DreBeltrami
-
Posts
12 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by DreBeltrami
-
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.2 (01.08.2013:1)
OS: Windows 7 Home Premium x64
Ran by Dre Beltrami on Mon 01/14/2013 at 17:46:08.09
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Dre Beltrami\appdata\local\coupon companion"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupon companion"
~~~ FireFox
Successfully deleted: [Folder] C:\Users\Dre Beltrami\AppData\Roaming\mozilla\firefox\profiles\vwbesadh.default\extensions\crossriderapp4493@crossrider.com
Successfully deleted the following from C:\Users\Dre Beltrami\AppData\Roaming\mozilla\firefox\profiles\vwbesadh.default\prefs.js
user_pref("extensions.crossrider.bic", "13c203b506d7fbafd4489e9fe485c806");
user_pref("extensions.crossriderapp4493.4493.InstallationTime", 1358121312);
user_pref("extensions.crossriderapp4493.4493.active", true);
user_pref("extensions.crossriderapp4493.4493.addressbar", "");
user_pref("extensions.crossriderapp4493.4493.addressbarenhanced", "");
user_pref("extensions.crossriderapp4493.4493.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&appAPI.webRequest&&appAPI.webRequest.onBeforeNavigate?_GPL_BG_NEW.preinit()
user_pref("extensions.crossriderapp4493.4493.backgroundver", 7);
user_pref("extensions.crossriderapp4493.4493.can_run_bg_code", true);
user_pref("extensions.crossriderapp4493.4493.certdomaininstaller", "");
user_pref("extensions.crossriderapp4493.4493.changeprevious", false);
user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1358121312");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.value", "1358121312");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.expiration", "Mon Jan 14 2013 17:45:58 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.expiration", "Sun Jan 20 2013 15:58:36 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.value", "%22US%22");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.value", "1358212985");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.value", "%221357677859%22");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.value", "%221%22");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.value", "%221357677771%22");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.value", "%2214019%22");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.value", "1358121785051");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.value", "%221175%22");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.value", "%22130814%22");
user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.value", "1358121516044");
user_pref("extensions.crossriderapp4493.4493.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4493.4493.cookie.lastrequest.value", "%7B%22path%22%3A%22/index.php%22%2C%22host%22%3A%22forums.malwarebytes.org%22%2C%22scheme%22%3A%22http
user_pref("extensions.crossriderapp4493.4493.description", "Coupon Companion");
user_pref("extensions.crossriderapp4493.4493.domain", "");
user_pref("extensions.crossriderapp4493.4493.enablesearch", false);
user_pref("extensions.crossriderapp4493.4493.fbremoteurl", "");
user_pref("extensions.crossriderapp4493.4493.group", 0);
user_pref("extensions.crossriderapp4493.4493.homepage", "");
user_pref("extensions.crossriderapp4493.4493.iframe", false);
user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.value", "49");
user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.value", "0");
user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.expiration", "Mon Jan 14 2013 23:23:05 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.crossriderapp4493.4493.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1175,baseCDN:\"
user_pref("extensions.crossriderapp4493.4493.manifesturl", "");
user_pref("extensions.crossriderapp4493.4493.name", "Coupon Companion");
user_pref("extensions.crossriderapp4493.4493.newtab", "");
user_pref("extensions.crossriderapp4493.4493.opensearch", "");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appA
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.name", "base");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.ver", 3);
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw n
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.ver", 12);
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rules:{},started:!1,log:function(d){console.log(d)},factor:1,preinit:function(
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.name", "GPL Background (BG)");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.ver", 4);
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelectio
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.name", "CrossriderAppUtils");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.ver", 2);
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.ver", 2);
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.code", "(function(f){var u={};var e=Math.floor(Math.random()*99999);var g=Math.floor(Math.random()*9999999999999
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.name", "FacebookFFIE");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.ver", 1);
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!=true)&&(typeof _firefoxVersion!==\"undefined\"&&_
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.name", "FFAppAPIWrapper");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.ver", 4);
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * http://jquery.com/\n *\
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.name", "jQuery");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.ver", 3);
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.deb
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.name", "debug");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.ver", 3);
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=funct
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.name", "resources");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.ver", 2);
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.name", "initializer");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.ver", 2);
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"undefi
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.name", "jquery_1_7_1");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.ver", 3);
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.name", "resources_background");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.ver", 1);
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};v
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.name", "appApiMessage");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.ver", 1);
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var k={};var f=appAPI.appInfo.name;var l=fu
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.name", "appApiValidation");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.ver", 1);
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.name", "CrossriderInfo");
user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.ver", 2);
user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015");
user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_1", "17,14,78,13,16,15,64,4,1,21,22,72,1000014,28");
user_pref("extensions.crossriderapp4493.4493.pluginsurl", "http://app-static.crossrider.com/plugin/apps/4493/plugins/086/ff/plugins.json");
user_pref("extensions.crossriderapp4493.4493.pluginsversion", 25);
user_pref("extensions.crossriderapp4493.4493.publisher", "215 Apps");
user_pref("extensions.crossriderapp4493.4493.searchstatus", 0);
user_pref("extensions.crossriderapp4493.4493.setnewtab", false);
user_pref("extensions.crossriderapp4493.4493.settingsurl", "");
user_pref("extensions.crossriderapp4493.4493.thankyou", "");
user_pref("extensions.crossriderapp4493.4493.updateinterval", 360);
user_pref("extensions.crossriderapp4493.4493.ver", 49);
user_pref("extensions.crossriderapp4493.apps", "4493");
user_pref("extensions.crossriderapp4493.bic", "13c203b506d7fbafd4489e9fe485c806");
user_pref("extensions.crossriderapp4493.cid", 4493);
user_pref("extensions.crossriderapp4493.firstrun", false);
user_pref("extensions.crossriderapp4493.hadappinstalled", true);
user_pref("extensions.crossriderapp4493.installationdate", 1358121312);
user_pref("extensions.crossriderapp4493.lastcheck", 22636883);
user_pref("extensions.crossriderapp4493.lastcheckitem", 22636904);
user_pref("extensions.crossriderapp4493.modetype", "production");
user_pref("extensions.crossriderapp4493.reportInstall", true);
user_pref("extensions.ntk.HISTORY", "[{\"title\":\"(1) Facebook\",\"icon\":{\"spec\":\"moz-anno:favicon:https://fbstatic-a.akamaihd.net/rsrc.php/y4/x/Ivn-CVe5TGK.ico\"},\"uri\
user_pref("extensions.ntk.blacklist", "http://gmail.com;http://www.mysweetmelons.com/;https://support.mozilla.org/en-US/kb/how-do-i-manage-my-firefox-sync-account?redirectloca
Emptied folder: C:\Users\Dre Beltrami\AppData\Roaming\mozilla\firefox\profiles\vwbesadh.default\minidumps [20 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/14/2013 at 17:53:52.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
Here is the log...
-
Btw, the couponcompanion is still shoving ads all over my Facebook and other social media, even after a Firefox update, cleared the cache and another restart...
-
Here is the contents of checkup.txt
Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
JavaFX 2.1.1
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 11.5.502.146
Mozilla Firefox 16.0.2 Firefox out of Date!
Google Chrome 22.0.1229.95
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
And I've attached the logs as well.
What is your advice on better security...clearly the free AVG antivirus isn't hefty enough. I download a lot of things so I need something more secure, any suggestions are much appreciated!
Thanks again for all the help on this!
-Dre
-
Here's the Adwcleaner log...
-
Here's my ADWCleaner log...
-
Here's my Rogue Killer log...
-
Nevermind, I just saw I missed a step on the original post - I will do that right now...
-
Sorry, but you lost me a bit. What is RogueKiller and where was I suppose to find and run that to get you a log?
-
-
Hi There,
I recently uploaded Snagit from Cnet and they gave me another gift...Coupon Companioin....urgh!
I have done a restore to two different points prior but this stupid plugin is sitll buried somewhere as I am still seeing ads all over the place. I ran the malware scan and it did find some stuff, but the ads are still there in droves.
Can someone offer some assistance on how I can irradicate this bad boy once and for all?
Thanks in advance!
-Dre
Infected by Coupon Companion....HELP?
in Resolved Malware Removal Logs
Posted
WOOHOO, looks like the ads are all gone. Thank you SOOO much for all your help walking me through all of this - you guys ROCK!
-Dre