Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FVD Downloader popup


  • Please log in to reply
10 replies to this topic

#1 Speedo420

Speedo420

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 25 October 2013 - 08:24 AM

Hi, I have recently started to get this popup.......

 

"Vines Video Compilation, Check out new Vine Video Project from FVD Downloader Team!  Visit Website.  is it something to be worried about?

 

thanks in advance

 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 13,004 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:19 AM

Posted 25 October 2013 - 08:39 AM

Scan for and remove adware using the programs below.

SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!

Junkware Removal Tool Download

AdwCleaner Download

 

Clean up temporary files, logs, etc. using Ccleaner's default settings. Be sure to UNcheck the install

of Yahoo Toolbar or other during install. No need to use the Registry cleaner tool and it may cause problems.

CCleaner - PC Optimization and Cleaning - Free Download

 

Post the logs for the first three scanners back here and report on whether the popups are gone or not.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 Speedo420

Speedo420
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 25 October 2013 - 09:56 PM

 attached on the first 3 logs........

 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/25/2013 at 09:09 AM

Application Version : 5.6.1040

Core Rules Database Version : 10855
Trace Rules Database Version: 8667

Scan type       : Complete Scan
Total Scan Time : 02:26:38

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 689
Memory threats detected   : 0
Registry items scanned    : 73068
Registry threats detected : 0
File items scanned        : 35341
File threats detected     : 78

Adware.Tracking Cookie
    C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\E8UAA8AD.txt [ /adtechus.com ]
    C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\K8JZMG47.txt [ /atdmt.com ]
    C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\Low\OB9Z7KG3.txt [ /imrworldwide.com ]
    C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\Low\JHOBWNWU.txt [ /interclick.com ]
    C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z1P2MKC3.txt [ /iplocationfinder.com ]
    C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\Low\L0ALNYTP.txt [ /doubleclick.net ]
    C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z2SC7N5N.txt [ /accounts.google.com ]
    .imrworldwide.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .overture.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .c5.zedo.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .eyeviewads.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .findagrave.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .findagrave.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    www.findagrave.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    www.findagrave.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    www.findagrave.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    www.findagrave.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .findagrave.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .findagrave.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .findagrave.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .findagrave.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .apmebf.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .intermundomedia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .intermundomedia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .yieldmanager.net [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .adtechus.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .amazon-adsystem.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .amazon-adsystem.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .server.cpmstar.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .realmedia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .smartadserver.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    ww251.smartadserver.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .kontera.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .clickbooth.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .tribalfusion.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .mediaforge.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]
    .lucidmedia.com [ C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8TV73F42.DEFAULT\COOKIES.SQLITE ]


Trojan.Agent/Gen-Kryptik
    C:\STEVE\DOWNLOADS\FLAC-1.2.1B.EXE



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by Steve on Fri 10/25/2013 at 19:28:54.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\delta
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-674210953-4075130274-428194789-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\defaulttab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\delta
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\deal boat
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\infoatoms
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110111271147}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220122272247}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550155275547}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660166276647}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440144274447}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110111271147}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220122272247}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550155275547}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660166276647}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440144274447}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3286042
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3298573
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550155275547}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660166276647}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440144274447}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111271147}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271147}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550155275547}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660166276647}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440144274447}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DFF25D61-096A-418F-814C-FB1D839BAFA4}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\conduit"
Successfully deleted: [Folder] "C:\Users\Steve\AppData\Roaming\defaulttab"
Successfully deleted: [Folder] "C:\Users\Steve\AppData\Roaming\dsite"
Successfully deleted: [Folder] "C:\Users\Steve\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Steve\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Steve\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Steve\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\browsersafeguard"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\otshot"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Users\Steve\documents\optimizer pro"
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{01448CA5-E0B7-4882-B262-44085E63E8ED}
Successfully deleted: [Empty Folder] C:\Users\Steve\appdata\local\{B1657F3C-B786-424B-83A1-33F3C8B17173}



~~~ FireFox

Successfully deleted: [File] C:\Users\Steve\AppData\Roaming\mozilla\firefox\profiles\8tv73f42.default\user.js
Successfully deleted: [File] C:\Users\Steve\AppData\Roaming\mozilla\firefox\profiles\8tv73f42.default\invalidprefs.js
Successfully deleted: [File] C:\Users\Steve\AppData\Roaming\mozilla\firefox\profiles\8tv73f42.default\searchplugins\babylon.xml
Successfully deleted: [File] C:\Users\Steve\AppData\Roaming\mozilla\firefox\profiles\8tv73f42.default\searchplugins\conduit.xml
Successfully deleted: [File] C:\Users\Steve\AppData\Roaming\mozilla\firefox\profiles\8tv73f42.default\searchplugins\search.xml
Successfully deleted: [Folder] C:\Users\Steve\AppData\Roaming\mozilla\firefox\profiles\8tv73f42.default\smartbar
Successfully deleted the following from C:\Users\Steve\AppData\Roaming\mozilla\firefox\profiles\8tv73f42.default\prefs.js

user_pref("CT3286042.1000082.isPlayDisplay", "true");
user_pref("CT3286042.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.
user_pref("CT3286042.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3286042.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3286042.FF19Solved", "true");
user_pref("CT3286042.FirstTime", "true");
user_pref("CT3286042.FirstTimeFF3", "true");
user_pref("CT3286042.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3286042&SearchSource=2&CUI=UN14374059820671201&UM=2&q=");
user_pref("CT3286042.UserID", "UN14374059820671201");
user_pref("CT3286042.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT3286042.browser.search.defaultthis.engineName", "true");
user_pref("CT3286042.countryCode", "US");
user_pref("CT3286042.defaultSearch", "true");
user_pref("CT3286042.embeddedsData", "[{\"appId\":\"130052378822001564\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT3286042.enableAlerts", "true");
user_pref("CT3286042.enableSearchFromAddressBar", "true");
user_pref("CT3286042.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":1000,\"minWidth\":250,\"width\":500}");
user_pref("CT3286042.firstTimeDialogOpened", "true");
user_pref("CT3286042.fixPageNotFoundError", "true");
user_pref("CT3286042.fixPageNotFoundErrorByUser", "true");
user_pref("CT3286042.fixPageNotFoundErrorInHidden", "true");
user_pref("CT3286042.fullUserID", "UN14374059820671201.IN.20131025184002");
user_pref("CT3286042.installDate", "25/10/2013 18:40:07");
user_pref("CT3286042.installId", "conduitinstaller.exe");
user_pref("CT3286042.installSessionId", "-1");
user_pref("CT3286042.installSp", "TRUE");
user_pref("CT3286042.installType", "conduitnsisintegration");
user_pref("CT3286042.installUsageEarly", "2013-10-26T04:40:09.8790058+03:00");
user_pref("CT3286042.installerVersion", "1.8.0.14");
user_pref("CT3286042.isCheckedStartAsHidden", true);
user_pref("CT3286042.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3286042.isFirstTimeToolbarLoading", "false");
user_pref("CT3286042.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT3286042.keyword", "true");
user_pref("CT3286042.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3286042&octid=CT3286042&SearchSource=15&CUI=UN1437405982067120
user_pref("CT3286042.lastVersion", "10.21.1.7");
user_pref("CT3286042.mam_gk_appStateReportTime.enc", "MTM4Mjc1MTY3ODA1Ng==");
user_pref("CT3286042.mam_gk_appState_ACplus.enc", "b24=");
user_pref("CT3286042.mam_gk_appState_CouponBuddy.enc", "b24=");
user_pref("CT3286042.mam_gk_appState_Discover.enc", "b24=");
user_pref("CT3286042.mam_gk_appState_Easytobook.enc", "b24=");
user_pref("CT3286042.mam_gk_appState_Easytobook_targeted.enc", "b24=");
user_pref("CT3286042.mam_gk_appState_Easytobookcars.enc", "b24=");
user_pref("CT3286042.mam_gk_appState_Find-a-Pro.enc", "b24=");
user_pref("CT3286042.mam_gk_appState_JobsMiner.enc", "b24=");
user_pref("CT3286042.mam_gk_appState_PiclickV2-WebSearch.enc", "b24=");
user_pref("CT3286042.mam_gk_appState_PriceGong.enc", "b24=");
user_pref("CT3286042.mam_gk_appState_WindowShopper.enc", "b24=");
user_pref("CT3286042.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IkpvYnNNaW5lciIsInVybCI6Imh0dHA6Ly9qb2JzbWluZXIuY29tL2NvbGxhYm9yYXRpb25zL2NvbmR1aXQvaW5kZXgyLmh0bWwiLCJzY3JpcHR
user_pref("CT3286042.mam_gk_appsDefaultEnabled.enc", "dHJ1ZQ==");
user_pref("CT3286042.mam_gk_calledSetupService.enc", "MQ==");
user_pref("CT3286042.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkpvYnNNaW5lciIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6IjA4NjNjMGEwLTZiYjAtNGQwNy04MTFkLTA2ODIzND
user_pref("CT3286042.mam_gk_currentVersion.enc", "MS4xMC40LjA=");
user_pref("CT3286042.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
user_pref("CT3286042.mam_gk_first_time.enc", "MQ==");
user_pref("CT3286042.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
user_pref("CT3286042.mam_gk_lastLoginTime.enc", "MTM4Mjc1MTY3NDEyMw==");
user_pref("CT3286042.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHM
user_pref("CT3286042.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
user_pref("CT3286042.mam_gk_new_welcome_experience.enc", "MQ==");
user_pref("CT3286042.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
user_pref("CT3286042.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzEwMjYiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjM1XzAiLCJpc1Rlc3Q
user_pref("CT3286042.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
user_pref("CT3286042.mam_gk_userId.enc", "NGJiMWY4ZGItNDBkOS00YTk1LWE2ZjYtNzk4NDJlN2E5ZTEw");
user_pref("CT3286042.mam_gk_user_approval_interacted.enc", "MQ==");
user_pref("CT3286042.mam_gk_welcomeDialogMode.enc", "MQ==");
user_pref("CT3286042.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://KeyBar18.OurT
user_pref("CT3286042.openThankYouPage", "false");
user_pref("CT3286042.openUninstallPage", "true");
user_pref("CT3286042.originalHomepage", "hxxp://www.sfgate.com/");
user_pref("CT3286042.originalSearchAddressUrl", "");
user_pref("CT3286042.originalSearchEngine", "");
user_pref("CT3286042.originalSearchEngineName", "");
user_pref("CT3286042.revertSettingsEnabled", "false");
user_pref("CT3286042.search.searchAppId", "130052378822001564");
user_pref("CT3286042.search.searchCount", "0");
user_pref("CT3286042.searchFromAddressBarEnabledByUser", "true");
user_pref("CT3286042.searchInNewTabEnabledByUser", "true");
user_pref("CT3286042.searchInNewTabEnabledInHidden", "true");
user_pref("CT3286042.searchRevert", "false");
user_pref("CT3286042.searchSuggestEnabledByUser", "true");
user_pref("CT3286042.searchUserMode", "2");
user_pref("CT3286042.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3286042.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3286042.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\"}");
user_pref("CT3286042.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3286042\"}");
user_pref("CT3286042.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://KeyBar18.OurToolbar.com//xpi\"}");
user_pref("CT3286042.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"KeyBar 1.8 \"}");
user_pref("CT3286042.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3286042.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"1\"}");
user_pref("CT3286042.serviceLayer_services_Configuration_lastUpdate", "1382751620565");
user_pref("CT3286042.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1382751671533");
user_pref("CT3286042.serviceLayer_services_appsMetadata_lastUpdate", "1382751671834");
user_pref("CT3286042.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1382751671680");
user_pref("CT3286042.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1382751620549");
user_pref("CT3286042.serviceLayer_services_login_10.21.1.7_lastUpdate", "1382751671445");
user_pref("CT3286042.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1382751671753");
user_pref("CT3286042.serviceLayer_services_searchAPI_lastUpdate", "1382751620638");
user_pref("CT3286042.serviceLayer_services_serviceMap_lastUpdate", "1382751620421");
user_pref("CT3286042.serviceLayer_services_toolbarContextMenu_lastUpdate", "1382751671726");
user_pref("CT3286042.serviceLayer_services_toolbarSettings_lastUpdate", "1382751620569");
user_pref("CT3286042.serviceLayer_services_translation_lastUpdate", "1382751671874");
user_pref("CT3286042.settingsINI", true);
user_pref("CT3286042.shouldFirstTimeDialog", "false");
user_pref("CT3286042.showToolbarPermission", "false");
user_pref("CT3286042.smartbar.CTID", "CT3286042");
user_pref("CT3286042.smartbar.Uninstall", "0");
user_pref("CT3286042.smartbar.homepage", "true");
user_pref("CT3286042.smartbar.toolbarName", "KeyBar 1.8 ");
user_pref("CT3286042.startPage", "true");
user_pref("CT3286042.toolbarBornServerTime", "26-10-2013");
user_pref("CT3286042.toolbarCurrentServerTime", "26-10-2013");
user_pref("CT3286042.toolbarInstallDate", "25-10-2013 18:40:03");
user_pref("CT3286042.toolbarLoginClientTime", "Fri Oct 25 2013 18:41:11 GMT-0700 (Pacific Standard Time)");
user_pref("CT3286042.versionFromInstaller", "10.21.1.7");
user_pref("CT3286042.xpeMode", "0");
user_pref("CT3286042_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1382751670642,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("CT3298573.1000082.isPlayDisplay", "true");
user_pref("CT3298573.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.
user_pref("CT3298573.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3298573.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3298573.FF19Solved", "true");
user_pref("CT3298573.FirstTime", "true");
user_pref("CT3298573.FirstTimeFF3", "true");
user_pref("CT3298573.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM3NDg2NjAwOA==");
user_pref("CT3298573.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM3NDg2NjAyMA==");
user_pref("CT3298573.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MQ==");
user_pref("CT3298573.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MTM3NDg2NjAyMA==");
user_pref("CT3298573.PG_ENABLE", "dHJ1ZQ==");
user_pref("CT3298573.SF_JUST_INSTALLED.enc", "RkFMU0U=");
user_pref("CT3298573.SF_STATUS.enc", "RU5BQkxFRA==");
user_pref("CT3298573.SF_USER_ID.enc", "Y2lkXzI2NzIwMTMxMjEzMjcyNjI3ODY0");
user_pref("CT3298573.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CUI=UN29690786391691618&UM=2&q=");
user_pref("CT3298573.TopHitsConfig.enc", "ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC5jb20vcHMvVG9wSGl0c0dlbmVyaWNBcHAvY29uZmlncy9VUy1VSy1EYW5jZS1Sb2NrLVJhcC9zc
user_pref("CT3298573.UserID", "UN29690786391691618");
user_pref("CT3298573.YTbyClickFavorites.enc", "W10=");
user_pref("CT3298573.YTbyClickRecent.enc", "W10=");
user_pref("CT3298573.acp_personal.appstate.enc", "ZW5hYmxl");
user_pref("CT3298573.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT3298573.browser.search.defaultthis.engineName", "true");
user_pref("CT3298573.cbfirsttime.enc", "RnJpIEp1bCAyNiAyMDEzIDEyOjEzOjI3IEdNVC0wNzAwIChQYWNpZmljIFN0YW5kYXJkIFRpbWUp");
user_pref("CT3298573.countryCode", "US");
user_pref("CT3298573.defaultSearch", "true");
user_pref("CT3298573.embeddedsData", "[{\"appId\":\"130110228602769889\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT3298573.enableAlerts", "true");
user_pref("CT3298573.enableSearchFromAddressBar", "true");
user_pref("CT3298573.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":1000,\"minWidth\":250,\"width\":500}");
user_pref("CT3298573.firstTimeDialogOpened", "true");
user_pref("CT3298573.fixPageNotFoundError", "true");
user_pref("CT3298573.fixPageNotFoundErrorByUser", "true");
user_pref("CT3298573.fixPageNotFoundErrorInHidden", "true");
user_pref("CT3298573.fixUrls", true);
user_pref("CT3298573.fullUserID", "UN29690786391691618.IN.20130726121219");
user_pref("CT3298573.installDate", "26/07/2013 12:12:19");
user_pref("CT3298573.installId", "cid128_49");
user_pref("CT3298573.installSessionId", "{E6DDBBEE-CFA6-4550-9C46-58991B8AFD18}");
user_pref("CT3298573.installSp", "TRUE");
user_pref("CT3298573.installType", "conduitnsisintegration");
user_pref("CT3298573.installUsageEarly", "2013-07-26T22:12:58.2157352+03:00");
user_pref("CT3298573.installerVersion", "1.5.4.4");
user_pref("CT3298573.isCheckedStartAsHidden", true);
user_pref("CT3298573.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3298573.isFirstTimeToolbarLoading", "false");
user_pref("CT3298573.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT3298573.keyword", "true");
user_pref("CT3298573.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3298573&octid=CT3298573&SearchSource=15&CUI=UN2969078639169161
user_pref("CT3298573.lastVersion", "10.16.70.5");
user_pref("CT3298573.mam_gk_appStateReportTime.enc", "MTM3NDg2NjAwNjUyNg==");
user_pref("CT3298573.mam_gk_appState_ACplus.enc", "b24=");
user_pref("CT3298573.mam_gk_appState_CouponBuddy.enc", "b24=");
user_pref("CT3298573.mam_gk_appState_Discover.enc", "b24=");
user_pref("CT3298573.mam_gk_appState_Easytobook.enc", "b24=");
user_pref("CT3298573.mam_gk_appState_Easytobook_targeted.enc", "b24=");
user_pref("CT3298573.mam_gk_appState_Find-a-Pro.enc", "b24=");
user_pref("CT3298573.mam_gk_appState_PiclickV2-WebSearch.enc", "b24=");
user_pref("CT3298573.mam_gk_appState_PriceGong.enc", "b24=");
user_pref("CT3298573.mam_gk_appState_WindowShopper.enc", "b24=");
user_pref("CT3298573.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnN
user_pref("CT3298573.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
user_pref("CT3298573.mam_gk_calledSetupService.enc", "MQ==");
user_pref("CT3298573.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJTZWFyY2giLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiJhODZkNjc4My03OTljLTRiNTEtOD
user_pref("CT3298573.mam_gk_currentVersion.enc", "MS45LjAuNA==");
user_pref("CT3298573.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
user_pref("CT3298573.mam_gk_first_time.enc", "MQ==");
user_pref("CT3298573.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
user_pref("CT3298573.mam_gk_lastLoginTime.enc", "MTM3NDg2NjAwMzE0NQ==");
user_pref("CT3298573.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHM
user_pref("CT3298573.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
user_pref("CT3298573.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoi
user_pref("CT3298573.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
user_pref("CT3298573.mam_gk_userId.enc", "YTVmZTBiNmYtYzY4Zi00N2VkLTlkNjUtZTAyMWUzNDRiNWE5");
user_pref("CT3298573.migrateAppsAndComponents", true);
user_pref("CT3298573.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3298573%26octid%3DCT3298573%26SearchSource%3D61%26CUI%3DUN
user_pref("CT3298573.openThankYouPage", "false");
user_pref("CT3298573.openUninstallPage", "true");
user_pref("CT3298573.originalHomepage", "about:home");
user_pref("CT3298573.originalSearchAddressUrl", "");
user_pref("CT3298573.originalSearchEngine", "");
user_pref("CT3298573.originalSearchEngineName", "");
user_pref("CT3298573.price-gong.isManagedApp", "true");
user_pref("CT3298573.revertSettingsEnabled", "false");
user_pref("CT3298573.search.searchAppId", "130110228602769889");
user_pref("CT3298573.search.searchCount", "0");
user_pref("CT3298573.searchFromAddressBarEnabledByUser", "true");
user_pref("CT3298573.searchInNewTabEnabledByUser", "true");
user_pref("CT3298573.searchInNewTabEnabledInHidden", "true");
user_pref("CT3298573.searchRevert", "false");
user_pref("CT3298573.searchSuggestEnabledByUser", "true");
user_pref("CT3298573.searchUserMode", "2");
user_pref("CT3298573.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3298573.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3298573.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT3298573.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3298573\"}");
user_pref("CT3298573.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://MixiDJV37.OurToolbar.com//xpi\"}");
user_pref("CT3298573.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"MixiDJ V37\"}");
user_pref("CT3298573.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3298573.serviceLayer_services_Configuration_lastUpdate", "1374865978815");
user_pref("CT3298573.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1374865978821");
user_pref("CT3298573.serviceLayer_services_searchAPI_lastUpdate", "1374865978784");
user_pref("CT3298573.serviceLayer_services_serviceMap_lastUpdate", "1374865977980");
user_pref("CT3298573.serviceLayer_services_toolbarSettings_lastUpdate", "1374865978931");
user_pref("CT3298573.settingsINI", true);
user_pref("CT3298573.shouldFirstTimeDialog", "false");
user_pref("CT3298573.showToolbarPermission", "false");
user_pref("CT3298573.smartbar.CTID", "CT3298573");
user_pref("CT3298573.smartbar.Uninstall", "0");
user_pref("CT3298573.smartbar.homepage", "true");
user_pref("CT3298573.smartbar.toolbarName", "MixiDJ V37 ");
user_pref("CT3298573.startPage", "true");
user_pref("CT3298573.toolbarBornServerTime", "26-7-2013");
user_pref("CT3298573.toolbarCurrentServerTime", "26-7-2013");
user_pref("CT3298573.toolbarLoginClientTime", "Fri Jul 26 2013 12:13:20 GMT-0700 (Pacific Standard Time)");
user_pref("CT3298573.versionFromInstaller", "10.16.70.5");
user_pref("CT3298573.xpeMode", "0");
user_pref("CT3298573_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1374867756445,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3286042&octid=CT3286042&SearchSource=61&CUI=UN14374059820671201&UM=2&UP=SP62C6C43A-0067-428C-A2D4
user_pref("Smartbar.ConduitSearchEngineList", "KeyBar 1.8 Customized Web Search");
user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3286042&SearchSource=2&CUI=UN14374059820671201&UM=2&q=");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3286042");
user_pref("browser.search.defaultenginename", "KeyBar 1.8 Customized Web Search");
user_pref("browser.search.defaultthis.engineName", "KeyBar 1.8 Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3286042&CUI=UN14374059820671201&UM=2&SearchSource=3&q={searchTerms}");
user_pref("browser.search.selectedEngine", "KeyBar 1.8 Customized Web Search");
user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3286042&octid=CT3286042&SearchSource=61&CUI=UN14374059820671201&UM=2&UP=SP62C6C43A-0067-428C-A2D4-7B3A
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.id", "44b74d64000000000000e006e673ddcc");
user_pref("extensions.delta.instlDay", "15913");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.22.0");
user_pref("extensions.delta.vrsnTs", "1.8.22.023:35:02");
user_pref("extensions.delta.vrsni", "1.8.22.0");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.babTrack", "affID=119351&tsp=4956");
user_pref("extensions.delta_i.srcExt", "ss");
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3286042&SearchSource=2&CUI=UN14374059820671201&UM=2&q=");
user_pref("plugin.state.npconduitfirefoxplugin", 2);
user_pref("smartbar.addressBarOwnerCTID", "CT3286042");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298573&CUI=UN29690786391691618&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3298573&oct
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CUI=UN29690786391691618&UM=2&q=,hxxp://search.condui
user_pref("smartbar.defaultSearchOwnerCTID", "CT3286042");
user_pref("smartbar.homePageOwnerCTID", "CT3286042");
user_pref("smartbar.machineId", "CREWV/K+AIR6/PKQ5ZMNEBC6HKJDBA66ZZKC/L+HNDXNXSRMHBNZKL4OKU3BS0B0U/TY8HTVFU4CXLJGZZQG0A");
user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3298573&CUI=UN29690786391691618&UM=2&SearchSource=13");
Emptied folder: C:\Users\Steve\AppData\Roaming\mozilla\firefox\profiles\8tv73f42.default\minidumps [4 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Steve\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/25/2013 at 19:41:15.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


now when it comes to the AdwCleaner it create this logs but it also says.......

 

pending, please uncheck elements you don't want removed

 

 

what am I looking for????

 

 

 

 

 

 

# AdwCleaner v3.010 - Report created 25/10/2013 at 19:46:24
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Steve - STEVES-PC
# Running from : C:\Users\Steve\Documents\BleepingComputer\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Windows\System32\Tasks\Express FilesUpdate
Folder Found : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
Folder Found C:\Program Files (x86)\Deal Boat
Folder Found C:\Program Files (x86)\Deal Boat
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot
Folder Found C:\Users\Steve\AppData\Local\Deal Boat
Folder Found C:\Users\Steve\AppData\Local\Deal Boat
Folder Found C:\Users\Steve\AppData\Roaming\ExpressFiles

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Deal Boat
Key Found : HKCU\Software\AppDataLow\Software\Deal Boat
Key Found : HKCU\Software\ExpressFiles
Key Found : HKCU\Software\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Found : [x64] HKCU\Software\ExpressFiles
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\Software\Deal Boat
Key Found : HKLM\Software\Deal Boat
Key Found : HKLM\Software\ExpressFiles
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
Key Found : HKLM\Software\InfoAtoms
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\8tv73f42.default\prefs.js ]

Line Found : user_pref("CT3286042.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Found : user_pref("CT3286042.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3286042.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3286042.embeddedsData", "[{\"appId\":\"130052378822001564\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Found : user_pref("CT3286042.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":1000,\"minWidth\":250,\"width\":500}");
Line Found : user_pref("CT3286042.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3286042.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3286042.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3286042&octid=CT3286042&SearchSource=15&CUI=UN14374059820671201&SSPV=&Lay=1&UM=2\"}");
Line Found : user_pref("CT3286042.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://KeyBar18.OurToolbar.com/\",\"EB_TOOLBA[...]
Line Found : user_pref("CT3286042.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3286042.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3286042.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\"}");
Line Found : user_pref("CT3286042.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3286042\"}");
Line Found : user_pref("CT3286042.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://KeyBar18.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3286042.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"KeyBar 1.8 \"}");
Line Found : user_pref("CT3286042.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3286042.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"1\"}");
Line Found : user_pref("CT3286042_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1382751670642,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("CT3298573.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Found : user_pref("CT3298573.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3298573.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3298573.embeddedsData", "[{\"appId\":\"130110228602769889\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Found : user_pref("CT3298573.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":1000,\"minWidth\":250,\"width\":500}");
Line Found : user_pref("CT3298573.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3298573.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3298573.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3298573&octid=CT3298573&SearchSource=15&CUI=UN29690786391691618&SSPV=&Lay=1&UM=2\"}");
Line Found : user_pref("CT3298573.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3298573%26octid%3DCT3298573%26SearchSource%3D61%26CUI%3DUN29690786391691618%26UM%3D[...]
Line Found : user_pref("CT3298573.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3298573.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3298573.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT3298573.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3298573\"}");
Line Found : user_pref("CT3298573.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://MixiDJV37.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3298573.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"MixiDJ V37\"}");
Line Found : user_pref("CT3298573.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3298573_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1374867756445,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Found : user_pref("extensions.helperbar.LastHiddenTime", 22489579);

-\\ Google Chrome v

[ File : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword

*************************

AdwCleaner[R0].txt - [20415 octets] - [25/10/2013 05:48:39]
AdwCleaner[R1].txt - [20476 octets] - [25/10/2013 06:04:17]
AdwCleaner[R2].txt - [21901 octets] - [25/10/2013 06:04:37]
AdwCleaner[R3].txt - [8547 octets] - [25/10/2013 19:46:24]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [8607 octets] ##########
 



#4 buddy215

buddy215

  • BC Advisor
  • 13,004 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:19 AM

Posted 26 October 2013 - 06:24 AM

Go ahead and allow AdwCleaner to remove what it found.

 

This SAS log entry needs attention. It could be a false positive as SAS last year was having that problem. I think if Kryptik was active on your

computer you would be seeing and experiencing a lot more problems than just a popup. If you are not using FLAC I suggest uninstalling it.

If you want to keep it then I would suggest strongly not accepting any updates from it. It is the type of program that Kryptik is often associated with.

Trojan.Agent/Gen-Kryptik
    C:\STEVE\DOWNLOADS\FLAC-1.2.1B.EXE

 

After running AdwCleaner and removing the adware it found, do another scan using Free ESET Online Antivirus Scanner

Post the log if it finds anything.

 

Let me know if you are still seeing those popups, too.

 

EDIT:  Did you not allow SAS to remove what it found...ad/ tracking cookies and the Kryptik file?

If you didn't remove those files, submit that FLAC.exe to VirusTotal - Free Online Virus and Malware Scan

and allow a scan of that file. It will only take a couple of minutes for VirusTotal to scan using over 40 security programs.

Post the results back here.


Edited by buddy215, 26 October 2013 - 06:33 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 Speedo420

Speedo420
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 26 October 2013 - 04:35 PM

I had SAS remove the threats when I ran it, the tracking cookies and the Kryptik file.  this is the log from .AdwCleaner and yes I still have the same popup


# AdwCleaner v3.010 - Report created 25/10/2013 at 19:46:24
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Steve - STEVES-PC
# Running from : C:\Users\Steve\Documents\BleepingComputer\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Windows\System32\Tasks\Express FilesUpdate
Folder Found : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
Folder Found C:\Program Files (x86)\Deal Boat
Folder Found C:\Program Files (x86)\Deal Boat
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot
Folder Found C:\Users\Steve\AppData\Local\Deal Boat
Folder Found C:\Users\Steve\AppData\Local\Deal Boat
Folder Found C:\Users\Steve\AppData\Roaming\ExpressFiles

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Deal Boat
Key Found : HKCU\Software\AppDataLow\Software\Deal Boat
Key Found : HKCU\Software\ExpressFiles
Key Found : HKCU\Software\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Found : [x64] HKCU\Software\ExpressFiles
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\Software\Deal Boat
Key Found : HKLM\Software\Deal Boat
Key Found : HKLM\Software\ExpressFiles
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
Key Found : HKLM\Software\InfoAtoms
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\8tv73f42.default\prefs.js ]

Line Found : user_pref("CT3286042.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Found : user_pref("CT3286042.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3286042.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3286042.embeddedsData", "[{\"appId\":\"130052378822001564\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Found : user_pref("CT3286042.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":1000,\"minWidth\":250,\"width\":500}");
Line Found : user_pref("CT3286042.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3286042.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3286042.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3286042&octid=CT3286042&SearchSource=15&CUI=UN14374059820671201&SSPV=&Lay=1&UM=2\"}");
Line Found : user_pref("CT3286042.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://KeyBar18.OurToolbar.com/\",\"EB_TOOLBA[...]
Line Found : user_pref("CT3286042.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3286042.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3286042.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\"}");
Line Found : user_pref("CT3286042.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3286042\"}");
Line Found : user_pref("CT3286042.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://KeyBar18.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3286042.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"KeyBar 1.8 \"}");
Line Found : user_pref("CT3286042.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3286042.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"1\"}");
Line Found : user_pref("CT3286042_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1382751670642,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("CT3298573.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Found : user_pref("CT3298573.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3298573.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3298573.embeddedsData", "[{\"appId\":\"130110228602769889\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Found : user_pref("CT3298573.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":1000,\"minWidth\":250,\"width\":500}");
Line Found : user_pref("CT3298573.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3298573.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3298573.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3298573&octid=CT3298573&SearchSource=15&CUI=UN29690786391691618&SSPV=&Lay=1&UM=2\"}");
Line Found : user_pref("CT3298573.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3298573%26octid%3DCT3298573%26SearchSource%3D61%26CUI%3DUN29690786391691618%26UM%3D[...]
Line Found : user_pref("CT3298573.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3298573.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3298573.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT3298573.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3298573\"}");
Line Found : user_pref("CT3298573.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://MixiDJV37.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3298573.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"MixiDJ V37\"}");
Line Found : user_pref("CT3298573.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3298573_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1374867756445,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Found : user_pref("extensions.helperbar.LastHiddenTime", 22489579);

-\\ Google Chrome v

[ File : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword

*************************

AdwCleaner[R0].txt - [20415 octets] - [25/10/2013 05:48:39]
AdwCleaner[R1].txt - [20476 octets] - [25/10/2013 06:04:17]
AdwCleaner[R2].txt - [21901 octets] - [25/10/2013 06:04:37]
AdwCleaner[R3].txt - [8547 octets] - [25/10/2013 19:46:24]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [8607 octets] ##########
 

 

Free ESET Online Antivirus Scanner didn't find a thing


Edited by Speedo420, 26 October 2013 - 05:28 PM.


#6 buddy215

buddy215

  • BC Advisor
  • 13,004 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:19 AM

Posted 26 October 2013 - 05:27 PM

AdwCleaner log is yesterdays. Did you rerun it and delete what it found? That log doesn't show that you allowed it to delete what it found.

 

If you haven't run the Eset scan, do that and post its log if it finds anything.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 Speedo420

Speedo420
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 26 October 2013 - 05:42 PM

oops, sorry here is the right log.............Eset Scan didn't find a thing

 

# AdwCleaner v3.010 - Report created 26/10/2013 at 07:23:56
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Steve - STEVES-PC
# Running from : C:\Users\Steve\Documents\BleepingComputer\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot
Folder Deleted : C:\Program Files (x86)\Deal Boat
Folder Deleted : C:\Users\Steve\AppData\Local\Deal Boat
Folder Deleted : C:\Users\Steve\AppData\Roaming\ExpressFiles
Folder Deleted : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
File Deleted : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Windows\System32\Tasks\Express FilesUpdate

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fgkbmedckhcibhkdhaokebnllokeokek
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Deal Boat
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Deal Boat
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\InfoAtoms
Key Deleted : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\8tv73f42.default\prefs.js ]

Line Deleted : user_pref("CT3286042.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3286042.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3286042.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3286042.embeddedsData", "[{\"appId\":\"130052378822001564\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3286042.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":1000,\"minWidth\":250,\"width\":500}");
Line Deleted : user_pref("CT3286042.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3286042.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3286042.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3286042&octid=CT3286042&SearchSource=15&CUI=UN14374059820671201&SSPV=&Lay=1&UM=2\"}");
Line Deleted : user_pref("CT3286042.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://KeyBar18.OurToolbar.com/\",\"EB_TOOLBA[...]
Line Deleted : user_pref("CT3286042.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3286042.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3286042.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\"}");
Line Deleted : user_pref("CT3286042.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3286042\"}");
Line Deleted : user_pref("CT3286042.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://KeyBar18.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3286042.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"KeyBar 1.8 \"}");
Line Deleted : user_pref("CT3286042.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3286042.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"1\"}");
Line Deleted : user_pref("CT3286042_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1382751670642,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3298573.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3298573.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298573.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298573.embeddedsData", "[{\"appId\":\"130110228602769889\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3298573.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":1000,\"minWidth\":250,\"width\":500}");
Line Deleted : user_pref("CT3298573.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298573.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3298573.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3298573&octid=CT3298573&SearchSource=15&CUI=UN29690786391691618&SSPV=&Lay=1&UM=2\"}");
Line Deleted : user_pref("CT3298573.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3298573%26octid%3DCT3298573%26SearchSource%3D61%26CUI%3DUN29690786391691618%26UM%3D[...]
Line Deleted : user_pref("CT3298573.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298573.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298573.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3298573.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3298573\"}");
Line Deleted : user_pref("CT3298573.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://MixiDJV37.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3298573.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"MixiDJ V37\"}");
Line Deleted : user_pref("CT3298573.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298573_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1374867756445,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.LastHiddenTime", 22489579);

-\\ Google Chrome v

[ File : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url

*************************

AdwCleaner[R0].txt - [20415 octets] - [25/10/2013 05:48:39]
AdwCleaner[R1].txt - [20476 octets] - [25/10/2013 06:04:17]
AdwCleaner[R2].txt - [21901 octets] - [25/10/2013 06:04:37]
AdwCleaner[R3].txt - [8695 octets] - [25/10/2013 19:46:24]
AdwCleaner[R4].txt - [8755 octets] - [26/10/2013 07:23:16]
AdwCleaner[S0].txt - [7945 octets] - [26/10/2013 07:23:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8005 octets] ##########
 



#8 buddy215

buddy215

  • BC Advisor
  • 13,004 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:19 AM

Posted 26 October 2013 - 05:47 PM

Look in your Add/ Remove program for any program you did not specifically install recently.

Check your browser(s) add-ons/ extensions and remove/ disable any you don't recognize.

 

EDIT: Have you recently installed a video downloader? If so, that is likely the source of the popup.

Some of those are ad supported and some have a pay for/ pro version.

Though you did have files removed by the scanners from multiple adware crapola.


Edited by buddy215, 26 October 2013 - 05:59 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 Speedo420

Speedo420
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 28 October 2013 - 12:50 PM

I have it as an extension for Firefox, I see that it recently updated so maybe that is the problem with the popup......cuz I don't see it under Add/Remove programs.   are these programs I can run all the time to keep the crap off of the computer?

 

once again thanks...



#10 buddy215

buddy215

  • BC Advisor
  • 13,004 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:19 AM

Posted 28 October 2013 - 01:09 PM

Junkware Removal and AdwCleaner will need to be downloaded anew to get the latest updated version.

 

Super Antispyware can be updated manually and the paid version will update automatically.

Ccleaner will notify you when it has a new version that you choose to update to.

 

You block the install of the Ad/ tracking 3rd party cookies. After blocking them following the instructions

in link below, run Super Antispyware again to remove the ones presently installed.

Disable third-party cookies in IE, Firefox, and Google Chrome | How To - CNET

 

Today, you have to assume that EVERY free program, add-on, etc. comes with adware baggage. Some

you can block from installing and some you cannot...foistware. Best to choose custom install when offered.

What adware accompanies the free ware varies by what download site you download from.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#11 eckre

eckre

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 27 July 2014 - 07:22 PM

Ugh, forget all this spyware scanning crap.  Just disable or delete the extension.   I disabled it (because the extension is useful 0.0001% of the time) and all the ads went away. 

 

 

 

 

 

 

Hi, I have recently started to get this popup.......

 

"Vines Video Compilation, Check out new Vine Video Project from FVD Downloader Team!  Visit Website.  is it something to be worried about?

 

thanks in advance

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users