I still have the virus

By losguy · 14 replies
Sep 15, 2011
  1. I still have the virus can you help...?

    Malware Log...

    Malwarebytes' Anti-Malware

    Database version: 7716

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    9/14/2011 11:47:14 AM
    mbam-log-2011-09-14 (11-47-14).txt

    Scan type: Quick scan
    Objects scanned: 206543
    Time elapsed: 10 minute(s), 29 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  2. losguy

    losguy TS Rookie Topic Starter

    Here are the other logs

    These are the other logs that you have requested...

    Attached Files:

  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Welcome to TechSpot!. I'll help with the malware but you will need to paste the logs in- we do not review attached logs.

    Please read all of the instructions carefully.
    I will review the logs after you have posted all of them. I would also appreciate it if you tell me
    1. what virus are you referring to?
    2. Have you been trying to remove it? How? Where?
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
  4. losguy

    losguy TS Rookie Topic Starter

    Google Redirect virus...

    Let me knoiw what logs you need...
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    I need all of these pasted into your next reply:
    And the answers to these:
  6. losguy

    losguy TS Rookie Topic Starter


    These are in post #2 but I will resend them...

    Attached Files:

  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Please read- again:
    Post 2 and post 6:
  8. losguy

    losguy TS Rookie Topic Starter

    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by losguy at 11:32:49 on 2011-09-14
    Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3069.1302 [GMT -7:00]
    AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ============== Running Processes ===============
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\DVDFab Passkey\DVDFabPasskey.exe
    C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    ============== Pseudo HJT Report ===============
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    uStart Page = about:blank
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} -
    TB: {C44F9E21-D93F-490C-B41C-B3548BDD19FC} - No File
    TB: {38542454-DFB6-44F5-B052-D4E071A3D073} - No File
    TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    uRun: [EPSON Stylus Photo RX680 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticja.exe /fu "c:\users\losguy\appdata\local\temp\E_SA761.tmp" /EF "HKCU"
    uRun: [DVDFab Passkey] "c:\program files\dvdfab passkey\DVDFabPasskey.exe"
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
    mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
    mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\users\losguy\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\totalm~1.lnk - c:\program files\arcsoft\totalmedia backup\uBBMonitor.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    Trusted Zone: librivox.org\catalog
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
    DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
    DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Youda%20Legend%20-%20The%20Curse%20of%20the%20Amsterdam%20Diamond/Images/stg_drm.ocx
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
    DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer =
    TCP: Interfaces\{F2164D75-075D-4C1A-AADA-46FD93ED6920} : DhcpNameServer =
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
    ================= FIREFOX ===================
    FF - ProfilePath - c:\users\losguy\appdata\roaming\mozilla\firefox\profiles\wanqa7uf.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
    FF - plugin: c:\program files\common files\oberon media\ncadapter\\npapicomadapter.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\musicnotes\npmusicn.dll
    FF - plugin: c:\program files\musicnotes\NPSibelius.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\losguy\appdata\roaming\move networks\plugins\npqmp071706000001.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: TV-Fox: {2f17f610-5e97-4fed-828f-9940b7b577a4} - %profile%\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
    FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
    ============= SERVICES / DRIVERS ===============
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-5-27 176128]
    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-20 21504]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-12 366152]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-7-28 8396800]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-7-28 247296]
    R3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [2011-4-28 54144]
    R3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\drivers\inidvd.sys [2011-4-7 15640]
    R3 MAWGSIF;MOTU PCI GSIF Driver;c:\windows\system32\drivers\mawgsif.sys [2007-2-7 23048]
    R3 MAWWAVE;MOTU PCI Wave Driver;c:\windows\system32\drivers\mawwave.sys [2007-2-7 57352]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-12 22216]
    R3 Motuaw;Motuaw;c:\windows\system32\drivers\motuaw.sys [2007-2-7 347656]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 CleanService;CleanService;c:\program files\migo software\digital shredder 4\CleanService.exe [2007-8-27 64000]
    S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
    S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2009-10-28 23288]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbw.sys [2009-8-4 33736]
    S4 gupdate1ca09b11e1d5a17;Google Update Service (gupdate1ca09b11e1d5a17);c:\program files\google\update\GoogleUpdate.exe [2009-7-20 133104]
    S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-20 133104]
    =============== Created Last 30 ================
    2011-09-13 20:11:05 -------- d-----w- c:\users\losguy\appdata\local\{E3A589CB-E191-4214-A810-07F9F17B8BA2}
    2011-09-13 20:10:55 -------- d-----w- c:\users\losguy\appdata\local\{83955BC6-73E8-4EDC-A1B8-EDD3E9FCCD64}
    2011-09-13 17:09:57 -------- d-----w- c:\program files\AMD APP
    2011-09-13 08:10:31 -------- d-----w- c:\users\losguy\appdata\local\{5AAE9E7E-319F-4494-9B2E-476A74A51E64}
    2011-09-13 08:10:21 -------- d-----w- c:\users\losguy\appdata\local\{2F3D1FD7-7E2A-43E8-BDF7-20A549D96A19}
    2011-09-12 20:39:46 -------- d-----w- c:\windows\pss
    2011-09-12 20:17:42 -------- d-----w- c:\users\losguy\appdata\roaming\Malwarebytes
    2011-09-12 20:17:35 -------- d-----w- c:\programdata\Malwarebytes
    2011-09-12 20:17:32 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-12 20:17:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-12 20:09:57 -------- d-----w- c:\users\losguy\appdata\local\{AD3C32A9-32E3-4B2A-91CC-B4C1B5812AC4}
    2011-09-12 20:09:47 -------- d-----w- c:\users\losguy\appdata\local\{89FF5FC4-B894-4C1A-B536-41FAF5E16E5F}
    2011-09-12 04:01:55 -------- d-----w- c:\users\losguy\appdata\local\{0CF6A1A6-933F-413E-97F0-C76E3352AAF9}
    2011-09-12 04:01:45 -------- d-----w- c:\users\losguy\appdata\local\{05464AEF-169C-496B-A85C-C32108F1BFDD}
    2011-09-11 03:36:37 -------- d-----w- c:\users\losguy\appdata\local\{6AD114EE-55B8-49F7-8E52-BECD21AF2FF0}
    2011-09-11 03:36:27 -------- d-----w- c:\users\losguy\appdata\local\{1D362D38-835D-475E-B684-51B92C7797A5}
    2011-09-10 15:36:03 -------- d-----w- c:\users\losguy\appdata\local\{5A303394-7B28-4FD6-83B2-31FE1C332395}
    2011-09-10 15:35:52 -------- d-----w- c:\users\losguy\appdata\local\{BB97CABB-1183-47D3-9D93-96802EC71EAA}
    2011-09-10 06:33:14 -------- d-----w- c:\users\losguy\appdata\local\FixItCenter
    2011-09-10 03:35:28 -------- d-----w- c:\users\losguy\appdata\local\{68F46883-51BC-4A3B-8406-DD18A8428B1D}
    2011-09-10 03:35:18 -------- d-----w- c:\users\losguy\appdata\local\{6A81BAEF-B94E-44FD-8ABE-3F37190A568E}
    2011-09-09 17:52:58 -------- d-----w- c:\program files\Redemption Cemetery - Children's Plight Collector's Edition
    2011-09-09 15:59:05 -------- d-----w- c:\program files\Haunted Legends - The Bronze Horseman Collectors Edition
    2011-09-09 15:35:06 -------- d-----w- c:\users\losguy\appdata\local\{B61FD4CD-9860-4B96-A6C2-2CE54CA6A097}
    2011-09-09 15:34:56 -------- d-----w- c:\users\losguy\appdata\local\{1D927975-93BE-4FCE-9E35-E60EC8DB8DD9}
    2011-09-09 03:34:32 -------- d-----w- c:\users\losguy\appdata\local\{84D87F49-5713-442E-B2D6-499CA6E71623}
    2011-09-09 03:34:22 -------- d-----w- c:\users\losguy\appdata\local\{58A10F0F-9F57-43B3-8D97-2CFAB99FAEEA}
    2011-09-08 15:34:00 -------- d-----w- c:\users\losguy\appdata\local\{CA2459F5-6B8F-4763-807D-22B2FBF61549}
    2011-09-08 15:33:50 -------- d-----w- c:\users\losguy\appdata\local\{DC0DB5AE-1501-470C-82F5-FD1681ADACB8}
    2011-09-08 03:33:26 -------- d-----w- c:\users\losguy\appdata\local\{472ECC9F-6CB6-4D9C-9803-5CEC309564F5}
    2011-09-08 03:33:16 -------- d-----w- c:\users\losguy\appdata\local\{546D20A8-7C80-42AB-8EEE-95AF2D0AB2F8}
    2011-09-07 18:51:59 -------- d-----w- c:\program files\Microsoft Easy Assist
    2011-09-07 18:51:48 -------- d-----w- c:\programdata\Applications
    2011-09-07 18:28:58 -------- d-----w- c:\program files\Microsoft Security Client
    2011-09-07 18:28:45 221568 ----a-w- c:\windows\system32\drivers\netio.sys
    2011-09-07 15:32:53 -------- d-----w- c:\users\losguy\appdata\local\{A7130047-C260-4866-A094-CD019CCBB547}
    2011-09-07 15:32:43 -------- d-----w- c:\users\losguy\appdata\local\{50138083-6C1F-4F7D-B57C-764A4D5CCA88}
    2011-09-07 03:27:58 -------- d-----w- c:\users\losguy\appdata\local\{0E016E82-AA13-454B-AD7B-370D8F16CF42}
    2011-09-07 03:27:48 -------- d-----w- c:\users\losguy\appdata\local\{E24315BA-A8AA-490C-8EED-3996F6CD7B57}
    2011-09-06 15:27:24 -------- d-----w- c:\users\losguy\appdata\local\{9F89A0DE-F8AA-43B3-BEA2-08055E9F5527}
    2011-09-06 15:27:14 -------- d-----w- c:\users\losguy\appdata\local\{F27B5993-5E90-4246-9E63-7A45084A287D}
    2011-09-06 03:26:49 -------- d-----w- c:\users\losguy\appdata\local\{CC8260A7-5645-4501-9417-D97C6B2F6196}
    2011-09-06 03:26:39 -------- d-----w- c:\users\losguy\appdata\local\{ED30FED5-C46F-4788-85AD-A12BCA337357}
    2011-09-05 22:12:44 -------- d-----w- c:\users\losguy\appdata\roaming\casualArts
    2011-09-05 22:12:44 -------- d-----w- c:\programdata\casualArts
    2011-09-05 19:18:32 -------- d-----w- c:\program files\Mystery Murders - Jack the Ripper
    2011-09-05 15:26:15 -------- d-----w- c:\users\losguy\appdata\local\{85239B19-2677-480D-BD82-03404E2F707E}
    2011-09-05 15:26:03 -------- d-----w- c:\users\losguy\appdata\local\{C6470B19-17A2-4739-9E89-5EFEF6A164F1}
    2011-09-05 03:25:39 -------- d-----w- c:\users\losguy\appdata\local\{05B59241-B3CB-4FAF-8E53-879595EDD612}
    2011-09-05 03:25:28 -------- d-----w- c:\users\losguy\appdata\local\{0117575B-E939-4760-A587-DF1EFFE3A7EA}
    2011-09-04 15:25:17 -------- d-----w- c:\users\losguy\appdata\local\{6F7298EE-5280-4A46-AB6C-D8684A72B0D3}
    2011-09-04 15:25:06 -------- d-----w- c:\users\losguy\appdata\local\{FF2907EF-B2D8-4D8D-9634-DD846B2D0A27}
    2011-09-04 03:24:34 -------- d-----w- c:\users\losguy\appdata\local\{07527DC1-640B-4DC5-BACC-AB405028A375}
    2011-09-04 03:24:22 -------- d-----w- c:\users\losguy\appdata\local\{208DCBC8-1B70-48A6-8146-10509D634FC0}
    2011-09-03 16:26:02 -------- d-----w- C:\regexp
    2011-09-03 15:41:40 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-09-03 15:41:15 -------- d-----w- c:\programdata\Hitman Pro
    2011-09-03 15:23:49 -------- d-----w- c:\users\losguy\appdata\local\{1D3922AE-85FD-4BAB-A822-30E2BA76F42B}
    2011-09-03 15:23:37 -------- d-----w- c:\users\losguy\appdata\local\{CCD957B9-1263-4C93-AEEE-EDDEB0B7F8DD}
    2011-09-03 03:06:53 -------- d-----w- c:\users\losguy\appdata\local\{19866509-2906-4DE2-B1AE-3A8CB2286A5D}
    2011-09-03 03:06:44 -------- d-----w- c:\users\losguy\appdata\local\{B3A522FF-AD67-4D46-8080-52967DD0B082}
    2011-09-02 15:50:48 -------- d-----w- c:\program files\Enigmatis - The Ghosts of Maple Creek Collector's Edition
    2011-09-02 15:06:32 -------- d-----w- c:\users\losguy\appdata\local\{035875E6-6381-46A8-8323-ED147C1E953D}
    2011-09-02 15:06:22 -------- d-----w- c:\users\losguy\appdata\local\{8657B0DD-B499-4CEA-B22E-CC7BCC23EF8C}
    2011-09-02 03:05:58 -------- d-----w- c:\users\losguy\appdata\local\{0A378BC0-A75A-4568-8380-6092035A3F13}
    2011-09-02 03:05:48 -------- d-----w- c:\users\losguy\appdata\local\{A049F6DC-B5B5-4230-9C69-C05AA4028139}
    2011-09-01 23:18:15 -------- d-----w- c:\users\losguy\appdata\roaming\DVDFab
    2011-09-01 15:43:35 -------- d-----w- c:\program files\The Secrets of Arcelia Island
    2011-09-01 15:05:35 -------- d-----w- c:\users\losguy\appdata\local\{AABB1399-E637-4393-8278-9C705516B5D0}
    2011-09-01 15:05:25 -------- d-----w- c:\users\losguy\appdata\local\{4A11912C-4CF7-4E06-BDEB-7A4847A883F5}
    2011-09-01 03:42:41 -------- d-----w- c:\program files\FixRedirectVirus
    2011-08-31 22:07:20 -------- d-----w- c:\program files\Grim Facade - Mystery of Venice Collectors Edition
    2011-08-31 21:34:11 -------- d-----w- c:\program files\Awakening - The Goblin Kingdom Collector's Edition
    2011-08-31 21:32:36 -------- d-----w- c:\program files\Sonya Collector's Edition
    2011-08-31 21:22:11 -------- d-----w- c:\program files\Lost Souls - Enchanted Paintings Collector's Edition
    2011-08-31 19:55:44 -------- d-----w- c:\users\losguy\appdata\roaming\Casual Box
    2011-08-31 18:42:00 -------- d-----w- c:\users\losguy\appdata\local\{52338CB7-5E88-49FA-8F66-6A58ACAC4F6F}
    2011-08-31 18:41:49 -------- d-----w- c:\users\losguy\appdata\local\{3244CE16-7C3D-485E-8EBD-A33DDF7E7758}
    2011-08-31 03:58:27 -------- d-----w- c:\users\losguy\appdata\local\{48B2D7FC-96A1-40F2-B95B-F393B4B04DA1}
    2011-08-31 03:58:16 -------- d-----w- c:\users\losguy\appdata\local\{6FB7576D-5CC9-48CB-B1AC-1EEA963E6FC5}
    2011-08-31 02:20:32 -------- d-----w- c:\programdata\HitPoint Studios
    2011-08-30 15:57:54 -------- d-----w- c:\users\losguy\appdata\local\{0690870E-37BB-4D81-8444-807492352736}
    2011-08-30 15:57:43 -------- d-----w- c:\users\losguy\appdata\local\{C0095385-CDE9-43F6-B74D-39220A0AC1F5}
    2011-08-30 03:57:19 -------- d-----w- c:\users\losguy\appdata\local\{F1335B9F-5B9E-4AEC-B550-924CB23A1C57}
    2011-08-30 03:57:09 -------- d-----w- c:\users\losguy\appdata\local\{A2EC494E-0150-4EDC-A9D5-C70B5ED89B96}
    2011-08-29 23:26:25 -------- d-----w- c:\users\losguy\appdata\roaming\Fenomen Games
    2011-08-29 15:56:46 -------- d-----w- c:\users\losguy\appdata\local\{D2BAF976-3A57-4167-8215-449DF10AF128}
    2011-08-29 15:56:36 -------- d-----w- c:\users\losguy\appdata\local\{E431E742-36EF-4180-A070-043493B82BAF}
    2011-08-28 16:59:21 -------- d-----w- c:\users\losguy\appdata\local\{3D05F27B-06E1-4FD4-8F5C-4AABD0F69CF8}
    2011-08-28 16:59:11 -------- d-----w- c:\users\losguy\appdata\local\{5A6CE4FA-1830-4FA1-993C-B13F734C0F1A}
    2011-08-28 04:58:48 -------- d-----w- c:\users\losguy\appdata\local\{FCC7AED9-26C6-450C-8E1A-273906755D61}
    2011-08-28 04:58:38 -------- d-----w- c:\users\losguy\appdata\local\{50656AF0-1F1F-490C-958A-D1559DDFC428}
    2011-08-27 16:58:17 -------- d-----w- c:\users\losguy\appdata\local\{4D993ECF-DDDD-4B57-A5C3-F90613898FE6}
    2011-08-27 16:58:07 -------- d-----w- c:\users\losguy\appdata\local\{CC66B457-DE36-45B9-BB1B-4DF3FC0898D5}
    2011-08-26 19:02:28 -------- d-----w- c:\users\losguy\appdata\local\{FF7F2EC1-2FA0-4C14-A598-0035AEA0130B}
    2011-08-26 19:02:19 -------- d-----w- c:\users\losguy\appdata\local\{F9ADFF39-A054-4230-A0A8-6E42765B893D}
    2011-08-26 03:23:29 -------- d-----w- c:\users\losguy\appdata\local\{92ECE70E-5866-4748-9156-3DBBC42ED9B0}
    2011-08-26 03:23:19 -------- d-----w- c:\users\losguy\appdata\local\{232D4714-BABA-407B-96FB-47DB3CA00787}
    2011-08-25 15:22:57 -------- d-----w- c:\users\losguy\appdata\local\{EEA3D909-3BBE-4E15-8146-F4FDA3056805}
    2011-08-25 15:22:47 -------- d-----w- c:\users\losguy\appdata\local\{50B0F0EB-E879-41FA-BDA3-39F383374ACE}
    2011-08-24 18:26:40 -------- d-----w- c:\users\losguy\appdata\local\{0AB9B7F4-B466-4A8D-9143-3944372A7EE2}
    2011-08-24 18:26:30 -------- d-----w- c:\users\losguy\appdata\local\{930E4723-F29A-4F5D-8334-FC150C8FE8D0}
    2011-08-24 02:53:24 -------- d-----w- c:\users\losguy\appdata\local\{9E37608C-371D-4294-9922-715702B0FB87}
    2011-08-24 02:53:14 -------- d-----w- c:\users\losguy\appdata\local\{63A3759F-3827-41AE-8894-30E8AA2CBE55}
    2011-08-23 21:02:27 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-08-23 20:39:23 -------- d-----w- c:\program files\Hidden Expedition - The Uncharted Islands Collector's Edition
    2011-08-23 14:52:47 -------- d-----w- c:\users\losguy\appdata\local\{20E6EC97-DEF9-45FA-A4EE-B2E7A5648BFD}
    2011-08-23 14:52:24 -------- d-----w- c:\users\losguy\appdata\local\{756E7344-4F63-47D7-BD5A-58A8C7C9F0B5}
    2011-08-22 20:05:39 -------- d-----w- c:\users\losguy\appdata\local\{E202787B-3E0E-4A81-A4F3-D90DADDBEF44}
    2011-08-22 20:05:28 -------- d-----w- c:\users\losguy\appdata\local\{BC084DD6-A9DA-4BD8-8703-EC583FA1A57D}
    2011-08-22 02:38:35 -------- d-----w- c:\users\losguy\appdata\local\{323C1582-1891-4564-B65A-F345852EBD7F}
    2011-08-22 02:38:25 -------- d-----w- c:\users\losguy\appdata\local\{3A1C54CA-C923-42AA-80AA-44D479D87FD3}
    2011-08-21 14:37:45 -------- d-----w- c:\users\losguy\appdata\local\{6F087426-4E3F-4C0F-A2A9-061C703378C8}
    2011-08-21 14:37:31 -------- d-----w- c:\users\losguy\appdata\local\{945BEA65-75C7-4346-B1B2-FEDFEBF028FC}
    2011-08-21 02:12:42 -------- d-----w- c:\users\losguy\appdata\local\{A6507D13-B7E6-4422-8445-46C7DA307514}
    2011-08-21 02:12:32 -------- d-----w- c:\users\losguy\appdata\local\{5DAA5655-E59C-4E45-9EB1-A4AF64D5C335}
    2011-08-20 14:11:54 -------- d-----w- c:\users\losguy\appdata\local\{3C72DC6F-0171-4BB8-ADD3-59FC77FA51D6}
    2011-08-20 14:11:40 -------- d-----w- c:\users\losguy\appdata\local\{0B3BE4E3-DBFE-4250-8618-79B4DEFE4DF2}
    2011-08-19 21:43:36 -------- d-----w- c:\users\losguy\appdata\local\{21066ABD-9471-45A3-B8E4-40F056E234AE}
    2011-08-19 21:43:26 -------- d-----w- c:\users\losguy\appdata\local\{A18E5C10-4005-463A-B83F-FD9F935E04AA}
    2011-08-19 03:14:47 -------- d-----w- c:\users\losguy\appdata\local\{6F2B8536-90EF-4DA3-B181-01CA10F75BE3}
    2011-08-19 03:14:37 -------- d-----w- c:\users\losguy\appdata\local\{2FD8F0EC-9CEF-4437-B81A-9662004EB1FC}
    2011-08-18 15:14:25 -------- d-----w- c:\users\losguy\appdata\local\{9578A2DC-45FD-4DA0-835D-0C4B229D86D7}
    2011-08-18 15:14:15 -------- d-----w- c:\users\losguy\appdata\local\{D4667C59-0F2C-4893-A0C6-CBB22CCA0A13}
    2011-08-18 03:13:51 -------- d-----w- c:\users\losguy\appdata\local\{1FB2314A-DDC0-448C-811B-5A7F08E895D4}
    2011-08-18 03:13:41 -------- d-----w- c:\users\losguy\appdata\local\{BB86BCEF-A960-4613-8C19-C4BBA2D9C709}
    2011-08-17 15:13:28 -------- d-----w- c:\users\losguy\appdata\local\{39800425-9BB9-4F72-ABC0-14895860C48B}
    2011-08-17 15:13:18 -------- d-----w- c:\users\losguy\appdata\local\{E25BE39F-61DA-4BE6-B6C8-7E651D546383}
    2011-08-17 03:12:52 -------- d-----w- c:\users\losguy\appdata\local\{189DD1AF-0DAB-4951-9050-E82613E4DA2F}
    2011-08-17 03:12:41 -------- d-----w- c:\users\losguy\appdata\local\{7FA64274-8450-41FC-B0E1-A391554B0465}
    2011-08-16 15:12:29 -------- d-----w- c:\users\losguy\appdata\local\{AED4532E-DDEF-4A88-A97C-5E137A5289D0}
    2011-08-16 15:12:18 -------- d-----w- c:\users\losguy\appdata\local\{C116D658-05E1-4B29-BB1B-FBEB147CF4AC}
    2011-08-15 22:00:14 -------- d-----w- c:\users\losguy\appdata\local\{694EFAA6-FEE8-4EBE-A2AA-1BC7B36FD22C}
    2011-08-15 22:00:04 -------- d-----w- c:\users\losguy\appdata\local\{39205615-5C78-41A2-88DD-CAF086A79405}
    ==================== Find3M ====================
    2011-08-26 18:59:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-08-15 21:51:40 54144 ----a-w- c:\windows\system32\drivers\dvdfab.sys
    2011-07-29 05:22:06 8396800 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2011-07-29 04:44:08 18388480 ----a-w- c:\windows\system32\atioglxx.dll
    2011-07-29 04:41:00 151552 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-07-29 04:40:46 726528 ----a-w- c:\windows\system32\aticfx32.dll
    2011-07-29 04:36:28 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-07-29 04:35:54 401408 ----a-w- c:\windows\system32\atieclxx.exe
    2011-07-29 04:35:26 176128 ----a-w- c:\windows\system32\atiesrxx.exe
    2011-07-29 04:34:12 159744 ----a-w- c:\windows\system32\atitmmxx.dll
    2011-07-29 04:33:56 356352 ----a-w- c:\windows\system32\atipdlxx.dll
    2011-07-29 04:33:44 278528 ----a-w- c:\windows\system32\Oemdspif.dll
    2011-07-29 04:33:36 20992 ----a-w- c:\windows\system32\atimuixx.dll
    2011-07-29 04:33:28 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2011-07-29 04:30:28 4198912 ----a-w- c:\windows\system32\atidxx32.dll
    2011-07-29 04:11:44 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
    2011-07-29 04:11:16 46080 ----a-w- c:\windows\system32\aticalrt.dll
    2011-07-29 04:11:04 44032 ----a-w- c:\windows\system32\aticalcl.dll
    2011-07-29 04:09:12 4256768 ----a-w- c:\windows\system32\atiumdag.dll
    2011-07-29 04:07:26 8247296 ----a-w- c:\windows\system32\aticaldd.dll
    2011-07-29 04:04:00 4056064 ----a-w- c:\windows\system32\atiumdva.dll
    2011-07-29 04:01:50 52736 ----a-w- c:\windows\system32\coinst.dll
    2011-07-29 03:54:44 266240 ----a-w- c:\windows\system32\atiadlxx.dll
    2011-07-29 03:54:32 13312 ----a-w- c:\windows\system32\atiglpxx.dll
    2011-07-29 03:54:20 32768 ----a-w- c:\windows\system32\atigktxx.dll
    2011-07-29 03:53:48 247296 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2011-07-29 03:53:16 31744 ----a-w- c:\windows\system32\atiuxpag.dll
    2011-07-29 03:53:02 29184 ----a-w- c:\windows\system32\atiu9pag.dll
    2011-07-29 03:52:40 37376 ----a-w- c:\windows\system32\atitmpxx.dll
    2011-07-29 03:52:28 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2011-07-29 03:51:06 52736 ----a-w- c:\windows\system32\atimpc32.dll
    2011-07-29 03:51:06 52736 ----a-w- c:\windows\system32\amdpcom32.dll
    2011-07-29 00:49:12 53760 ----a-w- c:\windows\system32\OVDecode.dll
    2011-07-29 00:48:54 43520 ----a-w- c:\windows\system32\OpenCL.dll
    2011-07-29 00:48:36 13555712 ----a-w- c:\windows\system32\amdocl.dll
    2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
    2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-07-19 22:11:55 71680 --sha-r- c:\windows\system32\consoled.dll
    2011-07-19 21:11:30 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-07-06 01:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-07-06 01:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-06-20 08:54:36 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-06-20 08:54:36 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-06-17 20:13:55 913296 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-06-17 16:03:18 375808 ----a-w- c:\windows\system32\winsrv.dll
    2011-06-17 13:31:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2010-10-05 01:54:51 440 ----a-w- c:\program files\1004201018545134.bat
    ============= FINISH: 11:33:32.38 ===============
  9. losguy

    losguy TS Rookie Topic Starter

    DDS (Ver_2011-08-26.01)
    Microsoft® Windows Vista™ Ultimate
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/20/2009 1:37:38 PM
    System Uptime: 9/13/2011 6:36:21 PM (17 hours ago)
    Motherboard: Dell Inc. | | 0TP406
    Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | CPU | 2327/1333mhz
    ==== Disk Partitions =========================
    C: is FIXED (NTFS) - 298 GiB total, 54.268 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is FIXED (FAT32) - 931 GiB total, 210.135 GiB free.
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    K: is Removable
    ==== Disabled Device Manager Items =============
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Intel(R) 82566DC-2 Gigabit Network Connection
    Device ID: PCI\VEN_8086&DEV_294C&SUBSYS_02151028&REV_02\3&172E68DD&0&C8
    Manufacturer: Intel
    Name: Intel(R) 82566DC-2 Gigabit Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_294C&SUBSYS_02151028&REV_02\3&172E68DD&0&C8
    Service: e1express
    ==== System Restore Points ===================
    RP947: 7/19/2011 2:24:11 PM - Removed Adobe Acrobat 9 Pro - English, Russian.
    ==== Installed Programs ======================
    Update for Microsoft Office 2007 (KB2508958)
    32 bit Windows Card Reader Driver
    A Gypsy's Tale: The Tower of Secrets
    Adobe AIR
    Adobe Audition 3.0
    Adobe Flash Player 10 ActiveX
    Adobe Reader X (10.1.0)
    Adobe Shockwave Player 11.6
    Adobe Tube-modeled Compressor
    Advertising Center
    Agatha Christie Bundle - 3 in 1
    Aimersoft Video Studio Express(Build
    Alabama Smith Escape from Pompeii
    Alabama Smith in the Quest Of Fate
    Allora and the Broken Portal
    Amanda Rose: The Game of Time
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    Ancient Spirits: Columbus' Legacy
    Antress Modern Plugins v3.00
    Apple Application Support
    Apple Software Update
    ArcSoft TotalMedia Backup
    Art of Murder: Deadly Secrets
    askSam Viewer 7
    ASUS E-Green Uninstall
    ASUS Turbo Engine v1.0
    ATI Catalyst Registration
    Autumn's Treasures: The Jade Coin
    AVS Audio Converter version 6.3
    AVS Image Converter
    AVS Update Manager 1.0
    AVS Video Converter 7
    AVS4YOU Software Navigator 1.4
    Awakening: Moonfell Wood
    Awakening: The Dreamless Castle
    Awakening: The Goblin Kingdom Collector's Edition
    Barnes & Noble Desktop Reader
    Big Fish Games: Game Manager
    Blood and Ruby
    Blood Oath
    Brunhilda and the Dark Crystal
    Cassandra's Journey: The Legacy of Nostradamus
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Cate West: The Velvet Keys
    CCC Help English
    Celtic Lore: Sidhe Hills
    Chameleon Gems
    Charlaine Harris: Dying for Daylight
    Code Compare
    Columbus: Ghost of the Mystery Stone
    Coupon Printer for Windows
    Creative MediaSource 5
    CyberLink Power2Go
    Dark Parables - Curse Of Briar Rose
    Dark Parables: The Exiled Prince Collector's Edition
    Dark Ritual
    Dark Tales: Edgar Allan Poe`s Murders in the Rue Morgue
    Dark Tales: ™ Edgar Allan Poe's The Black Cat
    Deadtime Stories
    Death at Fairing Point: A Dana Knightstone Novel Collector's Edition
    Dell Resource CD
    Digital Voice Recorder
    Drawn The Painted Tower
    Drawn: Dark Flight ® Collector's Editon
    Dream Chronicles
    Dream Chronicles 2
    Dream Chronicles 3
    Dream Chronicles Bundle 3-in-1
    Dream Chronicles: The Book of Air
    Dream Chronicles: The Book of Water Collector's Edition
    DVDFab (11/11/2009)
    DVDFab (08/08/2010)
    DVDFab (19/03/2011)
    DVDFab (08/08/2011) Qt
    DVDFab Passkey (06/09/2011)
    DVDFab Region Reset
    Echoes of Sorrow
    Echoes of the Past: The Castle of Shadows
    Elixir of Immortality
    Emma and the Inventor
    Empress of the Deep
    Empress of the Deep 2: Song of the Blue Whale Collector's Edition
    Enigmatis: The Ghosts of Maple Creek Collector's Edition
    Epic Adventure Bundle – 3 in 1
    Epic Adventures: Cursed Onboard
    Epic Escapes: Dark Seas
    EPSON Print CD
    EPSON Printer Software
    EPSON RX680 User's Guide
    EPSON Scan
    EPSON Stylus Photo RX680 Series Scanner Driver Update
    Escape from Frankenstein's Castle
    Escape From Lost Island
    Escape from Thunder Island
    ESET NOD32 Antivirus
    Eternal Night: Realm of Souls
    F.A.C.E.S. Collector's Edition
    Fallen Shadows
    Fear for Sale: The Mystery of McInroy Manor Collector's Edition
    Fiction Fixers: The Curse of OZ
    G.H.O.S.T Chronicles: Phantom of the Renaissance Faire
    Google Earth
    Google Update Helper
    Gravely Silent: House of Deadlock Collector's Edition
    Grim Facade: Mystery of Venice Collector’s Edition
    Grim Tales: The Bride Collector's Edition
    Hallowed Legends: Samhain Collector's Edition
    Haunted Halls: Green Hills Sanitarium Collector's Edition
    Haunted Legends: The Bronze Horseman Collector's Edition
    Haunted Legends: The Queen of Spades Collector's Edition
    Haunted Manor: Lord of Mirrors
    Hidden Expedition ® - Devil's Triangle
    Hidden Expedition: The Uncharted Islands Collector's Edition
    Hidden Expedition: Titanic ™
    Hidden in Time: Looking-glass Lane
    Hidden Mysteries: Salem Secrets
    Hidden Mysteries: Vampire Secrets
    Hide and Secret: The Lost World
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Insider Tales: The Stolen Venus 2
    Intel(R) PRO Network Connections Drivers
    Internet Explorer (Enable DEP)
    Java Auto Updater
    Java(TM) 6 Update 14
    Java(TM) 6 Update 26
    John Melas Motif Rack XS Tools 1.5.0
    Journey to the Center of the Earth
    Junk Mail filter update
    Kate Arrow: Deserted Wood
    Lara Gates: The Lost Talisman
    Letters from Nowhere 2
    Lost Chronicles: Fall of Caesar
    Lost Chronicles: Salem
    Lost in Time: The Clockwork Tower
    Lost Souls: Enchanted Paintings Collector's Edition
    Love Chronicles: The Sword and the Rose Collector's Edition
    Loyalty Bundle – 3 in 1
    Luxor 2
    Luxor Adventures
    Luxor Quest for the Afterlife
    Macabre Mysteries: Curse of the Nightingale Collector's Edition
    Maestro: Music of Death Collector's Edition
    Magic Encyclopedia - Moon Light
    Magic Encyclopedia 3: Illusions
    Magic Encyclopedia First Story
    Mahjongg Dimensions Deluxe
    Malwarebytes' Anti-Malware version
    Margrave: The Curse of the Severed Heart Collector's Edition
    MDBG Chinese Reader
    Menu Templates - Starter Kit
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Easy Assist v2
    Microsoft Fix it Center
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    MidiNotate Player for HitTrax
    Midnight Mysteries: Devil on the Mississippi Collector's Edition
    Midnight Mysteries: The Edgar Allan Poe Conspiracy
    Migo Digital Shredder 4 Premium
    Migo Registry Repair 5
    Millennium Secrets: Emerald Curse
    Mortimer Beckett and the Lost King
    Mortimer Beckett and the Secrets of Spooky Manor
    Mortimer Beckett Time Paradox
    Motif Rack XS Tools 1.7.2
    Motif XS Tools 1.8.0
    MOTU PCI Audio Driver
    Movie Templates - Starter Kit
    Mozilla Firefox (3.5.8)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Murder Island - Secret of Tantalus
    Musicnotes Software Suite 1.5.3
    Mysteries of Magic Island
    Mystery Age: The Dark Priests
    Mystery Case Files - Dire Grove
    Mystery Case Files ®: 13th Skull ™ Collector's Edition
    Mystery Case Files: Return to Ravenhearst ™
    Mystery Chronicles: Betrayals of Love
    Mystery Murders: Jack the Ripper
    Mystery PI
    Mystery PI The Vegas Heist
    Mystery Trackers: The Void Collector's Edition
    Mystic Gateways: The Celestial Quest
    Nancy Drew - Danger by Design
    Nancy Drew and the Creature of Kapu Cave
    Nancy Drew: Message in a Haunted Mansion
    Nero 9
    Nero BurnRights
    Nero ControlCenter
    Nero CoverDesigner
    Nero Disc Copy Gadget
    Nero DiscSpeed
    Nero DriveSpeed
    Nero InfoTool
    Nero Installer
    Nero Live
    Nero PhotoSnap
    Nero Recode
    Nero Rescue Agent
    Nero ShowTime
    Nero StartSmart
    Nero Vision
    Nero WaveEditor
    Nightfall Mysteries: Asylum Conspiracy
    Nightmare Adventures: The Witch's Prison
    Nightmare on the Pacific
    Notation Player 2.6.3
    NVIDIA GAME System Software 2.8.1
    OGA Notifier 2.0.0048.0
    Online Bible 10.95
    Our Worst Fears: Stained Skin
    Paige Harper and the Tome of Mystery
    Penny Dreadfuls Sweeney Todd SE
    Peterson Firmware Updater
    Princess Isabella: Return of the Curse Collector's Edition
    Puppet Show
    PuppetShow: Lost Town
    Redemption Cemetery: Children's Plight Collector's Edition
    Redrum: Time Lies
    Reincarnations: Awakening
    Reincarnations: Uncover the Past
    Robin's Quest: A Legend Born
    Sacra Terra: Angelic Night Collector's Edition
    Sandra Fleming Chronicles: The Crystal Skull
    Secrets of the Dark: Temple of Night Collector's Edition
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Segoe UI
    Series II MIDI
    Shades of Death: Royal Blood
    Shadow Wolf Mysteries: Curse of the Full Moon Collector's Edition
    Sherlock Holmes and the Hound of the Baskervilles Collector's Edition
    Sherlock Holmes: The Hound of the Baskervilles Collector's Edition
    Shiver: Vanishing Hitchhiker Collector's Edition
    Shutter Island
    Simplified Chinese TTS
    Skymist - The Lost Spirit Stones
    Snark Busters: All Revved up
    Snark Busters: Welcome to the Club
    Sonya Collector's Edition
    Sound Blaster X-Fi
    Spirit Seasons: Little Ghost Story
    Spirits of Mystery: Amber Maiden Collector's Edition
    Steinberg HALionOne GM Set
    Stomp Classic Editor
    Stray Souls: Dollhouse Story Collector's Edition
    Sudoku Maya Gold
    Syncrosoft License Control
    The Agency of Anomalies: Mystic Hospital Collector's Edition
    The Clockwork Man - The Hidden World
    The Curse of the Ring
    The Dark Hills of Cherai
    The Fall Trilogy Chapter 3: Revelation
    The Lord of the Rings FREE Trial
    The Lost Cases of Sherlock Holmes 2
    The Lost Inca Prophecy
    The Mystery of the Crystal Portal: Beyond the Horizon
    The Secret Legacy: A Kate Brooks Adventure
    The Secret of Hildegards
    The Secrets of Arcelia Island
    The Stroke of Midnight
    The Treasures of Mystery Island: The Gates of Fate
    Time Dreamer
    Time Mysteries: Inheritance
    Timeless: The Forgotten Town
    Treasure Seekers 2
    Treasure Seekers 3
    Treasure Seekers: The Time Has Come Collector's Edition
    Twisted Lands: Shadow Town Collector's Edition
    Twisted: A Haunted Carol
    Ultimate Extras sounds from Microsoft® Tinker™
    UltraCompare v7.00
    Unsolved Mystery Club: Ancient Astronauts Collector's Edition
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Veronica Rivers: The Order Of Conspiracy
    Victorian Mysteries: Woman in White
    ViewSonic Windows Vista Signed Files
    Voodoo Whisperer: Curse of a Legend
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    Windows Password Recovery Tool 3.0
    Windows Sound Schemes
    WinZip 15.5
    Women’s Murder Club - Little Black Lies
    Women’s Murder Club - Triple Crime Pack
    Women’s Murder Club Twice in a Blue Moon
    Written Legends: Nightmare at Sea
    Xvid 1.2.1 final uninstall
    Yamaha MOTIF-RACK XS Editor VST
    Yamaha MOTIF-RACK XS Extension
    Yamaha Studio Manager
    Yamaha USB-MIDI Driver
    ==== Event Viewer Messages From Past Week ========
    9/13/2011 9:00:21 AM, Error: EventLog [6008] - The previous system shutdown at 8:59:02 AM on 9/13/2011 was unexpected.
    9/13/2011 6:38:09 PM, Error: Microsoft-Windows-LanguagePackSetup [1001] - Application initialization failed. Last error: 0x80070032
    9/13/2011 10:15:54 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    9/13/2011 10:15:54 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/13/2011 10:15:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    9/12/2011 7:48:32 AM, Error: EventLog [6008] - The previous system shutdown at 9:32:44 PM on 9/11/2011 was unexpected.
    9/11/2011 8:21:31 AM, Error: Microsoft-Windows-LanguagePackSetup [1001] - Application initialization failed. Last error: 0x80004005
    9/11/2011 8:03:06 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package SP2 Language Pack (Language Pack) into Installed(Installed) state
    9/11/2011 8:03:06 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Language Pack (Language Pack) into Installed(Installed) state
    ==== End Of File ===========================
  10. losguy

    losguy TS Rookie Topic Starter

    Part 1 GMER (Text too long for whole log

    GMER - http://www.gmer.net
    Rootkit scan 2011-09-14 11:24:44
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.12.0
    Running: 5jzbf6sd.exe; Driver: C:\Users\losguy\AppData\Local\Temp\uxlyiuod.sys

    ---- Kernel code sections - GMER 1.0.15 ----

    Edit to delete GMER log> request repost with WordWrap off and no 'show all'.
  11. losguy

    losguy TS Rookie Topic Starter

    Part #2 GMER

    Edit to delete excess GMER log and request report with Word Wrap off.
  12. losguy

    losguy TS Rookie Topic Starter

    Part #3 GMER

    Edit to delete excess GMER log. Request repost with Word Wrap off.
  13. losguy

    losguy TS Rookie Topic Starter

    Part #4 GMER

    Edit to delete excess GMER log and request repost with Word Wrap off.
  14. losguy

    losguy TS Rookie Topic Starter

    Interesting side note about the virus

    I find that the virus only does ten (10) redirects before it will let you go to the proper link...
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    You will notice that I have deleted the GMER log. That was done for 2 reasons:

    1. The log was excessively long because you did not follow this:
    2. When you open Notepad for the log, click on Format> Uncheck Word Wrap,

    Please repost the GMER log observing both of the above.
    I don't know of any malware that causes a search redirect that schedules 10 redirects, then correct search.
    Your system is almost entirely installed with games.
    You have little security. You have Eset Nod32, no antimalware programs.
    I see Microsoft Security Essentials installed, but not running- you can only run one AV.

    The last reply you made is the first information that the problem is a redirecting on searches. You have not given me any history on what this means:
    You ran c:\program files\FixRedirectVirus which you now know didn't work. The reason is because there is no one reason for a redirect. Almost any malware can cause it and depending on what it is, then the appropriate program is chosen.

    You installed Hitman Pro, which is just s bundle of free programs, all available on the internet. The scan is that HMP will only remove entries free during the trial period. All of the individual free programs on he internet are fully functional.
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...