Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Safesaver, Rightcoupon ads, hyperlinks & Google Chrome extension Netoo Cooupuoni


  • This topic is locked This topic is locked
2 replies to this topic

#1 penguinlady88

penguinlady88

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 05 January 2014 - 11:19 AM

Hi there,

 

I am at my wits end with this malware that has infected my Acer notebook. Please can you help me? The problem is getting worse by the hour... I have followed advice from various sites all to no avail - I keep getting the Safesaver ads on Google, RightCoupon popups, hyperlinks on certain words with green triangle in top right corner, random page hijacking (becoming more and more frequent) and every time I delete the extension "Netoo Cooupuoni 6.1" in Google Chrome, it reappears when I open the browser again - it does not show up in the list of active extensions anywhere but in TOOLS:

 

So far, I have tried:

ADW Cleaner

Junkware Removal Tool

Malwarebytes' Anti Malware

 

Then I bought and set up Kaspersky Internet Security 14.0.0.4651, but all the problems still came back after that too, so I went through the processes and manually deleted or disabled unnecessary ones and then tried RogueKiller and then Hitman Pro!!!

 

Each programme identified cookies and malware and quarantined and/or deleted it, but it's STILL happening!!!

I will paste the reports for the scans, etc. conducted so far below. I can't figure out how to copy and paste the log for Kaspersky at the moment. I can only seem to see it in the dialogue box and don't know how to get a txt. version.

 

Thank you in advance for your help.

PL

 

 

 

# AdwCleaner v3.016 - Report created 04/01/2014 at 00:34:19
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Elizabeth Penny - ELIZABETHPEN-PC
# Running from : C:\Users\Elizabeth Penny\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\YoutubeAdblocker
Folder Deleted : C:\ProgramData\50CoouuPons
Folder Deleted : C:\ProgramData\NetooCooupuoni
Folder Deleted : C:\ProgramData\SearchNewTab
Folder Deleted : C:\ProgramData\suorff and okeep
Folder Deleted : C:\Program Files\BetterSurf
Folder Deleted : C:\Program Files\GreenTree Applications
Folder Deleted : C:\Program Files\Sk-Enhancer
Folder Deleted : C:\Program Files\WebSearch
Folder Deleted : C:\Program Files\YoutubeAdblocker
Folder Deleted : C:\Program Files\50CoouuPons
Folder Deleted : C:\Program Files\NetooCooupuoni
Folder Deleted : C:\Program Files\SearchNewTab
Folder Deleted : C:\Program Files\suorff and okeep
Folder Deleted : C:\Users\Elizabeth Penny\AppData\Local\SwvUpdater
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16526
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Users\Elizabeth Penny\AppData\Roaming\Mozilla\Firefox\Profiles\1ytdc0ct.default-1388794523538\prefs.js ]
 
 
[ File : C:\Users\Elizabeth Penny\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [8964 octets] - [02/11/2013 22:20:12]
AdwCleaner[R1].txt - [4221 octets] - [04/01/2014 00:32:11]
AdwCleaner[S0].txt - [9199 octets] - [02/11/2013 22:21:40]
AdwCleaner[S1].txt - [4152 octets] - [04/01/2014 00:34:19]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4212 octets] ##########
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Elizabeth Penny on 04/01/2014 at  0:46:42.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-225758675-3065701121-3459489557-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/01/2014 at  0:50:14.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.03.07
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Elizabeth Penny :: ELIZABETHPEN-PC [administrator]
 
04/01/2014 00:57:33
mbam-log-2014-01-04 (00-57-33).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 286621
Time elapsed: 18 minute(s), 54 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 2
HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} (PUP.Optional.GreatSaver.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\BROWSERSAFEGUARD (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 1
HKLM\SOFTWARE\Browsersafeguard|sourceid (PUP.Optional.BrowserSafeGuard.A) -> Data: google_zoomdownloader-display-GB-336x280-26130579282 -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 1
C:\Program Files\WEBEXPENHANCEDV1 (PUP.Optional.Webexp) -> Quarantined and deleted successfully.
 
Files Detected: 2
C:\ProgramData\YTD YouTube Downloader & Converter\ytd_installer.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\Elizabeth Penny\Downloads\SoftonicDownloader_for_subtitle-workshop.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
 
(end)
 
 
 
RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Elizabeth Penny [Admin rights]
Mode : Scan -- Date : 01/05/2014 11:48:59
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 7 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:49168;hxxps=127.0.0.1:49168 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
::1             localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9120822AS ATA Device +++++
--- User ---
[MBR] 0fa0582f56f4b4e3dc92dd306f2ca6cb
[BSP] e50e0d45a6f6b1f8c232ff274027061a : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo
1 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 20466810 | Size: 52375 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 127732815 | Size: 52101 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Packard Bell Go USB Device +++++
--- User ---
[MBR] 9d18bcc962249fccdd604331e617c61f
[BSP] 7851ac411d2da0e5607e306ca24c49b5 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) TDK LoR TF10 USB Device +++++
--- User ---
[MBR] 61b7fb21e7a9e6d39963ac632b3b0bdd
[BSP] d6cc968c5dde248310026f4e4c368996 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 7448 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
Finished : << RKreport[0]_S_01052014_114859.txt >>
 
 
 
RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Elizabeth Penny [Admin rights]
Mode : Remove -- Date : 01/05/2014 12:10:06
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
::1             localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9120822AS ATA Device +++++
--- User ---
[MBR] 0fa0582f56f4b4e3dc92dd306f2ca6cb
[BSP] e50e0d45a6f6b1f8c232ff274027061a : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo
1 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 20466810 | Size: 52375 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 127732815 | Size: 52101 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Packard Bell Go USB Device +++++
--- User ---
[MBR] 9d18bcc962249fccdd604331e617c61f
[BSP] 7851ac411d2da0e5607e306ca24c49b5 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) TDK LoR TF10 USB Device +++++
--- User ---
[MBR] 61b7fb21e7a9e6d39963ac632b3b0bdd
[BSP] d6cc968c5dde248310026f4e4c368996 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 7448 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
Finished : << RKreport[0]_D_01052014_121006.txt >>
RKreport[0]_S_01052014_114859.txt
 
 
 
HitmanPro 3.7.8.208
www.hitmanpro.com
 
   Computer name . . . . : ELIZABETHPEN-PC
   Windows . . . . . . . : 6.0.2.6002.X86/2
   User name . . . . . . : ElizabethPen-PC\Elizabeth Penny
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)
 
   Scan date . . . . . . : 2014-01-05 14:41:04
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 9m 37s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 51
 
   Objects scanned . . . : 2,215,171
   Files scanned . . . . : 28,383
   Remnants scanned  . . : 412,960 files / 1,773,828 keys
 
Potential Unwanted Programs _________________________________________________
 
   HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964\ (FLV Player) -> Deleted
 
Repairs _____________________________________________________________________
 
   Proxy server on this computer (User)
   127.0.0.1:49168
 
 
Cookies _____________________________________________________________________
 
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adtechus.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ehg-twi.hitbox.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:hitbox.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:internity.solution.weborama.fr
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:premiumtv.122.2o7.net
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.effiliation.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.sitestat.com
   C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\opfvx3fk.default\cookies.sqlite:ad.yieldmanager.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\opfvx3fk.default\cookies.sqlite:advertising.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\opfvx3fk.default\cookies.sqlite:bs.serving-sys.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\opfvx3fk.default\cookies.sqlite:content.yieldmanager.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\opfvx3fk.default\cookies.sqlite:doubleclick.net
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\opfvx3fk.default\cookies.sqlite:serving-sys.com
   C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\opfvx3fk.default\cookies.sqlite:statse.webtrendslive.com
 
 
 
 
 
HitmanPro 3.7.8.208
www.hitmanpro.com
 
   Computer name . . . . : ELIZABETHPEN-PC
   Windows . . . . . . . : 6.0.2.6002.X86/2
   User name . . . . . . : ElizabethPen-PC\Elizabeth Penny
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)
 
   Scan date . . . . . . : 2014-01-05 15:03:14
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 47s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 7
   Traces  . . . . . . . : 42
 
   Objects scanned . . . : 2,215,659
   Files scanned . . . . : 28,489
   Remnants scanned  . . : 413,281 files / 1,773,889 keys
 
Malware remnants ____________________________________________________________
 
   HKU\S-1-5-21-225758675-3065701121-3459489557-501\Software\FunWebProducts\ (Adware.MyWebSearch) -> Deleted
   HKU\S-1-5-21-225758675-3065701121-3459489557-501\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ (Adware.MyWebSearch) -> Deleted
   HKU\S-1-5-21-225758675-3065701121-3459489557-501\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Deleted
   HKU\S-1-5-21-225758675-3065701121-3459489557-501\Software\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Deleted
   HKU\S-1-5-21-225758675-3065701121-3459489557-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
   HKU\S-1-5-21-225758675-3065701121-3459489557-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754}\ (Adware.Hotbar) -> Deleted
   HKU\S-1-5-21-225758675-3065701121-3459489557-501\Software\MyWebSearch\ (Adware.MyWebSearch) -> Deleted
 
Potential Unwanted Programs _________________________________________________
 
   HKU\S-1-5-21-225758675-3065701121-3459489557-501\Software\Conduit\ (Conduit)
   HKU\S-1-5-21-225758675-3065701121-3459489557-501\Software\Microsoft\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4\ (FLV Player)
   HKU\S-1-5-21-225758675-3065701121-3459489557-501\Software\Microsoft\Internet Explorer\Approved Extensions\{2EECD738-5844-4A99-B4B6-146BF802613B} (Claro)
   HKU\S-1-5-21-225758675-3065701121-3459489557-501\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)
   HKU\S-1-5-21-225758675-3065701121-3459489557-501\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{AE07101B-46D4-4A98-AF68-0333EA26E113} (FLV Player)
   HKU\S-1-5-21-225758675-3065701121-3459489557-501\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
   HKU\S-1-5-21-225758675-3065701121-3459489557-501\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)
   HKU\S-1-5-21-225758675-3065701121-3459489557-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}\ (Babylon)
   HKU\S-1-5-21-225758675-3065701121-3459489557-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}\ (FLV Player)
   HKU\S-1-5-21-225758675-3065701121-3459489557-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}\ (Babylon)
   HKU\S-1-5-21-225758675-3065701121-3459489557-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}\ (Claro)
   HKU\S-1-5-21-225758675-3065701121-3459489557-501\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}\ (FLV Player)
   HKU\S-1-5-21-225758675-3065701121-3459489557-501\Software\Microsoft\Windows\CurrentVersion\Run\Browser Infrastructure Helper (FLV Player)
 
Cookies _____________________________________________________________________
 
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.directrev.com
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Elizabeth Penny\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
 
 
 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 penguinlady88

penguinlady88
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 05 January 2014 - 11:28 AM

I'm so sorry, I have just realised I have posted this problem to the wrong forum. I'll copy and paste it into the virus, trojan, malware forum instead.

 

Thank you.



#3 hamluis

hamluis

    Moderator


  • Moderator
  • 55,748 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:10 AM

Posted 05 January 2014 - 12:09 PM

This topic is closed to avoid confusion.

 

Multiple dupes posted in varying forums.

 

All other duplicates now deleted and one topic in MRL currently being worked by MRT.

 

Louis


Edited by hamluis, 05 January 2014 - 12:29 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users