2611275.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2611275.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2611275.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2611275.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT3241284_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1368750169675,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2611275");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2611275");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Sep 06 2010 15:52:26 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3241284&CUI=UN16272954775534125&UM=2&SearchSource=13");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Search Spin Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241284&SearchSource=2&CUI=UN16272954775534125&UM=2&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3241284");
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("aol_toolbar.surf.date", "23");
Line Deleted : user_pref("aol_toolbar.surf.lastDate", "2");
Line Deleted : user_pref("aol_toolbar.surf.lastMonth", "11");
Line Deleted : user_pref("aol_toolbar.surf.lastYear", "2012");
Line Deleted : user_pref("aol_toolbar.surf.month", "23");
Line Deleted : user_pref("aol_toolbar.surf.prevMonth", "0");
Line Deleted : user_pref("aol_toolbar.surf.total", "23");
Line Deleted : user_pref("aol_toolbar.surf.week", "23");
Line Deleted : user_pref("aol_toolbar.surf.year", "23");
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Search Spin Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241284&CUI=UN16272954775534125&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Line Deleted : user_pref("extensions.51326c3bf23c0.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
Line Deleted : user_pref("extensions.515f1767c3f2f.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\": \"Scenario_1,Scenario_2\", \"set_default_search\": \"Search|Conduit\", \"window_content\": \"<html>[...]
Line Deleted : user_pref("extensions.mZN6.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if (window.self.location.protocol.indexOf('hxxp') > -1 && window.self == window.top[...]
Line Deleted : user_pref("smartbar.machineId", "HKOYI2TZWCUBRJQHR+K/BPTJFH7S9QHK0VVU8Y/QA75V5DCRTBOP8OHL6W8IILE04VGHQ4OXCJ8IHKWBLEHOCW");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

[ File : C:\Documents and Settings\User 2\Application Data\Mozilla\Firefox\Profiles\69npcsqy.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\MyNameis\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [19774 octets] - [13/11/2013 18:52:07]
AdwCleaner[S0].txt - [19914 octets] - [13/11/2013 18:53:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19975 octets] ##########
 



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 33,400 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:11 PM

Posted 14 November 2013 - 08:57 AM

Yes and it also found the leftover folders related to DownLoade keeepper which was causing the pop-up issues you initially reported.

You should be good to go now.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users