[Active] Google & YouTube redirect virus

CJMD · Aug 1, 2011

==========
MBAM LOG
==========
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7346

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

01/08/2011 2:06:59 PM
mbam-log-2011-08-01 (14-06-59).txt

Scan type: Quick scan
Objects scanned: 193947
Time elapsed: 7 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

==========
GMER LOG
==========
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-01 14:11:51
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.11.0
Running: sn1wgtb9.exe; Driver: C:\Users\Colin\AppData\Local\Temp\kxliypob.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x91CE8398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

=========
DDS LOG
=========
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Colin at 14:15:01 on 2011-08-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3070.2097 [GMT -3:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\dlcgcoms.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\vfsFPService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Users\Colin\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Dell AIO 810\DLCGmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://webmail.stfx.ca/
mDefault_Page_URL = hxxp://en.ca.acer.yahoo.com
mStart Page = hxxp://en.ca.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\solid youtube downloader and converter db toolbar\tbhelper.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\solid youtube downloader and converter db toolbar\tbcore3.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: Solid YouTube Downloader and Converter DB Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\solid youtube downloader and converter db toolbar\tbcore3.dll
uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16
mRun: [dlcgmon.exe] "c:\program files\dell aio 810\dlcgmon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [Smart File Advisor] "c:\program files\smart file advisor\sfa.exe" /checkassoc
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 24.222.0.94 24.222.0.95
TCP: Interfaces\{8E093762-3E08-40AC-912F-34A9A6923F5E} : DhcpNameServer = 24.222.0.94 24.222.0.95
TCP: Interfaces\{8E093762-3E08-40AC-912F-34A9A6923F5E}\2556460284F647 : DhcpNameServer = 24.224.246.19 24.224.246.20
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\colin\appdata\roaming\mozilla\firefox\profiles\z98s00j0.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.deviantart.com/messages/
FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/solidyoutube/{44E6BF58-2EA7-4A7C-9B19-8A21F9A8C4F3}?q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbyond.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\colin\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-16 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-15 309848]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-15 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-4-15 54104]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-7-16 42184]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-4-22 599344]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-3-21 54784]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-4-22 40752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-17 1343400]
.
=============== File Associations ===============
.
.txt=EpicQuest32.Document.1
.
=============== Created Last 30 ================
.
2071-07-25 12:13:30 203576 ----a-w- c:\program files\microsoft games\age of empires iii\autopatcher2.exe
2011-08-01 16:50:34 -------- d-----w- c:\program files\iPod
2011-08-01 15:00:12 -------- d-----w- c:\users\colin\appdata\local\{11E5F9FD-36EA-4EB5-BA32-970F056BB544}
2011-08-01 02:59:49 -------- d-----w- c:\users\colin\appdata\local\{37C37B05-CF70-47AF-BE5E-A5DB791CEF26}
2011-07-31 14:59:38 -------- d-----w- c:\users\colin\appdata\local\{C1AE1964-03C3-4493-84D8-CCC319199DFF}
2011-07-31 02:59:15 -------- d-----w- c:\users\colin\appdata\local\{E0258189-CA5E-4B9E-BADA-2F303C4544AF}
2011-07-30 15:05:07 -------- d-----w- c:\users\colin\appdata\local\Unity
2011-07-30 14:58:52 -------- d-----w- c:\users\colin\appdata\local\{516F040C-02C3-4577-BFDC-F4CD36F1A91B}
2011-07-30 01:54:15 -------- d-----w- c:\users\colin\appdata\local\{2D3F7390-52FF-4D3A-A32A-444D5094EC21}
2011-07-29 13:53:52 -------- d-----w- c:\users\colin\appdata\local\{FD2C15E4-836A-45CB-8B86-2CE41099B966}
2011-07-29 07:08:50 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{00295ea1-2437-4592-ad16-c3da8e65daea}\mpengine.dll
2011-07-29 01:53:27 -------- d-----w- c:\users\colin\appdata\local\{CD7DFA0C-D033-4CB3-BC27-CD517909DE32}
2011-07-28 13:52:51 -------- d-----w- c:\users\colin\appdata\local\{A5CCC6AB-AC04-4492-A50B-F5A6BDD6B353}
2011-07-28 03:45:51 -------- d-----w- c:\users\colin\.gnunet
2011-07-28 03:45:50 -------- d-----w- c:\programdata\GNU
2011-07-27 13:51:53 -------- d-----w- c:\users\colin\appdata\local\{E3ACB381-C942-4614-A30D-51FB5277E4A5}
2011-07-27 01:51:30 -------- d-----w- c:\users\colin\appdata\local\{C4F09E14-A55B-46A3-A236-D9E2E7632F46}
2011-07-26 13:50:53 -------- d-----w- c:\users\colin\appdata\local\{36233A57-BDF8-41E8-996E-B3C5215B4DDE}
2011-07-25 19:53:48 -------- d-----w- c:\users\colin\appdata\local\{3D7F205B-C8B9-4172-8F83-FE2CD1D9850B}
2011-07-23 21:47:39 -------- d-----w- c:\users\colin\appdata\local\{312483AC-C473-4DAD-875C-07EA842B2F1A}
2011-07-23 03:40:20 -------- d-----w- c:\users\colin\appdata\roaming\DVDVideoSoft
2011-07-23 03:40:16 -------- d-----w- c:\users\colin\appdata\roaming\DVDVideoSoftIEHelpers
2011-07-23 03:40:06 -------- d-----w- c:\program files\common files\DVDVideoSoft
2011-07-23 01:10:53 -------- d-----w- c:\users\colin\appdata\local\{FC4551E5-5A46-405D-80FA-22E53D3DF867}
2011-07-18 21:26:07 -------- d-----w- c:\users\colin\appdata\local\{D7C48952-9FA1-451E-A82B-7B594756ACE0}
2011-07-17 20:35:25 -------- d-----w- c:\users\colin\appdata\local\gtk-gnutella
2011-07-16 16:08:54 -------- d-----w- c:\users\colin\appdata\local\{7F3450C8-20EB-46A1-B16A-FD0CD2C67DE8}
2011-07-16 06:45:13 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-16 06:27:31 -------- d-----w- c:\program files\Solid YouTube Downloader and Converter DB Toolbar
2011-07-14 20:29:38 -------- d-----w- c:\users\colin\appdata\local\{2FA7D785-FC2E-4164-97D6-76B341647514}
2011-07-13 08:02:12 -------- d-----w- c:\users\colin\appdata\local\{B503F7A5-4E4E-472E-9227-00814488EAB4}
2011-07-12 20:01:25 -------- d-----w- c:\users\colin\appdata\local\{42979DB4-65DF-4DE3-AAD6-17F1AB4B1E71}
2011-07-12 14:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 14:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 14:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 14:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-11 23:32:27 -------- d-----w- c:\users\colin\.kommute
2011-07-11 23:04:27 -------- d-----w- c:\users\colin\appdata\roaming\i2p
2011-07-11 22:58:45 -------- d-----w- c:\users\colin\appdata\roaming\I2Phex
2011-07-11 21:48:12 12800 ----a-w- c:\program files\mozilla firefox\plugins\npwachk.dll
2011-07-10 22:50:39 -------- d-----w- c:\users\colin\appdata\local\{03C5C7CA-64CC-4220-A8EB-75D3402B79D9}
2011-07-08 01:35:31 -------- d-----w- c:\users\colin\appdata\local\{D8458203-839F-4E47-8B96-2839033D2D4C}
2011-07-04 01:30:44 -------- d-----w- c:\users\colin\appdata\local\{BD2EA3BC-5808-4D1F-A53B-F438A541908E}
.
==================== Find3M ====================
.
2011-07-06 22:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 22:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:32:20 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-26 17:25:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-06-03 06:01:04 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-03 05:56:57 271872 ----a-w- c:\windows\system32\conhost.exe
2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-24 22:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 10:44:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-10 11:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 11:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-04 07:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 04:34:43 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- c:\windows\system32\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
.
============= FINISH: 14:19:07.60 ===============

================
DDS ATTACH LOG
================
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 15/05/2011 11:03:26 PM
System Uptime: 01/08/2011 1:57:23 PM (1 hours ago)
.
Motherboard: Acer | | Aspire 6920
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | U2E1 | 2000/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 42.229 GiB free.
D: is FIXED (NTFS) - 137 GiB total, 22.354 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd
.
==== System Restore Points ===================
.
RP34: 05/07/2011 4:53:53 AM - Windows Update
RP35: 10/07/2011 7:00:11 PM - Windows Backup
RP36: 12/07/2011 4:35:33 AM - Windows Update
RP37: 13/07/2011 3:00:18 AM - Windows Update
RP38: 19/07/2011 4:15:19 AM - Windows Update
RP39: 26/07/2011 5:28:14 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP BiDi Channel Components Installer
Acer Crystal Eye Webcam 2.0.5
Acer GridVista
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X (10.1.0)
Adobe Setup
Adobe Stock Photos CS3
Adobe SVG Viewer
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adventure Tools
Agere Systems HDA Modem
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian FLV Player
ArgoUML 0.30.2
Aspell English Dictionary-0.50-2
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
Audacity 1.2.6
avast! Free Antivirus
BitPim 1.0.7
BitTorrent
Blender (remove only)
BlueJ 3.0.4
Bonjour
CCleaner
Cisco Systems VPN Client 5.0.07.0290
Comical 0.8
Company of Heroes Gold
Compatibility Pack for the 2007 Office system
CutePDF Writer 2.8
D3DX10
Dell AIO 810
Dell Photo Printer 720
Download Updater (AOL LLC)
GlassFish Server Open Source Edition 3.1
GNU Aspell 0.50-3
GTK+ Runtime 2.14.7 rev a (remove only)
Hexographer
Intel® Matrix Storage Manager
IsoBuster 2.8.5
ITECIR Driver
iTunes
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 16
Java(TM) 6 Update 26
Java(TM) 6 Update 4
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 23
JMicron JMB38X Flash Media Controller
Junk Mail filter update
L3DT Standard v2.9.0.0 (remove only)
League of Legends
LightScribe 1.4.142.1
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MinGW-Get version 0.2-alpha-2
Monster Maker
Mozilla Firefox 5.0 (x86 en-GB)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetBeans IDE 7.0
Nightsky
NightSky 1.0.0 (demo)
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
OpenOffice.org 3.1
PDF Settings
pdfsam
Pidgin
Port Forwarding Wizard 4.5
Portal
Python 2.6
Qt SDK
QuickTime
RAD Video Tools
Realtek High Definition Audio Driver
Recuva
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Sins of a Solar Empire
Skype™ 5.3
Smart File Advisor 1.1.1
Sothink SWF Decompiler
StarCraft II
Steam
Synaptics Pointing Device Driver
System Requirements Lab
The KMPlayer (remove only)
TrueCrypt
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2553975)
Validity Sensors software
VB Runtime Support for Arr-Kelaan Software
VirtualCloneDrive
VLC media player 1.1.11
VMD 1.8.7
WIDCOMM Bluetooth Software 6.0.1.5000
Winamp
Winamp Detector Plug-in
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
WinRAR archiver
WinSCP 4.2.8
Xming-fonts 7.5.0.8
.
==== Event Viewer Messages From Past Week ========
.
28/07/2011 7:25:52 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
01/08/2011 1:58:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
01/08/2011 1:57:26 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
.
==== End Of File ===========================

Bobbye · Aug 1, 2011

Welcome to TechSpot! I will help with the problems. I have deleted your duplicate thread. Sometimes it takes a few minutes to get the thread up.

Please tell me what problem you are having. I am "assuming"- as much as I hate to do that, when you do a search on Google and choose a site, you are being directed to a different sit>> is that correct? I don't want you to leave any clickable links, just description.

Tell me about the YouTube problem- what is it?
================================================
My Guidelines: please read and follow:

Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.

Read my instructions carefully. If you don't understand or have a problem, ask me.

If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.

Follow the order of the tasks I give you. Order is crucial in cleaning process.

File sharing programs should be uninstalled or disabled during the cleaning process..

Observe these:
[o] Don't use any other cleaning programs or scans while I'm helping you.
[o] Don't use a Registry cleaner or make any changes in the Registry.
[o] Don't download and install new programs- except those I give you.

Please let me know if there is any change in the system.

If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
When I get some description from you, we will go on. The more I know, the better to help you.

CJMD · Aug 2, 2011

Sorry for the duplicate post. I missed the message saying topics require moderator approval and assumed my thread had been eaten be some grandiose machine.

The Google problem is similar to that described in other threads. Google result links will occasionally redirect to third-party websites. Sorry that I don't have any example domains. This is quite infrequent and more inconveniencing than crippling.

The Youtube problem is much stranger and has only occured once. I played a video embedded in a website and "videorewardcentral.com", an obvious scam site, opened in a new tab.

In retrospect the Youtube problem may be unrelated to the Google problem or even my computer (site with the embedded video may be compromised or such).

Bobbye · Aug 4, 2011

I don't know if the problems are related, but possibly you got the malware that is causing the redirect from either the video or the site it was on.
===========================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

Click START> then RUN

Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HERE and save to the desktop

Double click combofix.exe & follow the prompts.

ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

.Click on Yes, to continue scanning for malware

.If Combofix asks you to update the program, allow

.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

.Close any open browsers.

.Double click combofix.exe & follow the prompts to run.

When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
===========================================

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESETOnlineScan

For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
[o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
[o] Double click on the on your desktop.

Check 'Yes I accept terms of use.'

Click Start button

Accept any security warnings from your browser.

Uncheck 'Remove found threats'

Check 'Scan archives/

Leave remaining settings as is.

Press the Start button.

ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.

When the scan completes, press List of found threats

Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.

Push the Back button

Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

CJMD · Aug 5, 2011

Bobbye said: ↑

I don't know if the problems are related, but possibly you got the malware that is causing the redirect from either the video or the site it was on.

The Google redirect predates the Youtube redirect by several days.

==============
COMBOFIX LOG
==============
ComboFix 11-08-04.02 - Colin 04/08/2011 21:09:47.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3070.1663 [GMT -3:00]
Running from: c:\users\Colin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Solid YouTube Downloader and Converter DB Toolbar\tbHElper.dll
c:\users\Colin\AppData\Local\{5E9874A6-8F13-4F11-B614-9DE4D30D7F6F}
c:\users\Colin\AppData\Local\{5E9874A6-8F13-4F11-B614-9DE4D30D7F6F}\chrome.manifest
c:\users\Colin\AppData\Local\{5E9874A6-8F13-4F11-B614-9DE4D30D7F6F}\chrome\content\_cfg.js
c:\users\Colin\AppData\Local\{5E9874A6-8F13-4F11-B614-9DE4D30D7F6F}\chrome\content\overlay.xul
c:\users\Colin\AppData\Local\{5E9874A6-8F13-4F11-B614-9DE4D30D7F6F}\install.rdf
c:\users\Colin\AppData\Roaming\.#
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\file_id.diz
c:\windows\system32\install.exe
c:\windows\system32\ReadMe.txt
c:\windows\winhelp.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-07-05 to 2011-08-05 )))))))))))))))))))))))))))))))
.
.
2071-07-25 12:13 . 2006-11-21 23:48 203576 ----a-w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2011-08-05 00:20 . 2011-08-05 00:20 -------- d-----w- c:\users\Colin\AppData\Local\temp
2011-08-02 08:06 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{425DA67B-FC06-45FC-9D86-FB4BF09E9529}\mpengine.dll
2011-08-01 16:50 . 2011-08-01 16:50 -------- d-----w- c:\program files\iPod
2011-07-30 15:05 . 2011-07-30 15:05 -------- d-----w- c:\users\Colin\AppData\Local\Unity
2011-07-28 03:45 . 2011-07-28 03:52 -------- d-----w- c:\users\Colin\.gnunet
2011-07-28 03:45 . 2011-07-28 06:50 -------- d-----w- c:\programdata\GNU
2011-07-23 03:40 . 2011-07-23 03:40 -------- d-----w- c:\users\Colin\AppData\Roaming\DVDVideoSoft
2011-07-23 03:40 . 2011-07-23 03:47 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2011-07-17 20:35 . 2011-07-17 20:41 -------- d-----w- c:\users\Colin\AppData\Local\gtk-gnutella
2011-07-16 06:45 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-16 06:27 . 2011-08-05 00:19 -------- d-----w- c:\program files\Solid YouTube Downloader and Converter DB Toolbar
2011-07-16 06:10 . 2011-07-16 06:13 -------- d-----w- c:\users\Colin\AppData\Roaming\vlc
2011-07-12 14:20 . 2011-07-12 14:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 14:20 . 2011-07-12 14:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 14:20 . 2011-07-12 14:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 14:20 . 2011-07-12 14:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-11 23:32 . 2011-07-11 23:32 -------- d-----w- c:\users\Colin\.kommute
2011-07-11 23:04 . 2011-07-11 23:34 -------- d-----w- c:\users\Colin\AppData\Roaming\i2p
2011-07-11 22:58 . 2011-07-11 22:58 -------- d-----w- c:\users\Colin\AppData\Roaming\I2Phex
2011-07-11 21:48 . 2011-07-11 21:48 12800 ----a-w- c:\program files\Mozilla Firefox\plugins\npwachk.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 22:52 . 2011-02-02 02:39 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 22:52 . 2011-02-02 02:39 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43 . 2010-06-29 22:54 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-04-15 22:27 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2010-04-15 22:28 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-04-15 22:28 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-04-15 22:28 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-04-15 22:28 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-04-15 22:28 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-26 17:25 . 2011-05-14 13:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 22:14 . 2009-10-08 01:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 10:44 . 2011-06-29 12:19 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-16 19:41 . 2011-05-16 19:41 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-05-16 02:59 . 2011-05-16 02:59 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-16 02:59 . 2011-05-16 02:59 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-16 02:59 . 2011-05-16 02:59 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-16 02:59 . 2011-05-16 02:59 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-05-16 02:59 . 2011-05-16 02:59 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-05-16 02:59 . 2011-05-16 02:59 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-16 02:59 . 2011-05-16 02:59 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-16 02:59 . 2011-05-16 02:59 367104 ----a-w- c:\windows\system32\html.iec
2011-05-16 02:59 . 2011-05-16 02:59 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-16 02:59 . 2011-05-16 02:59 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-16 02:59 . 2011-05-16 02:59 161792 ----a-w- c:\windows\system32\msls31.dll
2011-05-16 02:59 . 2011-05-16 02:59 152064 ----a-w- c:\windows\system32\wextract.exe
2011-05-16 02:59 . 2011-05-16 02:59 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-05-16 02:59 . 2011-05-16 02:59 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-16 02:59 . 2011-05-16 02:59 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-16 02:59 . 2011-05-16 02:59 11776 ----a-w- c:\windows\system32\mshta.exe
2011-05-16 02:59 . 2011-05-16 02:59 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-05-16 02:59 . 2011-05-16 02:59 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-16 02:59 . 2011-05-16 02:59 101888 ----a-w- c:\windows\system32\admparse.dll
2011-05-13 19:03 . 2011-05-13 19:03 49016 ----a-w- c:\windows\system32\sirenacm.dll
2011-05-10 11:06 . 2011-05-10 11:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 11:06 . 2011-05-10 11:06 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-06-23 11:13 . 2011-05-08 02:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2011-03-24 400760]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 178712]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DLCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2006-10-20 73728]
"dlcgmon.exe"="c:\program files\Dell AIO 810\dlcgmon.exe" [2007-01-12 431600]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"Smart File Advisor"="c:\program files\Smart File Advisor\sfa.exe" [2011-04-04 280824]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2011-6-11 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-06 691696]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 30576]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-17 1343400]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-04-22 599344]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-19 54784]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-04-22 40752]
.
.
.
------- Supplementary Scan -------
.
uStart Page = https://webmail.stfx.ca/
mStart Page = hxxp://en.ca.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 24.222.0.94 24.222.0.95
FF - ProfilePath - c:\users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\z98s00j0.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.deviantart.com/messages/
FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/solidyoutube/{44E6BF58-2EA7-4A7C-9B19-8A21F9A8C4F3}?q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
------- File Associations -------
.
.txt=EpicQuest32.Document.1
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-eAudio - c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:23,41,b9,e7,1e,40,cc,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-04 21:26:17
ComboFix-quarantined-files.txt 2011-08-05 00:26
.
Pre-Run: 43,827,306,496 bytes free
Post-Run: 43,538,518,016 bytes free
.
- - End Of File - - 5DB77B00C74627D535540CA2A32DE583

==========
ESET LOG
==========
C:\Users\Colin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\42cc9baf-3c76ea83 multiple threats

Bobbye · Aug 7, 2011

Any time outdated Java remains on the system, you are going to get malware in the Java cache.

Please do the following:
You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

Please download JavaRa and unzip it to your desktop.

Important!***Please close any instances of Internet Explorer before continuing!***

Double-click on JavaRa.exe to start the program.

From the drop-down menu, choose English and click on Select.

JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.

Click Yes when prompted. When JavaRa is done, a notice will appear that
a logfile has been produced. Click OK.

A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.

Download and install then most current version and update of Java RuntimeEnvironment (JRE)HERE.
Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
===========================================
After you have run JavaRa and then updated to the current version, do the following:
To clear the Java Plug-in cache:

[1]. Click Start > Control Panel.
[2]. Double-click the Java icon in the control panel. The Java Control Panel appears.

[3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.

[4] Click Delete Files.The Delete Temporary Files dialog box appears.

[5]. Click OK on Delete Temporary Files window.
Note: This deletes all the Downloaded Applications and Applets from the cache.
[6]. Click Apply> OK on Temporary Files Settings window.

Images courtesy java.com
==========================================
It is had only one problem, on youtube with a specific download, if you know what the video is, you should remove it. But I don't think there is any connection to the redirect you're getting using Google.
=====================================
Go ahead and run the above. There are no logs to leave for me. I'll finish reviewing Combofix tomorrow and then set up some script for removals.
===========================================

TechSpot

[Active] Google & YouTube redirect virus

CJMD Newcomer, in training

Bobbye Helper on the Fringe

CJMD Newcomer, in training

Bobbye Helper on the Fringe

CJMD Newcomer, in training

Bobbye Helper on the Fringe