TechSpot

[Closed] How to remove search engine redirect virus

Resolved
By norourke3
Jul 26, 2011
Topic Status:
Not open for further replies.
  1. Hey guys, I have this nasty search engine redirect virus on my computer that I can't seem to get rid of. whenever I go to Google search results and click on a link, it redirects me to another site. It seems I can only get to the places I want if I manually type in the link. Also, I have IE on my computer, which I don't use (I use firefox), but IE pops up at random times with the same ilk of web pages as the google redirect, leading me to think the two are connected somehow. I have been using utorrent lately, so I'm assuming that's how this whole mess got started... Any help you guys could give me would be greatly appreciated.
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! I'll help with the malware, but I need some information first:

    Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    =========================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
  3. norourke3

    norourke3 Newcomer, in training Topic Starter

    How to remove search engine redirect virus

    Hello Bobbye, and I'm very grateful you've decided to help me out. here are logs for the diagnostic checks:


    MBAM:

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7289

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    7/26/2011 9:22:52 PM
    mbam-log-2011-07-26 (21-22-52).txt

    Scan type: Quick scan
    Objects scanned: 186943
    Time elapsed: 5 minute(s), 38 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\FF_Addon.exe (Trojan.Agent) -> Value: FF_Addon.exe -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Addon_FF.exe (Trojan.Agent) -> Value: Addon_FF.exe -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    as for the GMER log, there was literally no text in it whatsoever, so there's nothing I can post...

    Attach log:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/19/2010 8:32:40 AM
    System Uptime: 7/26/2011 9:06:53 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0K138P
    Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | Microprocessor | 2200/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 148.041 GiB free.
    D: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP97: 7/10/2011 8:02:11 PM - Windows Update
    RP98: 7/10/2011 8:05:07 PM - Windows Update
    RP99: 7/10/2011 8:05:59 PM - Installed DirectX
    RP100: 7/10/2011 8:07:00 PM - Installed DirectX
    RP101: 7/10/2011 8:09:11 PM - WLSetup
    RP102: 7/12/2011 3:12:18 AM - Windows Update
    RP103: 7/13/2011 3:00:15 AM - Windows Update
    RP104: 7/13/2011 10:31:00 PM - Windows Update
    RP105: 7/16/2011 11:32:55 PM - RegistryReviver64 Backup
    RP106: 7/24/2011 7:48:39 PM - Scheduled Checkpoint
    RP107: 7/26/2011 3:00:10 AM - Installed Superior Drummer Installer.
    .
    ==== Installed Programs ======================
    .
    .
    µTorrent
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.4
    Anti-phishing Domain Advisor
    ASIO4ALL
    Blockland
    Canon Easy-WebPrint EX
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    Canon MP Navigator EX 3.0
    Canon MP250 series User Registration
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    D3DX10
    Descent 3
    Driver Whiz
    FL Studio 9
    FlashDevelop 3.3.2
    FYZip 1.00
    Hardcore
    IL Download Manager
    Intel(R) Graphics Media Accelerator Driver
    Java Auto Updater
    Java(TM) 6 Update 26
    Junk Mail filter update
    Line 6 Uninstaller
    Live 7.0.10
    Malwarebytes' Anti-Malware version 1.51.1.1800
    McAfee Agent
    McAfee AntiSpyware Enterprise Module
    McAfee Security Scan Plus
    McAfee VirusScan Enterprise
    Mesh Runtime
    Messenger Companion
    Microsoft Default Manager
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 5.0.1 (x86 en-US)
    MPK mini Editor
    MSVCRT
    MSVCRT_amd64
    Native Instruments Massive
    PC Suite
    Pepakura Viewer 3
    PoiZone
    reFX Nexus VSTi RTAS v2.2.0
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE 10.3
    Roxio Creator Tools
    Roxio Express Labeler 3
    Sawer
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Skype™ 5.1
    SSH Secure Shell
    Superior Drummer Installer
    Toxic Biohazard
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinMaximizer 1.2.86
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/26/2011 12:03:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    7/26/2011 12:03:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
    7/23/2011 10:50:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    7/20/2011 3:17:38 PM, Error: BridgeMP [14702] - Bridge [Adapter Realtek PCIe FE Family Controller]: The bridge could not modify the network adapter's packet filter. The network adapter will not function correctly.
    .
    ==== End Of File ===========================


    DDS log:

    .
    DDS (Ver_2011-06-23.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
    Run by LocalUser at 21:44:49 on 2011-07-26
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3034.1582 [GMT -4:00]
    .
    AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Windows\system32\rundll32.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    C:\Windows\SysWOW64\rundll32.exe
    c:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
    C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
    C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
    C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZRxpt070YYUS&ptb=f03X1VpI9aIrTwO5f4j8iQ
    uSearch Bar = Preserve
    mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=7899caca000000000000a6badbdbeac2&tlver=1.4.23.10&affID=18474
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
    BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
    TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
    EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    uRun: [Chrome_Addon.exe] C:\Users\LocalUser\AppData\Roaming\ChromeAddon\Chrome_Addon.exe
    uRun: [Add_Chrome.exe] C:\Users\LOCALU~1\AppData\Local\Temp\ChromeAddon\Add_Chrome.exe
    uRun: [MediaGet2] C:\Users\LocalUser\AppData\Local\MediaGet2\mediaget.exe --minimized
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [ShStatEXE] "c:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    Trusted Zone: line6.net
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
    TCP: Interfaces\{1F4EC383-2820-4E17-9AA8-FA251C8E4A49} : DhcpNameServer = 192.168.1.1 71.243.0.12
    TCP: Interfaces\{1F4EC383-2820-4E17-9AA8-FA251C8E4A49}\3462A40223730343 : NameServer = 192.168.1.0,192.168.2.0
    TCP: Interfaces\{1F4EC383-2820-4E17-9AA8-FA251C8E4A49}\3462A40223730343 : DhcpNameServer = 192.168.0.1 192.168.0.2
    TCP: Interfaces\{3CB36117-7AB6-41DD-8752-729732366C57} : DhcpNameServer = 192.168.1.1 71.243.0.12
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    BHO-X64: Canon Easy-WebPrint EX BHO - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
    BHO-X64: Searchqu Toolbar - No File
    BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    TB-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
    TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
    EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
    mRun-x64: [ShStatEXE] "c:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
    mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\LocalUser\AppData\Roaming\Mozilla\Firefox\Profiles\5gxq9q0h.default\
    FF - prefs.js: browser.search.selectedEngine - My Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRxpt070YYUS&ptb=f03X1VpI9aIrTwO5f4j8iQ&ind=2011071223&ptnrS=ZRxpt070YYUS&si=&n=77de82f7&psa=&st=kwd&searchfor=
    FF - component: C:\Users\LocalUser\AppData\Roaming\Mozilla\Firefox\Profiles\5gxq9q0h.default\extensions\{C3947F4E-8894-4C04-98E0-DF182C706DDF}\components\dtTransparency.dll
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\LocalUser\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-5-21 89600]
    R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2009-8-31 19720]
    R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2009-9-22 103744]
    R2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2009-8-31 178920]
    R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2009-8-31 66896]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe --> C:\Windows\system32\mfevtps.exe [?]
    R3 L6UX2;Service - Line 6 UX2;C:\Windows\system32\Drivers\L6UX264.sys --> C:\Windows\system32\Drivers\L6UX264.sys [?]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
    S3 L6TPortGX;Service - Line 6 TonePort GX;C:\Windows\system32\Drivers\L6TPortGX64.sys --> C:\Windows\system32\Drivers\L6TPortGX64.sys [?]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]
    S3 MobileAdapter;Mobile Adapter USB Modem and USB Serial;C:\Windows\system32\DRIVERS\qscnusb.sys --> C:\Windows\system32\DRIVERS\qscnusb.sys [?]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2011-07-27 00:41:08 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\SUPERAntiSpyware.com
    2011-07-27 00:41:08 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2011-07-27 00:41:02 -------- d-----w- C:\ProgramData\!SASCORE
    2011-07-27 00:40:58 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2011-07-26 23:57:56 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\Malwarebytes
    2011-07-26 23:57:40 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-26 23:57:38 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-07-26 23:57:34 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-07-26 23:57:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-07-26 20:30:22 -------- d-----w- C:\Program Files (x86)\Toontrack
    2011-07-26 20:09:54 -------- d-----w- C:\ProgramData\Canneverbe Limited
    2011-07-26 20:09:53 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\Canneverbe Limited
    2011-07-26 19:56:12 -------- d-----w- C:\Users\LocalUser\AppData\Local\MicroVision Applications
    2011-07-26 08:28:04 -------- d-----w- C:\ProgramData\WinMaximizer
    2011-07-26 08:27:56 -------- d-----w- C:\Program Files (x86)\WinMaximizer
    2011-07-26 07:24:43 64000 --sha-r- C:\Windows\SysWow64\C_20949C.dll
    2011-07-23 06:01:59 -------- d-----w- C:\Users\LocalUser\AppData\Local\Native Instruments
    2011-07-23 06:00:25 -------- d-----w- C:\Program Files (x86)\Common Files\Native Instruments
    2011-07-23 05:58:14 -------- d-----w- C:\Program Files (x86)\Native Instruments
    2011-07-22 20:27:52 -------- d-sh--r- C:\Users\LocalUser\AppData\Roaming\Winupdate
    2011-07-22 00:27:00 1332224 ----a-w- C:\Windows\SysWow64\SYNSOEMU.DLL
    2011-07-22 00:18:16 -------- d-----w- C:\Users\LocalUser\AppData\Local\Google
    2011-07-22 00:18:10 0 ----a-w- C:\Windows\SysWow64\ConduitEngine.tmp
    2011-07-22 00:18:08 -------- d-----w- C:\Users\LocalUser\AppData\Local\Conduit
    2011-07-22 00:13:44 -------- d-----w- C:\Users\LocalUser\AppData\Local\uTorrent
    2011-07-16 04:21:34 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\Cycling '74
    2011-07-16 04:21:22 -------- d-----w- C:\Program Files (x86)\AkaiPro
    2011-07-13 20:12:01 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\Secure-Soft Stealer
    2011-07-13 01:08:02 422400 ----a-w- C:\Windows\System32\KernelBase.dll
    2011-07-13 01:08:00 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2011-07-13 01:06:27 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2011-07-12 19:42:33 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\Media Get LLC
    2011-07-12 19:42:33 -------- d-----w- C:\ProgramData\Media Get LLC
    2011-07-12 19:31:52 -------- d-----w- C:\ProgramData\boost_interprocess
    2011-07-12 07:35:31 -------- d-----w- C:\Users\LocalUser\AppData\Local\antiphishing-webblog1_1dn
    2011-07-12 07:35:30 -------- d-----w- C:\ProgramData\Anti-phishing Domain Advisor
    2011-07-12 07:31:58 -------- d-----w- C:\Users\LocalUser\AppData\Local\Media Get LLC
    2011-07-12 07:28:23 -------- d-----w- C:\Users\LocalUser\AppData\Local\Ilivid Player
    2011-07-12 07:26:27 -------- d-----w- C:\Users\LocalUser\AppData\Local\PackageAware
    2011-07-12 07:08:37 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\Service SysScan
    2011-07-12 07:01:48 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\ChromeAddon
    2011-07-12 07:01:43 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\FireFoxAddons
    2011-07-12 06:56:00 -------- d-----w- C:\Program Files (x86)\VideoLAN
    2011-07-12 04:53:46 -------- d-----w- C:\Program Files (x86)\FYZip
    2011-07-12 04:53:31 -------- d-----w- C:\Program Files (x86)\Search Toolbar
    2011-07-11 14:24:25 -------- d-----w- C:\Users\LocalUser\AppData\Local\{DB921C9B-558F-4278-AC6B-609E927DF860}
    2011-07-11 00:13:29 -------- d-----w- C:\Windows\en
    2011-07-11 00:11:56 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2011-07-11 00:09:53 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
    2011-07-11 00:08:16 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
    2011-07-11 00:08:16 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
    2011-07-11 00:08:15 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
    2011-07-11 00:08:15 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
    2011-07-11 00:06:56 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
    2011-07-11 00:06:56 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
    2011-07-11 00:05:26 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
    2011-07-11 00:05:25 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll
    2011-07-11 00:05:25 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
    2011-07-11 00:05:25 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
    2011-07-11 00:01:43 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b75b925c1cc3f5d09\MeshBetaRemover.exe
    2011-07-11 00:01:42 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b6ad4e6f1cc3f5d08\DSETUP.dll
    2011-07-11 00:01:42 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b6ad4e6f1cc3f5d08\DXSETUP.exe
    2011-07-11 00:01:42 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b6ad4e6f1cc3f5d08\dsetup32.dll
    2011-07-11 00:01:41 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b51c6f611cc3f5d07\DXSETUP.exe
    2011-07-11 00:01:41 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b51c6f611cc3f5d07\dsetup32.dll
    2011-07-11 00:01:40 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b51c6f611cc3f5d07\DSETUP.dll
    2011-07-11 00:00:57 -------- d-----w- C:\Users\LocalUser\AppData\Local\Windows Live
    2011-07-11 00:00:57 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
    2011-07-10 23:59:24 -------- d-----w- C:\Users\LocalUser\AppData\Local\{EE74687F-2FF6-4467-B91C-34A94CFD7019}
    2011-07-06 02:02:03 233472 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll
    2011-07-06 02:02:03 1060864 ----a-w- C:\Windows\SysWow64\MFC71.dll
    2011-07-05 23:54:56 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\Ableton
    2011-07-05 23:50:42 -------- d-----w- C:\desktop misc
    2011-07-05 23:49:44 -------- d-----w- C:\music stuff
    2011-07-05 23:48:25 -------- d-----w- C:\Program Files (x86)\Ableton
    2011-07-02 23:09:34 124420592 ----a-w- C:\Users\LocalUser\POD Farm v2.51 Installer.exe
    2011-06-29 07:13:16 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    ==================== Find3M ====================
    .
    2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys
    2011-06-02 06:45:22 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2011-06-02 06:45:22 243200 ----a-w- C:\Windows\System32\wow64.dll
    2011-06-02 06:45:22 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2011-06-02 06:44:54 214528 ----a-w- C:\Windows\System32\winsrv.dll
    2011-06-02 06:42:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2011-06-02 06:35:56 338944 ----a-w- C:\Windows\System32\conhost.exe
    2011-06-02 05:59:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2011-06-02 05:56:28 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-06-02 05:56:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2011-06-02 05:54:51 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2011-06-02 03:51:00 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2011-06-02 03:45:49 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-06-02 03:45:49 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-06-02 03:45:49 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-06-02 03:45:49 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
    2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
    2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
    2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
    2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
    2011-05-13 20:03:34 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
    2011-05-13 19:42:24 302448 ----a-w- C:\Windows\WLXPGSS.SCR
    2011-05-04 08:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-05-04 05:30:38 2326016 ----a-w- C:\Windows\System32\tquery.dll
    2011-05-04 05:28:07 779264 ----a-w- C:\Windows\System32\mssvp.dll
    2011-05-04 05:28:07 2228224 ----a-w- C:\Windows\System32\mssrch.dll
    2011-05-04 05:28:06 75264 ----a-w- C:\Windows\System32\msscntrs.dll
    2011-05-04 05:28:06 491520 ----a-w- C:\Windows\System32\mssph.dll
    2011-05-04 05:28:06 288256 ----a-w- C:\Windows\System32\mssphtb.dll
    2011-05-04 05:24:09 593408 ----a-w- C:\Windows\System32\SearchIndexer.exe
    2011-05-04 05:24:09 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
    2011-05-04 05:24:09 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
    2011-05-04 04:53:10 1553920 ----a-w- C:\Windows\SysWow64\tquery.dll
    2011-05-04 04:52:59 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
    2011-05-04 04:52:59 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
    2011-05-04 04:52:59 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
    2011-05-04 04:52:59 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
    2011-05-04 04:52:59 1401856 ----a-w- C:\Windows\SysWow64\mssrch.dll
    2011-05-04 04:52:12 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
    2011-05-04 04:52:12 428032 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
    2011-05-04 04:52:12 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
    2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2011-05-03 05:21:22 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-05-03 04:50:29 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-04-29 03:13:10 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
    2011-04-29 03:12:54 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-04-29 03:12:37 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-04-29 02:16:38 1213440 ----a-w- C:\Windows\System32\L6DriverControlPanel.cpl
    2011-04-29 02:16:30 768000 ----a-w- C:\Windows\System32\drivers\L6UX264.sys
    2011-04-29 02:16:30 180224 ----a-w- C:\Windows\SysWow64\l6ux2.dll
    2011-04-29 02:16:28 217600 ----a-w- C:\Windows\System32\l6ux2_x64.dll
    .
    ============= FINISH: 21:46:15.18 ===============
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I note there were several programs installed on 7/26/2011. Please don't put anything else on the system while I'm helping you unless I direct you to do so.

    You assumed correctly! File sharing is a straight road to malware. But some if from the sites you visit like>>
    ==============================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ============================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

    Please leave the logs in your next reply.
  5. norourke3

    norourke3 Newcomer, in training Topic Starter

    How to remove search engine redirect virus

    hello bobbye. I've managed to fix the problem on my own. I know you said not to take any action without your approval, but my dad said he had the same virus, and a malwarebytes scan on safe mode did the trick. I tried it and it worked! thank you for helping me, and sorry for wasting your time...
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Thank you for the update. It is unlikely that Malwarebytes alone removed all of the malware entries. It is also common for one articular problem to be resolved, but leaving malware still on the system. There are programs to be uninstalled and entries to be removed. Might want to pass that on to your dad also.

    When you find the recurrence, please start a new thread.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.