Hey guys, I have this nasty search engine redirect virus on my computer that I can't seem to get rid of. whenever I go to Google search results and click on a link, it redirects me to another site. It seems I can only get to the places I want if I manually type in the link. Also, I have IE on my computer, which I don't use (I use firefox), but IE pops up at random times with the same ilk of web pages as the google redirect, leading me to think the two are connected somehow. I have been using utorrent lately, so I'm assuming that's how this whole mess got started... Any help you guys could give me would be greatly appreciated.
Resolved [Closed] How to remove search engine redirect virus
- Thread starter norourke3
- Start date
- Status
Bobbye
Posts: 16,313 +36
Welcome to TechSpot! I'll help with the malware, but I need some information first:
Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.
NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.
When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
=========================================
My Guidelines: please read and follow:
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.
NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.
When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
=========================================
My Guidelines: please read and follow:
- Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
- Read my instructions carefully. If you don't understand or have a problem, ask me.
- If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
- Follow the order of the tasks I give you. Order is crucial in cleaning process.
- File sharing programs should be uninstalled or disabled during the cleaning process..
- Observe these:
[o] Don't use any other cleaning programs or scans while I'm helping you.
[o] Don't use a Registry cleaner or make any changes in the Registry.
[o] Don't download and install new programs- except those I give you. - Please let me know if there is any change in the system.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
How to remove search engine redirect virus
Hello Bobbye, and I'm very grateful you've decided to help me out. here are logs for the diagnostic checks:
MBAM:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7289
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
7/26/2011 9:22:52 PM
mbam-log-2011-07-26 (21-22-52).txt
Scan type: Quick scan
Objects scanned: 186943
Time elapsed: 5 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\FF_Addon.exe (Trojan.Agent) -> Value: FF_Addon.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Addon_FF.exe (Trojan.Agent) -> Value: Addon_FF.exe -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
as for the GMER log, there was literally no text in it whatsoever, so there's nothing I can post...
Attach log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/19/2010 8:32:40 AM
System Uptime: 7/26/2011 9:06:53 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0K138P
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | Microprocessor | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 148.041 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP97: 7/10/2011 8:02:11 PM - Windows Update
RP98: 7/10/2011 8:05:07 PM - Windows Update
RP99: 7/10/2011 8:05:59 PM - Installed DirectX
RP100: 7/10/2011 8:07:00 PM - Installed DirectX
RP101: 7/10/2011 8:09:11 PM - WLSetup
RP102: 7/12/2011 3:12:18 AM - Windows Update
RP103: 7/13/2011 3:00:15 AM - Windows Update
RP104: 7/13/2011 10:31:00 PM - Windows Update
RP105: 7/16/2011 11:32:55 PM - RegistryReviver64 Backup
RP106: 7/24/2011 7:48:39 PM - Scheduled Checkpoint
RP107: 7/26/2011 3:00:10 AM - Installed Superior Drummer Installer.
.
==== Installed Programs ======================
.
.
µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.4
Anti-phishing Domain Advisor
ASIO4ALL
Blockland
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP250 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
D3DX10
Descent 3
Driver Whiz
FL Studio 9
FlashDevelop 3.3.2
FYZip 1.00
Hardcore
IL Download Manager
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
Line 6 Uninstaller
Live 7.0.10
Malwarebytes' Anti-Malware version 1.51.1.1800
McAfee Agent
McAfee AntiSpyware Enterprise Module
McAfee Security Scan Plus
McAfee VirusScan Enterprise
Mesh Runtime
Messenger Companion
Microsoft Default Manager
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 5.0.1 (x86 en-US)
MPK mini Editor
MSVCRT
MSVCRT_amd64
Native Instruments Massive
PC Suite
Pepakura Viewer 3
PoiZone
reFX Nexus VSTi RTAS v2.2.0
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Sawer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Skype™ 5.1
SSH Secure Shell
Superior Drummer Installer
Toxic Biohazard
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinMaximizer 1.2.86
.
==== Event Viewer Messages From Past Week ========
.
7/26/2011 12:03:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
7/26/2011 12:03:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
7/23/2011 10:50:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
7/20/2011 3:17:38 PM, Error: BridgeMP [14702] - Bridge [Adapter Realtek PCIe FE Family Controller]: The bridge could not modify the network adapter's packet filter. The network adapter will not function correctly.
.
==== End Of File ===========================
DDS log:
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by LocalUser at 21:44:49 on 2011-07-26
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3034.1582 [GMT -4:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\SysWOW64\rundll32.exe
c:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZRxpt070YYUS&ptb=f03X1VpI9aIrTwO5f4j8iQ
uSearch Bar = Preserve
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=7899caca000000000000a6badbdbeac2&tlver=1.4.23.10&affID=18474
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Chrome_Addon.exe] C:\Users\LocalUser\AppData\Roaming\ChromeAddon\Chrome_Addon.exe
uRun: [Add_Chrome.exe] C:\Users\LOCALU~1\AppData\Local\Temp\ChromeAddon\Add_Chrome.exe
uRun: [MediaGet2] C:\Users\LocalUser\AppData\Local\MediaGet2\mediaget.exe --minimized
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [ShStatEXE] "c:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: line6.net
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{1F4EC383-2820-4E17-9AA8-FA251C8E4A49} : DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{1F4EC383-2820-4E17-9AA8-FA251C8E4A49}\3462A40223730343 : NameServer = 192.168.1.0,192.168.2.0
TCP: Interfaces\{1F4EC383-2820-4E17-9AA8-FA251C8E4A49}\3462A40223730343 : DhcpNameServer = 192.168.0.1 192.168.0.2
TCP: Interfaces\{3CB36117-7AB6-41DD-8752-729732366C57} : DhcpNameServer = 192.168.1.1 71.243.0.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
BHO-X64: Searchqu Toolbar - No File
BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [ShStatEXE] "c:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\LocalUser\AppData\Roaming\Mozilla\Firefox\Profiles\5gxq9q0h.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRxpt070YYUS&ptb=f03X1VpI9aIrTwO5f4j8iQ&ind=2011071223&ptnrS=ZRxpt070YYUS&si=&n=77de82f7&psa=&st=kwd&searchfor=
FF - component: C:\Users\LocalUser\AppData\Roaming\Mozilla\Firefox\Profiles\5gxq9q0h.default\extensions\{C3947F4E-8894-4C04-98E0-DF182C706DDF}\components\dtTransparency.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\LocalUser\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-5-21 89600]
R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2009-8-31 19720]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2009-9-22 103744]
R2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2009-8-31 178920]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2009-8-31 66896]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe --> C:\Windows\system32\mfevtps.exe [?]
R3 L6UX2;Service - Line 6 UX2;C:\Windows\system32\Drivers\L6UX264.sys --> C:\Windows\system32\Drivers\L6UX264.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 L6TPortGX;Service - Line 6 TonePort GX;C:\Windows\system32\Drivers\L6TPortGX64.sys --> C:\Windows\system32\Drivers\L6TPortGX64.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]
S3 MobileAdapter;Mobile Adapter USB Modem and USB Serial;C:\Windows\system32\DRIVERS\qscnusb.sys --> C:\Windows\system32\DRIVERS\qscnusb.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-07-27 00:41:08 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\SUPERAntiSpyware.com
2011-07-27 00:41:08 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-07-27 00:41:02 -------- d-----w- C:\ProgramData\!SASCORE
2011-07-27 00:40:58 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-07-26 23:57:56 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\Malwarebytes
2011-07-26 23:57:40 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-26 23:57:38 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-26 23:57:34 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-26 23:57:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-26 20:30:22 -------- d-----w- C:\Program Files (x86)\Toontrack
2011-07-26 20:09:54 -------- d-----w- C:\ProgramData\Canneverbe Limited
2011-07-26 20:09:53 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\Canneverbe Limited
2011-07-26 19:56:12 -------- d-----w- C:\Users\LocalUser\AppData\Local\MicroVision Applications
2011-07-26 08:28:04 -------- d-----w- C:\ProgramData\WinMaximizer
2011-07-26 08:27:56 -------- d-----w- C:\Program Files (x86)\WinMaximizer
2011-07-26 07:24:43 64000 --sha-r- C:\Windows\SysWow64\C_20949C.dll
2011-07-23 06:01:59 -------- d-----w- C:\Users\LocalUser\AppData\Local\Native Instruments
2011-07-23 06:00:25 -------- d-----w- C:\Program Files (x86)\Common Files\Native Instruments
2011-07-23 05:58:14 -------- d-----w- C:\Program Files (x86)\Native Instruments
2011-07-22 20:27:52 -------- d-sh--r- C:\Users\LocalUser\AppData\Roaming\Winupdate
2011-07-22 00:27:00 1332224 ----a-w- C:\Windows\SysWow64\SYNSOEMU.DLL
2011-07-22 00:18:16 -------- d-----w- C:\Users\LocalUser\AppData\Local\Google
2011-07-22 00:18:10 0 ----a-w- C:\Windows\SysWow64\ConduitEngine.tmp
2011-07-22 00:18:08 -------- d-----w- C:\Users\LocalUser\AppData\Local\Conduit
2011-07-22 00:13:44 -------- d-----w- C:\Users\LocalUser\AppData\Local\uTorrent
2011-07-16 04:21:34 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\Cycling '74
2011-07-16 04:21:22 -------- d-----w- C:\Program Files (x86)\AkaiPro
2011-07-13 20:12:01 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\Secure-Soft Stealer
2011-07-13 01:08:02 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-13 01:08:00 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-13 01:06:27 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-12 19:42:33 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\Media Get LLC
2011-07-12 19:42:33 -------- d-----w- C:\ProgramData\Media Get LLC
2011-07-12 19:31:52 -------- d-----w- C:\ProgramData\boost_interprocess
2011-07-12 07:35:31 -------- d-----w- C:\Users\LocalUser\AppData\Local\antiphishing-webblog1_1dn
2011-07-12 07:35:30 -------- d-----w- C:\ProgramData\Anti-phishing Domain Advisor
2011-07-12 07:31:58 -------- d-----w- C:\Users\LocalUser\AppData\Local\Media Get LLC
2011-07-12 07:28:23 -------- d-----w- C:\Users\LocalUser\AppData\Local\Ilivid Player
2011-07-12 07:26:27 -------- d-----w- C:\Users\LocalUser\AppData\Local\PackageAware
2011-07-12 07:08:37 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\Service SysScan
2011-07-12 07:01:48 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\ChromeAddon
2011-07-12 07:01:43 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\FireFoxAddons
2011-07-12 06:56:00 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-07-12 04:53:46 -------- d-----w- C:\Program Files (x86)\FYZip
2011-07-12 04:53:31 -------- d-----w- C:\Program Files (x86)\Search Toolbar
2011-07-11 14:24:25 -------- d-----w- C:\Users\LocalUser\AppData\Local\{DB921C9B-558F-4278-AC6B-609E927DF860}
2011-07-11 00:13:29 -------- d-----w- C:\Windows\en
2011-07-11 00:11:56 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-07-11 00:09:53 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2011-07-11 00:08:16 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-07-11 00:08:16 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-07-11 00:08:15 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-07-11 00:08:15 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-07-11 00:06:56 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-07-11 00:06:56 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-07-11 00:05:26 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2011-07-11 00:05:25 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll
2011-07-11 00:05:25 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2011-07-11 00:05:25 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2011-07-11 00:01:43 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b75b925c1cc3f5d09\MeshBetaRemover.exe
2011-07-11 00:01:42 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b6ad4e6f1cc3f5d08\DSETUP.dll
2011-07-11 00:01:42 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b6ad4e6f1cc3f5d08\DXSETUP.exe
2011-07-11 00:01:42 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b6ad4e6f1cc3f5d08\dsetup32.dll
2011-07-11 00:01:41 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b51c6f611cc3f5d07\DXSETUP.exe
2011-07-11 00:01:41 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b51c6f611cc3f5d07\dsetup32.dll
2011-07-11 00:01:40 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b51c6f611cc3f5d07\DSETUP.dll
2011-07-11 00:00:57 -------- d-----w- C:\Users\LocalUser\AppData\Local\Windows Live
2011-07-11 00:00:57 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-07-10 23:59:24 -------- d-----w- C:\Users\LocalUser\AppData\Local\{EE74687F-2FF6-4467-B91C-34A94CFD7019}
2011-07-06 02:02:03 233472 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll
2011-07-06 02:02:03 1060864 ----a-w- C:\Windows\SysWow64\MFC71.dll
2011-07-05 23:54:56 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\Ableton
2011-07-05 23:50:42 -------- d-----w- C:\desktop misc
2011-07-05 23:49:44 -------- d-----w- C:\music stuff
2011-07-05 23:48:25 -------- d-----w- C:\Program Files (x86)\Ableton
2011-07-02 23:09:34 124420592 ----a-w- C:\Users\LocalUser\POD Farm v2.51 Installer.exe
2011-06-29 07:13:16 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys
2011-06-02 06:45:22 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-02 06:45:22 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-02 06:45:22 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-02 06:44:54 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-02 06:42:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-02 06:35:56 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-02 05:59:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-02 05:56:28 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-02 05:56:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-02 05:54:51 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-02 03:51:00 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-02 03:45:49 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-13 20:03:34 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2011-05-13 19:42:24 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2011-05-04 08:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-05-04 05:30:38 2326016 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:28:07 779264 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:28:07 2228224 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:28:06 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:28:06 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:28:06 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:24:09 593408 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:24:09 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:24:09 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:53:10 1553920 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:52:59 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:52:59 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:52:59 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:52:59 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:52:59 1401856 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:52:12 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:52:12 428032 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:52:12 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-05-03 05:21:22 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:50:29 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:13:10 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:12:54 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:12:37 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-29 02:16:38 1213440 ----a-w- C:\Windows\System32\L6DriverControlPanel.cpl
2011-04-29 02:16:30 768000 ----a-w- C:\Windows\System32\drivers\L6UX264.sys
2011-04-29 02:16:30 180224 ----a-w- C:\Windows\SysWow64\l6ux2.dll
2011-04-29 02:16:28 217600 ----a-w- C:\Windows\System32\l6ux2_x64.dll
.
============= FINISH: 21:46:15.18 ===============
Hello Bobbye, and I'm very grateful you've decided to help me out. here are logs for the diagnostic checks:
MBAM:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7289
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
7/26/2011 9:22:52 PM
mbam-log-2011-07-26 (21-22-52).txt
Scan type: Quick scan
Objects scanned: 186943
Time elapsed: 5 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\FF_Addon.exe (Trojan.Agent) -> Value: FF_Addon.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Addon_FF.exe (Trojan.Agent) -> Value: Addon_FF.exe -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
as for the GMER log, there was literally no text in it whatsoever, so there's nothing I can post...
Attach log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/19/2010 8:32:40 AM
System Uptime: 7/26/2011 9:06:53 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0K138P
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | Microprocessor | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 148.041 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP97: 7/10/2011 8:02:11 PM - Windows Update
RP98: 7/10/2011 8:05:07 PM - Windows Update
RP99: 7/10/2011 8:05:59 PM - Installed DirectX
RP100: 7/10/2011 8:07:00 PM - Installed DirectX
RP101: 7/10/2011 8:09:11 PM - WLSetup
RP102: 7/12/2011 3:12:18 AM - Windows Update
RP103: 7/13/2011 3:00:15 AM - Windows Update
RP104: 7/13/2011 10:31:00 PM - Windows Update
RP105: 7/16/2011 11:32:55 PM - RegistryReviver64 Backup
RP106: 7/24/2011 7:48:39 PM - Scheduled Checkpoint
RP107: 7/26/2011 3:00:10 AM - Installed Superior Drummer Installer.
.
==== Installed Programs ======================
.
.
µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.4
Anti-phishing Domain Advisor
ASIO4ALL
Blockland
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP250 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
D3DX10
Descent 3
Driver Whiz
FL Studio 9
FlashDevelop 3.3.2
FYZip 1.00
Hardcore
IL Download Manager
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
Line 6 Uninstaller
Live 7.0.10
Malwarebytes' Anti-Malware version 1.51.1.1800
McAfee Agent
McAfee AntiSpyware Enterprise Module
McAfee Security Scan Plus
McAfee VirusScan Enterprise
Mesh Runtime
Messenger Companion
Microsoft Default Manager
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 5.0.1 (x86 en-US)
MPK mini Editor
MSVCRT
MSVCRT_amd64
Native Instruments Massive
PC Suite
Pepakura Viewer 3
PoiZone
reFX Nexus VSTi RTAS v2.2.0
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Sawer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Skype™ 5.1
SSH Secure Shell
Superior Drummer Installer
Toxic Biohazard
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinMaximizer 1.2.86
.
==== Event Viewer Messages From Past Week ========
.
7/26/2011 12:03:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
7/26/2011 12:03:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
7/23/2011 10:50:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
7/20/2011 3:17:38 PM, Error: BridgeMP [14702] - Bridge [Adapter Realtek PCIe FE Family Controller]: The bridge could not modify the network adapter's packet filter. The network adapter will not function correctly.
.
==== End Of File ===========================
DDS log:
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by LocalUser at 21:44:49 on 2011-07-26
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3034.1582 [GMT -4:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\SysWOW64\rundll32.exe
c:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZRxpt070YYUS&ptb=f03X1VpI9aIrTwO5f4j8iQ
uSearch Bar = Preserve
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=7899caca000000000000a6badbdbeac2&tlver=1.4.23.10&affID=18474
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Chrome_Addon.exe] C:\Users\LocalUser\AppData\Roaming\ChromeAddon\Chrome_Addon.exe
uRun: [Add_Chrome.exe] C:\Users\LOCALU~1\AppData\Local\Temp\ChromeAddon\Add_Chrome.exe
uRun: [MediaGet2] C:\Users\LocalUser\AppData\Local\MediaGet2\mediaget.exe --minimized
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [ShStatEXE] "c:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: line6.net
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{1F4EC383-2820-4E17-9AA8-FA251C8E4A49} : DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{1F4EC383-2820-4E17-9AA8-FA251C8E4A49}\3462A40223730343 : NameServer = 192.168.1.0,192.168.2.0
TCP: Interfaces\{1F4EC383-2820-4E17-9AA8-FA251C8E4A49}\3462A40223730343 : DhcpNameServer = 192.168.0.1 192.168.0.2
TCP: Interfaces\{3CB36117-7AB6-41DD-8752-729732366C57} : DhcpNameServer = 192.168.1.1 71.243.0.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
BHO-X64: Searchqu Toolbar - No File
BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [ShStatEXE] "c:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\LocalUser\AppData\Roaming\Mozilla\Firefox\Profiles\5gxq9q0h.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRxpt070YYUS&ptb=f03X1VpI9aIrTwO5f4j8iQ&ind=2011071223&ptnrS=ZRxpt070YYUS&si=&n=77de82f7&psa=&st=kwd&searchfor=
FF - component: C:\Users\LocalUser\AppData\Roaming\Mozilla\Firefox\Profiles\5gxq9q0h.default\extensions\{C3947F4E-8894-4C04-98E0-DF182C706DDF}\components\dtTransparency.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\LocalUser\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-5-21 89600]
R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2009-8-31 19720]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2009-9-22 103744]
R2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2009-8-31 178920]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2009-8-31 66896]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe --> C:\Windows\system32\mfevtps.exe [?]
R3 L6UX2;Service - Line 6 UX2;C:\Windows\system32\Drivers\L6UX264.sys --> C:\Windows\system32\Drivers\L6UX264.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 L6TPortGX;Service - Line 6 TonePort GX;C:\Windows\system32\Drivers\L6TPortGX64.sys --> C:\Windows\system32\Drivers\L6TPortGX64.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]
S3 MobileAdapter;Mobile Adapter USB Modem and USB Serial;C:\Windows\system32\DRIVERS\qscnusb.sys --> C:\Windows\system32\DRIVERS\qscnusb.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-07-27 00:41:08 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\SUPERAntiSpyware.com
2011-07-27 00:41:08 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-07-27 00:41:02 -------- d-----w- C:\ProgramData\!SASCORE
2011-07-27 00:40:58 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-07-26 23:57:56 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\Malwarebytes
2011-07-26 23:57:40 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-26 23:57:38 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-26 23:57:34 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-26 23:57:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-26 20:30:22 -------- d-----w- C:\Program Files (x86)\Toontrack
2011-07-26 20:09:54 -------- d-----w- C:\ProgramData\Canneverbe Limited
2011-07-26 20:09:53 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\Canneverbe Limited
2011-07-26 19:56:12 -------- d-----w- C:\Users\LocalUser\AppData\Local\MicroVision Applications
2011-07-26 08:28:04 -------- d-----w- C:\ProgramData\WinMaximizer
2011-07-26 08:27:56 -------- d-----w- C:\Program Files (x86)\WinMaximizer
2011-07-26 07:24:43 64000 --sha-r- C:\Windows\SysWow64\C_20949C.dll
2011-07-23 06:01:59 -------- d-----w- C:\Users\LocalUser\AppData\Local\Native Instruments
2011-07-23 06:00:25 -------- d-----w- C:\Program Files (x86)\Common Files\Native Instruments
2011-07-23 05:58:14 -------- d-----w- C:\Program Files (x86)\Native Instruments
2011-07-22 20:27:52 -------- d-sh--r- C:\Users\LocalUser\AppData\Roaming\Winupdate
2011-07-22 00:27:00 1332224 ----a-w- C:\Windows\SysWow64\SYNSOEMU.DLL
2011-07-22 00:18:16 -------- d-----w- C:\Users\LocalUser\AppData\Local\Google
2011-07-22 00:18:10 0 ----a-w- C:\Windows\SysWow64\ConduitEngine.tmp
2011-07-22 00:18:08 -------- d-----w- C:\Users\LocalUser\AppData\Local\Conduit
2011-07-22 00:13:44 -------- d-----w- C:\Users\LocalUser\AppData\Local\uTorrent
2011-07-16 04:21:34 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\Cycling '74
2011-07-16 04:21:22 -------- d-----w- C:\Program Files (x86)\AkaiPro
2011-07-13 20:12:01 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\Secure-Soft Stealer
2011-07-13 01:08:02 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-13 01:08:00 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-13 01:06:27 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-12 19:42:33 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\Media Get LLC
2011-07-12 19:42:33 -------- d-----w- C:\ProgramData\Media Get LLC
2011-07-12 19:31:52 -------- d-----w- C:\ProgramData\boost_interprocess
2011-07-12 07:35:31 -------- d-----w- C:\Users\LocalUser\AppData\Local\antiphishing-webblog1_1dn
2011-07-12 07:35:30 -------- d-----w- C:\ProgramData\Anti-phishing Domain Advisor
2011-07-12 07:31:58 -------- d-----w- C:\Users\LocalUser\AppData\Local\Media Get LLC
2011-07-12 07:28:23 -------- d-----w- C:\Users\LocalUser\AppData\Local\Ilivid Player
2011-07-12 07:26:27 -------- d-----w- C:\Users\LocalUser\AppData\Local\PackageAware
2011-07-12 07:08:37 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\Service SysScan
2011-07-12 07:01:48 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\ChromeAddon
2011-07-12 07:01:43 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\FireFoxAddons
2011-07-12 06:56:00 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-07-12 04:53:46 -------- d-----w- C:\Program Files (x86)\FYZip
2011-07-12 04:53:31 -------- d-----w- C:\Program Files (x86)\Search Toolbar
2011-07-11 14:24:25 -------- d-----w- C:\Users\LocalUser\AppData\Local\{DB921C9B-558F-4278-AC6B-609E927DF860}
2011-07-11 00:13:29 -------- d-----w- C:\Windows\en
2011-07-11 00:11:56 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-07-11 00:09:53 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2011-07-11 00:08:16 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-07-11 00:08:16 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-07-11 00:08:15 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-07-11 00:08:15 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-07-11 00:06:56 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-07-11 00:06:56 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-07-11 00:05:26 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2011-07-11 00:05:25 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll
2011-07-11 00:05:25 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2011-07-11 00:05:25 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2011-07-11 00:01:43 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b75b925c1cc3f5d09\MeshBetaRemover.exe
2011-07-11 00:01:42 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b6ad4e6f1cc3f5d08\DSETUP.dll
2011-07-11 00:01:42 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b6ad4e6f1cc3f5d08\DXSETUP.exe
2011-07-11 00:01:42 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b6ad4e6f1cc3f5d08\dsetup32.dll
2011-07-11 00:01:41 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b51c6f611cc3f5d07\DXSETUP.exe
2011-07-11 00:01:41 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b51c6f611cc3f5d07\dsetup32.dll
2011-07-11 00:01:40 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b51c6f611cc3f5d07\DSETUP.dll
2011-07-11 00:00:57 -------- d-----w- C:\Users\LocalUser\AppData\Local\Windows Live
2011-07-11 00:00:57 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-07-10 23:59:24 -------- d-----w- C:\Users\LocalUser\AppData\Local\{EE74687F-2FF6-4467-B91C-34A94CFD7019}
2011-07-06 02:02:03 233472 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll
2011-07-06 02:02:03 1060864 ----a-w- C:\Windows\SysWow64\MFC71.dll
2011-07-05 23:54:56 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\Ableton
2011-07-05 23:50:42 -------- d-----w- C:\desktop misc
2011-07-05 23:49:44 -------- d-----w- C:\music stuff
2011-07-05 23:48:25 -------- d-----w- C:\Program Files (x86)\Ableton
2011-07-02 23:09:34 124420592 ----a-w- C:\Users\LocalUser\POD Farm v2.51 Installer.exe
2011-06-29 07:13:16 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys
2011-06-02 06:45:22 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-02 06:45:22 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-02 06:45:22 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-02 06:44:54 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-02 06:42:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-02 06:35:56 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-02 05:59:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-02 05:56:28 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-02 05:56:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-02 05:54:51 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-02 03:51:00 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-02 03:45:49 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-13 20:03:34 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2011-05-13 19:42:24 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2011-05-04 08:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-05-04 05:30:38 2326016 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:28:07 779264 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:28:07 2228224 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:28:06 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:28:06 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:28:06 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:24:09 593408 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:24:09 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:24:09 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:53:10 1553920 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:52:59 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:52:59 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:52:59 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:52:59 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:52:59 1401856 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:52:12 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:52:12 428032 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:52:12 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-05-03 05:21:22 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:50:29 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:13:10 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:12:54 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:12:37 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-29 02:16:38 1213440 ----a-w- C:\Windows\System32\L6DriverControlPanel.cpl
2011-04-29 02:16:30 768000 ----a-w- C:\Windows\System32\drivers\L6UX264.sys
2011-04-29 02:16:30 180224 ----a-w- C:\Windows\SysWow64\l6ux2.dll
2011-04-29 02:16:28 217600 ----a-w- C:\Windows\System32\l6ux2_x64.dll
.
============= FINISH: 21:46:15.18 ===============
Bobbye
Posts: 16,313 +36
I note there were several programs installed on 7/26/2011. Please don't put anything else on the system while I'm helping you unless I direct you to do so.
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
============================================
Please leave the logs in your next reply.
You assumed correctly! File sharing is a straight road to malware. But some if from the sites you visit like>>
==============================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
- Click START> then RUN
- Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
- Double click combofix.exe & follow the prompts.
- ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. - Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
- Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
- .Click on Yes, to continue scanning for malware
- .If Combofix asks you to update the program, allow
- .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- .Close any open browsers.
- .Double click combofix.exe& follow the prompts to run.
- When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
============================================
- Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESETOnlineScan - For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
[o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
[o] Double click on theon your desktop.
- Check 'Yes I accept terms of use.'
- Click Start button
- Accept any security warnings from your browser.
- Uncheck 'Remove found threats'
- Check 'Scan archives/
- Leave remaining settings as is.
- Press the Start button.
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
- When the scan completes, press List of found threats
- Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
- Push the Back button
- Push Finish
Please leave the logs in your next reply.
How to remove search engine redirect virus
hello bobbye. I've managed to fix the problem on my own. I know you said not to take any action without your approval, but my dad said he had the same virus, and a malwarebytes scan on safe mode did the trick. I tried it and it worked! thank you for helping me, and sorry for wasting your time...
hello bobbye. I've managed to fix the problem on my own. I know you said not to take any action without your approval, but my dad said he had the same virus, and a malwarebytes scan on safe mode did the trick. I tried it and it worked! thank you for helping me, and sorry for wasting your time...
Bobbye
Posts: 16,313 +36
Thank you for the update. It is unlikely that Malwarebytes alone removed all of the malware entries. It is also common for one articular problem to be resolved, but leaving malware still on the system. There are programs to be uninstalled and entries to be removed. Might want to pass that on to your dad also.
When you find the recurrence, please start a new thread.
When you find the recurrence, please start a new thread.
- Status
Similar threads
Latest posts
-
New charging algorithm could double life of li-ion batteries- Freddie159 replied
