Jump to content

stung by you tube downloader YTD from CNET! spigot


Recommended Posts

i thought cnet (download.com) was supposed to have safe downloads!!!

 

i installed you tube downloader and it shoved in spigot which hijacked my browser search box and redirects to yahoo search!!

 

please help,

 

thanks

 

 

****************************** dds.txt *****************************

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16635
Run by deemyboy_vaio at 2:06:38 on 2013-08-06
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.2798.1005 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\smtp4dev\Smtp4dev.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\wamp\wampmanager.exe
c:\wamp\bin\apache\apache2.4.2\bin\httpd.exe
c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\wamp\bin\apache\apache2.4.2\bin\httpd.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Users\deemyboy_vaio\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HTC\Internet Pass-Through\htcnat.exe
C:\Windows\system32\taskhost.exe
C:\Windows\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.3\ytdToolbarIE.dll
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.3\ytdToolbarIE.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.3\ytdToolbarIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [smtp4dev] C:\Program Files (x86)\smtp4dev\Smtp4dev.exe
uRun: [Facebook Update] "C:\Users\deemyboy_vaio\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: Interfaces\{DFD869E8-7195-4FF8-8FC6-F35A7E75F3F6} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{DFD869E8-7195-4FF8-8FC6-F35A7E75F3F6}\45E4341405935353442333 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{DFD869E8-7195-4FF8-8FC6-F35A7E75F3F6}\8445340205F627471626C6560284F6473707F6470244231443 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DFD869E8-7195-4FF8-8FC6-F35A7E75F3F6}\A5167627F637 : DHCPNameServer = 172.16.0.1
TCP: Interfaces\{DFD869E8-7195-4FF8-8FC6-F35A7E75F3F6}\A6F627A6962E08993702960586F6E656 : DHCPNameServer = 109.249.185.224 109.249.188.32
TCP: Interfaces\{DFD869E8-7195-4FF8-8FC6-F35A7E75F3F6}\E45445745414258383 : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\deemyboy_vaio\AppData\Roaming\Mozilla\Firefox\Profiles\dvrdo0gj.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Users\deemyboy_vaio\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-07-13 11:35; inspector@mozilla.org; C:\Users\deemyboy_vaio\AppData\Roaming\Mozilla\Firefox\Profiles\dvrdo0gj.default\extensions\inspector@mozilla.org
FF - ExtSQL: 2013-08-04 23:43; savingsslider@mybrowserbar.com; C:\Users\deemyboy_vaio\AppData\Roaming\Mozilla\Firefox\Profiles\dvrdo0gj.default\extensions\savingsslider@mybrowserbar.com
FF - ExtSQL: !HIDDEN! 2013-03-25 17:05; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2013-7-5 807800]
R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-1-29 87368]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-7 167424]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2010-1-14 93696]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2013-5-13 33736]
R3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2007-8-3 11392]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-2-25 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-4-19 161384]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-5 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-9 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-10 1255736]
.
=============== Created Last 30 ================
.
2013-08-05 05:26:59 -------- d-----w- C:\Users\deemyboy_vaio\AppData\Roaming\Malwarebytes
2013-08-05 05:26:49 -------- d-----w- C:\ProgramData\Malwarebytes
2013-08-05 05:26:48 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-08-05 05:26:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-04 22:43:04 -------- d-----w- C:\Users\deemyboy_vaio\AppData\Local\Slick Savings
2013-08-04 22:43:02 -------- d-----w- C:\Users\deemyboy_vaio\AppData\Roaming\Slick Savings
2013-08-04 22:42:58 -------- d-----w- C:\Program Files (x86)\YTD Toolbar
2013-08-04 22:42:58 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2013-08-04 22:42:58 -------- d-----w- C:\Program Files (x86)\Application Updater
2013-08-04 22:42:04 -------- d-----w- C:\ProgramData\YTD Video Downloader
2013-08-04 22:41:55 -------- d-----w- C:\Program Files (x86)\GreenTree Applications
2013-08-02 21:01:14 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{41817335-37FA-41EB-AAF2-966087BDD323}\mpengine.dll
2013-07-27 12:26:21 346112 ----a-w- C:\Windows\system\ssleay32.dll
2013-07-27 12:26:21 1653248 ----a-w- C:\Windows\system\libeay32.dll
2013-07-27 11:59:32 346112 ----a-w- C:\Windows\System32\ssleay32.dll
2013-07-27 11:59:07 1653248 ----a-w- C:\Windows\System32\libeay32.dll
2013-07-23 08:35:37 216064 ----a-w- C:\Windows\SysWow64\gcapi_dll.dll
2013-07-23 08:35:29 -------- d-----w- C:\Users\deemyboy_vaio\AppData\Roaming\Foxit Software
2013-07-23 08:35:29 -------- d-----w- C:\Program Files (x86)\Foxit Software
2013-07-17 12:04:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-07-17 12:04:46 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-07-17 11:53:00 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-17 11:53:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-17 10:51:58 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-13 10:40:16 92056 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-07-12 13:42:18 6129024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-07-12 13:42:18 6129024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-07-10 16:39:00 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 16:39:00 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-10 16:39:00 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-10 16:39:00 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 16:39:00 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-10 16:39:00 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-10 16:39:00 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-10 16:38:59 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-10 16:38:59 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-10 16:38:58 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-10 16:38:58 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-10 16:38:49 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-10 16:38:42 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-10 16:38:42 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-10 16:38:42 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-10 16:38:42 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 16:38:41 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
==================== Find3M  ====================
.
2013-07-17 10:51:58 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-12 10:54:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 10:54:13 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH:  2:07:20.42 ===============
 
 
 
 
 
***************************** attach.txt *********************************
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 05/03/2013 02:19:09
System Uptime: 06/08/2013 01:08:40 (1 hours ago)
.
Motherboard: Sony Corporation |  | VAIO
Processor: Intel® Core i3 CPU       M 330  @ 2.13GHz | N/A | 917/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 200 GiB total, 143.828 GiB free.
D: is FIXED (NTFS) - 98 GiB total, 97.468 GiB free.
E: is CDROM ()
F: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet 4500 G510n-z
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service: 
.
==== System Restore Points ===================
.
RP52: 16/07/2013 09:32:13 - Windows Update
RP54: 17/07/2013 11:49:18 - Windows Modules Installer
RP55: 19/07/2013 10:10:20 - Windows Update
RP56: 21/07/2013 03:00:10 - Windows Update
RP57: 26/07/2013 10:12:33 - Windows Update
RP58: 31/07/2013 01:41:54 - Windows Update
RP59: 01/08/2013 20:05:34 - Windows Backup
.
==== Installed Programs ======================
.
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
64 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Alps Pointing-device for VAIO
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.3
Bonjour
BufferChm
Color Cop 5.4.3
Destinations
DeviceDiscovery
DocMgr
DocProc
Facebook Video Calling 1.2.0.287
Fax
FFmpeg v0.6.2 for Audacity
FileZilla Client 3.7.1
Foxit Reader
Git version 1.8.1.2-preview20130201
Google Chrome
Google Drive
Google Update Helper
GPBaseService2
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510n-z
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
HTC Driver Installer
HTC Sync Manager
Inkscape 0.48.4
IPTInstaller
iTunes
LAME v3.99.3 (for Windows)
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network64
Notepad++
OCR Software by I.R.I.S. 13.0
Paint.NET v3.5.10
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Shop for HP Supplies
Skype Click to Call
Skype™ 6.3
Slick Savings
SmartWebPrinting
smtp4dev 2.0.9
SolutionCenter
Status
Sublime Text 2.0.1
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
VLC media player 2.0.7
WampServer 2.2
WebReg
Yahoo! Toolbar
YTD Toolbar v7.3
YTD Video Downloader 4.4
.
==== Event Viewer Messages From Past Week ========
.
05/08/2013 06:38:51, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

installed ytd (you tube downloader) from cnet and got some malware for free!

 

browser hijack

 

spigot 

 

SearchSettings.exe

SearchSettings64.exe

 

 

DDS DDS DDS DDS DDS DDS DDS DDS DDS DDS DDS DDS DDS DDS DDS DDS DDS DDS 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16635
Run by deemyboy_vaio at 2:06:38 on 2013-08-06
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.2798.1005 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\smtp4dev\Smtp4dev.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\wamp\wampmanager.exe
c:\wamp\bin\apache\apache2.4.2\bin\httpd.exe
c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\wamp\bin\apache\apache2.4.2\bin\httpd.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Users\deemyboy_vaio\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HTC\Internet Pass-Through\htcnat.exe
C:\Windows\system32\taskhost.exe
C:\Windows\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.3\ytdToolbarIE.dll
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.3\ytdToolbarIE.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.3\ytdToolbarIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [smtp4dev] C:\Program Files (x86)\smtp4dev\Smtp4dev.exe
uRun: [Facebook Update] "C:\Users\deemyboy_vaio\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: Interfaces\{DFD869E8-7195-4FF8-8FC6-F35A7E75F3F6} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{DFD869E8-7195-4FF8-8FC6-F35A7E75F3F6}\45E4341405935353442333 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{DFD869E8-7195-4FF8-8FC6-F35A7E75F3F6}\8445340205F627471626C6560284F6473707F6470244231443 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DFD869E8-7195-4FF8-8FC6-F35A7E75F3F6}\A5167627F637 : DHCPNameServer = 172.16.0.1
TCP: Interfaces\{DFD869E8-7195-4FF8-8FC6-F35A7E75F3F6}\A6F627A6962E08993702960586F6E656 : DHCPNameServer = 109.249.185.224 109.249.188.32
TCP: Interfaces\{DFD869E8-7195-4FF8-8FC6-F35A7E75F3F6}\E45445745414258383 : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\deemyboy_vaio\AppData\Roaming\Mozilla\Firefox\Profiles\dvrdo0gj.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Users\deemyboy_vaio\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-07-13 11:35; inspector@mozilla.org; C:\Users\deemyboy_vaio\AppData\Roaming\Mozilla\Firefox\Profiles\dvrdo0gj.default\extensions\inspector@mozilla.org
FF - ExtSQL: 2013-08-04 23:43; savingsslider@mybrowserbar.com; C:\Users\deemyboy_vaio\AppData\Roaming\Mozilla\Firefox\Profiles\dvrdo0gj.default\extensions\savingsslider@mybrowserbar.com
FF - ExtSQL: !HIDDEN! 2013-03-25 17:05; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2013-7-5 807800]
R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-1-29 87368]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-7 167424]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2010-1-14 93696]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2013-5-13 33736]
R3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2007-8-3 11392]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-2-25 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-4-19 161384]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-5 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-9 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-10 1255736]
.
=============== Created Last 30 ================
.
2013-08-05 05:26:59 -------- d-----w- C:\Users\deemyboy_vaio\AppData\Roaming\Malwarebytes
2013-08-05 05:26:49 -------- d-----w- C:\ProgramData\Malwarebytes
2013-08-05 05:26:48 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-08-05 05:26:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-04 22:43:04 -------- d-----w- C:\Users\deemyboy_vaio\AppData\Local\Slick Savings
2013-08-04 22:43:02 -------- d-----w- C:\Users\deemyboy_vaio\AppData\Roaming\Slick Savings
2013-08-04 22:42:58 -------- d-----w- C:\Program Files (x86)\YTD Toolbar
2013-08-04 22:42:58 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2013-08-04 22:42:58 -------- d-----w- C:\Program Files (x86)\Application Updater
2013-08-04 22:42:04 -------- d-----w- C:\ProgramData\YTD Video Downloader
2013-08-04 22:41:55 -------- d-----w- C:\Program Files (x86)\GreenTree Applications
2013-08-02 21:01:14 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{41817335-37FA-41EB-AAF2-966087BDD323}\mpengine.dll
2013-07-27 12:26:21 346112 ----a-w- C:\Windows\system\ssleay32.dll
2013-07-27 12:26:21 1653248 ----a-w- C:\Windows\system\libeay32.dll
2013-07-27 11:59:32 346112 ----a-w- C:\Windows\System32\ssleay32.dll
2013-07-27 11:59:07 1653248 ----a-w- C:\Windows\System32\libeay32.dll
2013-07-23 08:35:37 216064 ----a-w- C:\Windows\SysWow64\gcapi_dll.dll
2013-07-23 08:35:29 -------- d-----w- C:\Users\deemyboy_vaio\AppData\Roaming\Foxit Software
2013-07-23 08:35:29 -------- d-----w- C:\Program Files (x86)\Foxit Software
2013-07-17 12:04:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-07-17 12:04:46 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-07-17 11:53:00 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-17 11:53:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-17 10:51:58 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-13 10:40:16 92056 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-07-12 13:42:18 6129024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-07-12 13:42:18 6129024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-07-10 16:39:00 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 16:39:00 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-10 16:39:00 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-10 16:39:00 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 16:39:00 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-10 16:39:00 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-10 16:39:00 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-10 16:38:59 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-10 16:38:59 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-10 16:38:58 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-10 16:38:58 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-10 16:38:49 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-10 16:38:42 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-10 16:38:42 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-10 16:38:42 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-10 16:38:42 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 16:38:41 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
==================== Find3M  ====================
.
2013-07-17 10:51:58 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-12 10:54:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 10:54:13 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH:  2:07:20.42 ===============
 
 
 
attach attach attach attach attach attach attach attach attach attach attach 
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 05/03/2013 02:19:09
System Uptime: 06/08/2013 01:08:40 (1 hours ago)
.
Motherboard: Sony Corporation |  | VAIO
Processor: Intel® Core i3 CPU       M 330  @ 2.13GHz | N/A | 917/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 200 GiB total, 143.828 GiB free.
D: is FIXED (NTFS) - 98 GiB total, 97.468 GiB free.
E: is CDROM ()
F: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet 4500 G510n-z
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service: 
.
==== System Restore Points ===================
.
RP52: 16/07/2013 09:32:13 - Windows Update
RP54: 17/07/2013 11:49:18 - Windows Modules Installer
RP55: 19/07/2013 10:10:20 - Windows Update
RP56: 21/07/2013 03:00:10 - Windows Update
RP57: 26/07/2013 10:12:33 - Windows Update
RP58: 31/07/2013 01:41:54 - Windows Update
RP59: 01/08/2013 20:05:34 - Windows Backup
.
==== Installed Programs ======================
.
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
64 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Alps Pointing-device for VAIO
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.3
Bonjour
BufferChm
Color Cop 5.4.3
Destinations
DeviceDiscovery
DocMgr
DocProc
Facebook Video Calling 1.2.0.287
Fax
FFmpeg v0.6.2 for Audacity
FileZilla Client 3.7.1
Foxit Reader
Git version 1.8.1.2-preview20130201
Google Chrome
Google Drive
Google Update Helper
GPBaseService2
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510n-z
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
HTC Driver Installer
HTC Sync Manager
Inkscape 0.48.4
IPTInstaller
iTunes
LAME v3.99.3 (for Windows)
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network64
Notepad++
OCR Software by I.R.I.S. 13.0
Paint.NET v3.5.10
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Shop for HP Supplies
Skype Click to Call
Skype™ 6.3
Slick Savings
SmartWebPrinting
smtp4dev 2.0.9
SolutionCenter
Status
Sublime Text 2.0.1
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
VLC media player 2.0.7
WampServer 2.2
WebReg
Yahoo! Toolbar
YTD Toolbar v7.3
YTD Video Downloader 4.4
.
==== Event Viewer Messages From Past Week ========
.
05/08/2013 06:38:51, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please run the following steps and post back all the logs as ATTACHMENTS by clicking on the More Reply Options button.
Please don't put logs in code or quote tags or copy/paste them into your reply unless you're unable to attach them.
Please enable your system to show hidden files: How to see hidden files in Windows

P2P/Piracy Warning:

  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Please download AdwCleaner by Xplode to your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • If prompted by the User Account Control click Yes to allow it to run.
  • Under Actions click on the Delete button.
  • Click OK on all prompts.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the entire contents of that logfile to your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

thanks for reopening this topic

 

 

these are the logs

 

in step 6 i didn't read the post so went ahead and removed 4 infections that were found and then closed the eset online scanner application and so wasn't able to get the report back

 

all other logs are attached

 

hope i haven't messed things up 

 

 

thanks

 

deemyboy

 

RKreport0_S_08092013_025517.txt

mbar-log-2013-08-09 (20-51-49).txt

system-log.txt

JRT.txt

AdwCleanerS2.txt

FRST.txt

Addition.txt

Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

here's the fixlog.txt

 

 

btw updating FRST.exe results in a never-ending loop (maybe?) where you run it then it tells you it's not the latest and asks you if you want to upgrade and then it takes you to bleeping computer website and you can select to download it again and when you run it guess what??

 

it tells you it's not the latest version and offers you to download it again whereupon you're taken back to bleeping computer website to download it again!

 

i clicked "no" to upgrade on 3rd attempt!! 

Fixlog.txt

Link to post
Share on other sites

  • Root Admin

Log looks good.  Please reboot the computer 2 times and then run MBAM and check for updates and then do a Quick Scan and post back that log.

 

Then also let me know how the computer is running and if there are still any signs of an infection or this redirect issue.

Link to post
Share on other sites

  • Root Admin

Yes we're probably close to be done but have a couple more items first.

 

Next, download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


 

Link to post
Share on other sites

  • Root Admin

Please uninstall your Adobe Flash player and get an update from Adobe.com

 

Adobe Flash Player 10 Flash Player out of Date!

 

You really need to have an onboard running and updated antivirus.  You can obtain a free version from here.  Please install, update, and check for any infections and let me know.

 

Avast! Free Antivirus 8.0.1489

 

Thanks

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.