AD POSTING PAIN IN THE ASS

Viruses and worms
1

http://rvzr-a.akamaihd.net/sd/wrap-0.01.html?u=http%3A%2F%2Frvzr-a.akamaihd.net%2Fsd%2Fapps%2Ffusionx%2F0.0.4.html%3Faff%3D1700-1043

I was able to download the ABP with 4 filter subscriptions, but this page and others keep trying to open in the sides of the screen. When the ads were posting, some were Porn. I have had avast for years now and always update and Boot Scan and regular scan. I have not been able to get rid of this item. Also for some reason I keep getting ad ons to my tool bars. What can be done? AVAST has always had my back in the past…

2

Ohh forgot to add, All this happened when we tried to download an updated version of GOOGLE EARTH, from the google site.

3

Did it have any additional goodies in the download ?

Please download Junkware Removal Tool to your desktop.

[]Right-mouse click JRT.exe and select “Run as Administrator” the tool will open and start scanning your system
[]please be patient as this can take a while to complete depending on your system’s specifications
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[]post the contents of JRT.txt into your next message.

4

OK, this is what JRT came up with: Am I cleared now?
IF SO THANK YOU SO MUCH IN ADVANCE!.. I am checking my browsers now, this post is too big will post in sections
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Sun 11/10/2013 at 16:59:18.19

~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B3420A9C-A397-4409-B90D-BCF22DA1A08A}
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

    Value Name          Type                             Value Data                     
    BackgroundContainer    REG_SZ    "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Owner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dnu.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\plus-hd-1.3
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\firstsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311121157}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
~~~ Files
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-1.3-chromeinstaller.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-1.3-codedownloader.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-1.3-enabler.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-1.3-firefoxinstaller.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-1.3-updater.job
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\end"
Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"
Successfully deleted: [File] C:\Windows\syswow64\sho389C.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3F8F.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho50B3.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho52B1.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho586C.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6220.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho71FB.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7347.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho73F5.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho74E4.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7F52.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB2D4.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD724.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE446.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE47A.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE4A0.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoFFED.tmp
5

part two:~~~ Folders
Successfully deleted: [Folder] “C:\ProgramData\best buy pc app”
Successfully deleted: [Folder] “C:\ProgramData\conduit”
Successfully deleted: [Folder] “C:\Users\Owner\appdata\local\best buy pc app”
Successfully deleted: [Folder] “C:\Users\Owner\appdata\local\conduit”
Successfully deleted: [Folder] “C:\Users\Owner\appdata\local\cre”
Successfully deleted: [Folder] “C:\Users\Owner\appdata\locallow\conduit”
Successfully deleted: [Folder] “C:\Users\Owner\appdata\locallow\pricegong”
Successfully deleted: [Folder] “C:\Program Files (x86)\conduit”
Successfully deleted: [Folder] “C:\Program Files (x86)\coupons”
Successfully deleted: [Folder] “C:\Program Files (x86)\mypc backup”
Successfully deleted: [Folder] “C:\Program Files (x86)\Common Files\software update utility”
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{00B6EC23-3664-458D-A527-878D355913E0}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{0204F655-6DC8-4211-A68A-8192AC0BCF24}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{0831F6D6-314C-4D45-B617-DF0672CFD5B5}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{085C21C9-421A-4790-80B7-FB8DAA4994F2}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{0884A0C7-C04F-4741-BEC7-158690D7B5E8}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{09C0CFB4-9101-426E-937C-411EEA992F5F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{1187FC38-B394-48D1-B1FF-8C313C6F6E77}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{12433027-423B-4477-8C53-A1AD54AD564C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{1377B6F1-28ED-4CE0-8BA2-E149D222DE75}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{13FE7E30-0C52-4A52-8D58-16614848ED90}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{184877D2-161E-4E8F-950A-19EC4EA3FD02}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{1E6EF937-122C-46E4-AF99-9D78518A38BB}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{1ED3C44F-8F5B-4741-9B12-8EEF7844BE71}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{210E666C-3701-4C0B-89E7-22D0E3D5E848}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{23259681-C691-465D-AA36-223E4CB8626C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{26AF0C6A-4AAB-4598-A767-435F651C9C2D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{28BDF029-FCF7-48A8-AC34-B47B197EA122}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{28F43A84-0DE2-4C38-AF84-74BB7D0C8B6A}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{2990BF6F-6F34-4492-9E25-4294AB6E8250}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{3022FBA6-5354-4D75-9641-84775285EDD5}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{3125B376-FC54-4F1C-A8E9-8F6EE233EF0F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{338F6A65-3E78-4E35-A3D3-23649D243F40}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{34FC9E1B-DDB3-4DD7-AE9F-EC76B4514884}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{3E898B94-5875-400F-9544-54F532D91F55}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{410551FF-15ED-4096-90D9-E8C794871A3A}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{44842fbf-ffe6-ccb6-5a74-ab00b4ccd373}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{48D9755F-3C95-4E59-AD0F-D048012D01A7}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{4D0E438E-3893-4B86-9221-A0A62D831D1E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{54D611D8-A611-4407-8E16-C76E3F29FDC3}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{5565B300-2245-4F6F-9AC4-3C926A65F070}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{5886AD39-CCA3-4F40-B3C4-084E3D805BD3}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{59291745-E203-4C27-BE1D-1F354A65EE7A}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{602AC048-F22E-43B9-BEDF-FDAEC9CB3E89}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{6063A874-AE61-4D68-ABE1-D6D354ECE665}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{61CB7CB7-5526-4F35-BC8E-A770FCE2086D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{643DC8F2-31B4-4A46-8B24-539C1196392A}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{6AE7B2BB-3F4D-459A-9B81-20015CF3E9B3}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{6E8CBDF6-9F01-45C7-94AA-764B391121E0}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{6F723498-9B18-4470-B251-4CD93E59ED59}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{78394E36-7339-4974-B585-12E4F345A359}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{785E2028-CC98-4FE3-9993-85C897A60A75}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{7E1D4A00-1484-45D4-A50D-FBE8DFC30DEE}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{810D1C6C-F470-4BC9-BEF0-5D47C1B9FE8E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{8A61E137-3CB0-488E-9E48-A5E54EE12F0B}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{8AF6FE63-AFDF-4071-BEDA-EEF1AE9E7991}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{8F602EDA-DDC9-4F99-B323-1258BE3D6A9E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{91CFAEAF-BAEB-452C-88F7-3A4A3EF263F5}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{92C8BABB-B8E7-4B40-86D1-8FE48F9A0A43}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{95253FE2-FE24-4B40-B769-8FFF3A91AB1D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{955FA04F-3816-4625-929B-CEE70B8D6B96}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{9F5F680F-F926-4DBA-BEF2-BC61FC5FBA01}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{A2938957-FB60-44B2-A371-3BF8765C4652}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{AE9C2128-EC8A-456D-ACD6-F6B8B0CF7C9C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{B08FB453-62A6-4677-B02B-773DE330738E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{B2B8B1FD-DD4D-4976-ACF3-E97DFFE996EE}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{B54E2D41-50CD-4F89-AC2C-CE9EEA670F61}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{C0EBA6DD-BBD1-4C82-88F9-CB4166F3C197}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{C3E7F565-2BE1-4BE4-82FE-3CCB870C8BE9}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{C58A7076-EACD-4BBE-A626-EA0E38F3F3A4}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{C60DE154-068F-4CC1-B0A0-790154414B02}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{C669E693-98CD-41A6-94B0-01D1A686B61A}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{D6F6BA6A-517C-403D-BAF9-938877E2C6BF}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{D84E0C6C-D9E8-4E96-8840-5E596ECC1234}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{E03ECB49-7E9B-4472-ACB6-24DAE60BC228}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{E0533370-6FD7-48AA-B116-14405376F949}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{E2E1439C-4964-489C-B552-318ADAE7846E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{EEDC455E-8BB1-4D13-83B4-B0C58D85F7A4}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{F5C98DFE-34DA-47C2-8B84-2237F24A8F34}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{F9FEBFFE-E377-443E-96D8-6C6E53E751F3}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local{FC94908E-184B-44B7-B9A3-C6367781404A}

6

part three FINAL:~~ FireFox
Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\g2npg6y6.default\user.js
Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\g2npg6y6.default\searchplugins\conduit.xml~
Successfully deleted: [Folder] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\g2npg6y6.default\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com
Successfully deleted the following from C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\g2npg6y6.default\prefs.js
user_pref(“CT3303000.originalSearchAddressUrl”, “hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3314198&SearchSource=2&CUI=UN30024906772510519&UM=2&q=”);
user_pref(“CT3314198.SearchFromAddressBarUrl”, “hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3314198&SearchSource=2&CUI=UN30024906772510519&UM=2&q=”);
user_pref(“CT3314198.installType”, “conduitnsisintegration”);
user_pref(“CT3314198.mam_gk_appState_PiclickV2-WebSearch.enc”, “b24=”);
user_pref(“CT3314198.mam_gk_appsData.enc”, "eyJhcHBzIjpbeyJpZCI6IkpvYnNNaW5lciIsInVybCI6Imh0dHA6Ly9qb2JzbWluZXIuY29tL2NvbGxhYm9yYXRpb25zL2NvbmR1aXQvaW5kZXgyLmh0bWwiLCJzY3JpcHR
user_pref(“CT3314198.search.searchAppId”, “130231842236908790”);
user_pref(“CT3314198.search.searchCount”, “0”);
user_pref(“CT3314198.smartbar.CTID”, “CT3314198”);
user_pref(“CT3314198.smartbar.Uninstall”, “0”);
user_pref(“CT3314198.smartbar.homepage”, “true”);
user_pref(“CT3314198.smartbar.toolbarName”, "SweetPacks A1 ");
user_pref(“Smartbar.ConduitHomepagesList”, “hxxp://search.conduit.com/?ctid=CT3314198&CUI=UN30024906772510519&UM=2&SearchSource=13”);
user_pref(“Smartbar.ConduitSearchEngineList”, “SweetPacks A1 Customized Web Search”);
user_pref(“Smartbar.ConduitSearchUrlList”, “hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3314198&SearchSource=2&CUI=UN30024906772510519&UM=2&q=”);
user_pref(“Smartbar.SearchFromAddressBarSavedUrl”, “hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3314198&SearchSource=2&CUI=UN30024906772510519&UM=2&q=”);
user_pref(“Smartbar.keywordURLSelectedCTID”, “CT3314198”);
user_pref(“aolmail_toolbar.search.searchtype”, “web”);
user_pref(“browser.search.defaultthis.engineName”, “SweetPacks A1 Customized Web Search”);
user_pref(“browser.search.defaulturl”, “hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3314198&CUI=UN30024906772510519&UM=2&SearchSource=3&q={searchTerms}”);
user_pref(“extensions.crossrider.bic”, “14206dee8cb54d4536ab4085d4a4e54b”);
user_pref(“plugin.state.npconduitfirefoxplugin”, 2);
user_pref(“smartbar.addressBarOwnerCTID”, “CT3314198”);
user_pref(“smartbar.conduitHomepageList”, “hxxp://search.conduit.com/?ctid=CT3314198&CUI=UN30024906772510519&UM=2&SearchSource=13”);
user_pref(“smartbar.conduitSearchAddressUrlList”, "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3314198&SearchSource=2&CUI=UN30024906772510519&UM=2&q=,hxxp://search.condui
user_pref(“smartbar.defaultSearchOwnerCTID”, “CT3314198”);
user_pref(“smartbar.homePageOwnerCTID”, “CT3314198”);
user_pref(“smartbar.machineId”, “LJM8NTK+MSE+TQMP6ZUIZ+MZ8JLN2GVT4P26NX8NGOWX1MAFOXKQHXUC2CIZLJVK+X6UKIKEXWTFS6L8LPEWPG”);
Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\g2npg6y6.default\minidumps [106 files]

Scan was completed on Sun 11/10/2013 at 17:10:15.46
End of JRT log

7

So i guess the original qquestion about other goodies, yep I guess there was!

8

If the system is behaving then yes, otherwise I can look deeper

9

so far so good, definitley not downloading google earth again…Thank you, I am sure all the above means something to you, I hope you learn more about it! thanks again for your help!