Inactive I still have the virus

[losguy]

I still have the virus can you help...?

Malware Log...

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7716

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

9/14/2011 11:47:14 AM
mbam-log-2011-09-14 (11-47-14).txt

Scan type: Quick scan
Objects scanned: 206543
Time elapsed: 10 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[losguy]

Here are the other logs

These are the other logs that you have requested...

 

[Bobbye]

Welcome to TechSpot!. I'll help with the malware but you will need to paste the logs in- we do not review attached logs.

Please read all of the instructions carefully.

All required logs have to be PASTED. Attached logs will NOT be reviewed.

I will review the logs after you have posted all of them. I would also appreciate it if you tell me
1. what virus are you referring to?
2. Have you been trying to remove it? How? Where?
===================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================

 

[losguy]

Google Redirect virus...

Let me knoiw what logs you need...

 

[Bobbye]

I need all of these pasted into your next reply:

Attached Files
File Type: txt GMER.txt (158.4 KB, 0 views)
File Type: txt DDS.txt (31.1 KB, 0 views)
File Type: txt Attach.txt (16.4 KB, 0 views)

And the answers to these:

1. what virus are you referring to?
2. Have you been trying to remove it? How? Where?

 

[losguy]

Logs

These are in post #2 but I will resend them...

 

[Bobbye]

Please read- again:

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Post 2 and post 6:

Attached Files
File Type: txt GMER.txt (158.4 KB, 0 views)
File Type: txt DDS.txt (31.1 KB, 0 views)
File Type: txt Attach.txt (16.4 KB, 0 views)

 

[losguy]

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by losguy at 11:32:49 on 2011-09-14
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3069.1302 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DVDFab Passkey\DVDFabPasskey.exe
C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Windows Internet Explorer provided by Yahoo!
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} -
TB: {C44F9E21-D93F-490C-B41C-B3548BDD19FC} - No File
TB: {38542454-DFB6-44F5-B052-D4E071A3D073} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [EPSON Stylus Photo RX680 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticja.exe /fu "c:\users\losguy\appdata\local\temp\E_SA761.tmp" /EF "HKCU"
uRun: [DVDFab Passkey] "c:\program files\dvdfab passkey\DVDFabPasskey.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\losguy\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\totalm~1.lnk - c:\program files\arcsoft\totalmedia backup\uBBMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: librivox.org\catalog
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Youda%20Legend%20-%20The%20Curse%20of%20the%20Amsterdam%20Diamond/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F2164D75-075D-4C1A-AADA-46FD93ED6920} : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\losguy\appdata\roaming\mozilla\firefox\profiles\wanqa7uf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7\npapicomadapter.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\losguy\appdata\roaming\move networks\plugins\npqmp071706000001.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: TV-Fox: {2f17f610-5e97-4fed-828f-9940b7b577a4} - %profile%\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-5-27 176128]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-20 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-12 366152]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-7-28 8396800]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-7-28 247296]
R3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [2011-4-28 54144]
R3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\drivers\inidvd.sys [2011-4-7 15640]
R3 MAWGSIF;MOTU PCI GSIF Driver;c:\windows\system32\drivers\mawgsif.sys [2007-2-7 23048]
R3 MAWWAVE;MOTU PCI Wave Driver;c:\windows\system32\drivers\mawwave.sys [2007-2-7 57352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-12 22216]
R3 Motuaw;Motuaw;c:\windows\system32\drivers\motuaw.sys [2007-2-7 347656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 CleanService;CleanService;c:\program files\migo software\digital shredder 4\CleanService.exe [2007-8-27 64000]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2009-10-28 23288]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbw.sys [2009-8-4 33736]
S4 gupdate1ca09b11e1d5a17;Google Update Service (gupdate1ca09b11e1d5a17);c:\program files\google\update\GoogleUpdate.exe [2009-7-20 133104]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-20 133104]
.
=============== Created Last 30 ================
.
2011-09-13 20:11:05 -------- d-----w- c:\users\losguy\appdata\local\{E3A589CB-E191-4214-A810-07F9F17B8BA2}
2011-09-13 20:10:55 -------- d-----w- c:\users\losguy\appdata\local\{83955BC6-73E8-4EDC-A1B8-EDD3E9FCCD64}
2011-09-13 17:09:57 -------- d-----w- c:\program files\AMD APP
2011-09-13 08:10:31 -------- d-----w- c:\users\losguy\appdata\local\{5AAE9E7E-319F-4494-9B2E-476A74A51E64}
2011-09-13 08:10:21 -------- d-----w- c:\users\losguy\appdata\local\{2F3D1FD7-7E2A-43E8-BDF7-20A549D96A19}
2011-09-12 20:39:46 -------- d-----w- c:\windows\pss
2011-09-12 20:17:42 -------- d-----w- c:\users\losguy\appdata\roaming\Malwarebytes
2011-09-12 20:17:35 -------- d-----w- c:\programdata\Malwarebytes
2011-09-12 20:17:32 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-12 20:17:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-12 20:09:57 -------- d-----w- c:\users\losguy\appdata\local\{AD3C32A9-32E3-4B2A-91CC-B4C1B5812AC4}
2011-09-12 20:09:47 -------- d-----w- c:\users\losguy\appdata\local\{89FF5FC4-B894-4C1A-B536-41FAF5E16E5F}
2011-09-12 04:01:55 -------- d-----w- c:\users\losguy\appdata\local\{0CF6A1A6-933F-413E-97F0-C76E3352AAF9}
2011-09-12 04:01:45 -------- d-----w- c:\users\losguy\appdata\local\{05464AEF-169C-496B-A85C-C32108F1BFDD}
2011-09-11 03:36:37 -------- d-----w- c:\users\losguy\appdata\local\{6AD114EE-55B8-49F7-8E52-BECD21AF2FF0}
2011-09-11 03:36:27 -------- d-----w- c:\users\losguy\appdata\local\{1D362D38-835D-475E-B684-51B92C7797A5}
2011-09-10 15:36:03 -------- d-----w- c:\users\losguy\appdata\local\{5A303394-7B28-4FD6-83B2-31FE1C332395}
2011-09-10 15:35:52 -------- d-----w- c:\users\losguy\appdata\local\{BB97CABB-1183-47D3-9D93-96802EC71EAA}
2011-09-10 06:33:14 -------- d-----w- c:\users\losguy\appdata\local\FixItCenter
2011-09-10 03:35:28 -------- d-----w- c:\users\losguy\appdata\local\{68F46883-51BC-4A3B-8406-DD18A8428B1D}
2011-09-10 03:35:18 -------- d-----w- c:\users\losguy\appdata\local\{6A81BAEF-B94E-44FD-8ABE-3F37190A568E}
2011-09-09 17:52:58 -------- d-----w- c:\program files\Redemption Cemetery - Children's Plight Collector's Edition
2011-09-09 15:59:05 -------- d-----w- c:\program files\Haunted Legends - The Bronze Horseman Collectors Edition
2011-09-09 15:35:06 -------- d-----w- c:\users\losguy\appdata\local\{B61FD4CD-9860-4B96-A6C2-2CE54CA6A097}
2011-09-09 15:34:56 -------- d-----w- c:\users\losguy\appdata\local\{1D927975-93BE-4FCE-9E35-E60EC8DB8DD9}
2011-09-09 03:34:32 -------- d-----w- c:\users\losguy\appdata\local\{84D87F49-5713-442E-B2D6-499CA6E71623}
2011-09-09 03:34:22 -------- d-----w- c:\users\losguy\appdata\local\{58A10F0F-9F57-43B3-8D97-2CFAB99FAEEA}
2011-09-08 15:34:00 -------- d-----w- c:\users\losguy\appdata\local\{CA2459F5-6B8F-4763-807D-22B2FBF61549}
2011-09-08 15:33:50 -------- d-----w- c:\users\losguy\appdata\local\{DC0DB5AE-1501-470C-82F5-FD1681ADACB8}
2011-09-08 03:33:26 -------- d-----w- c:\users\losguy\appdata\local\{472ECC9F-6CB6-4D9C-9803-5CEC309564F5}
2011-09-08 03:33:16 -------- d-----w- c:\users\losguy\appdata\local\{546D20A8-7C80-42AB-8EEE-95AF2D0AB2F8}
2011-09-07 18:51:59 -------- d-----w- c:\program files\Microsoft Easy Assist
2011-09-07 18:51:48 -------- d-----w- c:\programdata\Applications
2011-09-07 18:28:58 -------- d-----w- c:\program files\Microsoft Security Client
2011-09-07 18:28:45 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-09-07 15:32:53 -------- d-----w- c:\users\losguy\appdata\local\{A7130047-C260-4866-A094-CD019CCBB547}
2011-09-07 15:32:43 -------- d-----w- c:\users\losguy\appdata\local\{50138083-6C1F-4F7D-B57C-764A4D5CCA88}
2011-09-07 03:27:58 -------- d-----w- c:\users\losguy\appdata\local\{0E016E82-AA13-454B-AD7B-370D8F16CF42}
2011-09-07 03:27:48 -------- d-----w- c:\users\losguy\appdata\local\{E24315BA-A8AA-490C-8EED-3996F6CD7B57}
2011-09-06 15:27:24 -------- d-----w- c:\users\losguy\appdata\local\{9F89A0DE-F8AA-43B3-BEA2-08055E9F5527}
2011-09-06 15:27:14 -------- d-----w- c:\users\losguy\appdata\local\{F27B5993-5E90-4246-9E63-7A45084A287D}
2011-09-06 03:26:49 -------- d-----w- c:\users\losguy\appdata\local\{CC8260A7-5645-4501-9417-D97C6B2F6196}
2011-09-06 03:26:39 -------- d-----w- c:\users\losguy\appdata\local\{ED30FED5-C46F-4788-85AD-A12BCA337357}
2011-09-05 22:12:44 -------- d-----w- c:\users\losguy\appdata\roaming\casualArts
2011-09-05 22:12:44 -------- d-----w- c:\programdata\casualArts
2011-09-05 19:18:32 -------- d-----w- c:\program files\Mystery Murders - Jack the Ripper
2011-09-05 15:26:15 -------- d-----w- c:\users\losguy\appdata\local\{85239B19-2677-480D-BD82-03404E2F707E}
2011-09-05 15:26:03 -------- d-----w- c:\users\losguy\appdata\local\{C6470B19-17A2-4739-9E89-5EFEF6A164F1}
2011-09-05 03:25:39 -------- d-----w- c:\users\losguy\appdata\local\{05B59241-B3CB-4FAF-8E53-879595EDD612}
2011-09-05 03:25:28 -------- d-----w- c:\users\losguy\appdata\local\{0117575B-E939-4760-A587-DF1EFFE3A7EA}
2011-09-04 15:25:17 -------- d-----w- c:\users\losguy\appdata\local\{6F7298EE-5280-4A46-AB6C-D8684A72B0D3}
2011-09-04 15:25:06 -------- d-----w- c:\users\losguy\appdata\local\{FF2907EF-B2D8-4D8D-9634-DD846B2D0A27}
2011-09-04 03:24:34 -------- d-----w- c:\users\losguy\appdata\local\{07527DC1-640B-4DC5-BACC-AB405028A375}
2011-09-04 03:24:22 -------- d-----w- c:\users\losguy\appdata\local\{208DCBC8-1B70-48A6-8146-10509D634FC0}
2011-09-03 16:26:02 -------- d-----w- C:\regexp
2011-09-03 15:41:40 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-09-03 15:41:15 -------- d-----w- c:\programdata\Hitman Pro
2011-09-03 15:23:49 -------- d-----w- c:\users\losguy\appdata\local\{1D3922AE-85FD-4BAB-A822-30E2BA76F42B}
2011-09-03 15:23:37 -------- d-----w- c:\users\losguy\appdata\local\{CCD957B9-1263-4C93-AEEE-EDDEB0B7F8DD}
2011-09-03 03:06:53 -------- d-----w- c:\users\losguy\appdata\local\{19866509-2906-4DE2-B1AE-3A8CB2286A5D}
2011-09-03 03:06:44 -------- d-----w- c:\users\losguy\appdata\local\{B3A522FF-AD67-4D46-8080-52967DD0B082}
2011-09-02 15:50:48 -------- d-----w- c:\program files\Enigmatis - The Ghosts of Maple Creek Collector's Edition
2011-09-02 15:06:32 -------- d-----w- c:\users\losguy\appdata\local\{035875E6-6381-46A8-8323-ED147C1E953D}
2011-09-02 15:06:22 -------- d-----w- c:\users\losguy\appdata\local\{8657B0DD-B499-4CEA-B22E-CC7BCC23EF8C}
2011-09-02 03:05:58 -------- d-----w- c:\users\losguy\appdata\local\{0A378BC0-A75A-4568-8380-6092035A3F13}
2011-09-02 03:05:48 -------- d-----w- c:\users\losguy\appdata\local\{A049F6DC-B5B5-4230-9C69-C05AA4028139}
2011-09-01 23:18:15 -------- d-----w- c:\users\losguy\appdata\roaming\DVDFab
2011-09-01 15:43:35 -------- d-----w- c:\program files\The Secrets of Arcelia Island
2011-09-01 15:05:35 -------- d-----w- c:\users\losguy\appdata\local\{AABB1399-E637-4393-8278-9C705516B5D0}
2011-09-01 15:05:25 -------- d-----w- c:\users\losguy\appdata\local\{4A11912C-4CF7-4E06-BDEB-7A4847A883F5}
2011-09-01 03:42:41 -------- d-----w- c:\program files\FixRedirectVirus
2011-08-31 22:07:20 -------- d-----w- c:\program files\Grim Facade - Mystery of Venice Collectors Edition
2011-08-31 21:34:11 -------- d-----w- c:\program files\Awakening - The Goblin Kingdom Collector's Edition
2011-08-31 21:32:36 -------- d-----w- c:\program files\Sonya Collector's Edition
2011-08-31 21:22:11 -------- d-----w- c:\program files\Lost Souls - Enchanted Paintings Collector's Edition
2011-08-31 19:55:44 -------- d-----w- c:\users\losguy\appdata\roaming\Casual Box
2011-08-31 18:42:00 -------- d-----w- c:\users\losguy\appdata\local\{52338CB7-5E88-49FA-8F66-6A58ACAC4F6F}
2011-08-31 18:41:49 -------- d-----w- c:\users\losguy\appdata\local\{3244CE16-7C3D-485E-8EBD-A33DDF7E7758}
2011-08-31 03:58:27 -------- d-----w- c:\users\losguy\appdata\local\{48B2D7FC-96A1-40F2-B95B-F393B4B04DA1}
2011-08-31 03:58:16 -------- d-----w- c:\users\losguy\appdata\local\{6FB7576D-5CC9-48CB-B1AC-1EEA963E6FC5}
2011-08-31 02:20:32 -------- d-----w- c:\programdata\HitPoint Studios
2011-08-30 15:57:54 -------- d-----w- c:\users\losguy\appdata\local\{0690870E-37BB-4D81-8444-807492352736}
2011-08-30 15:57:43 -------- d-----w- c:\users\losguy\appdata\local\{C0095385-CDE9-43F6-B74D-39220A0AC1F5}
2011-08-30 03:57:19 -------- d-----w- c:\users\losguy\appdata\local\{F1335B9F-5B9E-4AEC-B550-924CB23A1C57}
2011-08-30 03:57:09 -------- d-----w- c:\users\losguy\appdata\local\{A2EC494E-0150-4EDC-A9D5-C70B5ED89B96}
2011-08-29 23:26:25 -------- d-----w- c:\users\losguy\appdata\roaming\Fenomen Games
2011-08-29 15:56:46 -------- d-----w- c:\users\losguy\appdata\local\{D2BAF976-3A57-4167-8215-449DF10AF128}
2011-08-29 15:56:36 -------- d-----w- c:\users\losguy\appdata\local\{E431E742-36EF-4180-A070-043493B82BAF}
2011-08-28 16:59:21 -------- d-----w- c:\users\losguy\appdata\local\{3D05F27B-06E1-4FD4-8F5C-4AABD0F69CF8}
2011-08-28 16:59:11 -------- d-----w- c:\users\losguy\appdata\local\{5A6CE4FA-1830-4FA1-993C-B13F734C0F1A}
2011-08-28 04:58:48 -------- d-----w- c:\users\losguy\appdata\local\{FCC7AED9-26C6-450C-8E1A-273906755D61}
2011-08-28 04:58:38 -------- d-----w- c:\users\losguy\appdata\local\{50656AF0-1F1F-490C-958A-D1559DDFC428}
2011-08-27 16:58:17 -------- d-----w- c:\users\losguy\appdata\local\{4D993ECF-DDDD-4B57-A5C3-F90613898FE6}
2011-08-27 16:58:07 -------- d-----w- c:\users\losguy\appdata\local\{CC66B457-DE36-45B9-BB1B-4DF3FC0898D5}
2011-08-26 19:02:28 -------- d-----w- c:\users\losguy\appdata\local\{FF7F2EC1-2FA0-4C14-A598-0035AEA0130B}
2011-08-26 19:02:19 -------- d-----w- c:\users\losguy\appdata\local\{F9ADFF39-A054-4230-A0A8-6E42765B893D}
2011-08-26 03:23:29 -------- d-----w- c:\users\losguy\appdata\local\{92ECE70E-5866-4748-9156-3DBBC42ED9B0}
2011-08-26 03:23:19 -------- d-----w- c:\users\losguy\appdata\local\{232D4714-BABA-407B-96FB-47DB3CA00787}
2011-08-25 15:22:57 -------- d-----w- c:\users\losguy\appdata\local\{EEA3D909-3BBE-4E15-8146-F4FDA3056805}
2011-08-25 15:22:47 -------- d-----w- c:\users\losguy\appdata\local\{50B0F0EB-E879-41FA-BDA3-39F383374ACE}
2011-08-24 18:26:40 -------- d-----w- c:\users\losguy\appdata\local\{0AB9B7F4-B466-4A8D-9143-3944372A7EE2}
2011-08-24 18:26:30 -------- d-----w- c:\users\losguy\appdata\local\{930E4723-F29A-4F5D-8334-FC150C8FE8D0}
2011-08-24 02:53:24 -------- d-----w- c:\users\losguy\appdata\local\{9E37608C-371D-4294-9922-715702B0FB87}
2011-08-24 02:53:14 -------- d-----w- c:\users\losguy\appdata\local\{63A3759F-3827-41AE-8894-30E8AA2CBE55}
2011-08-23 21:02:27 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-23 20:39:23 -------- d-----w- c:\program files\Hidden Expedition - The Uncharted Islands Collector's Edition
2011-08-23 14:52:47 -------- d-----w- c:\users\losguy\appdata\local\{20E6EC97-DEF9-45FA-A4EE-B2E7A5648BFD}
2011-08-23 14:52:24 -------- d-----w- c:\users\losguy\appdata\local\{756E7344-4F63-47D7-BD5A-58A8C7C9F0B5}
2011-08-22 20:05:39 -------- d-----w- c:\users\losguy\appdata\local\{E202787B-3E0E-4A81-A4F3-D90DADDBEF44}
2011-08-22 20:05:28 -------- d-----w- c:\users\losguy\appdata\local\{BC084DD6-A9DA-4BD8-8703-EC583FA1A57D}
2011-08-22 02:38:35 -------- d-----w- c:\users\losguy\appdata\local\{323C1582-1891-4564-B65A-F345852EBD7F}
2011-08-22 02:38:25 -------- d-----w- c:\users\losguy\appdata\local\{3A1C54CA-C923-42AA-80AA-44D479D87FD3}
2011-08-21 14:37:45 -------- d-----w- c:\users\losguy\appdata\local\{6F087426-4E3F-4C0F-A2A9-061C703378C8}
2011-08-21 14:37:31 -------- d-----w- c:\users\losguy\appdata\local\{945BEA65-75C7-4346-B1B2-FEDFEBF028FC}
2011-08-21 02:12:42 -------- d-----w- c:\users\losguy\appdata\local\{A6507D13-B7E6-4422-8445-46C7DA307514}
2011-08-21 02:12:32 -------- d-----w- c:\users\losguy\appdata\local\{5DAA5655-E59C-4E45-9EB1-A4AF64D5C335}
2011-08-20 14:11:54 -------- d-----w- c:\users\losguy\appdata\local\{3C72DC6F-0171-4BB8-ADD3-59FC77FA51D6}
2011-08-20 14:11:40 -------- d-----w- c:\users\losguy\appdata\local\{0B3BE4E3-DBFE-4250-8618-79B4DEFE4DF2}
2011-08-19 21:43:36 -------- d-----w- c:\users\losguy\appdata\local\{21066ABD-9471-45A3-B8E4-40F056E234AE}
2011-08-19 21:43:26 -------- d-----w- c:\users\losguy\appdata\local\{A18E5C10-4005-463A-B83F-FD9F935E04AA}
2011-08-19 03:14:47 -------- d-----w- c:\users\losguy\appdata\local\{6F2B8536-90EF-4DA3-B181-01CA10F75BE3}
2011-08-19 03:14:37 -------- d-----w- c:\users\losguy\appdata\local\{2FD8F0EC-9CEF-4437-B81A-9662004EB1FC}
2011-08-18 15:14:25 -------- d-----w- c:\users\losguy\appdata\local\{9578A2DC-45FD-4DA0-835D-0C4B229D86D7}
2011-08-18 15:14:15 -------- d-----w- c:\users\losguy\appdata\local\{D4667C59-0F2C-4893-A0C6-CBB22CCA0A13}
2011-08-18 03:13:51 -------- d-----w- c:\users\losguy\appdata\local\{1FB2314A-DDC0-448C-811B-5A7F08E895D4}
2011-08-18 03:13:41 -------- d-----w- c:\users\losguy\appdata\local\{BB86BCEF-A960-4613-8C19-C4BBA2D9C709}
2011-08-17 15:13:28 -------- d-----w- c:\users\losguy\appdata\local\{39800425-9BB9-4F72-ABC0-14895860C48B}
2011-08-17 15:13:18 -------- d-----w- c:\users\losguy\appdata\local\{E25BE39F-61DA-4BE6-B6C8-7E651D546383}
2011-08-17 03:12:52 -------- d-----w- c:\users\losguy\appdata\local\{189DD1AF-0DAB-4951-9050-E82613E4DA2F}
2011-08-17 03:12:41 -------- d-----w- c:\users\losguy\appdata\local\{7FA64274-8450-41FC-B0E1-A391554B0465}
2011-08-16 15:12:29 -------- d-----w- c:\users\losguy\appdata\local\{AED4532E-DDEF-4A88-A97C-5E137A5289D0}
2011-08-16 15:12:18 -------- d-----w- c:\users\losguy\appdata\local\{C116D658-05E1-4B29-BB1B-FBEB147CF4AC}
2011-08-15 22:00:14 -------- d-----w- c:\users\losguy\appdata\local\{694EFAA6-FEE8-4EBE-A2AA-1BC7B36FD22C}
2011-08-15 22:00:04 -------- d-----w- c:\users\losguy\appdata\local\{39205615-5C78-41A2-88DD-CAF086A79405}
.
==================== Find3M ====================
.
2011-08-26 18:59:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-15 21:51:40 54144 ----a-w- c:\windows\system32\drivers\dvdfab.sys
2011-07-29 05:22:06 8396800 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-07-29 04:44:08 18388480 ----a-w- c:\windows\system32\atioglxx.dll
2011-07-29 04:41:00 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-29 04:40:46 726528 ----a-w- c:\windows\system32\aticfx32.dll
2011-07-29 04:36:28 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-29 04:35:54 401408 ----a-w- c:\windows\system32\atieclxx.exe
2011-07-29 04:35:26 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-07-29 04:34:12 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-07-29 04:33:56 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-07-29 04:33:44 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-07-29 04:33:36 20992 ----a-w- c:\windows\system32\atimuixx.dll
2011-07-29 04:33:28 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-07-29 04:30:28 4198912 ----a-w- c:\windows\system32\atidxx32.dll
2011-07-29 04:11:44 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-07-29 04:11:16 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-07-29 04:11:04 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-07-29 04:09:12 4256768 ----a-w- c:\windows\system32\atiumdag.dll
2011-07-29 04:07:26 8247296 ----a-w- c:\windows\system32\aticaldd.dll
2011-07-29 04:04:00 4056064 ----a-w- c:\windows\system32\atiumdva.dll
2011-07-29 04:01:50 52736 ----a-w- c:\windows\system32\coinst.dll
2011-07-29 03:54:44 266240 ----a-w- c:\windows\system32\atiadlxx.dll
2011-07-29 03:54:32 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-07-29 03:54:20 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-07-29 03:53:48 247296 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-07-29 03:53:16 31744 ----a-w- c:\windows\system32\atiuxpag.dll
2011-07-29 03:53:02 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-07-29 03:52:40 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2011-07-29 03:52:28 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-07-29 03:51:06 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-07-29 03:51:06 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-07-29 00:49:12 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-07-29 00:48:54 43520 ----a-w- c:\windows\system32\OpenCL.dll
2011-07-29 00:48:36 13555712 ----a-w- c:\windows\system32\amdocl.dll
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-19 22:11:55 71680 --sha-r- c:\windows\system32\consoled.dll
2011-07-19 21:11:30 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-06 01:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-06 01:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-20 08:54:36 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-20 08:54:36 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-17 20:13:55 913296 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-17 16:03:18 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-06-17 13:31:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-10-05 01:54:51 440 ----a-w- c:\program files\1004201018545134.bat
.
============= FINISH: 11:33:32.38 ===============

 

[losguy]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 7/20/2009 1:37:38 PM
System Uptime: 9/13/2011 6:36:21 PM (17 hours ago)
.
Motherboard: Dell Inc. | | 0TP406
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | CPU | 2327/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 54.268 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (FAT32) - 931 GiB total, 210.135 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel(R) 82566DC-2 Gigabit Network Connection
Device ID: PCI\VEN_8086&DEV_294C&SUBSYS_02151028&REV_02\3&172E68DD&0&C8
Manufacturer: Intel
Name: Intel(R) 82566DC-2 Gigabit Network Connection
PNP Device ID: PCI\VEN_8086&DEV_294C&SUBSYS_02151028&REV_02\3&172E68DD&0&C8
Service: e1express
.
==== System Restore Points ===================
.
RP947: 7/19/2011 2:24:11 PM - Removed Adobe Acrobat 9 Pro - English, Russian.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 bit Windows Card Reader Driver
A Gypsy's Tale: The Tower of Secrets
Acrobat.com
Adobe AIR
Adobe Audition 3.0
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.6
Adobe Tube-modeled Compressor
Advertising Center
Agatha Christie Bundle - 3 in 1
Aimersoft Video Studio Express(Build 1.2.0.25)
Alabama Smith Escape from Pompeii
Alabama Smith in the Quest Of Fate
Allora and the Broken Portal
Amanda Rose: The Game of Time
AMD APP SDK Runtime
AMD Catalyst Install Manager
Ancient Spirits: Columbus' Legacy
Annabel
Antress Modern Plugins v3.00
Apple Application Support
Apple Software Update
ArcSoft TotalMedia Backup
Art of Murder: Deadly Secrets
askSam Viewer 7
ASUS E-Green Uninstall
ASUS Turbo Engine v1.0
ATI Catalyst Registration
Autumn's Treasures: The Jade Coin
AVS Audio Converter version 6.3
AVS Image Converter 1.3.3.146
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
Awakening: Moonfell Wood
Awakening: The Dreamless Castle
Awakening: The Goblin Kingdom Collector's Edition
Barnes & Noble Desktop Reader
Big Fish Games: Game Manager
Blood and Ruby
Blood Oath
Brunhilda and the Dark Crystal
Cassandra's Journey: The Legacy of Nostradamus
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Cate West: The Velvet Keys
ccc-utility
CCC Help English
Celtic Lore: Sidhe Hills
Chameleon Gems
Charlaine Harris: Dying for Daylight
Code Compare
Columbus: Ghost of the Mystery Stone
Coupon Printer for Windows
Creative MediaSource 5
CyberLink Power2Go
D3DX10
Dark Parables - Curse Of Briar Rose
Dark Parables: The Exiled Prince Collector's Edition
Dark Ritual
Dark Tales: Edgar Allan Poe`s Murders in the Rue Morgue
Dark Tales: ™ Edgar Allan Poe's The Black Cat
Deadtime Stories
Death at Fairing Point: A Dana Knightstone Novel Collector's Edition
Dell Resource CD
Digital Voice Recorder
DolbyFiles
Drawn The Painted Tower
Drawn: Dark Flight ® Collector's Editon
Dream Chronicles
Dream Chronicles 2
Dream Chronicles 3
Dream Chronicles Bundle 3-in-1
Dream Chronicles: The Book of Air
Dream Chronicles: The Book of Water Collector's Edition
DVDFab 6.2.0.5 (11/11/2009)
DVDFab 7.0.9.3 (08/08/2010)
DVDFab 8.0.8.5 (19/03/2011)
DVDFab 8.1.1.2 (08/08/2011) Qt
DVDFab Passkey 8.0.3.7 (06/09/2011)
DVDFab Region Reset 1.0.0.3
Echoes of Sorrow
Echoes of the Past: The Castle of Shadows
Elixir of Immortality
Emma and the Inventor
Empress of the Deep
Empress of the Deep 2: Song of the Blue Whale Collector's Edition
Enigmatis: The Ghosts of Maple Creek Collector's Edition
Epic Adventure Bundle – 3 in 1
Epic Adventures: Cursed Onboard
Epic Escapes: Dark Seas
EPSON Print CD
EPSON Printer Software
EPSON RX680 User's Guide
EPSON Scan
EPSON Stylus Photo RX680 Series Scanner Driver Update
Escape from Frankenstein's Castle
Escape From Lost Island
Escape from Thunder Island
ESET NOD32 Antivirus
Eternal Night: Realm of Souls
Eternity
Exorcist
F.A.C.E.S. Collector's Edition
Fallen Shadows
Fear for Sale: The Mystery of McInroy Manor Collector's Edition
Fiction Fixers: The Curse of OZ
FixRedirectVirus
G.H.O.S.T Chronicles: Phantom of the Renaissance Faire
Google Earth
Google Update Helper
Gravely Silent: House of Deadlock Collector's Edition
Grim Facade: Mystery of Venice Collector’s Edition
Grim Tales: The Bride Collector's Edition
Hallowed Legends: Samhain Collector's Edition
Haunted Halls: Green Hills Sanitarium Collector's Edition
Haunted Legends: The Bronze Horseman Collector's Edition
Haunted Legends: The Queen of Spades Collector's Edition
Haunted Manor: Lord of Mirrors
Hexus
Hidden Expedition ® - Devil's Triangle
Hidden Expedition: The Uncharted Islands Collector's Edition
Hidden Expedition: Titanic ™
Hidden in Time: Looking-glass Lane
Hidden Mysteries: Salem Secrets
Hidden Mysteries: Vampire Secrets
Hide and Secret: The Lost World
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImagXpress
ImgBurn
INI_ASUS_BLUTUNERV104
Insider Tales: The Stolen Venus 2
Intel(R) PRO Network Connections Drivers
Internet Explorer (Enable DEP)
Java Auto Updater
Java(TM) 6 Update 14
Java(TM) 6 Update 26
John Melas Motif Rack XS Tools 1.5.0
Journey to the Center of the Earth
Junk Mail filter update
Kate Arrow: Deserted Wood
Lara Gates: The Lost Talisman
Letters from Nowhere 2
Lost Chronicles: Fall of Caesar
Lost Chronicles: Salem
Lost in Time: The Clockwork Tower
Lost Souls: Enchanted Paintings Collector's Edition
Love Chronicles: The Sword and the Rose Collector's Edition
Loyalty Bundle – 3 in 1
Luxor 2
Luxor Adventures
Luxor Quest for the Afterlife
Macabre Mysteries: Curse of the Nightingale Collector's Edition
Maestro: Music of Death Collector's Edition
Magic Encyclopedia - Moon Light
Magic Encyclopedia 3: Illusions
Magic Encyclopedia First Story
Mahjongg Dimensions Deluxe
Malwarebytes' Anti-Malware version 1.51.2.1300
Margrave: The Curse of the Severed Heart Collector's Edition
MDBG Chinese Reader
Menu Templates - Starter Kit
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Easy Assist v2
Microsoft Fix it Center
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MidiNotate Player for HitTrax
Midnight Mysteries: Devil on the Mississippi Collector's Edition
Midnight Mysteries: The Edgar Allan Poe Conspiracy
Migo Digital Shredder 4 Premium
Migo Registry Repair 5
Millennium Secrets: Emerald Curse
Mortimer Beckett and the Lost King
Mortimer Beckett and the Secrets of Spooky Manor
Mortimer Beckett Time Paradox
Motif Rack XS Tools 1.7.2
Motif XS Tools 1.8.0
MOTU PCI Audio Driver
Movie Templates - Starter Kit
Mozilla Firefox (3.5.8)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Murder Island - Secret of Tantalus
Musicnotes Software Suite 1.5.3
Mysteries of Magic Island
Mystery Age: The Dark Priests
Mystery Case Files - Dire Grove
Mystery Case Files ®: 13th Skull ™ Collector's Edition
Mystery Case Files: Return to Ravenhearst ™
Mystery Chronicles: Betrayals of Love
Mystery Murders: Jack the Ripper
Mystery PI
Mystery PI The Vegas Heist
Mystery Trackers: The Void Collector's Edition
Mystic Gateways: The Celestial Quest
Nancy Drew - Danger by Design
Nancy Drew and the Creature of Kapu Cave
Nancy Drew: Message in a Haunted Mansion
Nero 9
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero Disc Copy Gadget
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero Live
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
NeroLiveGadget
neroxml
Nightfall Mysteries: Asylum Conspiracy
Nightmare Adventures: The Witch's Prison
Nightmare on the Pacific
Notation Player 2.6.3
NVIDIA GAME System Software 2.8.1
OGA Notifier 2.0.0048.0
Online Bible 10.95
OpenAL
Our Worst Fears: Stained Skin
Paige Harper and the Tome of Mystery
Penny Dreadfuls Sweeney Todd SE
Peterson Firmware Updater
Phantasmat
Princess Isabella: Return of the Curse Collector's Edition
Puppet Show
PuppetShow: Lost Town
QuickTime
Redemption Cemetery: Children's Plight Collector's Edition
Redrum: Time Lies
Reincarnations: Awakening
Reincarnations: Uncover the Past
Robin's Quest: A Legend Born
Sacra Terra: Angelic Night Collector's Edition
Safari
Sandra Fleming Chronicles: The Crystal Skull
Secrets of the Dark: Temple of Night Collector's Edition
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Series II MIDI
Shades of Death: Royal Blood
Shadow Wolf Mysteries: Curse of the Full Moon Collector's Edition
Sherlock Holmes and the Hound of the Baskervilles Collector's Edition
Sherlock Holmes: The Hound of the Baskervilles Collector's Edition
Shiver: Vanishing Hitchhiker Collector's Edition
Shutter Island
Simplified Chinese TTS
Skymist - The Lost Spirit Stones
Snark Busters: All Revved up
Snark Busters: Welcome to the Club
Sonya Collector's Edition
Sound Blaster X-Fi
SoundTrax
Spirit Seasons: Little Ghost Story
Spirits of Mystery: Amber Maiden Collector's Edition
Steinberg HALionOne GM Set
Stomp Classic Editor
Stray Souls: Dollhouse Story Collector's Edition
Sudoku Maya Gold
swMSM
Syncrosoft License Control
Tearstone
The Agency of Anomalies: Mystic Hospital Collector's Edition
The Clockwork Man - The Hidden World
The Curse of the Ring
The Dark Hills of Cherai
The Fall Trilogy Chapter 3: Revelation
The Lord of the Rings FREE Trial
The Lost Cases of Sherlock Holmes 2
The Lost Inca Prophecy
The Mystery of the Crystal Portal: Beyond the Horizon
The Secret Legacy: A Kate Brooks Adventure
The Secret of Hildegards
The Secrets of Arcelia Island
The Stroke of Midnight
The Treasures of Mystery Island: The Gates of Fate
Time Dreamer
Time Mysteries: Inheritance
Timeless: The Forgotten Town
Treasure Seekers 2
Treasure Seekers 3
Treasure Seekers: The Time Has Come Collector's Edition
TSP_CODEC
Twisted Lands: Shadow Town Collector's Edition
Twisted: A Haunted Carol
Ultimate Extras sounds from Microsoft® Tinker™
UltraCompare v7.00
Unsolved Mystery Club: Ancient Astronauts Collector's Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Veronica Rivers: The Order Of Conspiracy
Victorian Mysteries: Woman in White
ViewSonic Windows Vista Signed Files
Voodoo Whisperer: Curse of a Legend
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Windows Password Recovery Tool 3.0
Windows Sound Schemes
WinZip 15.5
Women’s Murder Club - Little Black Lies
Women’s Murder Club - Triple Crime Pack
Women’s Murder Club Twice in a Blue Moon
Written Legends: Nightmare at Sea
Xvid 1.2.1 final uninstall
Yamaha MOTIF-RACK XS Editor VST
Yamaha MOTIF-RACK XS Extension
Yamaha Studio Manager
Yamaha USB-MIDI Driver
.
==== Event Viewer Messages From Past Week ========
.
9/13/2011 9:00:21 AM, Error: EventLog [6008] - The previous system shutdown at 8:59:02 AM on 9/13/2011 was unexpected.
9/13/2011 6:38:09 PM, Error: Microsoft-Windows-LanguagePackSetup [1001] - Application initialization failed. Last error: 0x80070032
9/13/2011 10:15:54 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
9/13/2011 10:15:54 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/13/2011 10:15:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/12/2011 7:48:32 AM, Error: EventLog [6008] - The previous system shutdown at 9:32:44 PM on 9/11/2011 was unexpected.
9/11/2011 8:21:31 AM, Error: Microsoft-Windows-LanguagePackSetup [1001] - Application initialization failed. Last error: 0x80004005
9/11/2011 8:03:06 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package SP2 Language Pack (Language Pack) into Installed(Installed) state
9/11/2011 8:03:06 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Language Pack (Language Pack) into Installed(Installed) state
.
==== End Of File ===========================

 

[losguy]

Part 1 GMER (Text too long for whole log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-14 11:24:44
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.12.0
Running: 5jzbf6sd.exe; Driver: C:\Users\losguy\AppData\Local\Temp\uxlyiuod.sys


---- Kernel code sections - GMER 1.0.15 ----

Edit to delete GMER log> request repost with WordWrap off and no 'show all'.

 

[losguy]

Part #2 GMER

Edit to delete excess GMER log and request report with Word Wrap off.

 

[losguy]

Part #3 GMER

Edit to delete excess GMER log. Request repost with Word Wrap off.

 

[losguy]

Part #4 GMER

Edit to delete excess GMER log and request repost with Word Wrap off.

 

[losguy]

Interesting side note about the virus

I find that the virus only does ten (10) redirects before it will let you go to the proper link...

 

[Bobbye]

You will notice that I have deleted the GMER log. That was done for 2 reasons:

1. The log was excessively long because you did not follow this:

Warning! Please do not select the "Show all" checkbox during the scan.

2. When you open Notepad for the log, click on Format> Uncheck Word Wrap,

Please repost the GMER log observing both of the above.
===========================================
I don't know of any malware that causes a search redirect that schedules 10 redirects, then correct search.
Your system is almost entirely installed with games.
You have little security. You have Eset Nod32, no antimalware programs.
I see Microsoft Security Essentials installed, but not running- you can only run one AV.

The last reply you made is the first information that the problem is a redirecting on searches. You have not given me any history on what this means:

I still have the virus

You ran c:\program files\FixRedirectVirus which you now know didn't work. The reason is because there is no one reason for a redirect. Almost any malware can cause it and depending on what it is, then the appropriate program is chosen.

You installed Hitman Pro, which is just s bundle of free programs, all available on the internet. The scan is that HMP will only remove entries free during the trial period. All of the individual free programs on he internet are fully functional.
=============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once installed, you should see a blue screen prompt that says:
  The Recovery Console was successfully installed.
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
==============================

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.