TechSpot

Google & YouTube redirect virus

Inactive
By CJMD
Aug 1, 2011
Topic Status:
Not open for further replies.
  1. ==========
    MBAM LOG
    ==========
    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7346

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    01/08/2011 2:06:59 PM
    mbam-log-2011-08-01 (14-06-59).txt

    Scan type: Quick scan
    Objects scanned: 193947
    Time elapsed: 7 minute(s), 15 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    ==========
    GMER LOG
    ==========
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-08-01 14:11:51
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.11.0
    Running: sn1wgtb9.exe; Driver: C:\Users\Colin\AppData\Local\Temp\kxliypob.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x91CE8398]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----


    =========
    DDS LOG
    =========
    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Colin at 14:15:01 on 2011-08-01
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3070.2097 [GMT -3:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Windows\system32\dlcgcoms.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\vfsFPService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Users\Colin\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Dell AIO 810\DLCGmon.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://webmail.stfx.ca/
    mDefault_Page_URL = hxxp://en.ca.acer.yahoo.com
    mStart Page = hxxp://en.ca.acer.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\solid youtube downloader and converter db toolbar\tbhelper.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No File
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\solid youtube downloader and converter db toolbar\tbcore3.dll
    TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
    TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
    TB: Solid YouTube Downloader and Converter DB Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\solid youtube downloader and converter db toolbar\tbcore3.dll
    uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe"
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [Skytel] Skytel.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [PLFSetI] c:\windows\PLFSetI.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16
    mRun: [dlcgmon.exe] "c:\program files\dell aio 810\dlcgmon.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
    mRun: [Smart File Advisor] "c:\program files\smart file advisor\sfa.exe" /checkassoc
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 24.222.0.94 24.222.0.95
    TCP: Interfaces\{8E093762-3E08-40AC-912F-34A9A6923F5E} : DhcpNameServer = 24.222.0.94 24.222.0.95
    TCP: Interfaces\{8E093762-3E08-40AC-912F-34A9A6923F5E}\2556460284F647 : DhcpNameServer = 24.224.246.19 24.224.246.20
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\colin\appdata\roaming\mozilla\firefox\profiles\z98s00j0.default\
    FF - prefs.js: browser.startup.homepage - hxxp://my.deviantart.com/messages/
    FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/solidyoutube/{44E6BF58-2EA7-4A7C-9B19-8A21F9A8C4F3}?q=
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npbyond.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - plugin: c:\users\colin\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-16 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-15 309848]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-15 19544]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-4-15 54104]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-7-16 42184]
    R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-4-22 599344]
    R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-3-21 54784]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-4-22 40752]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
    S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-17 1343400]
    .
    =============== File Associations ===============
    .
    .txt=EpicQuest32.Document.1
    .
    =============== Created Last 30 ================
    .
    2071-07-25 12:13:30 203576 ----a-w- c:\program files\microsoft games\age of empires iii\autopatcher2.exe
    2011-08-01 16:50:34 -------- d-----w- c:\program files\iPod
    2011-08-01 15:00:12 -------- d-----w- c:\users\colin\appdata\local\{11E5F9FD-36EA-4EB5-BA32-970F056BB544}
    2011-08-01 02:59:49 -------- d-----w- c:\users\colin\appdata\local\{37C37B05-CF70-47AF-BE5E-A5DB791CEF26}
    2011-07-31 14:59:38 -------- d-----w- c:\users\colin\appdata\local\{C1AE1964-03C3-4493-84D8-CCC319199DFF}
    2011-07-31 02:59:15 -------- d-----w- c:\users\colin\appdata\local\{E0258189-CA5E-4B9E-BADA-2F303C4544AF}
    2011-07-30 15:05:07 -------- d-----w- c:\users\colin\appdata\local\Unity
    2011-07-30 14:58:52 -------- d-----w- c:\users\colin\appdata\local\{516F040C-02C3-4577-BFDC-F4CD36F1A91B}
    2011-07-30 01:54:15 -------- d-----w- c:\users\colin\appdata\local\{2D3F7390-52FF-4D3A-A32A-444D5094EC21}
    2011-07-29 13:53:52 -------- d-----w- c:\users\colin\appdata\local\{FD2C15E4-836A-45CB-8B86-2CE41099B966}
    2011-07-29 07:08:50 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{00295ea1-2437-4592-ad16-c3da8e65daea}\mpengine.dll
    2011-07-29 01:53:27 -------- d-----w- c:\users\colin\appdata\local\{CD7DFA0C-D033-4CB3-BC27-CD517909DE32}
    2011-07-28 13:52:51 -------- d-----w- c:\users\colin\appdata\local\{A5CCC6AB-AC04-4492-A50B-F5A6BDD6B353}
    2011-07-28 03:45:51 -------- d-----w- c:\users\colin\.gnunet
    2011-07-28 03:45:50 -------- d-----w- c:\programdata\GNU
    2011-07-27 13:51:53 -------- d-----w- c:\users\colin\appdata\local\{E3ACB381-C942-4614-A30D-51FB5277E4A5}
    2011-07-27 01:51:30 -------- d-----w- c:\users\colin\appdata\local\{C4F09E14-A55B-46A3-A236-D9E2E7632F46}
    2011-07-26 13:50:53 -------- d-----w- c:\users\colin\appdata\local\{36233A57-BDF8-41E8-996E-B3C5215B4DDE}
    2011-07-25 19:53:48 -------- d-----w- c:\users\colin\appdata\local\{3D7F205B-C8B9-4172-8F83-FE2CD1D9850B}
    2011-07-23 21:47:39 -------- d-----w- c:\users\colin\appdata\local\{312483AC-C473-4DAD-875C-07EA842B2F1A}
    2011-07-23 03:40:20 -------- d-----w- c:\users\colin\appdata\roaming\DVDVideoSoft
    2011-07-23 03:40:16 -------- d-----w- c:\users\colin\appdata\roaming\DVDVideoSoftIEHelpers
    2011-07-23 03:40:06 -------- d-----w- c:\program files\common files\DVDVideoSoft
    2011-07-23 01:10:53 -------- d-----w- c:\users\colin\appdata\local\{FC4551E5-5A46-405D-80FA-22E53D3DF867}
    2011-07-18 21:26:07 -------- d-----w- c:\users\colin\appdata\local\{D7C48952-9FA1-451E-A82B-7B594756ACE0}
    2011-07-17 20:35:25 -------- d-----w- c:\users\colin\appdata\local\gtk-gnutella
    2011-07-16 16:08:54 -------- d-----w- c:\users\colin\appdata\local\{7F3450C8-20EB-46A1-B16A-FD0CD2C67DE8}
    2011-07-16 06:45:13 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-07-16 06:27:31 -------- d-----w- c:\program files\Solid YouTube Downloader and Converter DB Toolbar
    2011-07-14 20:29:38 -------- d-----w- c:\users\colin\appdata\local\{2FA7D785-FC2E-4164-97D6-76B341647514}
    2011-07-13 08:02:12 -------- d-----w- c:\users\colin\appdata\local\{B503F7A5-4E4E-472E-9227-00814488EAB4}
    2011-07-12 20:01:25 -------- d-----w- c:\users\colin\appdata\local\{42979DB4-65DF-4DE3-AAD6-17F1AB4B1E71}
    2011-07-12 14:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-07-12 14:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-07-12 14:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-07-12 14:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
    2011-07-11 23:32:27 -------- d-----w- c:\users\colin\.kommute
    2011-07-11 23:04:27 -------- d-----w- c:\users\colin\appdata\roaming\i2p
    2011-07-11 22:58:45 -------- d-----w- c:\users\colin\appdata\roaming\I2Phex
    2011-07-11 21:48:12 12800 ----a-w- c:\program files\mozilla firefox\plugins\npwachk.dll
    2011-07-10 22:50:39 -------- d-----w- c:\users\colin\appdata\local\{03C5C7CA-64CC-4220-A8EB-75D3402B79D9}
    2011-07-08 01:35:31 -------- d-----w- c:\users\colin\appdata\local\{D8458203-839F-4E47-8B96-2839033D2D4C}
    2011-07-04 01:30:44 -------- d-----w- c:\users\colin\appdata\local\{BD2EA3BC-5808-4D1F-A53B-F438A541908E}
    .
    ==================== Find3M ====================
    .
    2011-07-06 22:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 22:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
    2011-07-04 11:32:20 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-06-26 17:25:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys
    2011-06-03 06:01:04 169984 ----a-w- c:\windows\system32\winsrv.dll
    2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll
    2011-06-03 05:56:57 271872 ----a-w- c:\windows\system32\conhost.exe
    2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2011-05-24 22:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-05-24 10:44:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
    2011-05-10 11:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-05-10 11:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-05-04 07:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-04 04:34:43 1549312 ----a-w- c:\windows\system32\tquery.dll
    2011-05-04 04:32:02 666624 ----a-w- c:\windows\system32\mssvp.dll
    2011-05-04 04:32:01 337408 ----a-w- c:\windows\system32\mssph.dll
    2011-05-04 04:32:01 197120 ----a-w- c:\windows\system32\mssphtb.dll
    2011-05-04 04:32:01 1401344 ----a-w- c:\windows\system32\mssrch.dll
    2011-05-04 04:32:00 59392 ----a-w- c:\windows\system32\msscntrs.dll
    2011-05-04 04:28:31 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
    2011-05-04 04:28:31 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
    2011-05-04 04:28:31 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
    .
    ============= FINISH: 14:19:07.60 ===============


    ================
    DDS ATTACH LOG
    ================
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 15/05/2011 11:03:26 PM
    System Uptime: 01/08/2011 1:57:23 PM (1 hours ago)
    .
    Motherboard: Acer | | Aspire 6920
    Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | U2E1 | 2000/167mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 144 GiB total, 42.229 GiB free.
    D: is FIXED (NTFS) - 137 GiB total, 22.354 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco Systems VPN Adapter
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco Systems VPN Adapter
    PNP Device ID: ROOT\NET\0000
    Service: CVirtA
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: sptd
    Device ID: ROOT\LEGACY_SPTD\0000
    Manufacturer:
    Name: sptd
    PNP Device ID: ROOT\LEGACY_SPTD\0000
    Service: sptd
    .
    ==== System Restore Points ===================
    .
    RP34: 05/07/2011 4:53:53 AM - Windows Update
    RP35: 10/07/2011 7:00:11 PM - Windows Backup
    RP36: 12/07/2011 4:35:33 AM - Windows Update
    RP37: 13/07/2011 3:00:18 AM - Windows Update
    RP38: 19/07/2011 4:15:19 AM - Windows Update
    RP39: 26/07/2011 5:28:14 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP BiDi Channel Components Installer
    Acer Crystal Eye Webcam 2.0.5
    Acer GridVista
    Acrobat.com
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader X (10.1.0)
    Adobe Setup
    Adobe Stock Photos CS3
    Adobe SVG Viewer
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Adventure Tools
    Agere Systems HDA Modem
    AIM 7
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Applian FLV Player
    ArgoUML 0.30.2
    Aspell English Dictionary-0.50-2
    Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
    Audacity 1.2.6
    avast! Free Antivirus
    BitPim 1.0.7
    BitTorrent
    Blender (remove only)
    BlueJ 3.0.4
    Bonjour
    CCleaner
    Cisco Systems VPN Client 5.0.07.0290
    Comical 0.8
    Company of Heroes Gold
    Compatibility Pack for the 2007 Office system
    CutePDF Writer 2.8
    D3DX10
    Dell AIO 810
    Dell Photo Printer 720
    Download Updater (AOL LLC)
    GlassFish Server Open Source Edition 3.1
    GNU Aspell 0.50-3
    GTK+ Runtime 2.14.7 rev a (remove only)
    Hexographer
    Intel® Matrix Storage Manager
    IsoBuster 2.8.5
    ITECIR Driver
    iTunes
    Java Auto Updater
    Java DB 10.5.3.0
    Java(TM) 6 Update 16
    Java(TM) 6 Update 26
    Java(TM) 6 Update 4
    Java(TM) 6 Update 7
    Java(TM) SE Development Kit 6 Update 23
    JMicron JMB38X Flash Media Controller
    Junk Mail filter update
    L3DT Standard v2.9.0.0 (remove only)
    League of Legends
    LightScribe 1.4.142.1
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Corporation
    Microsoft LifeCam
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MinGW-Get version 0.2-alpha-2
    Monster Maker
    Mozilla Firefox 5.0 (x86 en-GB)
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NetBeans IDE 7.0
    Nightsky
    NightSky 1.0.0 (demo)
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA PhysX
    OpenOffice.org 3.1
    PDF Settings
    pdfsam
    Pidgin
    Port Forwarding Wizard 4.5
    Portal
    Python 2.6
    Qt SDK
    QuickTime
    RAD Video Tools
    Realtek High Definition Audio Driver
    Recuva
    Samsung Mobile phone USB driver Software
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Segoe UI
    Sins of a Solar Empire
    Skype™ 5.3
    Smart File Advisor 1.1.1
    Sothink SWF Decompiler
    StarCraft II
    Steam
    Synaptics Pointing Device Driver
    System Requirements Lab
    The KMPlayer (remove only)
    TrueCrypt
    Unity Web Player
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2553975)
    Validity Sensors software
    VB Runtime Support for Arr-Kelaan Software
    VirtualCloneDrive
    VLC media player 1.1.11
    VMD 1.8.7
    WIDCOMM Bluetooth Software 6.0.1.5000
    Winamp
    Winamp Detector Plug-in
    Windows 7 Upgrade Advisor
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    Windows Movie Maker 2.6
    WinRAR archiver
    WinSCP 4.2.8
    Xming-fonts 7.5.0.8
    .
    ==== Event Viewer Messages From Past Week ========
    .
    28/07/2011 7:25:52 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    01/08/2011 1:58:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
    01/08/2011 1:57:26 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    .
    ==== End Of File ===========================
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! I will help with the problems. I have deleted your duplicate thread. Sometimes it takes a few minutes to get the thread up.

    Please tell me what problem you are having. I am "assuming"- as much as I hate to do that, when you do a search on Google and choose a site, you are being directed to a different sit>> is that correct? I don't want you to leave any clickable links, just description.

    Tell me about the YouTube problem- what is it?
    ================================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    When I get some description from you, we will go on. The more I know, the better to help you.
     
  3. CJMD

    CJMD TS Rookie Topic Starter

    Sorry for the duplicate post. I missed the message saying topics require moderator approval and assumed my thread had been eaten be some grandiose machine.

    The Google problem is similar to that described in other threads. Google result links will occasionally redirect to third-party websites. Sorry that I don't have any example domains. This is quite infrequent and more inconveniencing than crippling.

    The Youtube problem is much stranger and has only occured once. I played a video embedded in a website and "videorewardcentral.com", an obvious scam site, opened in a new tab.

    In retrospect the Youtube problem may be unrelated to the Google problem or even my computer (site with the embedded video may be compromised or such).
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I don't know if the problems are related, but possibly you got the malware that is causing the redirect from either the video or the site it was on.
    ===========================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ===========================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
     
  5. CJMD

    CJMD TS Rookie Topic Starter

    The Google redirect predates the Youtube redirect by several days.

    ==============
    COMBOFIX LOG
    ==============
    ComboFix 11-08-04.02 - Colin 04/08/2011 21:09:47.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3070.1663 [GMT -3:00]
    Running from: c:\users\Colin\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Solid YouTube Downloader and Converter DB Toolbar\tbHElper.dll
    c:\users\Colin\AppData\Local\{5E9874A6-8F13-4F11-B614-9DE4D30D7F6F}
    c:\users\Colin\AppData\Local\{5E9874A6-8F13-4F11-B614-9DE4D30D7F6F}\chrome.manifest
    c:\users\Colin\AppData\Local\{5E9874A6-8F13-4F11-B614-9DE4D30D7F6F}\chrome\content\_cfg.js
    c:\users\Colin\AppData\Local\{5E9874A6-8F13-4F11-B614-9DE4D30D7F6F}\chrome\content\overlay.xul
    c:\users\Colin\AppData\Local\{5E9874A6-8F13-4F11-B614-9DE4D30D7F6F}\install.rdf
    c:\users\Colin\AppData\Roaming\.#
    c:\windows\Downloaded Program Files\popcaploader.dll
    c:\windows\Downloaded Program Files\popcaploader.inf
    c:\windows\system32\file_id.diz
    c:\windows\system32\install.exe
    c:\windows\system32\ReadMe.txt
    c:\windows\winhelp.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-05 to 2011-08-05 )))))))))))))))))))))))))))))))
    .
    .
    2071-07-25 12:13 . 2006-11-21 23:48 203576 ----a-w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
    2011-08-05 00:20 . 2011-08-05 00:20 -------- d-----w- c:\users\Colin\AppData\Local\temp
    2011-08-02 08:06 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{425DA67B-FC06-45FC-9D86-FB4BF09E9529}\mpengine.dll
    2011-08-01 16:50 . 2011-08-01 16:50 -------- d-----w- c:\program files\iPod
    2011-07-30 15:05 . 2011-07-30 15:05 -------- d-----w- c:\users\Colin\AppData\Local\Unity
    2011-07-28 03:45 . 2011-07-28 03:52 -------- d-----w- c:\users\Colin\.gnunet
    2011-07-28 03:45 . 2011-07-28 06:50 -------- d-----w- c:\programdata\GNU
    2011-07-23 03:40 . 2011-07-23 03:40 -------- d-----w- c:\users\Colin\AppData\Roaming\DVDVideoSoft
    2011-07-23 03:40 . 2011-07-23 03:47 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
    2011-07-17 20:35 . 2011-07-17 20:41 -------- d-----w- c:\users\Colin\AppData\Local\gtk-gnutella
    2011-07-16 06:45 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-07-16 06:27 . 2011-08-05 00:19 -------- d-----w- c:\program files\Solid YouTube Downloader and Converter DB Toolbar
    2011-07-16 06:10 . 2011-07-16 06:13 -------- d-----w- c:\users\Colin\AppData\Roaming\vlc
    2011-07-12 14:20 . 2011-07-12 14:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-07-12 14:20 . 2011-07-12 14:20 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-07-12 14:20 . 2011-07-12 14:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-07-12 14:20 . 2011-07-12 14:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
    2011-07-11 23:32 . 2011-07-11 23:32 -------- d-----w- c:\users\Colin\.kommute
    2011-07-11 23:04 . 2011-07-11 23:34 -------- d-----w- c:\users\Colin\AppData\Roaming\i2p
    2011-07-11 22:58 . 2011-07-11 22:58 -------- d-----w- c:\users\Colin\AppData\Roaming\I2Phex
    2011-07-11 21:48 . 2011-07-11 21:48 12800 ----a-w- c:\program files\Mozilla Firefox\plugins\npwachk.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-06 22:52 . 2011-02-02 02:39 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 22:52 . 2011-02-02 02:39 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-04 11:43 . 2010-06-29 22:54 40112 ----a-w- c:\windows\avastSS.scr
    2011-07-04 11:43 . 2010-04-15 22:27 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-07-04 11:36 . 2010-04-15 22:28 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-07-04 11:35 . 2010-04-15 22:28 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-07-04 11:32 . 2010-04-15 22:28 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-07-04 11:32 . 2010-04-15 22:28 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-07-04 11:32 . 2010-04-15 22:28 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-06-26 17:25 . 2011-05-14 13:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-24 22:14 . 2009-10-08 01:51 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-05-24 10:44 . 2011-06-29 12:19 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
    2011-05-16 19:41 . 2011-05-16 19:41 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
    2011-05-16 02:59 . 2011-05-16 02:59 86528 ----a-w- c:\windows\system32\iesysprep.dll
    2011-05-16 02:59 . 2011-05-16 02:59 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-05-16 02:59 . 2011-05-16 02:59 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-05-16 02:59 . 2011-05-16 02:59 74752 ----a-w- c:\windows\system32\iesetup.dll
    2011-05-16 02:59 . 2011-05-16 02:59 63488 ----a-w- c:\windows\system32\tdc.ocx
    2011-05-16 02:59 . 2011-05-16 02:59 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-05-16 02:59 . 2011-05-16 02:59 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-05-16 02:59 . 2011-05-16 02:59 367104 ----a-w- c:\windows\system32\html.iec
    2011-05-16 02:59 . 2011-05-16 02:59 35840 ----a-w- c:\windows\system32\imgutil.dll
    2011-05-16 02:59 . 2011-05-16 02:59 23552 ----a-w- c:\windows\system32\licmgr10.dll
    2011-05-16 02:59 . 2011-05-16 02:59 161792 ----a-w- c:\windows\system32\msls31.dll
    2011-05-16 02:59 . 2011-05-16 02:59 152064 ----a-w- c:\windows\system32\wextract.exe
    2011-05-16 02:59 . 2011-05-16 02:59 150528 ----a-w- c:\windows\system32\iexpress.exe
    2011-05-16 02:59 . 2011-05-16 02:59 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-05-16 02:59 . 2011-05-16 02:59 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-05-16 02:59 . 2011-05-16 02:59 11776 ----a-w- c:\windows\system32\mshta.exe
    2011-05-16 02:59 . 2011-05-16 02:59 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-05-16 02:59 . 2011-05-16 02:59 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-05-16 02:59 . 2011-05-16 02:59 101888 ----a-w- c:\windows\system32\admparse.dll
    2011-05-13 19:03 . 2011-05-13 19:03 49016 ----a-w- c:\windows\system32\sirenacm.dll
    2011-05-10 11:06 . 2011-05-10 11:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-05-10 11:06 . 2011-05-10 11:06 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-06-23 11:13 . 2011-05-08 02:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2011-03-24 400760]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
    "Skytel"="Skytel.exe" [2007-11-20 1826816]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 178712]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "DLCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2006-10-20 73728]
    "dlcgmon.exe"="c:\program files\Dell AIO 810\dlcgmon.exe" [2007-01-12 431600]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
    "Smart File Advisor"="c:\program files\Smart File Advisor\sfa.exe" [2011-04-04 280824]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2011-6-11 6144]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-06 691696]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 30576]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-17 1343400]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
    S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-04-22 599344]
    S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-19 54784]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-04-22 40752]
    .
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://webmail.stfx.ca/
    mStart Page = hxxp://en.ca.acer.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    TCP: DhcpNameServer = 24.222.0.94 24.222.0.95
    FF - ProfilePath - c:\users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\z98s00j0.default\
    FF - prefs.js: browser.startup.homepage - hxxp://my.deviantart.com/messages/
    FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/solidyoutube/{44E6BF58-2EA7-4A7C-9B19-8A21F9A8C4F3}?q=
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    .
    ------- File Associations -------
    .
    .txt=EpicQuest32.Document.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-eAudio - c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:23,41,b9,e7,1e,40,cc,01
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-08-04 21:26:17
    ComboFix-quarantined-files.txt 2011-08-05 00:26
    .
    Pre-Run: 43,827,306,496 bytes free
    Post-Run: 43,538,518,016 bytes free
    .
    - - End Of File - - 5DB77B00C74627D535540CA2A32DE583

    ==========
    ESET LOG
    ==========
    C:\Users\Colin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\42cc9baf-3c76ea83 multiple threats
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Any time outdated Java remains on the system, you are going to get malware in the Java cache.

    Please do the following:
    You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

    Please download JavaRa and unzip it to your desktop.

    Important!***Please close any instances of Internet Explorer before continuing!***
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that
      a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.
    Download and install then most current version and update of Java RuntimeEnvironment (JRE)HERE.
    Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
    ===========================================
    After you have run JavaRa and then updated to the current version, do the following:
    To clear the Java Plug-in cache:

    • [1]. Click Start > Control Panel.
      [2]. Double-click the Java icon in the control panel. [​IMG] The Java Control Panel appears.
      [​IMG]
      [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
      [​IMG]
      [4] Click Delete Files.The Delete Temporary Files dialog box appears.
      [​IMG]
      [5]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [6]. Click Apply> OK on Temporary Files Settings window.
    Images courtesy java.com
    ==========================================
    It is had only one problem, on youtube with a specific download, if you know what the video is, you should remove it. But I don't think there is any connection to the redirect you're getting using Google.
    =====================================
    Go ahead and run the above. There are no logs to leave for me. I'll finish reviewing Combofix tomorrow and then set up some script for removals.
    ===========================================
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.