How to remove search engine redirect virus
Hello Bobbye, and I'm very grateful you've decided to help me out. here are logs for the diagnostic checks:
MBAM:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7289
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
7/26/2011 9:22:52 PM
mbam-log-2011-07-26 (21-22-52).txt
Scan type: Quick scan
Objects scanned: 186943
Time elapsed: 5 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\FF_Addon.exe (Trojan.Agent) -> Value: FF_Addon.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Addon_FF.exe (Trojan.Agent) -> Value: Addon_FF.exe -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
as for the GMER log, there was literally no text in it whatsoever, so there's nothing I can post...
Attach log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/19/2010 8:32:40 AM
System Uptime: 7/26/2011 9:06:53 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0K138P
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | Microprocessor | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 148.041 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP97: 7/10/2011 8:02:11 PM - Windows Update
RP98: 7/10/2011 8:05:07 PM - Windows Update
RP99: 7/10/2011 8:05:59 PM - Installed DirectX
RP100: 7/10/2011 8:07:00 PM - Installed DirectX
RP101: 7/10/2011 8:09:11 PM - WLSetup
RP102: 7/12/2011 3:12:18 AM - Windows Update
RP103: 7/13/2011 3:00:15 AM - Windows Update
RP104: 7/13/2011 10:31:00 PM - Windows Update
RP105: 7/16/2011 11:32:55 PM - RegistryReviver64 Backup
RP106: 7/24/2011 7:48:39 PM - Scheduled Checkpoint
RP107: 7/26/2011 3:00:10 AM - Installed Superior Drummer Installer.
.
==== Installed Programs ======================
.
.
µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.4
Anti-phishing Domain Advisor
ASIO4ALL
Blockland
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP250 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
D3DX10
Descent 3
Driver Whiz
FL Studio 9
FlashDevelop 3.3.2
FYZip 1.00
Hardcore
IL Download Manager
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
Line 6 Uninstaller
Live 7.0.10
Malwarebytes' Anti-Malware version 1.51.1.1800
McAfee Agent
McAfee AntiSpyware Enterprise Module
McAfee Security Scan Plus
McAfee VirusScan Enterprise
Mesh Runtime
Messenger Companion
Microsoft Default Manager
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 5.0.1 (x86 en-US)
MPK mini Editor
MSVCRT
MSVCRT_amd64
Native Instruments Massive
PC Suite
Pepakura Viewer 3
PoiZone
reFX Nexus VSTi RTAS v2.2.0
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Sawer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Skype™ 5.1
SSH Secure Shell
Superior Drummer Installer
Toxic Biohazard
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinMaximizer 1.2.86
.
==== Event Viewer Messages From Past Week ========
.
7/26/2011 12:03:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
7/26/2011 12:03:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
7/23/2011 10:50:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
7/20/2011 3:17:38 PM, Error: BridgeMP [14702] - Bridge [Adapter Realtek PCIe FE Family Controller]: The bridge could not modify the network adapter's packet filter. The network adapter will not function correctly.
.
==== End Of File ===========================
DDS log:
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by LocalUser at 21:44:49 on 2011-07-26
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3034.1582 [GMT -4:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\SysWOW64\rundll32.exe
c:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZRxpt070YYUS&ptb=f03X1VpI9aIrTwO5f4j8iQ
uSearch Bar = Preserve
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=7899caca000000000000a6badbdbeac2&tlver=1.4.23.10&affID=18474
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Chrome_Addon.exe] C:\Users\LocalUser\AppData\Roaming\ChromeAddon\Chrome_Addon.exe
uRun: [Add_Chrome.exe] C:\Users\LOCALU~1\AppData\Local\Temp\ChromeAddon\Add_Chrome.exe
uRun: [MediaGet2] C:\Users\LocalUser\AppData\Local\MediaGet2\mediaget.exe --minimized
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [ShStatEXE] "c:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: line6.net
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{1F4EC383-2820-4E17-9AA8-FA251C8E4A49} : DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{1F4EC383-2820-4E17-9AA8-FA251C8E4A49}\3462A40223730343 : NameServer = 192.168.1.0,192.168.2.0
TCP: Interfaces\{1F4EC383-2820-4E17-9AA8-FA251C8E4A49}\3462A40223730343 : DhcpNameServer = 192.168.0.1 192.168.0.2
TCP: Interfaces\{3CB36117-7AB6-41DD-8752-729732366C57} : DhcpNameServer = 192.168.1.1 71.243.0.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
BHO-X64: Searchqu Toolbar - No File
BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [ShStatEXE] "c:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\LocalUser\AppData\Roaming\Mozilla\Firefox\Profiles\5gxq9q0h.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRxpt070YYUS&ptb=f03X1VpI9aIrTwO5f4j8iQ&ind=2011071223&ptnrS=ZRxpt070YYUS&si=&n=77de82f7&psa=&st=kwd&searchfor=
FF - component: C:\Users\LocalUser\AppData\Roaming\Mozilla\Firefox\Profiles\5gxq9q0h.default\extensions\{C3947F4E-8894-4C04-98E0-DF182C706DDF}\components\dtTransparency.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\LocalUser\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-5-21 89600]
R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2009-8-31 19720]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2009-9-22 103744]
R2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2009-8-31 178920]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2009-8-31 66896]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe --> C:\Windows\system32\mfevtps.exe [?]
R3 L6UX2;Service - Line 6 UX2;C:\Windows\system32\Drivers\L6UX264.sys --> C:\Windows\system32\Drivers\L6UX264.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 L6TPortGX;Service - Line 6 TonePort GX;C:\Windows\system32\Drivers\L6TPortGX64.sys --> C:\Windows\system32\Drivers\L6TPortGX64.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]
S3 MobileAdapter;Mobile Adapter USB Modem and USB Serial;C:\Windows\system32\DRIVERS\qscnusb.sys --> C:\Windows\system32\DRIVERS\qscnusb.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-07-27 00:41:08 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\SUPERAntiSpyware.com
2011-07-27 00:41:08 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-07-27 00:41:02 -------- d-----w- C:\ProgramData\!SASCORE
2011-07-27 00:40:58 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-07-26 23:57:56 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\Malwarebytes
2011-07-26 23:57:40 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-26 23:57:38 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-26 23:57:34 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-26 23:57:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-26 20:30:22 -------- d-----w- C:\Program Files (x86)\Toontrack
2011-07-26 20:09:54 -------- d-----w- C:\ProgramData\Canneverbe Limited
2011-07-26 20:09:53 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\Canneverbe Limited
2011-07-26 19:56:12 -------- d-----w- C:\Users\LocalUser\AppData\Local\MicroVision Applications
2011-07-26 08:28:04 -------- d-----w- C:\ProgramData\WinMaximizer
2011-07-26 08:27:56 -------- d-----w- C:\Program Files (x86)\WinMaximizer
2011-07-26 07:24:43 64000 --sha-r- C:\Windows\SysWow64\C_20949C.dll
2011-07-23 06:01:59 -------- d-----w- C:\Users\LocalUser\AppData\Local\Native Instruments
2011-07-23 06:00:25 -------- d-----w- C:\Program Files (x86)\Common Files\Native Instruments
2011-07-23 05:58:14 -------- d-----w- C:\Program Files (x86)\Native Instruments
2011-07-22 20:27:52 -------- d-sh--r- C:\Users\LocalUser\AppData\Roaming\Winupdate
2011-07-22 00:27:00 1332224 ----a-w- C:\Windows\SysWow64\SYNSOEMU.DLL
2011-07-22 00:18:16 -------- d-----w- C:\Users\LocalUser\AppData\Local\Google
2011-07-22 00:18:10 0 ----a-w- C:\Windows\SysWow64\ConduitEngine.tmp
2011-07-22 00:18:08 -------- d-----w- C:\Users\LocalUser\AppData\Local\Conduit
2011-07-22 00:13:44 -------- d-----w- C:\Users\LocalUser\AppData\Local\uTorrent
2011-07-16 04:21:34 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\Cycling '74
2011-07-16 04:21:22 -------- d-----w- C:\Program Files (x86)\AkaiPro
2011-07-13 20:12:01 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\Secure-Soft Stealer
2011-07-13 01:08:02 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-13 01:08:00 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-13 01:06:27 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-12 19:42:33 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\Media Get LLC
2011-07-12 19:42:33 -------- d-----w- C:\ProgramData\Media Get LLC
2011-07-12 19:31:52 -------- d-----w- C:\ProgramData\boost_interprocess
2011-07-12 07:35:31 -------- d-----w- C:\Users\LocalUser\AppData\Local\antiphishing-webblog1_1dn
2011-07-12 07:35:30 -------- d-----w- C:\ProgramData\Anti-phishing Domain Advisor
2011-07-12 07:31:58 -------- d-----w- C:\Users\LocalUser\AppData\Local\Media Get LLC
2011-07-12 07:28:23 -------- d-----w- C:\Users\LocalUser\AppData\Local\Ilivid Player
2011-07-12 07:26:27 -------- d-----w- C:\Users\LocalUser\AppData\Local\PackageAware
2011-07-12 07:08:37 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\Service SysScan
2011-07-12 07:01:48 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\ChromeAddon
2011-07-12 07:01:43 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\FireFoxAddons
2011-07-12 06:56:00 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-07-12 04:53:46 -------- d-----w- C:\Program Files (x86)\FYZip
2011-07-12 04:53:31 -------- d-----w- C:\Program Files (x86)\Search Toolbar
2011-07-11 14:24:25 -------- d-----w- C:\Users\LocalUser\AppData\Local\{DB921C9B-558F-4278-AC6B-609E927DF860}
2011-07-11 00:13:29 -------- d-----w- C:\Windows\en
2011-07-11 00:11:56 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-07-11 00:09:53 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2011-07-11 00:08:16 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-07-11 00:08:16 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-07-11 00:08:15 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-07-11 00:08:15 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-07-11 00:06:56 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-07-11 00:06:56 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-07-11 00:05:26 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2011-07-11 00:05:25 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll
2011-07-11 00:05:25 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2011-07-11 00:05:25 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2011-07-11 00:01:43 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b75b925c1cc3f5d09\MeshBetaRemover.exe
2011-07-11 00:01:42 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b6ad4e6f1cc3f5d08\DSETUP.dll
2011-07-11 00:01:42 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b6ad4e6f1cc3f5d08\DXSETUP.exe
2011-07-11 00:01:42 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b6ad4e6f1cc3f5d08\dsetup32.dll
2011-07-11 00:01:41 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b51c6f611cc3f5d07\DXSETUP.exe
2011-07-11 00:01:41 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b51c6f611cc3f5d07\dsetup32.dll
2011-07-11 00:01:40 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b51c6f611cc3f5d07\DSETUP.dll
2011-07-11 00:00:57 -------- d-----w- C:\Users\LocalUser\AppData\Local\Windows Live
2011-07-11 00:00:57 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-07-10 23:59:24 -------- d-----w- C:\Users\LocalUser\AppData\Local\{EE74687F-2FF6-4467-B91C-34A94CFD7019}
2011-07-06 02:02:03 233472 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll
2011-07-06 02:02:03 1060864 ----a-w- C:\Windows\SysWow64\MFC71.dll
2011-07-05 23:54:56 -------- d-----w- C:\Users\LocalUser\AppData\Roaming\Ableton
2011-07-05 23:50:42 -------- d-----w- C:\desktop misc
2011-07-05 23:49:44 -------- d-----w- C:\music stuff
2011-07-05 23:48:25 -------- d-----w- C:\Program Files (x86)\Ableton
2011-07-02 23:09:34 124420592 ----a-w- C:\Users\LocalUser\POD Farm v2.51 Installer.exe
2011-06-29 07:13:16 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys
2011-06-02 06:45:22 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-02 06:45:22 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-02 06:45:22 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-02 06:44:54 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-02 06:42:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-02 06:35:56 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-02 05:59:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-02 05:56:28 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-02 05:56:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-02 05:54:51 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-02 03:51:00 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-02 03:45:49 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-13 20:03:34 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2011-05-13 19:42:24 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2011-05-04 08:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-05-04 05:30:38 2326016 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:28:07 779264 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:28:07 2228224 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:28:06 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:28:06 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:28:06 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:24:09 593408 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:24:09 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:24:09 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:53:10 1553920 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:52:59 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:52:59 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:52:59 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:52:59 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:52:59 1401856 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:52:12 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:52:12 428032 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:52:12 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-05-03 05:21:22 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:50:29 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:13:10 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:12:54 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:12:37 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-29 02:16:38 1213440 ----a-w- C:\Windows\System32\L6DriverControlPanel.cpl
2011-04-29 02:16:30 768000 ----a-w- C:\Windows\System32\drivers\L6UX264.sys
2011-04-29 02:16:30 180224 ----a-w- C:\Windows\SysWow64\l6ux2.dll
2011-04-29 02:16:28 217600 ----a-w- C:\Windows\System32\l6ux2_x64.dll
.
============= FINISH: 21:46:15.18 ===============