Jump to content

Recommended Posts

I could not run the emergencykitscanner because I got an error that said it could not find a2emergencykit.exe. However I was able to run OTL.exe. I have attached the OTL.Txt and Extras.Txt files.

My browser is disabling my browser window and displaying phishing popups asking for my credit card numbers, pins and other personal info when I log into any of my credit card sites in Firefox. I am not seeing those popups in Windows.

Link to post
Share on other sites

I have written a cleanup script for OTL (if you need to, you may download OTL from this link).

  1. Please copy the contents of the following CODE box, and in OTL under the Custom Scans/Fixes box at the bottom, paste in what you just copied from the following CODE box:
    :OTL
    SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
    SRV - (PermissionResearch) -- C:\Program Files\PermissionResearch\prservice.exe (TMRG,  Inc.)
    SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2260173
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.link180.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 1A 52 E4 CA 1E CC 01  [binary data]
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2260173
    FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "Swag Bucks Customized Web Search"
    FF - prefs.js..extensions.enabledItems: [email protected]:1.2
    FF - prefs.js..extensions.enabledItems: [email protected]:5.2.0.0
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
    FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.8.1.0
    FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.3
    FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.10.0.25: C:\Program Files\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files\PermissionResearch [2012/04/04 21:49:28 | 000,000,000 | ---D | M]
    [2012/03/09 20:30:48 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\BPV\AppData\Roaming\Mozilla\Firefox\Profiles\0jwp8ts7.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
    [2012/03/07 16:32:11 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Users\BPV\AppData\Roaming\Mozilla\Firefox\Profiles\0jwp8ts7.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
    [2011/02/15 05:34:11 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Users\BPV\AppData\Roaming\Mozilla\Firefox\Profiles\0jwp8ts7.default\extensions\[email protected]
    [2011/10/06 01:03:52 | 000,000,923 | ---- | M] () -- C:\Users\BPV\AppData\Roaming\Mozilla\Firefox\Profiles\0jwp8ts7.default\searchplugins\conduit.xml
    [2012/04/04 23:11:01 | 000,001,540 | ---- | M] () -- C:\Users\BPV\AppData\Roaming\Mozilla\Firefox\Profiles\0jwp8ts7.default\searchplugins\swagbuckscom.xml
    [2012/04/04 21:49:28 | 000,000,000 | ---D | M] (PermissionResearch) -- C:\PROGRAM FILES\PERMISSIONRESEARCH
    [2011/06/04 21:09:19 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
    [2011/06/04 21:09:19 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
    [2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
    CHR - default_search_provider: search_url = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2260173
    CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
    CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    CHR - Extension: Entanglement = C:\Users\BPV\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
    CHR - Extension: Poppit = C:\Users\BPV\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
    CHR - Extension: PermissionResearch = C:\Users\BPV\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.331.4_0\
    O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
    O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O2 - BHO: (AddThis Toolbar BHO) - {9EBF8AAF-0A31-4786-909A-97A0EF101743} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
    O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar1.dll (ShopAtHome.com)
    O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar1.dll (ShopAtHome.com)
    O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (AddThis Toolbar) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar1.dll (ShopAtHome.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (AddThis Toolbar) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
    O4 - HKLM..\Run: [selectRebates] C:\Program Files\SelectRebates\SelectRebates.exe ()
    O4 - HKCU..\Run: [{4669E75E-65D5-159C-A4BC-C1109D1D8AD6}] C:\Users\BPV\AppData\Roaming\Tiloap\firisi.exe (TLN Team)
    O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    [2012/03/25 12:18:59 | 000,000,000 | ---D | C] -- C:\Users\BPV\AppData\Roaming\Ygvum
    [2012/03/25 12:18:59 | 000,000,000 | ---D | C] -- C:\Users\BPV\AppData\Roaming\Qyux
    [2012/03/25 12:18:59 | 000,000,000 | ---D | C] -- C:\Users\BPV\AppData\Roaming\Budilu
    @Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:07C99568
    @Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:260575F1
    @Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:63CD0333
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2C678471
    
    :Commands
    [EMPTYTEMP]
    [RESETHOSTS]


  2. Then click the Run Fix button at the top.
  3. Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own).
  4. After your computer has restarted, please open OTL again and click the Quick Scan button. Attach the log it produces in your next reply (just the OTL log, as I don't need to see the Extras log again). You will need to click the button that says More Reply Options to the lower-right of where you type your reply to be presented with the attachment controls.

Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude, or GT500 to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...