DreBeltrami

WOOHOO, looks like the ads are all gone. Thank you SOOO much for all your help walking me through all of this - you guys ROCK! -Dre

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.4.2 (01.08.2013:1) OS: Windows 7 Home Premium x64 Ran by Dre Beltrami on Mon 01/14/2013 at 17:46:08.09 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Dre Beltrami\appdata\local\coupon companion" Successfully deleted: [Folder] "C:\Program Files (x86)\coupon companion" ~~~ FireFox Successfully deleted: [Folder] C:\Users\Dre Beltrami\AppData\Roaming\mozilla\firefox\profiles\vwbesadh.default\extensions\crossriderapp4493@crossrider.com Successfully deleted the following from C:\Users\Dre Beltrami\AppData\Roaming\mozilla\firefox\profiles\vwbesadh.default\prefs.js user_pref("extensions.crossrider.bic", "13c203b506d7fbafd4489e9fe485c806"); user_pref("extensions.crossriderapp4493.4493.InstallationTime", 1358121312); user_pref("extensions.crossriderapp4493.4493.active", true); user_pref("extensions.crossriderapp4493.4493.addressbar", ""); user_pref("extensions.crossriderapp4493.4493.addressbarenhanced", ""); user_pref("extensions.crossriderapp4493.4493.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&appAPI.webRequest&&appAPI.webRequest.onBeforeNavigate?_GPL_BG_NEW.preinit() user_pref("extensions.crossriderapp4493.4493.backgroundver", 7); user_pref("extensions.crossriderapp4493.4493.can_run_bg_code", true); user_pref("extensions.crossriderapp4493.4493.certdomaininstaller", ""); user_pref("extensions.crossriderapp4493.4493.changeprevious", false); user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1358121312"); user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.value", "1358121312"); user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.expiration", "Mon Jan 14 2013 17:45:58 GMT-0800 (Pacific Standard Time)"); user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22"); user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.expiration", "Sun Jan 20 2013 15:58:36 GMT-0800 (Pacific Standard Time)"); user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.value", "%22US%22"); user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.value", "1358212985"); user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.value", "%221357677859%22"); user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.value", "%221%22"); user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D"); user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.value", "%221357677771%22"); user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.value", "%2214019%22"); user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.value", "1358121785051"); user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.value", "%221175%22"); user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.value", "%22130814%22"); user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.value", "1358121516044"); user_pref("extensions.crossriderapp4493.4493.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); user_pref("extensions.crossriderapp4493.4493.cookie.lastrequest.value", "%7B%22path%22%3A%22/index.php%22%2C%22host%22%3A%22forums.malwarebytes.org%22%2C%22scheme%22%3A%22http user_pref("extensions.crossriderapp4493.4493.description", "Coupon Companion"); user_pref("extensions.crossriderapp4493.4493.domain", ""); user_pref("extensions.crossriderapp4493.4493.enablesearch", false); user_pref("extensions.crossriderapp4493.4493.fbremoteurl", ""); user_pref("extensions.crossriderapp4493.4493.group", 0); user_pref("extensions.crossriderapp4493.4493.homepage", ""); user_pref("extensions.crossriderapp4493.4493.iframe", false); user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.value", "49"); user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.value", "0"); user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.value", "%7B%7D"); user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.expiration", "Mon Jan 14 2013 23:23:05 GMT-0800 (Pacific Standard Time)"); user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.value", "true"); user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)"); user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.value", "%7B%7D"); user_pref("extensions.crossriderapp4493.4493.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1175,baseCDN:\" user_pref("extensions.crossriderapp4493.4493.manifesturl", ""); user_pref("extensions.crossriderapp4493.4493.name", "Coupon Companion"); user_pref("extensions.crossriderapp4493.4493.newtab", ""); user_pref("extensions.crossriderapp4493.4493.opensearch", ""); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appA user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.name", "base"); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.ver", 3); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw n user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.name", "GPL Plugin (Loader)"); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.ver", 12); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rules:{},started:!1,log:function(d){console.log(d)},factor:1,preinit:function( user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.name", "GPL Background (BG)"); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.ver", 4); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelectio user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.name", "CrossriderAppUtils"); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.ver", 2); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\" user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.name", "CrossriderUtils"); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.ver", 2); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.code", "(function(f){var u={};var e=Math.floor(Math.random()*99999);var g=Math.floor(Math.random()*9999999999999 user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.name", "FacebookFFIE"); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.ver", 1); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!=true)&&(typeof _firefoxVersion!==\"undefined\"&&_ user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.name", "FFAppAPIWrapper"); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.ver", 4); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * http://jquery.com/\n *\ user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.name", "jQuery"); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.ver", 3); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.deb user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.name", "debug"); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.ver", 3); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=funct user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.name", "resources"); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.ver", 2); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred( user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.name", "initializer"); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.ver", 2); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"undefi user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.name", "jquery_1_7_1"); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.ver", 3); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=( user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.name", "resources_background"); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.ver", 1); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};v user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.name", "appApiMessage"); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.ver", 1); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var k={};var f=appAPI.appInfo.name;var l=fu user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.name", "appApiValidation"); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.ver", 1); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.name", "CrossriderInfo"); user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.ver", 2); user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015"); user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_1", "17,14,78,13,16,15,64,4,1,21,22,72,1000014,28"); user_pref("extensions.crossriderapp4493.4493.pluginsurl", "http://app-static.crossrider.com/plugin/apps/4493/plugins/086/ff/plugins.json"); user_pref("extensions.crossriderapp4493.4493.pluginsversion", 25); user_pref("extensions.crossriderapp4493.4493.publisher", "215 Apps"); user_pref("extensions.crossriderapp4493.4493.searchstatus", 0); user_pref("extensions.crossriderapp4493.4493.setnewtab", false); user_pref("extensions.crossriderapp4493.4493.settingsurl", ""); user_pref("extensions.crossriderapp4493.4493.thankyou", ""); user_pref("extensions.crossriderapp4493.4493.updateinterval", 360); user_pref("extensions.crossriderapp4493.4493.ver", 49); user_pref("extensions.crossriderapp4493.apps", "4493"); user_pref("extensions.crossriderapp4493.bic", "13c203b506d7fbafd4489e9fe485c806"); user_pref("extensions.crossriderapp4493.cid", 4493); user_pref("extensions.crossriderapp4493.firstrun", false); user_pref("extensions.crossriderapp4493.hadappinstalled", true); user_pref("extensions.crossriderapp4493.installationdate", 1358121312); user_pref("extensions.crossriderapp4493.lastcheck", 22636883); user_pref("extensions.crossriderapp4493.lastcheckitem", 22636904); user_pref("extensions.crossriderapp4493.modetype", "production"); user_pref("extensions.crossriderapp4493.reportInstall", true); user_pref("extensions.ntk.HISTORY", "[{\"title\":\"(1) Facebook\",\"icon\":{\"spec\":\"moz-anno:favicon:https://fbstatic-a.akamaihd.net/rsrc.php/y4/x/Ivn-CVe5TGK.ico\"},\"uri\ user_pref("extensions.ntk.blacklist", "http://gmail.com;http://www.mysweetmelons.com/;https://support.mozilla.org/en-US/kb/how-do-i-manage-my-firefox-sync-account?redirectloca Emptied folder: C:\Users\Dre Beltrami\AppData\Roaming\mozilla\firefox\profiles\vwbesadh.default\minidumps [20 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 01/14/2013 at 17:53:52.63 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Here is the log... JRT.txt

Btw, the couponcompanion is still shoving ads all over my Facebook and other social media, even after a Firefox update, cleared the cache and another restart...

Here is the contents of checkup.txt Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Anti-Virus Free Edition 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.61.0.1400 JavaFX 2.1.1 Java™ 7 Update 5 Java version out of Date! Adobe Flash Player 11.5.502.146 Mozilla Firefox 16.0.2 Firefox out of Date! Google Chrome 22.0.1229.95 Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe Symantec Norton Online Backup NOBuAgent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` And I've attached the logs as well. What is your advice on better security...clearly the free AVG antivirus isn't hefty enough. I download a lot of things so I need something more secure, any suggestions are much appreciated! Thanks again for all the help on this! -Dre AdwCleanerR3.txt AdwCleanerS1.txt

Here's the Adwcleaner log... AdwCleanerR2.txt

Here's my ADWCleaner log... AdwCleanerR1.txt

Here's my Rogue Killer log... RKreport1_S_01122013_02d1112.txt

Nevermind, I just saw I missed a step on the original post - I will do that right now...

Sorry, but you lost me a bit. What is RogueKiller and where was I suppose to find and run that to get you a log?

Here are the two logs. Let me know what I need to do next... Thanks, Dre attach.txt dds.txt

Hi There, I recently uploaded Snagit from Cnet and they gave me another gift...Coupon Companioin....urgh! I have done a restore to two different points prior but this stupid plugin is sitll buried somewhere as I am still seeing ads all over the place. I ran the malware scan and it did find some stuff, but the ads are still there in droves. Can someone offer some assistance on how I can irradicate this bad boy once and for all? Thanks in advance! -Dre mbam-log-2013-01-09 (17-03-20).txt