Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

E-mail got hacked. [Closed]


  • This topic is locked This topic is locked

#1
rose86420

rose86420

    Member

  • Member
  • PipPip
  • 48 posts
My ATT Yahoo e-mail account got hacked. I found e-mails that had been returned that I did not send. When I called ATT, they told me they shut down my account due to the number of e-mails being sent from my address. They also said that a lot of ATT Yahoo customers had gotten hacked, it wasn't just my account. I changed my password and ran Malwarebytes and Avast. Nothing showed up in Avast but in Malwarebytes 3 things showed up - the first one was RKUnhookerLE.EXE and the other two I did not write down as they were similar in name.
I removed them but over and over again they kept showing up. Then my computer stopped working properly. I could boot up but nothing was working right. I could not type anywhere, programs would not open when I clicked on them, my home pages were not right, and I couldn't download updates to different programs including Malwarebytes. Over the course of 4 days I turned the computer on and off and tried different things like system restores at different points, starting it in the safe mode which also did not work properly and so for 5 days I didn't use the computer.
I turned it on after the fifth day and everything seemed to be working perfectly fine. I updated Malwarebytes and nothing showed up. The only thing I noticed was that I had to repair my Microsoft Office Starter program through the control panel as I couldn't open Excel or Word documents that I had previously saved.
I am not sure how this could be. One day nothing worked and then everything is fine. Could someone be remotely accessing my computer, do I have a key logger program watching, do I have a virus, am I now safe? ATT told me that, other than deactivating my account they had nothing to do with the problems I am having.

Here is my OTL log

sOTL logfile created on: 3/13/2013 7:04:06 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rose\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.99% Memory free
3.93 Gb Paging File | 2.65 Gb Available in Paging File | 67.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.46 Gb Total Space | 248.08 Gb Free Space | 86.00% Space Free | Partition Type: NTFS

Computer Name: ROSE-PC | User Name: Rose | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/13 19:03:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rose\Downloads\OTL(3).exe
PRC - [2013/03/12 21:01:32 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013/03/10 18:10:56 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/02/28 04:36:01 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2013/02/28 04:36:01 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2013/02/28 04:35:59 | 000,136,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/20 12:39:42 | 000,206,336 | ---- | M] (Microsoft) -- C:\dell\DBRM\Reminder\DbrmTrayicon.exe
PRC - [2009/08/17 17:40:54 | 000,079,168 | ---- | M] (Broadcom Corp.) -- C:\Program Files\Broadcom\BPowMon\BPowMon.exe
PRC - [2009/07/13 21:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2009/03/31 18:01:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
PRC - [2009/03/30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/12 21:01:32 | 014,717,144 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013/03/10 18:10:56 | 003,069,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/02/13 20:23:30 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/09 11:47:17 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 11:46:51 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 11:46:39 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011/12/07 19:07:53 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV - [2013/03/12 21:01:33 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/10 18:10:56 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/28 04:36:01 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/02/28 04:35:59 | 000,136,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/08/14 13:49:42 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/17 17:40:54 | 000,079,168 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\Program Files\Broadcom\BPowMon\BPowMon.exe -- (BPowMon)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/31 18:01:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)


========== Driver Services (SafeList) ==========

DRV - [2013/02/28 04:36:37 | 000,765,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/02/28 04:36:37 | 000,368,248 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/02/28 04:36:37 | 000,163,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/02/28 04:36:37 | 000,062,448 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/02/28 04:36:36 | 000,199,456 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2013/02/28 04:36:36 | 000,066,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/02/28 04:36:36 | 000,060,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/02/28 04:36:36 | 000,049,320 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/02/28 04:36:35 | 000,101,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2013/02/28 04:36:35 | 000,029,880 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/02/28 04:36:35 | 000,021,640 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/02/18 04:41:03 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2012/08/09 19:55:53 | 000,228,376 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys -- (RapportCerberus_42020)
DRV - [2012/07/29 20:52:38 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2009/08/21 16:50:48 | 000,273,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{05E3E836-1655-491F-8890-ACC383998319}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2559647

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USSMB/1
IE - HKCU\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found
IE - HKCU\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {05E3E836-1655-491F-8890-ACC383998319}
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2559647
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://us.mc1848.mai...t in safe mode"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.12.2.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/03/03 22:02:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/10 18:10:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/10 18:10:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/10 18:10:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/10 18:10:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/10 18:10:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/10 18:10:52 | 000,000,000 | ---D | M]

[2010/08/12 09:30:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rose\AppData\Roaming\Mozilla\Extensions
[2012/10/24 06:39:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\sxnper0s.default\extensions
[2012/05/06 16:21:24 | 000,000,923 | ---- | M] () -- C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\sxnper0s.default\searchplugins\conduit.xml
[2013/03/10 18:10:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/10 18:10:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013/03/10 18:10:56 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/09 09:31:49 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2012/06/20 12:56:43 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/06/20 12:56:44 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2013/03/04 20:43:24 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/04 20:43:24 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: avast! WebRep = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1482_0\

O1 HOSTS File: ([2011/01/16 13:31:31 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - Startup: C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E256D6D6-3989-4D3F-8763-49835E38FA16}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/10 18:10:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/04 20:18:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/03/04 20:18:53 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\MFAData
[2013/03/04 20:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/03/04 20:18:53 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\Avg2013
[2013/03/03 22:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013/03/03 22:02:58 | 000,199,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2013/03/03 22:02:57 | 000,101,728 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2013/03/03 22:02:52 | 000,021,640 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2013/03/03 22:02:39 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2013/03/03 21:50:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013/03/03 20:50:41 | 000,000,000 | ---D | C] -- C:\Users\Rose\Desktop\mbar
[2013/03/03 14:41:43 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\ElevatedDiagnostics
[2013/02/27 08:29:19 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\Programs
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/13 19:01:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/13 18:41:33 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/13 18:37:05 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/13 18:37:05 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/13 18:29:50 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/13 18:29:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/13 18:29:34 | 1582,931,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/12 20:05:14 | 000,624,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/12 20:05:14 | 000,106,502 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/10 18:22:29 | 000,001,118 | ---- | M] () -- C:\Users\Rose\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/03/10 18:13:41 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/10 17:50:05 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/03/04 20:38:46 | 000,001,333 | ---- | M] () -- C:\Users\Rose\Desktop\avg_avct_stb_all_2013_2667_cm10.exe - Shortcut.lnk
[2013/03/04 20:26:21 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/03 23:29:39 | 000,002,231 | ---- | M] () -- C:\Users\Rose\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/03 22:17:31 | 000,001,126 | ---- | M] () -- C:\Users\Rose\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/03/03 22:17:31 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013/03/03 22:12:41 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/03/03 22:02:49 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/03/03 21:50:54 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/03/03 20:48:15 | 013,786,977 | ---- | M] () -- C:\Users\Rose\Desktop\mbar-1.01.0.1021.zip
[2013/02/28 04:36:37 | 000,765,808 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/02/28 04:36:37 | 000,368,248 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/02/28 04:36:37 | 000,163,784 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/02/28 04:36:37 | 000,062,448 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/02/28 04:36:36 | 000,199,456 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2013/02/28 04:36:36 | 000,066,408 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/02/28 04:36:36 | 000,060,728 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/02/28 04:36:36 | 000,049,320 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/02/28 04:36:35 | 000,101,728 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2013/02/28 04:36:35 | 000,029,880 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/02/28 04:36:35 | 000,021,640 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2013/02/28 04:36:07 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/02/28 04:35:59 | 000,228,600 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/02/18 04:41:03 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2013/02/13 20:21:41 | 000,294,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/04 20:38:46 | 000,001,333 | ---- | C] () -- C:\Users\Rose\Desktop\avg_avct_stb_all_2013_2667_cm10.exe - Shortcut.lnk
[2013/03/03 22:17:31 | 000,001,126 | ---- | C] () -- C:\Users\Rose\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/03/03 22:17:31 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013/03/03 22:12:41 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/03/03 22:02:52 | 000,163,784 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/03 22:02:52 | 000,049,320 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/03/03 21:50:54 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/03/03 20:47:52 | 013,786,977 | ---- | C] () -- C:\Users\Rose\Desktop\mbar-1.01.0.1021.zip
[2013/02/27 08:29:57 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/23 20:19:22 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/05/08 09:15:53 | 000,000,036 | -H-- | C] () -- C:\Windows\System32\f9t.dat

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/12/10 09:28:26 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\ActiPlayer
[2011/05/05 18:18:12 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Catalina Marketing Corp
[2010/08/14 22:42:27 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\OpenOffice.org
[2012/01/10 18:05:21 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\PC-FAX TX
[2010/08/15 12:32:13 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\ScanSoft
[2013/03/11 23:01:09 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\SoftGrid Client
[2011/05/08 09:20:48 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Stamps.com Internet Postage
[2010/08/12 09:29:22 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\TP
[2011/04/08 19:27:37 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Windows Live Writer
[2010/08/15 12:32:19 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Zeon
[2013/03/11 20:54:58 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}

========== Purity Check ==========



< End of report >

Thanks in advance for any help or advice you can give me!
Rose86420
  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,652 posts
Hi! My name is zep516 and Welcome to Geeks to Go!

I'll do the best I can to resolve your computer issue
Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue. Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)
  • 0

#3
rose86420

rose86420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Thanks for your time! I appreciate anything you can tell me about what is going on.
  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,652 posts
Hi, rose86420

Looks like a lot to do just take your time and do one thing at a time and you will be fine.

First

We would rather have OTL Running directly from the desktop, everything we do in OTL gets saved to the same location as OTL, yours is currently running from the downloads folder C:\Users\Rose\Downloads, So move OTL to the desktop please.

Do you have the Malwarebytes log? If you do I'd like you to post it for me. You can open Malwarebytes and click the Logs Tab and find the latest log report there.

This file RKUnhookerLE.EXE, is just a left over from a tool that was used at this forum before not to worry about that.

Did you install AVG? Maybe to help you or just run a scan with? If so we will need to remove that as we don't want 2 Anti Virus programs on the computer.

Next

You ran OTL Twice on the first time you ran it OTL creates 2 log reports. The one I need is called Extras .txt do you have that log? If so post it, If not I would like you to re-run OTL once more so we can re create the log, before you run the scan I need you to do this--> under the Extra Registry section please put a check mark in "All" then hit Run scan, {by doing this it will make the log we need} when OTL is done scanning 2 logs will be generated, the first log will pop up in front of you, the second log will be minimized to the task bar down by the clock area, called Extras .txt please post that log. Really don't need to post the first one as we already have that one.

Next

We need to run an OTL Fix first.

Run Posted Image again


Posted Image

:commands
[CreateRestorePoint]

:OTL
IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2559647
FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://us.mc1848.mail.yahoo.com/mc/welcome?.partner=sbc&.gx=1&.tm=1362964095&.rand=9v68dbhd3sfgh#_pg=compose&&.rand=1893591596&clean&.jsrand=6507344|http://sc-s.com/cgi-bin/redirect.ha|http://www.swagbucks.com/p/register?cmp=121&cxid=0-S8_S8&gclid=CLnRyYqxk64CFYjb4AodD0c4LA|http://www.swagbucks.com/?sfp=h&t=w&p=1&isHomeMain=true&q=how+to+start+in+safe+mode"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q="
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)

:files
ipconfig /flushdns /c

:commands
[emptytemp]

  • Under the Custom Scans/Fixes box at the bottom, paste in the text above into the code box.
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • If you lose the report, there will be a copy here
  • C:\_OTL\MovedFiles

Next

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete
Posted Image
Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please post that.


In your Next reply please post

  • The OTL Fix Log.
  • The AdwCleaner log.
  • The Extras .txt log.
  • Let me know how the computer is running now!

  • 0

#5
rose86420

rose86420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
I put OTL on desktop.

Here is my latest Malwarebytes log
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.10.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Rose :: ROSE-PC [administrator]

3/10/2013 6:17:08 PM
mbam-log-2013-03-10 (18-17-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198596
Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Here is my Extra log from OTL. I did have to rerun it.

Before I reboot this is what I have so far.
  • 0

#6
rose86420

rose86420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Sorry, here is my Extra log from OTL

OTL Extras logfile created on: 3/14/2013 10:24:54 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Rose\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.46 Gb Total Space | 247.83 Gb Free Space | 85.91% Space Free | Partition Type: NTFS

Computer Name: ROSE-PC | User Name: Rose | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216023F0}" = Java™ 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83216039FF}" = Java™ 6 Update 39
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4688EB75-28E2-4731-9BCB-55E624F7CD45}" = Dell Backup and Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5DB87A63-9420-48CC-9F9A-B8801D38D6B5}" = Broadcom Management Programs
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite MFC-255CW
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Internet Security
"CCleaner" = CCleaner
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Revo Uninstaller" = Revo Uninstaller 1.92
"Swag_Bucks Toolbar" = Swag Bucks Toolbar
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/14/2013 7:04:26 AM | Computer Name = Rose-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/03/14 07:04:26.867]: [00002124]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5

Error - 3/14/2013 7:20:09 AM | Computer Name = Rose-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/03/14 07:20:09.765]: [00002124]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5

Error - 3/14/2013 7:20:10 AM | Computer Name = Rose-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/03/14 07:20:10.779]: [00002124]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5

Error - 3/14/2013 7:20:11 AM | Computer Name = Rose-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/03/14 07:20:11.793]: [00002124]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5

Error - 3/14/2013 7:20:12 AM | Computer Name = Rose-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/03/14 07:20:12.807]: [00002124]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5

Error - 3/14/2013 7:20:13 AM | Computer Name = Rose-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/03/14 07:20:13.821]: [00002124]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5

Error - 3/14/2013 7:20:14 AM | Computer Name = Rose-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/03/14 07:20:14.835]: [00002124]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5

Error - 3/14/2013 7:20:15 AM | Computer Name = Rose-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/03/14 07:20:15.849]: [00002124]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5

Error - 3/14/2013 7:20:16 AM | Computer Name = Rose-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/03/14 07:20:16.863]: [00002124]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5

Error - 3/14/2013 10:23:59 PM | Computer Name = Rose-PC | Source = Application Hang | ID = 1002
Description = The program OTL(1).exe version 3.2.22.3 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 17d4 Start Time:
01ce2123b7ab523e Termination Time: 0 Application Path: C:\Users\Rose\Desktop\OTL(1).exe

Report
Id:

[ Media Center Events ]
Error - 9/6/2010 6:02:24 PM | Computer Name = Rose-PC | Source = MCUpdate | ID = 0
Description = 6:02:21 PM - Failed to retrieve Broadband (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 9/28/2010 6:53:47 AM | Computer Name = Rose-PC | Source = MCUpdate | ID = 0
Description = 6:53:43 AM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 10/28/2010 7:51:51 PM | Computer Name = Rose-PC | Source = MCUpdate | ID = 0
Description = 7:51:50 PM - Failed to retrieve Directory (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 10/28/2010 7:52:05 PM | Computer Name = Rose-PC | Source = MCUpdate | ID = 0
Description = 7:52:00 PM - Failed to retrieve ClientUpdate (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 10/28/2010 7:52:14 PM | Computer Name = Rose-PC | Source = MCUpdate | ID = 0
Description = 7:52:09 PM - Failed to retrieve NetTV (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 10/28/2010 7:52:24 PM | Computer Name = Rose-PC | Source = MCUpdate | ID = 0
Description = 7:52:19 PM - Failed to retrieve MCESpotlight (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 10/28/2010 7:52:51 PM | Computer Name = Rose-PC | Source = MCUpdate | ID = 0
Description = 7:52:30 PM - Failed to retrieve MCEClientUX (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 10/28/2010 7:52:53 PM | Computer Name = Rose-PC | Source = MCUpdate | ID = 0
Description = 7:52:53 PM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 10/28/2010 7:52:54 PM | Computer Name = Rose-PC | Source = MCUpdate | ID = 0
Description = 7:52:54 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 10/28/2010 7:52:56 PM | Computer Name = Rose-PC | Source = MCUpdate | ID = 0
Description = 7:52:54 PM - Failed to retrieve Broadband (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


[ System Events ]
Error - 3/10/2013 6:14:44 PM | Computer Name = Rose-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:13:44 PM on ?3/?10/?2013 was unexpected.

Error - 3/11/2013 7:14:38 PM | Computer Name = Rose-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706be: Intel Corporation - Display - Intel® G41 Express Chipset.

Error - 3/11/2013 7:14:38 PM | Computer Name = Rose-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Brother - Printers - Brother MFC-255CW Printer.

Error - 3/11/2013 7:14:38 PM | Computer Name = Rose-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Update for Windows 7 (KB2574819).

Error - 3/11/2013 7:14:38 PM | Computer Name = Rose-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Brother - Multi-Function Printer, Other hardware - Brother
MFC-255CW.

Error - 3/11/2013 7:14:56 PM | Computer Name = Rose-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Dell Inc. - Display - DELL E1910H.

Error - 3/11/2013 7:14:56 PM | Computer Name = Rose-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Update for Windows 7 (KB2592687).

Error - 3/13/2013 6:45:29 AM | Computer Name = Rose-PC | Source = Application Popup | ID = 877
Description = There was error [DATABASE OPEN FAILED] processing the driver database.

Error - 3/13/2013 11:53:45 PM | Computer Name = Rose-PC | Source = DCOM | ID = 10010
Description =

Error - 3/13/2013 11:53:45 PM | Computer Name = Rose-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.


< End of report >

Now I have a problem. I copied and pasted everything that was in the box and put in it the Custom Scan code box as you said. When I click the Run Fix button, the desk top icons disappear from the background but nothing else happens. At the top of the OTL box, it say Non Responsive and I see the circling icon, but nothing happens.
  • 0

#7
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,652 posts
Hi rose86420

Could you see if a log report was created from the fix even though it did not appear to run. Lets double check that. A copy of the log is located here C:\_OTL\MovedFiles If you find the log post it please. If you can not find the log I have prepared another fix. Lets see if this "new" fix will run for you.

Again to find the log,
A copy of an OTL fix log is saved in a text file at:
C:\OTL\MovedFiles
So to find the log follow the instructions below,

  • Click Start button
  • Click Computer
  • Double click Local Disk
  • Look for a folder that says _OTL. Double click it, then double click the Moved files folder
  • Inside that moved files folder, look for the log report dated 3/14/2013, double click it to open it, the very top of the Log will look simular to what's below in the box

All processes killed
========== OTL ==========
========== COMMANDS ==========


See if you can find the log if so, paste it into the forum. If you can not locate the log try the "New" fix below just like you did before and lets see if that works for you. Do the same thing you did before copy an paste it into the custom scans area and hit "RunFix"

:commands
[CreateRestorePoint]

:OTL
IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2559647
FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://us.mc1848.mail.yahoo.com/mc/welcome?.partner=sbc&.gx=1&.tm=1362964095&.rand=9v68dbhd3sfgh#_pg=compose&&.rand=1893591596&clean&.jsrand=6507344|http://sc-s.com/cgi-bin/redirect.ha|http://www.swagbucks.com/p/register?cmp=121&cxid=0-S8_S8&gclid=CLnRyYqxk64CFYjb4AodD0c4LA|http://www.swagbucks.com/?sfp=h&t=w&p=1&isHomeMain=true&q=how+to+start+in+safe+mode"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q="
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)

:files
ipconfig /flushdns /c

:commands
[reboot]

  • Under the Custom Scans/Fixes box at the bottom, paste in the text above into the code box.
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • If you lose the report, there will be a copy here
  • C:\_OTL\MovedFiles

In your next reply please post the:

  • "Fix Log" if you can
  • Let me know about AVG? I had previously asked about that.
  • Did you run AdwCleaner tool?

  • 0

#8
rose86420

rose86420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
I did find Moved Files but in that folder, I did not find a log.
I found 2 folders:

03142013_231354 - this had nothing in it

03412013_224801 inside this was another folder - C_Program Files

Inside that folder was another folder Swag_Bucks

Inside that was prxtbSwaO.dil - when I tried to open this it said "You are attempting to open a file of type 'Application extention' (.dil)
These files are used by the operating system and by various programs. Editing or modifying them could damage your computer. When I clicked on it it said that windows could not open this file

Not sure what you want me to do next.
  • 0

#9
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,652 posts
Hi rose, lets make a back up of the registry follow the instructions please. Sorry for a bit of delay.


  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Right-click on erunt-setup.exe and select Run as Administrator to install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe


Next

See if this will run for you, I've made an edit. Please let me know.

Run Posted Image again


Posted Image

:OTL
IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2559647
FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://us.mc1848.mail.yahoo.com/mc/welcome?.partner=sbc&.gx=1&.tm=1362964095&.rand=9v68dbhd3sfgh#_pg=compose&&.rand=1893591596&clean&.jsrand=6507344|http://sc-s.com/cgi-bin/redirect.ha|http://www.swagbucks.com/p/register?cmp=121&cxid=0-S8_S8&gclid=CLnRyYqxk64CFYjb4AodD0c4LA|http://www.swagbucks.com/?sfp=h&t=w&p=1&isHomeMain=true&q=how+to+start+in+safe+mode"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q="
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)

:files
ipconfig /flushdns /c

:commands
[reboot]

  • Under the Custom Scans/Fixes box at the bottom, paste in the text above into the code box.
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • If you lose the report, there will be a copy here
  • C:\_OTL\MovedFiles

Lets see if this works for you, and post the log.

Joe
  • 0

#10
rose86420

rose86420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hi Joe,

Is ERUNT compatible with Windows 7?

Rose
  • 0

Advertisements


#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,652 posts
Yes.
  • 0

#12
rose86420

rose86420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hey Joe,
I created the backup registry file and tried to run the Run Fix part of OTL and again the same thing happened. The program instantly became non responsive. I checked to see if a log was created in the Moved Files section of OTL as you asked me to do before. A folder was created but nothing was in it.
Thanks for time,
Rose
  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,652 posts
OK. I'll speak to my instructor for the next thing to to do. He is on a much different time zone. Were you able to run adwCleaner, if you review my posts to you you will see instructions for that.

Thanks for your Patience.

Joe
  • 0

#14
rose86420

rose86420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Thanks for your patience with me!

Not sure what I just did. I tried to download adwCleaner, but I am not sure I downloaded from the right place. When I clicked on the link you gave me, I thought I was supposed to download it from the box on the right hand side that said "Mirror." Is that right?
  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,652 posts
Hi Rose,

You're welcome!

Yes "Mirror" That will take you to Bleeping computer. Click the Download now @ Bleeping computer tab.

Joe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP