Hi, I hope you can help with my laptop problem. It is a Toshiba Equium, Intel Pentium Dual CPU T2370 @ 1.73GHz 1.73GHz, 2.0 GB RAM. I'm running Windows Vista Home Premium with SP2, Internet Explorer 8.0.6001.18975, Mozilla Firefox 3.6.11, Avast! Free Antivirus 5.0.677, Spybot Search & Destroy 1.6.2 and Malwarebytes 1.46
A short while ago I downloaded and installed "Download Youtube Free"
Shortly after this I noticed that occasionally, when using the Bing search engine on Firefox, if I click on a website link it will initially load the expected website but almost immediately redirects to a Google search box with "landing.savetubevideo" in the address bar (actually it's a full web address, but I'm reluctant to type it out in full on here). The page flickers constantly as if it is trying to close or to move on elsewhere but can't quite manage it. It seems that IE is not affected (yet).
I have deleted the offending program and have used CCleaner to remove any remaining registry references. (That was before I read the advice on your website). Unfortunately the problem persists. Neither Spybot nor Malwarebytes can find any problem and I don't know what else to try.
Thanks in advance for any help you can give.
DDS (Ver_10-10-21.01) - NTFSx86
Run by Don at 15:07:59.72 on 21/10/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.1153 [GMT 1:00]
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\fsproflt.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Don\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyServer = http=
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Disabled:{5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.85.dll
TB: {4974A391-29D6-4419-A63B-49C1C7142489} - No File
TB: {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Openwares LiveUpdate] c:\program files\liveupdate\LiveUpdate.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\users\don\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Save Page As PDF ... - file://c:\program files\nitro pdf\pdf download\nitroweb.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
================= FIREFOX ===================
FF - ProfilePath - c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/?ocid=hmlogout
FF - prefs.js: keyword.URL - hxxp://www.veerboo.com/results.php?q=
FF - component: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{4974a391-29d6-4419-a63b-49c1c7142489}\components\FFExternalAlert.dll
FF - component: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{4974a391-29d6-4419-a63b-49c1c7142489}\components\RadioWMPCore.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2010-3-25 43792]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-3-13 165584]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2007-11-5 25896]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-1-31 1872320]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-13 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-3-13 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-8 40384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2010-3-25 142648]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-11-6 1153368]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\talktalk\bin\sprtsvc.exe [2007-10-12 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\common files\supportsoft\bin\tgsrvc.exe [2007-8-2 148768]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-8 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-8 40384]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-2-26 187904]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-2-26 111616]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-1-15 48472]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9b90bc6621174;Google Update Service (gupdate1c9b90bc6621174);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-10-15 84832]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-8-26 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [2009-10-6 41984]
S3 WipeFile;WipeFile;c:\windows\system32\drivers\WipeFile.sys [2007-3-3 57472]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2010-10-20 18:55:03 -------- d-----w- c:\users\don\appdata\roaming\Malwarebytes
2010-10-20 18:54:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-20 18:54:47 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-20 18:54:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-20 18:54:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-19 20:35:13 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{842615c3-7176-461c-a29d-133ae26d34e2}\mpengine.dll
2010-10-18 21:46:59 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2010-10-17 12:02:58 -------- d-----w- c:\progra~2\STOPzilla!
2010-10-16 16:25:20 -------- d-----w- c:\users\don\appdata\local\Paint.NET
2010-10-15 16:13:26 84832 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2010-10-15 16:13:26 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2010-10-15 16:13:12 -------- d-----w- c:\program files\Free DVD Ripper
2010-10-15 15:47:41 -------- d-----w- c:\users\don\Copied Films and Discs
2010-10-14 12:55:59 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-14 12:55:44 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 12:55:17 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 12:55:16 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 12:55:16 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 12:55:16 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 12:55:15 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 12:55:05 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-14 12:55:03 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-14 12:55:03 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 12:55:01 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 14:27:54 553696 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2010-10-08 22:51:35 -------- d-----w- c:\users\don\Fireshot captures
2010-10-08 22:46:44 -------- d-----w- c:\users\don\appdata\roaming\FireShot
2010-10-08 16:51:17 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-10-08 16:51:17 21312 ----a-w- c:\windows\system32\authuitu.dll
2010-10-06 21:20:31 -------- d-----w- c:\program files\Tracker Software
2010-10-06 21:18:20 -------- d-----w- c:\program files\DVDSmith Movie Backup
2010-10-06 20:49:48 290816 ----a-w- c:\windows\system32\cyviewer.ocx
2010-10-06 20:49:47 -------- d-----w- c:\program files\Ashampoo
2010-09-28 18:45:37 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 18:45:23 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
==================== Find3M ====================
2010-10-21 13:57:57 44544 ----a-w- c:\windows\system32\agremove.exe
2010-09-30 15:15:06 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44:31 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
============= FINISH: 15:08:47.80 ===============