Homepage changed to "http://search.yahoo.com/?type=937811&fr=spigot-yhp-ff"

[bluelit01]

Hi, My daughter updated Youtube Downloader via their "updater" and now her homepage changed to "http://search.yahoo.com/?type=937811&fr=spigot-yhp-ff" and regardless of what I do I can't remove this issue. Help would be greatly appreciated.

I did the following:

1.Ran MalwarbytesPro - nothing found.

2.Ran KIS - nothing found

Here are my DDS logs. I'm not sure if I did it correctly because I didn't know if I had script blocker or how to disable it.

FF - ProfilePath - C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\5uuc71d5.default-1344114154362\

FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ff

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Joan\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-8-29 55856]

R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-3-4 11864]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488]

R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 206448]

R2 FibUacService;FibUacService;C:\ProgramData\Clickfree\FullImagingBackup\FibUac.exe [2012-12-20 37192]

R2 FullImagingService;FullImagingService;C:\ProgramData\Clickfree\FullImagingBackup\FullImagingService.exe [2012-12-20 201544]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-29 13336]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-10 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-10 682344]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]

R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-18 993848]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-8-29 1692480]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-29 317440]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-8-29 406056]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-1-31 24176]

R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-8-31 17976]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-8-29 158976]

S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-20 168448]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-20 22528]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-4 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-03-13 18:40:41 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-03-13 18:40:18 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FBEC681B-BB60-4526-A71C-4AB1370B0011}\mpengine.dll

2013-03-12 04:09:05 263064 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

2013-03-07 01:57:31 -------- d-----w- C:\ProgramData\Licenses

2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2013-02-13 18:17:57 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-02-13 18:17:57 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-02-13 18:17:57 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-02-13 18:17:52 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-02-13 18:17:51 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-02-13 18:17:51 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-02-13 18:17:51 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-02-13 18:17:51 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-02-13 18:17:51 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-02-13 18:17:51 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-02-13 18:17:48 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-02-13 18:17:48 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

==================== Find3M ====================

.

2013-03-13 05:34:26 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 05:34:26 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-02-06 18:00:00 127488 ----a-w- C:\Windows\System32\ff_vfw.dll

2013-01-17 11:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll

2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll

2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll

2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll

2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll

2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll

2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll

2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll

2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll

2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll

2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll

2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll

2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll

2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll

2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll

2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll

2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll

2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll

2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll

2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-15 02:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

.

============= FINISH: 13:54:56.87 ===============

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 9/2/2011 9:02:34 AM

System Uptime: 3/14/2013 8:16:35 AM (5 hours ago)

.

Motherboard: Dell Inc. | | 0Y2MRG

Processor: Intel® Core i7-2600 CPU @ 3.40GHz | CPU 1 | 1598/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 1381 GiB total, 1307.449 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP306: 3/5/2013 8:04:02 AM - Windows Update

RP307: 3/8/2013 9:05:41 AM - Windows Update

RP308: 3/13/2013 8:38:06 AM - Windows Update

RP309: 3/13/2013 8:41:15 AM - Windows Update

RP310: 3/14/2013 1:25:42 PM - Revo Uninstaller's restore point - Vuze Remote Toolbar v6.8

RP311: 3/14/2013 1:26:06 PM - Removed Vuze Remote Toolbar v6.8.

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.6)

Bing Bar

Bing Rewards Client Installer

Blio

Boilsoft Video Joiner 6.57

Boilsoft Video Splitter 6.33

Canon PowerShot SX260 HS and SX240 HS Camera User Guide

Canon Utilities CameraWindow DC 8

Canon Utilities ImageBrowser EX

Canon Utilities PhotoStitch

CCleaner

Clickfree Easy Image

Consumer In-Home Service Agreement

Cozi

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Edoc Viewer

Dell Getting Started Guide

Dell MusicStage

Dell PhotoStage

Dell Stage

Dell Support Center

Dell VideoStage

DirectX 9 Runtime

DW WLAN Card

Free Opener

Google Chrome

High-Definition Video Playback

HostsMan 3.2.73

Intel® Rapid Storage Technology

Java SE Development Kit 7 Update 7 (64-bit)

Java SE Development Kit 7 Update 9 (64-bit)

Junk Mail filter update

K-Lite Codec Pack 9.7.5 (64-bit)

K-Lite Codec Pack 9.7.5 (Basic)

Kaspersky Internet Security 2012

Malwarebytes Anti-Malware version 1.70.0.1100

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Lync 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 19.0.2 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

Multimedia Card Reader

Nero 10 Movie ThemePack Basic

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero Update

NVIDIA Display Control Panel

PhotoShowExpress

PlayReady PC Runtime x86

RBVirtualFolder64Inst

RealMedia (remove only)

Realtek High Definition Audio Driver

Revo Uninstaller 1.94

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Roxio File Backup

Secunia PSI (2.0.0.3003)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2760762) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Skype Click to Call

Skype™ 5.10

Sonic CinePlayer Decoder Pack

SpywareBlaster 5.0

swMSM

SyncUP

THX TruStudio PC

TurboTax 2011

TurboTax 2011 whiiper

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wrapper

TurboTax 2012

TurboTax 2012 whiiper

TurboTax 2012 WinPerFedFormset

TurboTax 2012 WinPerReleaseEngine

TurboTax 2012 WinPerTaxSupport

TurboTax 2012 wrapper

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

ViKi Desktop Plug-in

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

Xceed ActiveX Components v6.5

Zinio Reader 4

.

==== Event Viewer Messages From Past Week ========

.

3/8/2013 9:00:19 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the FibUacService service to connect.

3/8/2013 9:00:19 AM, Error: Service Control Manager [7000] - The FibUacService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/7/2013 8:29:21 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

3/14/2013 8:18:44 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

3/13/2013 9:06:25 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2809289).

3/13/2013 8:34:56 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

3/13/2013 8:34:56 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

3/11/2013 8:55:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.

3/11/2013 8:55:22 AM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/11/2013 8:54:27 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the FullImagingService service to connect.

3/11/2013 8:54:27 AM, Error: Service Control Manager [7000] - The FullImagingService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

[Larusso]

Hy

my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  
• Perform everything in the correct order. Sometimes one step requires the previous one.
  
• If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  
• Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  
• Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  

Please download AdwCleaner by Xplode onto your desktop.

• 
  
  • Close all open programs and internet browsers.
    
  • Double click on adwcleaner.exe to run the tool.
    
  • Click on Delete.
    
  • Confirm each time with Ok.
    
  • You will be prompted to restart your computer. A text file will open after the restart.
    
  • Please post the contents of that logfile with your next reply.
    
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
    

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

• Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan
  
• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the activex control to install
  
• Click Start
  
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  
• Click Scan
  
• Wait for the scan to finish
  
• When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  
• Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  
• Close the ESET online scan, and let me know how things are now.
  

[bluelit01]

Hi Daniel, Thank you so much for helping me. Here are my requested log files:

# AdwCleaner v2.114 - Logfile created 03/14/2013 at 14:45:56

# Updated 05/03/2013 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : Joan - JOAN-PC

# Boot Mode : Normal

# Running from : C:\Users\Joan\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\5uuc71d5.default-1344114154362\prefs.js

[OK] File is clean.

File : C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\ymm6qbpn.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R35].txt - [1244 octets] - [08/01/2013 21:36:52]

AdwCleaner[R36].txt - [1266 octets] - [15/01/2013 08:14:28]

AdwCleaner[R37].txt - [1329 octets] - [19/01/2013 20:43:10]

AdwCleaner[R38].txt - [1519 octets] - [31/01/2013 22:32:24]

AdwCleaner[R39].txt - [2629 octets] - [13/02/2013 20:14:35]

AdwCleaner[R40].txt - [1807 octets] - [23/02/2013 20:43:44]

AdwCleaner[R41].txt - [1742 octets] - [10/03/2013 21:27:13]

AdwCleaner[s10].txt - [1870 octets] - [23/02/2013 20:44:13]

AdwCleaner[s11].txt - [1805 octets] - [10/03/2013 21:27:36]

AdwCleaner[s12].txt - [1484 octets] - [14/03/2013 14:45:56]

AdwCleaner[s8].txt - [1307 octets] - [08/01/2013 21:37:36]

AdwCleaner[s9].txt - [2663 octets] - [13/02/2013 20:15:15]

########## EOF - C:\AdwCleaner[s12].txt - [1665 octets] ##########

ESET online scanner:

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application

I went to my homepage and it's still there (http://search.yahoo.com/?type=937811&fr=spigot-yhp-ff).

[Larusso]

Hy there.

ADWcleaner comes back clean. This rarely happens and your Homepage isn't known as a baddy. You should be able to simply change it in the FF settings.

regardless of what I do I can't remove this issue

Would you be so kind and telling me what you have tried so far ?

[bluelit01]

Hi, I was able to change it in the FF settings. Since you say it's isn't a baddy, thank you so much for your help.

[Larusso]

You are welcome.

Please manually delete the tools and logfiles we used. ( They aren't toys ).

2 things I want you to do.

Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

There is a newer version of Adobe Acrobat Reader available.

• Please go to this link Adobe Acrobat Reader Download Link
  
• Untick Free McAfee® Security Scan Plus if you do not wish to include this in the installation.
  
• Click Download
  
• On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  
• Click the Continue button
  
• Click Run, and click Run again
  
• Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 7 and Save it to your Desktop.
• Scroll down to where it says Java SE 7u17
• Click the Download button under JRE to the right.
• Read the License Agreement then select Accept License Agreement
• Click on the link to download Windows x86 Offline and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-7u17-windows-i586.exe to install the newest version.

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are three options in the window to clear the cache - Leave these two Checked
    
    • 
      Trace and Log Files
      Cached Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

Let me know when you have any problems.

[bluelit01]

Hi Larusso, Sorry for my late response. I updated my Adobe Acrobat Reader as instructed. After installing Java SE 7u17, I couldn't find the Java icon (picture of a coffee cup). In control panel, there is a Java icon but it looks like a sheet of paper not a coffee cup. When I click on it it says "Application not found."

[Larusso]

-.- Maybe they will be able anytime to create a software which will work on its first run. A question I will ask you. Do you need Java ? ( Java is not Java Script ). We all recommend to uninstall Java from PCs if it is not really needed due the fact, that it will have vulnerabilities which Exploits probably uses to infect your PC.

1. Please download Revo Uninstaller.
2. Extract the ZIP file to a folder and run revouninstaller.exe from there! (You can copy that folder to an USB Mass storage drive and use it without any installation required!)
3. There are two ways to uninstall programs with Revo Uninstaller: Important: Please, try to close the application you want to uninstall first!
   • Select the application in the list of installed applications and press the Uninstall button in the toolbar.
   • Right-click the application and click the Uninstall command in the displayed menu. Follow the instructions and leave all settings as they are.

If needed, reinstall Java as instructed above. Let me know if you have any issues

[Larusso]

Hello, are you still with us?

If you do not reply within 24 hours, this topic will be closed

[Maurice Naggar]

Closed due to no response.