Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG Search has taken over my internet browsers (Firefox, IE and Chrome)


  • Please log in to reply
10 replies to this topic

#1 cavaco

cavaco

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 01 March 2014 - 07:17 PM

 
I'm getting an AVG search site that has taken over my internet browsers.
It started out in Firefox. I stopped using it and it showed up in the other browsers after a while.
 
 
 
All 3 different browsers (Firefox, IE and Chrome) show diffent variations of the behavior but the overall result is the same. Bunch of pop ups, ads showing embedded on pages, search results get redirected.
 
 
These are some of the symptoms I grabbed from Chrome (my favorite browser)
 
-Random tabs open by themselves as well as random files that get downloaded:
 
 
-If I do a search at the Chrome search bar, I get a AVG search results instead of google
 
 
 
When I open Firefox I get the AVG Search bar.
If I change the home page back to google.com, AVG comes back after a while
 
 
Internet Explorer shows random ads on pages
 
 
On top of everything, there are pop ups showing on all browsers. The pop ups always show different Ads so it is very hard to identify a name for this whole thing. The AVG Search is the only common factor I can tell
 
I downloaded and ran the AVG removal tool here from bleepingcomputer but it didn't show any result
 
 
I would appreciate any help in resolving this.

Edited by cavaco, 01 March 2014 - 07:25 PM.


BC AdBot (Login to Remove)

 


m

#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:28 PM

Posted 02 March 2014 - 02:15 AM

Hello cavaco -

These seem like advertising add-ons that have been downloaded from some site, and not related to AVG Antivirus.

Download all programs to Desktop, and please Copy and Paste all program logs.

 

Check all your browser add-ons and Programs and Features

If the program is not listed in Add/Remove or Programs and Features, and there is no uninstaller in the program's folder, the next place to check is your browser extensions and add-ons/plug-ins.

 

 

First -

Please help by running these few programs and

Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so.

 

Next -

Please download and run RKill by Grinler.

A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.

At most the tool will run for about 2 minutes

 

 

Next -

* Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Click on the Clean button (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

Next -

Download Malwarebytes' Anti-Malware Free (aka MBAM): to your desktop.
- Do not accept the Free Trial Version at this time -
* Double-click mbam-setup.exe and follow the prompts to install the program.
* NOTE 1 : At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* NOTE 2 : Be sure that anything found is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
Copy and Paste the log back here.

Be sure to restart the computer if requested.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


Edited by noknojon, 02 March 2014 - 02:21 AM.


#3 cavaco

cavaco
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 06 March 2014 - 12:12 AM

Checkup.txt

 

 Results of screen317's Security Check version 0.99.80  

 Windows Vista Service Pack 2 x86 (UAC is disabled!)  

 Internet Explorer 9  

 Internet Explorer 8  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

 Windows Firewall Disabled!  

Microsoft Security Essentials   

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:````````` 

 SpywareGuard v2.2    

 CCleaner     

 JavaFX 2.1.1    

 Java™ 6 Update 29  

 Java 7 Update 45  

 Java version out of Date! 

 Adobe Flash Player 10 Flash Player out of Date! 

  Adobe Flash Player  11.7.700.169 Flash Player out of Date!  

 Adobe Reader 10.1.8 Adobe Reader out of Date!  

 Mozilla Firefox 25.0.1 Firefox out of Date!  

 Google Chrome 33.0.1750.117  

 Google Chrome 33.0.1750.146  

 Google Chrome Extensions...  

 Google Chrome plugins...  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 0 % 

````````````````````End of Log`````````````````````` 



#4 cavaco

cavaco
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 06 March 2014 - 12:13 AM

AdwCleaner – Post Reboot

 

# AdwCleaner v3.020 - Report created 05/03/2014 at 22:52:01

# Updated 27/02/2014 by Xplode

# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)

# Username : Caue - CAUE-PC

# Running from : C:\Users\Caue\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

Service Deleted : vToolbarUpdater17.1.2

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar

Folder Deleted : C:\ProgramData\BetterSoft

Folder Deleted : C:\ProgramData\continuetosave

Folder Deleted : C:\ProgramData\Premium

Folder Deleted : C:\ProgramData\RightClick

Folder Deleted : C:\ProgramData\Codec-V

[/!\] Not Deleted ( Junction ) : C:\ProgramData\Codec-V

[/!\] Not Deleted ( Junction ) : C:\ProgramData\continuetosave

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\continuetosave

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codec-V

Folder Deleted : C:\Program Files\AVG SafeGuard toolbar

Folder Deleted : C:\Program Files\continuetosave

Folder Deleted : C:\Program Files\DealPly

Folder Deleted : C:\Program Files\MediaPlayerV1

Folder Deleted : C:\Program Files\SimpleSpeedy

Folder Deleted : C:\Program Files\VideoPlayerV3

Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

Folder Deleted : C:\Users\Caue\AppData\Local\AVG SafeGuard toolbar

[!] Folder Deleted : C:\Users\Caue\AppData\Local\AVG Secure Search

Folder Deleted : C:\Users\Caue\AppData\Local\DownloadTerms

Folder Deleted : C:\Users\Caue\AppData\Local\Smartbar

Folder Deleted : C:\Users\Caue\AppData\Local\SwvUpdater

Folder Deleted : C:\Users\Caue\AppData\Local\Temp\Smartbar

Folder Deleted : C:\Users\Caue\AppData\LocalLow\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Caue\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Caue\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Caue\AppData\LocalLow\Smartbar

Folder Deleted : C:\Users\Caue\AppData\LocalLow\Toolbar4

Folder Deleted : C:\Users\Caue\AppData\Roaming\DealPly

Folder Deleted : C:\Users\Caue\AppData\Roaming\software4u

Folder Deleted : C:\Users\Caue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly

Folder Deleted : C:\Users\Caue\AppData\Roaming\Mozilla\Firefox\Profiles\q86mcfsy.default\Conduit

Folder Deleted : C:\Users\Caue\AppData\Roaming\Mozilla\Firefox\Profiles\q86mcfsy.default\ConduitEngine

Folder Deleted : C:\Users\Caue\AppData\Roaming\Mozilla\Firefox\Profiles\q86mcfsy.default\Extensions\{42e0ced7-806f-4983-af54-92bdeefee519}

Folder Deleted : C:\Users\Caue\AppData\Roaming\Mozilla\Firefox\Profiles\q86mcfsy.default\Extensions\helperbar@helperbar.com

Folder Deleted : C:\Users\Caue\AppData\Roaming\Mozilla\Firefox\Profiles\q86mcfsy.default\Extensions\pt-BR@dictionaries.addons.mozilla.org

Folder Deleted : C:\Users\Caue\AppData\Roaming\Mozilla\Firefox\Profiles\q86mcfsy.default\Extensions\staged

Folder Deleted : C:\Users\Caue\AppData\Roaming\Mozilla\Firefox\Profiles\q86mcfsy.default\Extensions\support@lastpass.com

Folder Deleted : C:\Users\Caue\AppData\Roaming\Mozilla\Firefox\Profiles\q86mcfsy.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}

File Deleted : C:\END

File Deleted : C:\Users\Caue\AppData\Roaming\Mozilla\Firefox\Profiles\q86mcfsy.default\searchplugins\my-web-search.xml

File Deleted : C:\Users\Caue\AppData\Roaming\Mozilla\Firefox\Profiles\q86mcfsy.default\searchplugins\safeguard-secure-search.xml

File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml

File Deleted : C:\Users\Caue\AppData\Roaming\Mozilla\Firefox\Profiles\q86mcfsy.default\searchplugins\WebSearch.xml

File Deleted : C:\Users\Caue\AppData\Roaming\Mozilla\Firefox\Profiles\q86mcfsy.default\user.js

File Deleted : C:\Windows\Tasks\AmiUpdXp.job

File Deleted : C:\Windows\System32\Tasks\AmiUpdXp

File Deleted : C:\Windows\Tasks\Dealply.job

File Deleted : C:\Windows\System32\Tasks\Dealply

File Deleted : C:\Windows\System32\Tasks\DealPlyUpdate

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [12x3q@3244516.com]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ext@bettersurfplus.com]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [xz123@ya456.com]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{20a82645-c095-46ed-80e3-08825760534b}]

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4A87D99A-616D-4691-9D32-B83E6B13A54C}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A87D99A-616D-4691-9D32-B83E6B13A54C}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73F5ED59-3458-4306-B790-63401186D3A3}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73F5ED59-3458-4306-B790-63401186D3A3}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC02407B-CFD1-4D43-A320-3CF8EC576F1E}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC02407B-CFD1-4D43-A320-3CF8EC576F1E}

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler

Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bho

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform

Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils

Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1

Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd

Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1

Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook

Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar

Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1

Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898

Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6C63B7F-2171-47FA-AB34-E64C4737169D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6C63B7F-2171-47FA-AB34-E64C4737169D}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6C63B7F-2171-47FA-AB34-E64C4737169D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6C63B7F-2171-47FA-AB34-E64C4737169D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]

Key Deleted : HKCU\Software\AVG SafeGuard toolbar

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\DealPly

Key Deleted : HKCU\Software\SmartBar

Key Deleted : HKCU\Software\smartbarbackup

Key Deleted : HKCU\Software\smartbarlog

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\StartSearch

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKCU\Software\AppDataLow\SProtector

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\Software\AVG SafeGuard toolbar

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\BetterSurf

Key Deleted : HKLM\Software\caphyon

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DealPly

Key Deleted : HKLM\Software\SP Global

Key Deleted : HKLM\Software\SProtector

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2EF17083-57D4-4D64-AE4F-55F32A2C4571}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2EF17083-57D4-4D64-AE4F-55F32A2C4571}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16533

 

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

 

-\\ Mozilla Firefox v25.0.1 (en-US)

 

[ File : C:\Users\Caue\AppData\Roaming\Mozilla\Firefox\Profiles\q86mcfsy.default\prefs.js ]

 

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);

Line Deleted : user_pref("aol_toolbar.default.search.check", false);

Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

Line Deleted : user_pref("extensions.50556263375ac.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf[...]

Line Deleted : user_pref("extensions.5118ff1ac313c.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf[...]

Line Deleted : user_pref("extensions.5118fff9d4812.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf[...]

Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);

Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);

Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);

Line Deleted : user_pref("extensions.helperbar.Visibility", false);

Line Deleted : user_pref("extensions.helperbar.countryiso", "us");

Line Deleted : user_pref("extensions.helperbar.downloadprovider", "quickamonetize");

Line Deleted : user_pref("extensions.helperbar.installationid", "5c79920e-9223-4084-89e8-661a0dbd2a33");

Line Deleted : user_pref("extensions.helperbar.installdate", "17/05/2013");

Line Deleted : user_pref("extensions.helperbar.publisher", "quickamonetize");

Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

 

[ File : C:\Users\Jehnny\AppData\Roaming\Mozilla\Firefox\Profiles\7a08utza.default\prefs.js ]

 

 

*************************

 

AdwCleaner[R0].txt - [25047 octets] - [05/03/2014 22:49:02]

AdwCleaner[S0].txt - [23166 octets] - [05/03/2014 22:52:01]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23227 octets] ##########



#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:28 PM

Posted 06 March 2014 - 02:26 AM

That has got quite a bit so far -

 

Malwarebytes' Anti-Malware Full Scan Log please -



#6 cavaco

cavaco
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 06 March 2014 - 10:05 PM

Got delayed because it had to run overnight....Here it goes

 

 

MBAM

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.06.02
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Caue :: CAUE-PC [administrator]
 
3/5/2014 11:16:26 PM
mbam-log-2014-03-05 (23-16-26).txt
 
Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 543840
Time elapsed: 4 hour(s), 58 minute(s), 41 second(s)
 
Memory Processes Detected: 1
C:\ProgramData\Codec\Codec1.exe (Trojan.Dropper) -> 3624 -> Delete on reboot.
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 21
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Codec (Trojan.Dropper) -> Quarantined and deleted successfully.
HKCR\CLSID\{bf803e5d-ec85-4575-a08e-19b047ae7bfa} (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{3bb4c4eb-321b-47ff-80d8-82ac3192e58d} (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
HKCR\Interface\{353A94BC-9346-4B70-AE4D-F7C275551F1A} (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF803E5D-EC85-4575-A08E-19B047AE7BFA} (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF803E5D-EC85-4575-A08E-19B047AE7BFA} (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF803E5D-EC85-4575-A08E-19B047AE7BFA} (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} (PUP.Optional.GreatSaver.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaViewV1alpha123 (PUP.Optional.Amonetize) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MediaPlayerV1alpha71 (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MediaViewV1alpha123 (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87DC4208-BED4-233C-106E-CBC0A13A91C4} (PUP.CodecV) -> Quarantined and deleted successfully.
HKCR\CLSID\{87DC4208-BED4-233C-106E-CBC0A13A91C4} (PUP.CodecV) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{87DC4208-BED4-233C-106E-CBC0A13A91C4} (PUP.CodecV) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{87DC4208-BED4-233C-106E-CBC0A13A91C4} (PUP.CodecV) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b1978133-bd41-435d-99b1-41d9f0e92100} (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{b1978133-bd41-435d-99b1-41d9f0e92100} (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{10844fd9-d554-48eb-adfc-ff1c1f4423e5} (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
HKCR\Interface\{870CCBEB-4CA6-4327-AB74-15D26B1E9EF4} (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B1978133-BD41-435D-99B1-41D9F0E92100} (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B1978133-BD41-435D-99B1-41D9F0E92100} (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 2
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|ext@MediaPlayerV1alpha71.net (PUP.Optional.MediaPlayerAlpha.A) -> Data: C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha71\ff -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|ext@MediaViewV1alpha123.net (PUP.Optional.MediaView.A) -> Data: C:\Program Files\MediaViewV1\MediaViewV1alpha123\ff -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (Trojan.SProtector) -> Bad: (c:\progra~2\webtect\webtect.dll) Good: () -> Quarantined and repaired successfully.
 
Folders Detected: 8
C:\Program Files\MediaViewV1\MediaViewV1alpha123 (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files\MediaViewV1\MediaViewV1alpha123\ch (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files\MediaViewV1\MediaViewV1alpha123\ff (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files\MediaViewV1\MediaViewV1alpha123\ff\chrome (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files\MediaViewV1\MediaViewV1alpha123\ff\chrome\content (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files\MediaViewV1\MediaViewV1alpha123\ff\chrome\content\icons (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files\MediaViewV1\MediaViewV1alpha123\ff\chrome\content\icons\default (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files\MediaViewV1\MediaViewV1alpha123\ie (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
 
Files Detected: 39
C:\ProgramData\Codec\Codec1.exe (Trojan.Dropper) -> Delete on reboot.
C:\ProgramData\WebTect\WebTect.dll (Trojan.SProtector) -> Delete on reboot.
C:\Program Files\MediaViewV1\MediaViewV1alpha123\ie\MediaViewV1alpha123.dll (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\DealPly\DealPlyIE.dll.vir (PUP.DealPly) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\DealPly\DealPlyUpdate.exe.vir (PUP.Optional.Dealply) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\DealPly\DealPlyUpdateRun.exe.vir (PUP.Optional.Dealply) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\DealPly\DealPlyUpdateVer.exe.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\MediaPlayerV1\MediaPlayerV1alpha71\uninstall.exe.vir (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\VideoPlayerV3\VideoPlayerV3beta5528\uninstall.exe.vir (PUP.Optional.Amonetize) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\ProgramData\Codec-V\5055626337691.dll.vir (PUP.DownloadnSave) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\ProgramData\continuetosave\uninstall.exe.vir (PUP.Optional.SilentInstall.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Caue\AppData\Local\Smartbar\Application\SmartbarVersionsHelper.exe.vir (PUP.Optional.SmartBar.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Caue\AppData\Local\SwvUpdater\Updater.exe.vir (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Caue\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Program Files\MediaViewV1\MediaViewV1alpha123\uninstall.exe (PUP.Optional.Amonetize) -> Quarantined and deleted successfully.
C:\ProgramData\WebTect\WebTectSvc.dll (Trojan.SProtector) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\temp\FlashPlayer__2114_i18387394_il42840.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\temp\FreemakeVideoConverter_4.0.1.4.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\temp\IQ9Mi60h.exe.part (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\temp\esNajLMy.exe.part (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\temp\setapp.exe (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\temp\Setup1.exe (Adware.BetterSurf) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\temp\Setup2.exe (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\temp\bcKt9DBp.exe.part (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\temp\BetterSurfPlusInstaller.exe (Adware.BetterSurf) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\temp\TREVGPqN.exe.part (PUP.Adware.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\temp\Updater.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\temp\K4w3mln9.exe.part (PUP.Optional.Topmedia) -> Quarantined and deleted successfully.
C:\Users\Caue\Downloads\Player-Chrome.exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.
C:\Windows\Installer\4c1eac.msi (PUP.Optional.SmartBar) -> Quarantined and deleted successfully.
C:\Windows\Tasks\schedule!1143840799.job (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\MediaViewV1\MediaViewV1alpha123\ch\MediaViewV1alpha123.crx (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files\MediaViewV1\MediaViewV1alpha123\ff\chrome.manifest (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files\MediaViewV1\MediaViewV1alpha123\ff\install.rdf (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files\MediaViewV1\MediaViewV1alpha123\ff\chrome\content\ffMediaViewV1alpha123.js (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files\MediaViewV1\MediaViewV1alpha123\ff\chrome\content\ffMediaViewV1alpha123ffaction.js (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files\MediaViewV1\MediaViewV1alpha123\ff\chrome\content\overlay.xul (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files\MediaViewV1\MediaViewV1alpha123\ff\chrome\content\icons\Thumbs.db (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files\MediaViewV1\MediaViewV1alpha123\ff\chrome\content\icons\default\MediaViewV1alpha123_32.png (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
 
(end)

 



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:28 PM

Posted 07 March 2014 - 01:19 AM

Time elapsed: 4 hour(s), 58 minute(s), 41 second(s)

That is a very long scan time, but was due to the fact that you had some severe infections.

 

Note :C:\ProgramData\Codec\Codec1.exe (Trojan.Dropper) -> 3624 -> Delete on reboot.
I hope that you have rebooted the computer since you did this scan.

 

Sorry to ask you, but would you please re run a Full Scan, and I hope it takes no more than about 1.5 hours.

I normally start my scans and then I will do a bit of work here or play a few games.

 

Between Registry Keys Detected: 21 and Files Detected: 39, you have managed to grab 60 of the most common infections we get here every day, and a few extras.

 

Be very careful while you are on the Internet, as somebody is a bit "click happy" and not taking enough care -



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:28 AM

Posted 07 March 2014 - 08:37 AM

FYI cavaco:

AVG Security Toolbar and AVG Secure Search (created by the makers of AVG Anti-virus) are optional add-ons when installing their anti-virus product if you choose "Customized" install instead of "Express". Since most folks choose an Express install they usually are not aware these options are also being installed as they are pre-checked by default during installation. Some users have also reported that after AVG auto-updates, it will install the toolbar as a browser add-on without input from the user.

AVG Security Toolbar and AVG Secure Search are also commonly bundled as an option with other free software users may download and install. Many folks overlook that option since it is pre-checked by default and they unknowingly install it. For example, the toolbar is bundled with PDFCreator.

So even if you decline the option to use these add-ons when installing AVG anti-virus, you may still end up finding them on your system some point after an AVG update or by unknowingly downloading and installing another program where they have been bundled. This also explains how those who never used AVG anti-virus also sometimes find AVG Secure Search and the Security Toolbar installed. Be careful what you download and read everything during the installation.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 cavaco

cavaco
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 08 March 2014 - 11:53 AM

noknojon you are right, it was a looong scan.

I did reboot the computer after it was over.

 

My second scan ran for about just as much time, It found and removed more stuff.  I also rebooted after that one.

 

 

 

Here are the logs:

 

 

 Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.06.02
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Caue :: CAUE-PC [administrator]
 
3/7/2014 8:59:19 PM
mbam-log-2014-03-07 (20-59-19).txt
 
Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 543608
Time elapsed: 4 hour(s), 27 minute(s), 5 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 13
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0 (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\css (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\css\images (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\css\smoothness (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\css\smoothness\images (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\js (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0 (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\css (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\css\images (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\css\smoothness (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\css\smoothness\images (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\js (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
 
Files Detected: 86
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\background.html (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\basis.xml (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\bottom.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\favicon.ico (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\icon-128.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\icon-19-off.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\icon-19.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\icon-48.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\manifest.json (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\merchantProcessor.js (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\css\combobox.css (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\css\style.css (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\css\images\1.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\css\images\10.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\css\images\11.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\css\images\12.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\css\images\13.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\css\images\14.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\css\images\15.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\css\images\16.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\css\images\17.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\css\images\18.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\css\images\2.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\css\images\3.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\css\images\4.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\css\images\5.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\css\images\6.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\css\images\7.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\css\images\8.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\css\images\9.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\css\smoothness\jquery-ui-1.8.6.custom.css (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\js\commandHandler.js (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\js\commands.js (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\js\content.js (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\js\jquery-1.5.1.min.js (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\js\jquery-ui-1.8.6.custom.min.js (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\js\jquery.combobox.js (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\js\jquery.form.js (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\js\jquery.popupMenu.js (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\js\jquery.popupSubMenu.js (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\js\jquery.searchbox.js (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\js\jquery.toolbar.js (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.11_0\js\jquery.uuid.js (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\background.html (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\basis.xml (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\bottom.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\favicon.ico (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\icon-128.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\icon-19-off.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\icon-19.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\icon-48.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\manifest.json (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\merchantProcessor.js (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\css\combobox.css (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\css\style.css (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\css\images\1.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\css\images\10.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\css\images\11.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\css\images\12.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\css\images\13.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\css\images\14.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\css\images\15.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\css\images\16.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\css\images\17.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\css\images\18.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\css\images\2.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\css\images\3.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\css\images\4.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\css\images\5.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\css\images\6.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\css\images\7.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\css\images\8.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\css\images\9.png (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\css\smoothness\jquery-ui-1.8.6.custom.css (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\js\commandHandler.js (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\js\commands.js (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\js\content.js (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\js\jquery-1.5.1.min.js (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\js\jquery-ui-1.8.6.custom.min.js (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\js\jquery.combobox.js (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\js\jquery.form.js (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\js\jquery.popupMenu.js (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\js\jquery.popupSubMenu.js (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\js\jquery.searchbox.js (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\js\jquery.toolbar.js (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
C:\Users\Caue\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf\5.0.0.4_0\js\jquery.uuid.js (PUP.Optional.CouponBar.A) -> Quarantined and deleted successfully.
 
(end)


#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:28 PM

Posted 08 March 2014 - 06:19 PM

Remove and Uninstall Coupons CouponBar and Coupon Printer Plugin - Only follow the Uninstall advice.

DO NOT click on any programs or other items listed on that page. You will have all of the needed tools given from this topic.

 

Next -
Please download avast! Browser Cleanup to desktop
It will leave an icon that is like a round orange with a star in the middle.
This tool serves to delete pesky and unwanted toolbars and plug-ins from your browser(s).
Simply download and run the Browser Cleanup utility once a week.
Once you run the utility, you will see a list of bad and good toolbars and plug-ins and be able to disable or to remove them.

We are looking for anything related to CouponBar or any item you do not recognise.

Ask if you are not sure -

 

More info here if you want it: http://www.avast.com/faq.php?article=AVKB115



#11 cavaco

cavaco
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 20 March 2014 - 12:17 AM

Coupon stuff removed... My wife kept installing it back, we had to have a long talk about installing stuff on the machine.

 

Thanks everyone.. Things are back to normal.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users