davidanthony
Posts: 64 +0
HI,
Appreciate any help getting rid of the google redirect virus here are my logs after going through the 8 step procedure you asked for.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-10.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 3/22/2010 10:56:05 PM
System Uptime: 11/14/2010 10:29:49 AM (0 hours ago)
Motherboard: | | 939Dual-SATA2
Processor: AMD Athlon(tm) 64 Processor 3500+ | CPUSocket | 2200/200mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 17.425 GiB free.
D: is FIXED (NTFS) - 186 GiB total, 47.38 GiB free.
E: is CDROM ()
F: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 5.0 Limited Edition
Adobe Reader 9.1
Aion
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Parental Control & Encoder
ATI Problem Report Wizard
AudibleManager
AVG 2011
AVIVO Codecs
Canon PhotoRecord
Canon S820
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Counter-Strike: Source
Creative Audio Control Panel
Creative MediaSource
Creative Software AutoUpdate
Exploration Mars
Express Burn
Garmin USB Drivers
Garmin WebUpdater
GetDataBack for NTFS
Google Chrome
Google Earth
Google Update Helper
Google Updater
Hearts of Iron III
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Update
Java(TM) 6 Update 15
LEGO Cam
LimeWire 5.2.13
Malwarebytes' Anti-Malware
MapSource
MapSource - Topo Canada v2
Medieval II: Total War
Medieval II: Total War - Kingdoms
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 97, Professional Edition
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MP3 Player Recovery Tool
MSN
MSVCRT
MSXML 6 Service Pack 2 (KB973686)
NCsoft Launcher
Net Assistant
OpenAL
PC Inspector File Recovery
QuickTime
RealPlayer 7 Basic
RegCure 1.6.0.0
Robotics Invention System 2.0
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Segoe UI
Skype Toolbars
Skype™ 4.2
Sound Blaster X-Fi
Steam
SUPERAntiSpyware Free Edition
Triptych
ULi LAN Driver
ULi M5289 SATA Driver
Unlocker 1.8.7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB925720)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Vision Command
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
ZEN V Series Media Explorer
==== End Of File ===========================
DDS (Ver_10-11-10.01) - NTFSx86
Run by Dave at 10:42:37.01 on Sun 11/14/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.587 [GMT -4:00]
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dave.COGGER\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = www.aliant.net
uInternet Settings,ProxyOverride = 127.0.0.1
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SUPERAntiSpyware] d:\program files\SUPERAntiSpyware.exe
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mPolicies-system: EnableLUA = 0 (0x0)
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: aol.com\free
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - d:\program files\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\SASSEH.DLL
============= SERVICES / DRIVERS ===============
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]
R1 SASDIFSV;SASDIFSV;d:\program files\SASDIFSV.SYS [2009-8-5 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\SASKUTIL.SYS [2009-8-5 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-10-11 6104656]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 LTower;LEGO USB Tower Driver;c:\windows\system32\drivers\LTower.sys [2010-4-16 36981]
R3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2010-5-3 31872]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2009-8-4 28672]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;"c:\program files\common files\creative labs shared\service\ctaelicensing.exe" --> c:\program files\common files\creative labs shared\service\CTAELicensing.exe [?]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 SASENUM;SASENUM;d:\program files\SASENUM.SYS [2009-8-5 12872]
S4 gupdate1ca17ca51b7a80;Google Update Service (gupdate1ca17ca51b7a80);c:\program files\google\update\GoogleUpdate.exe [2009-8-7 133104]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2010-3-15 51840]
=============== Created Last 30 ================
2010-11-11 04:45:52 -------- d-----w- c:\program files\win
2010-11-05 21:59:31 -------- d--h--w- C:\$AVG
2010-11-05 21:56:42 -------- d--h--w- c:\docume~1\alluse~1.win\applic~1\Common Files
2010-11-05 21:50:49 -------- d-----w- c:\docume~1\dave~1.cog\applic~1\AVG10
2010-11-05 21:27:10 -------- d-----w- c:\windows\system32\drivers\AVG
2010-11-05 21:27:10 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\AVG10
2010-11-05 21:09:35 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\MFAData
2010-11-05 13:01:04 -------- d-----w- c:\docume~1\dave~1.cog\applic~1\Rewi
2010-11-05 13:01:04 -------- d-----w- c:\docume~1\dave~1.cog\applic~1\Fydy
2010-11-05 02:53:09 -------- d-----w- c:\docume~1\dave~1.cog\applic~1\Quwe
2010-11-05 02:53:09 -------- d-----w- c:\docume~1\dave~1.cog\applic~1\Ezud
2010-11-04 11:42:05 -------- d-----w- c:\program files\tmp
2010-11-03 01:01:09 -------- d-----w- c:\docume~1\dave~1.cog\applic~1\Kuimx
2010-11-03 01:01:09 -------- d-----w- c:\docume~1\dave~1.cog\applic~1\Icwega
2010-11-03 01:01:04 -------- d-----w- c:\program files\windows
==================== Find3M ====================
============= FINISH: 10:43:46.62 ===============
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-14 10:39:33
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-f ST380011A rev.3.06
Running: p7x72zpu.exe; Driver: C:\DOCUME~1\DAVE~1.COG\LOCALS~1\Temp\uftdqpod.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5111
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
11/14/2010 10:19:15 AM
mbam-log-2010-11-14 (10-19-15).txt
Scan type: Quick scan
Objects scanned: 277852
Time elapsed: 21 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup\lusaru.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jonathan.COGGER\Start Menu\Programs\Startup\wuade.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nic\Start Menu\Programs\Startup\xoekto.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shelley.COGGER\Start Menu\Programs\Startup\afpeil.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dave.COGGER\Application Data\dkfjasdfshd.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
Good Luck!
Thanks in advance...
Appreciate any help getting rid of the google redirect virus here are my logs after going through the 8 step procedure you asked for.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-10.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 3/22/2010 10:56:05 PM
System Uptime: 11/14/2010 10:29:49 AM (0 hours ago)
Motherboard: | | 939Dual-SATA2
Processor: AMD Athlon(tm) 64 Processor 3500+ | CPUSocket | 2200/200mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 17.425 GiB free.
D: is FIXED (NTFS) - 186 GiB total, 47.38 GiB free.
E: is CDROM ()
F: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 5.0 Limited Edition
Adobe Reader 9.1
Aion
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Parental Control & Encoder
ATI Problem Report Wizard
AudibleManager
AVG 2011
AVIVO Codecs
Canon PhotoRecord
Canon S820
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Counter-Strike: Source
Creative Audio Control Panel
Creative MediaSource
Creative Software AutoUpdate
Exploration Mars
Express Burn
Garmin USB Drivers
Garmin WebUpdater
GetDataBack for NTFS
Google Chrome
Google Earth
Google Update Helper
Google Updater
Hearts of Iron III
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Update
Java(TM) 6 Update 15
LEGO Cam
LimeWire 5.2.13
Malwarebytes' Anti-Malware
MapSource
MapSource - Topo Canada v2
Medieval II: Total War
Medieval II: Total War - Kingdoms
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 97, Professional Edition
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MP3 Player Recovery Tool
MSN
MSVCRT
MSXML 6 Service Pack 2 (KB973686)
NCsoft Launcher
Net Assistant
OpenAL
PC Inspector File Recovery
QuickTime
RealPlayer 7 Basic
RegCure 1.6.0.0
Robotics Invention System 2.0
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Segoe UI
Skype Toolbars
Skype™ 4.2
Sound Blaster X-Fi
Steam
SUPERAntiSpyware Free Edition
Triptych
ULi LAN Driver
ULi M5289 SATA Driver
Unlocker 1.8.7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB925720)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Vision Command
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
ZEN V Series Media Explorer
==== End Of File ===========================
DDS (Ver_10-11-10.01) - NTFSx86
Run by Dave at 10:42:37.01 on Sun 11/14/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.587 [GMT -4:00]
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dave.COGGER\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = www.aliant.net
uInternet Settings,ProxyOverride = 127.0.0.1
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SUPERAntiSpyware] d:\program files\SUPERAntiSpyware.exe
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mPolicies-system: EnableLUA = 0 (0x0)
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: aol.com\free
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - d:\program files\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\SASSEH.DLL
============= SERVICES / DRIVERS ===============
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]
R1 SASDIFSV;SASDIFSV;d:\program files\SASDIFSV.SYS [2009-8-5 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\SASKUTIL.SYS [2009-8-5 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-10-11 6104656]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 LTower;LEGO USB Tower Driver;c:\windows\system32\drivers\LTower.sys [2010-4-16 36981]
R3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2010-5-3 31872]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2009-8-4 28672]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;"c:\program files\common files\creative labs shared\service\ctaelicensing.exe" --> c:\program files\common files\creative labs shared\service\CTAELicensing.exe [?]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 SASENUM;SASENUM;d:\program files\SASENUM.SYS [2009-8-5 12872]
S4 gupdate1ca17ca51b7a80;Google Update Service (gupdate1ca17ca51b7a80);c:\program files\google\update\GoogleUpdate.exe [2009-8-7 133104]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2010-3-15 51840]
=============== Created Last 30 ================
2010-11-11 04:45:52 -------- d-----w- c:\program files\win
2010-11-05 21:59:31 -------- d--h--w- C:\$AVG
2010-11-05 21:56:42 -------- d--h--w- c:\docume~1\alluse~1.win\applic~1\Common Files
2010-11-05 21:50:49 -------- d-----w- c:\docume~1\dave~1.cog\applic~1\AVG10
2010-11-05 21:27:10 -------- d-----w- c:\windows\system32\drivers\AVG
2010-11-05 21:27:10 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\AVG10
2010-11-05 21:09:35 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\MFAData
2010-11-05 13:01:04 -------- d-----w- c:\docume~1\dave~1.cog\applic~1\Rewi
2010-11-05 13:01:04 -------- d-----w- c:\docume~1\dave~1.cog\applic~1\Fydy
2010-11-05 02:53:09 -------- d-----w- c:\docume~1\dave~1.cog\applic~1\Quwe
2010-11-05 02:53:09 -------- d-----w- c:\docume~1\dave~1.cog\applic~1\Ezud
2010-11-04 11:42:05 -------- d-----w- c:\program files\tmp
2010-11-03 01:01:09 -------- d-----w- c:\docume~1\dave~1.cog\applic~1\Kuimx
2010-11-03 01:01:09 -------- d-----w- c:\docume~1\dave~1.cog\applic~1\Icwega
2010-11-03 01:01:04 -------- d-----w- c:\program files\windows
==================== Find3M ====================
============= FINISH: 10:43:46.62 ===============
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-14 10:39:33
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-f ST380011A rev.3.06
Running: p7x72zpu.exe; Driver: C:\DOCUME~1\DAVE~1.COG\LOCALS~1\Temp\uftdqpod.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5111
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
11/14/2010 10:19:15 AM
mbam-log-2010-11-14 (10-19-15).txt
Scan type: Quick scan
Objects scanned: 277852
Time elapsed: 21 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup\lusaru.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jonathan.COGGER\Start Menu\Programs\Startup\wuade.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nic\Start Menu\Programs\Startup\xoekto.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shelley.COGGER\Start Menu\Programs\Startup\afpeil.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dave.COGGER\Application Data\dkfjasdfshd.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
Good Luck!
Thanks in advance...