jimbo8500

Members
  • Content Count

    43
  • Joined

  • Last visited

Community Reputation

0 Neutral

1 Follower

About jimbo8500

  • Rank
    Advanced Member

Contact Methods

  • ICQ
    0
  • Yahoo
    garphoon

Profile Information

  • Location
    N. Billerica, MA, USA
  1. CeciliaB, Thank you for all the help. It is very much appreciated. Let me check through everything again and I will let you know if I need any further assistance. The big test will come when and if Ad-aware and/or MSE actually find something beyond a few cookies. Have an excellent weekend yourself, Jim
  2. CeciliaB, 6. OK ... but should I delete the files: "C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll" and "C:\Windows\system32\npdeployJava1.dll" before I do anything else? B, "C:\MATS" ... Deleted C. All 5 files have been deleted. D. OK ... I will let them be, for now. (An anti-adware company that uses adware ... crossed purposes!) Any more questions? Yes ... FRST generated a file "addition.txt" file which I forgot to mention and you didnt ask for. There is info about errors in it and please take a look and see if anything needs attantion? I tried to update "JavaFX" and ended up with Java 8, so I uninstalled the old "JavaFX 2.1.1". Based on http://en.wikipedia.org/wiki/JavaFX I don't think I need it anyway! All the best, Jim Addition.zip
  3. CeciliaB, I ran the three scanners you sent links for and F-Secure and Bitdefender were clean. ESET found "Visicom". I didn't tell ESET to delete because I wasn't familiar with it. The "threat" is mixed in with my ISP files and Lavasoft files! Since Ad-aware files are involved, it seemed relevant to the thread. Here is what it found: C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll a variant of Win32/Toolbar.Visicom.B application C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll a variant of Win32/Toolbar.Visicom.A application C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe a variant of Win32/Toolbar.Visicom.C application C:\Program Files\xfin_portal\comcastdx.dll a variant of Win32/Toolbar.Visicom.B application C:\Program Files\xfin_portal\comcasttb.dll a variant of Win32/Toolbar.Visicom.A application C:\Users\Oscar\AppData\Local\Temp\Lavasoft Ad-aware install logs from temp\b4bf07b8-e215-4690-b83c-e28dfb04638d.exe multiple threats ( I manually deleted this one ) C:\Users\Oscar\AppData\LocalLow\xfin_portal\comcastdx.dll a variant of Win32/Toolbar.Visicom.B application C:\Users\Oscar\Documents\download capture video\aTubeCatcher.exe multiple threats ( I manually deleted this one ) Operating memory multiple threats Should I run ESET to delete this stuff? Let me know, please. Best, Jim
  4. CeciliaB, 1. I think I actually was running ver. 9.6.0, though there was a folder of ver. 10 files I deleted. 3. 4. You are correct ... nevermind! 6. Can I just delete the files or does it require a registry edit? I just updated Java on the computer recently. Does Chrome use a "separate" Java? Attached is a capture of the installed Java versions fron Control Panel. Is it one of them? A. "Can you delete the folder 'C:\Program Files\Lavasoft\Ad-Aware'?" Yes ... Done. B, "Do you notice any left-overs from Ad-Aware 10?" There is a folder "MATS" in the root directory that I think was spawned by the MS Fixit. (a "tree" of the folder attached) There may be some in "Progdata" and "AppDta" folders. I looked through all the relevant App & Prog data folders and don't see anything that looks out of place, to me. The created, modified and saved dates are recent on almost all of the files. How else can I tell? C. Fixlog.txt below: ------------------------------------------------------------------------------------------------------------------------------ Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-12-2013 Ran by Oscar at 2013-12-05 22:50:02 Run:1 Running from C:\Users\Oscar\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** S2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2152720 2012-06-11] (Lavasoft Limited) R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64512 2012-03-20] (Lavasoft AB) R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [74968 2012-06-11] (Sunbelt Software) R1 SbFw; C:\Windows\System32\drivers\SbFw.sys [223864 2011-12-19] (GFI Software) S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [x] ***************** Lavasoft Ad-Aware Service => Service deleted successfully. Lbd => Service deleted successfully. sbapifs => Service deleted successfully. SbFw => Service deleted successfully. Lavasoft Kernexplorer => Service deleted successfully. The system needs a manual reboot. ==== End of Fixlog ==== ------------------------------------------------------------------------------------------------------------------------------ (What were the Sunbelt and GFI stuff I deleted?) All the best, Jim tree-C_MATS.zip
  5. CeciliaB, 1. I have looked through all the settings for Ad-aware 11 and everything seems OK. Anything special I should look for? 2. Thank you. I will try them. (you skipped 3) 4. Google toolbar was removed. See posts #5 & #6 at: http://www.lavasoftsupport.com/index.php?/topic/33297-artemis-adwaregameplaylab-pupcrossfire-pupgamesplaylab-appinit-dlls/ 5. OK. Shared in case you were not. 6. Done. The FRST.txt file contains information I consider to be personal and private, so I prefer to attach it as a zipped file. 7. Not really. Just what I found on the net. Best, Jim
  6. CeciliaB, Answers/replies to your previous inserted into quote below in bold. Also, in my correspondence with Lavasoft Support there was this instruction: "Please uninstall the program, by going to Start -> Programs -> Lavasoft -> Ad-Aware -> and click on Uninstall Ad-Aware. *** Please make sure to uncheck the boxes to remove the definitions, files kept and settings as this will ensure that no part of the software is left on the system ***". Since the uninstall via "Menu" failed, I didn't get the opportunity "uncheck the boxes" to assure that "no part of the software is left on the system". Is this missing step going to be a problem? Have a most Joyous and Safe St. Lucia's Day and Holiday Season ... God Jul !!! All the best, James Garvin
  7. A file appeared in my root directory a week or so ago called "aaw7boot.cmd". It appears to be some sort of compiled code. I added a file extension to prevent execution until I could find out if it belonged. I sent it off to Threatwork for analysis. I asked Support about it but they have ignored my inquiry. Is it an Ad-aware file I should let run or should I delete it? And, may I ask a question about another topic which is now closed? http://www.lavasoftsupport.com/index.php?/topic/33297-artemis-adwaregameplaylab-pupcrossfire-pupgamesplaylab-appinit-dlls/
  8. CeciliaB, I run Win Vista SP2. Well, being the curious type, I tried the install again and, much to my amazement, it ran! After a reboot, I added real-time and web protection with reboots in between. As far as I can tell, Ad-aware is working fine, for now. It didn't remove the old menu selections and the folder for the prior version is still there. I have a feeling there is a lot of lint left behind! I attach screen captures so you can check to see if I made any mistakes? I wondered why Ad-aware didn't ask me for a license number? Please look at "RetryInstall-13-Capture.JPG". The number displayed is NOT my license number (it's blotted for obvious reasons). Should I leave it alone, or try enterring my own current license number? Please reply about any errors you see and/or advice about any needed lint cleanup? Amazing work CeceliaB. I was back and forth with Support for five plus days and got nowhere! Thank you for your quick responses and spot on good advice. Kudos ... Happy Holidays ... Best regards, James Garvin RetryInstall-Capture.zip
  9. Hello again CeciliaB, Thank you for your response. I followed the instructions but the fix did not work. I tried a second time but the fixit wouldn't run again. The explore other solutiuons option is unavailable. Captures attached. What can I do next? Thank you again, very much, for your quick response. Best, Jim Fix-Capture.zip
  10. I have somewhat similar problem. I can neither install Ver. 11 nor uninstall the version installed on my machine. I have contacted support numerous times. I keep being told the "free" version will overwrite whatever is on my machine, but that doesn't happen! The several sources of downloads all result in a download of a file called "Adaware_Installer.exe". I attach the screens/windows I see. What should I do next? update-Capture.zip
  11. Again, many thanks CeciliaB. You asked, 'Is "Ask Toolbar Updater" still listed among the installed programs or did it disappear when you uninstalled "Ask Toolbar"?' "Ask Toolbar Updater" IS still listed as an installed program. I cannot uninsall it because it says I do not have "sufficient access" (see previous post). This may be because the folder and files are not there, where the registry says they should be. I suspect the only way to make the installed program entry go away is to delete it from the registry. I don't have any major problems. IE is a bit clunky sometimes. Every once in a while when I close a tab it will begin to replicate itself. Sometimes I have to close IE and start over. Flash seems to crash once in a while despite being up to date. I am religious about keeping the programs I use updated. Everything that can be is set on auto updates is. I run quick scans every day and full scans at least once a week.
  12. Thank you for your help, CeciliaB ... :- } Not Done: Ask Toolbar Updater >>>> says I do not have sufficient access to uninstall. Cannot find it to delete. <<<< (see attached) DONE: Ask Toolbar due to http://www.systemloo...NERI_1_DLL.html DONE: Freecorder Toolbar http://www.systemloo...tbFre3_dll.html DONE: Yahoo! Toolbar http://www.systemloo...dll_yt_dll.html DONE: Mozilla Firefox 12.0 (x86 en-US) (or update) since it's an old version with a lot of known vulnerabilities that can be exploited by a web page to infect the computer. DONE: Restart the computer and run DDS again. Please, paste the new DDS.txt into your answer (Attach.txt isn't needed this time). PS: I got through Malwarebytes and Mb Anti-rootkit with nothing found and no errors. ------------------------------------------------------------------------------------------------------------------------- DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16490 BrowserJavaVersion: 10.21.2 Run by Oscar at 21:50:18 on 2013-06-13 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3036.1600 [GMT -4:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\DellTPad\Apoint.exe C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Constant Guard Protection Suite\IDVault.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Printkey.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe C:\Windows\system32\taskeng.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = about:tabs uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned> BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - c:\programdata\white sky, inc\id vault\iebho1.13.506.2\NativeBHO.dll BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [Google Update] "c:\users\oscar\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f dRunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f StartupFolder: c:\users\oscar\appdata\roaming\microsoft\windows\start menu\programs\startup\REMINDER.rtf StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\Printkey.exe mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: En&queue current page with BID - c:\program files\bulk image downloader\iemenu\iebidqueue.htm IE: Enqueue link tar&get with BID - c:\program files\bulk image downloader\iemenu\iebidlinkqueue.htm IE: Open &link target with BID - c:\program files\bulk image downloader\iemenu\iebidlink.htm IE: Open current page with BI&D - c:\program files\bulk image downloader\iemenu\iebid.htm IE: Open current page with BID Link Explorer - c:\program files\bulk image downloader\iemenu\iebidlinkexplorer.htm IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{ECB22B4B-AE6E-4352-B16A-10A26E4E2EE6} : DHCPNameServer = 75.75.75.75 75.75.76.76 LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg Hosts: 127.0.0.1 isearch.avg.com Hosts: 127.0.0.1 ads.mcafee.com Hosts: 127.0.0.1 analytics.microsoft.com Hosts: 127.0.0.1 metrics.bitdefender.com Hosts: 127.0.0.1 metrics.mcafee.com . Note: multiple HOSTS entries found. Please refer to Attach.txt . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-6-11 64512] R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296] R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog32.sys [2013-1-18 80104] R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-6-7 223864] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2013-5-8 56872] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2012-3-20 2152720] R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 100328] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-6-11 74968] R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2012-6-11 28256] R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-2-24 203264] R3 keycrypt;keycrypt;c:\windows\system32\drivers\KeyCrypt32.sys [2013-1-18 24760] R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-5-21 3663360] R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232] R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 133632] R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-8 280096] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2012-6-11 28256] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-5-6 29736] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568] . =============== Created Last 30 ================ . 2013-06-14 01:39:11 724464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0469b7d2-f5a5-4b47-8c7e-3f128d8f110b}\gapaengine.dll 2013-06-14 01:36:31 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{206de08e-0db0-45a8-b166-2b9772a3498a}\mpengine.dll 2013-06-13 18:19:50 7016152 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-06-13 14:27:23 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-06-13 13:25:58 257928 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2013-06-13 00:50:15 -------- d-----w- c:\users\oscar\appdata\roaming\Malwarebytes 2013-06-13 00:49:38 -------- d-----w- c:\programdata\Malwarebytes 2013-06-13 00:49:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-06-13 00:49:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-06-11 20:36:46 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-11 20:36:46 443904 ----a-w- c:\windows\system32\win32spl.dll 2013-06-11 20:36:46 37376 ----a-w- c:\windows\system32\printcom.dll 2013-06-11 20:36:46 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2013-06-11 20:36:37 985600 ----a-w- c:\windows\system32\crypt32.dll 2013-06-11 20:36:37 812544 ----a-w- c:\windows\system32\certutil.exe 2013-06-11 20:36:36 98304 ----a-w- c:\windows\system32\cryptnet.dll 2013-06-11 20:36:36 41984 ----a-w- c:\windows\system32\certenc.dll 2013-06-11 20:36:36 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2013-06-11 20:36:26 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-06-11 20:35:33 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-06-11 20:35:32 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-28 20:07:48 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2013-05-28 20:07:48 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2013-05-28 20:07:48 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2013-05-28 20:07:48 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2013-05-28 20:07:48 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2013-05-21 06:05:05 724464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ddcd46b1-c4d2-4b08-a5a6-83db93009990}\gapaengine.dll . ==================== Find3M ==================== . 2013-06-12 15:07:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-12 15:07:20 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-25 13:35:39 80104 ----a-w- c:\windows\system32\drivers\AntiLog32.sys 2013-05-16 22:39:39 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-05-16 22:28:26 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-05-16 22:27:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-05-16 22:21:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2013-05-16 22:20:30 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-05-16 22:16:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-05-01 07:59:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2013-05-01 07:59:12 69632 ----a-w- c:\windows\system32\QuickTime.qts 2013-04-27 16:56:00 167344 ----a-w- c:\windows\system32\mfevtps.exe.1016.deleteme 2013-04-15 14:20:04 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-04-13 10:56:44 37376 ----a-w- c:\windows\system32\cdd.dll 2013-04-09 01:36:18 2049024 ----a-w- c:\windows\system32\win32k.sys 2013-04-04 09:35:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . ============= FINISH: 21:51:41.50 ===============
  13. First, thank you for your reply. I ran Ad-Aware full scan first and found nothing beyond a "*2o7*" cookie, which I deleted. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16490 BrowserJavaVersion: 10.21.2 Run by Oscar at 18:09:33 on 2013-06-13 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3036.1238 [GMT -4:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\DellTPad\Apoint.exe C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Constant Guard Protection Suite\IDVault.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Printkey.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = about:tabs uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - c:\programdata\white sky, inc\id vault\iebho1.13.506.2\NativeBHO.dll BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Freecorder Toolbar: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - c:\program files\freecorder\prxtbFree.dll TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [Google Update] "c:\users\oscar\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f dRunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f StartupFolder: c:\users\oscar\appdata\roaming\microsoft\windows\start menu\programs\startup\REMINDER.rtf StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\Printkey.exe mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: En&queue current page with BID - c:\program files\bulk image downloader\iemenu\iebidqueue.htm IE: Enqueue link tar&get with BID - c:\program files\bulk image downloader\iemenu\iebidlinkqueue.htm IE: Open &link target with BID - c:\program files\bulk image downloader\iemenu\iebidlink.htm IE: Open current page with BI&D - c:\program files\bulk image downloader\iemenu\iebid.htm IE: Open current page with BID Link Explorer - c:\program files\bulk image downloader\iemenu\iebidlinkexplorer.htm IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{ECB22B4B-AE6E-4352-B16A-10A26E4E2EE6} : DHCPNameServer = 75.75.75.75 75.75.76.76 LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg Hosts: 127.0.0.1 isearch.avg.com Hosts: 127.0.0.1 ads.mcafee.com Hosts: 127.0.0.1 analytics.microsoft.com Hosts: 127.0.0.1 metrics.bitdefender.com Hosts: 127.0.0.1 metrics.mcafee.com . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - c:\users\oscar\appdata\roaming\mozilla\firefox\profiles\ufj03b5a.default\ FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=2&q= FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\users\oscar\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-6-11 64512] R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296] R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog32.sys [2013-1-18 80104] R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-6-7 223864] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2013-5-8 56872] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2012-3-20 2152720] R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 100328] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-6-11 74968] R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2012-6-11 28256] R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-2-24 203264] R3 keycrypt;keycrypt;c:\windows\system32\drivers\KeyCrypt32.sys [2013-1-18 24760] R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-5-21 3663360] R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232] R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 133632] R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-8 280096] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2012-6-11 28256] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-5-6 29736] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568] . =============== Created Last 30 ================ . 2013-06-13 18:19:50 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d842a6a2-b4d0-4d5f-b388-cca33adb999c}\mpengine.dll 2013-06-13 14:27:23 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-06-13 13:25:58 257928 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2013-06-13 12:39:24 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-06-13 00:50:15 -------- d-----w- c:\users\oscar\appdata\roaming\Malwarebytes 2013-06-13 00:49:38 -------- d-----w- c:\programdata\Malwarebytes 2013-06-13 00:49:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-06-13 00:49:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-06-11 20:36:46 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-11 20:36:46 443904 ----a-w- c:\windows\system32\win32spl.dll 2013-06-11 20:36:46 37376 ----a-w- c:\windows\system32\printcom.dll 2013-06-11 20:36:46 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2013-06-11 20:36:37 985600 ----a-w- c:\windows\system32\crypt32.dll 2013-06-11 20:36:37 812544 ----a-w- c:\windows\system32\certutil.exe 2013-06-11 20:36:36 98304 ----a-w- c:\windows\system32\cryptnet.dll 2013-06-11 20:36:36 41984 ----a-w- c:\windows\system32\certenc.dll 2013-06-11 20:36:36 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2013-06-11 20:36:26 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-06-11 20:35:33 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-06-11 20:35:32 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-28 20:07:48 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2013-05-28 20:07:48 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2013-05-28 20:07:48 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2013-05-28 20:07:48 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2013-05-28 20:07:48 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2013-05-21 06:05:05 724464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ddcd46b1-c4d2-4b08-a5a6-83db93009990}\gapaengine.dll 2013-05-15 00:40:34 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-15 00:40:34 37376 ----a-w- c:\windows\system32\cdd.dll 2013-05-15 00:40:31 2049024 ----a-w- c:\windows\system32\win32k.sys . ==================== Find3M ==================== . 2013-06-12 15:07:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-12 15:07:20 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-25 13:35:39 80104 ----a-w- c:\windows\system32\drivers\AntiLog32.sys 2013-05-16 22:39:39 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-05-16 22:28:26 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-05-16 22:27:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-05-16 22:21:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2013-05-16 22:20:30 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-05-16 22:16:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-05-01 07:59:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2013-05-01 07:59:12 69632 ----a-w- c:\windows\system32\QuickTime.qts 2013-04-27 16:56:00 167344 ----a-w- c:\windows\system32\mfevtps.exe.1016.deleteme 2013-04-04 09:35:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . ============= FINISH: 18:11:12.52 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 5/6/2012 11:06:30 PM System Uptime: 6/13/2013 5:25:44 PM (1 hours ago) . Motherboard: Dell Inc. | | 0P786H Processor: Intel® Core2 Duo CPU T5800 @ 2.00GHz | U2E1 | 2000/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 298 GiB total, 22.305 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Base System Device Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02A01028&REV_12\4&31FC8C23&0&0AF0 Manufacturer: Name: Base System Device PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02A01028&REV_12\4&31FC8C23&0&0AF0 Service: . Class GUID: Description: Base System Device Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02A01028&REV_12\4&31FC8C23&0&0BF0 Manufacturer: Name: Base System Device PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02A01028&REV_12\4&31FC8C23&0&0BF0 Service: . ==== System Restore Points =================== . . ==== Hosts File Hijack ====================== . Hosts: 127.0.0.1 isearch.avg.com Hosts: 127.0.0.1 ads.mcafee.com Hosts: 127.0.0.1 analytics.microsoft.com Hosts: 127.0.0.1 metrics.bitdefender.com Hosts: 127.0.0.1 metrics.mcafee.com Hosts: 127.0.0.1 om.symantec.com Hosts: 127.0.0.1 ads.bleepingcomputer.com Hosts: 127.0.0.1 wdcs.trendmicro.com . ==== Installed Programs ====================== . Ad-Aware Ad-Aware Security Toolbar Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.7) ALTools Update ALZip 8.51 AntiLogger SDK version 1.5.6.849 Apple Application Support Apple Software Update Applian FLV and Media Player 3.1.1.12 Ask Toolbar Ask Toolbar Updater ATI Catalyst Install Manager Broadcom Gigabit NetLink Controller Bulk Image Downloader v4.39.0.0 Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy ccc-core-static ccc-utility CCC Help English Compatibility Pack for the 2007 Office system Complitly Constant Guard Protection Suite Dell Driver Download Manager Dell Resource CD Dell Touchpad FLV Player Freecorder 5 Freecorder Toolbar FreeTorrentViewer Google Chrome Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Integrated Webcam Driver (1.06.03.0309) Intel PROSet Wireless Intel® PROSet/Wireless WiFi Driver ITECIR Java 7 Update 21 Java Auto Updater JavaFX 2.1.1 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Baseline Security Analyzer 2.2 Microsoft Fix it Center Microsoft Office Excel Viewer Microsoft Office Word Viewer 2003 Microsoft PowerPoint Viewer Microsoft Security Client Microsoft Security Essentials Microsoft Visual C++ 2005 Redistributable Mozilla Firefox 12.0 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Photoshop Fix Toolbox 1.1 QuickTime Recovery Toolbox for RAR 1.1 Replay Media Catcher 4 (4.4.3) Safari Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Skins swMSM Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) VLC media player 2.0.6 WIDCOMM Bluetooth Software 6.1.0.4402 XFINITY Toolbar Yahoo! Install Manager Yahoo! Software Update Yahoo! Toolbar . ==== End Of File ===========================
  14. Attached are images of the pop-up windows I got, in case I wasn't clear enough in my explanation.
  15. Artemis - Adware.GamePlayLab - PUP.Crossfire - PUP.GamesPlayLab - Appinit_Dlls What to do next? Stinger found "Artemis", so I downloaded Malwarebytes and found the below. I run: Dell Studio 1737, Win-Vista, SP2 Microsoft Security Essentials (qiick and full) Ad-Aware (qiick and full) Microsoft Malicious Software Removal Tool (qiick and full) Microsoft Safety Scanner (qiick and full) Trend Micro Housecall (qiick and full) McAfee Stinger (qiick and full) McAfee® Labs Stinger™ Version 11.0.0.338 built on Jun 10 2013 at 11:48:54 Copyright© 2013, McAfee Inc. All rights Reserved. Virus data file v1000.0 created on Jun 10, 2013 Ready to scan for 6248 Viruses, Trojans and variants. Full Scan Report File Rootkit scan result : Not Scanned. c:\Users\Oscar\Documents\Yahoo Toolbar\cnet2_ytb_7_1_0_0d_1_4_1_pub_us_setup__exe.exe is infected with Artemis!421F34B349CA (deleted) -------------------------------------------------------------------------------------------------------------------------------------- Malwarebytes Anti-Malware 1.75.0.1300 Database version: v2013.06.12.09 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Oscar :: OSCAR-PC [administrator] Scan type: Quick scan (4 scans) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Only registry keys were detected Scan #1 Registry Keys Detected: 19 HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully. Scan #2 Registry Keys Detected: 2 HKCR\Interface\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully. Scan #3 Registry Keys Detected: 2 HKCR\Interface\{77777777-7777-7777-7777-770077227758} (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully. Scan #4 Registry Keys Detected: 0 (No malicious items detected) Full Scan was Clean: Nothing Detected -------------------------------------------------------------------------------------------------------------------------------------- Ran Malwarebytes Anti-rootkit (log available) Window pops up and says, 'Registry value "AppInit_Dlls" has been found, which may be caused by rootkit activity.' (I pressed :No" because I wasn't sure) Found and Removed: Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} --> [Adware.GamePlayLab] (scanned registry for "WOW6432NODE" and it was gone) Second time through I clicked "Yes" to pop-up window messaage. Scan result was clean. Cannot run Malwarebytes Anti-rootkit any more because it says my version is outdated no matter how many times I download a new one! - Finis -