Windows Restore Virus

lcrall · April 12, 2011

Hello,

My home computer is infected with the Windows Restore Virus. The virus hid my files and programs which I was able to restore. I used a product from Symantec called Power eraser in safe mode, which did clean a lot of the virus files and restored my desktop BUT I can not run any programs, when I double click on a program it brings up the file association tool from Windows. The computer is still infected as it keeps bringing up script errors and redirects when using IE, and it won't let me run Firefox. It has also disabled my malware and virus programs, meaning they do not load into the taskbar on start-up.

Any help you can give to help remove this from my computer would be greatly appreciated!

Lisa

screen317 · April 14, 2011

Hi and welcome to Malwarebytes.

In Safe Mode, rename mbam.exe to iexplore.com and see if it will run.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post DDS.txt directly into your reply.

lcrall · April 15, 2011

Thank you so much for getting back to me. I won't be able to work on this until tomorrow but I will reply with the information you requested.

Lisa

Hi and welcome to Malwarebytes.
In Safe Mode, rename mbam.exe to iexplore.com and see if it will run.
Next, download DDS by sUBs and save it to your Desktop.
Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post DDS.txt directly into your reply.

screen317 · April 16, 2011

Thanks for letting me know.

lcrall · April 20, 2011

Sorry finally just got a chance to work on this. I was able to get a scan to run but it found nothing. Here is the text from the scan that you had me run.

attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 6/13/2008 11:01:08 AM

System Uptime: 4/20/2011 5:25:10 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0RY007

Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz | Socket 775 | 1995/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 229 GiB total, 194.283 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP770: 1/21/2011 3:36:16 PM - System Checkpoint

RP771: 1/22/2011 5:24:15 PM - System Checkpoint

RP772: 1/23/2011 5:51:56 PM - System Checkpoint

RP773: 1/24/2011 9:23:14 PM - System Checkpoint

RP774: 1/25/2011 9:37:55 PM - System Checkpoint

RP775: 1/26/2011 11:25:54 PM - System Checkpoint

RP776: 1/27/2011 11:26:59 PM - System Checkpoint

RP777: 1/28/2011 11:48:58 PM - System Checkpoint

RP778: 1/30/2011 1:34:14 AM - System Checkpoint

RP779: 1/31/2011 3:21:44 AM - System Checkpoint

RP780: 2/1/2011 5:33:44 AM - System Checkpoint

RP781: 2/2/2011 7:46:45 AM - System Checkpoint

RP782: 2/3/2011 9:21:45 AM - System Checkpoint

RP783: 2/4/2011 11:33:46 AM - System Checkpoint

RP784: 2/5/2011 1:33:56 PM - System Checkpoint

RP785: 2/6/2011 1:49:29 PM - System Checkpoint

RP786: 2/7/2011 3:22:00 PM - System Checkpoint

RP787: 2/8/2011 6:03:18 PM - System Checkpoint

RP788: 2/9/2011 3:00:15 AM - Software Distribution Service 3.0

RP789: 2/10/2011 3:27:26 AM - System Checkpoint

RP790: 2/11/2011 5:27:26 AM - System Checkpoint

RP791: 2/12/2011 7:27:26 AM - System Checkpoint

RP792: 2/13/2011 9:27:28 AM - System Checkpoint

RP793: 2/14/2011 12:36:16 PM - System Checkpoint

RP794: 2/15/2011 1:27:28 PM - System Checkpoint

RP795: 2/16/2011 1:28:33 PM - System Checkpoint

RP796: 2/17/2011 3:27:28 PM - System Checkpoint

RP797: 2/18/2011 3:28:34 PM - System Checkpoint

RP798: 2/19/2011 3:47:16 PM - System Checkpoint

RP799: 2/20/2011 5:39:00 PM - System Checkpoint

RP800: 2/21/2011 7:27:44 PM - System Checkpoint

RP801: 2/22/2011 7:28:49 PM - System Checkpoint

RP802: 2/23/2011 7:39:45 PM - System Checkpoint

RP803: 2/24/2011 8:09:18 PM - System Checkpoint

RP804: 2/25/2011 9:37:09 PM - System Checkpoint

RP805: 2/26/2011 10:39:04 PM - System Checkpoint

RP806: 2/27/2011 11:39:44 PM - System Checkpoint

RP807: 3/1/2011 1:39:45 AM - System Checkpoint

RP808: 3/2/2011 3:27:44 AM - System Checkpoint

RP809: 3/3/2011 5:27:44 AM - System Checkpoint

RP810: 3/4/2011 7:43:18 AM - System Checkpoint

RP811: 3/5/2011 9:27:57 AM - System Checkpoint

RP812: 3/6/2011 9:40:10 AM - System Checkpoint

RP813: 3/7/2011 11:28:11 AM - System Checkpoint

RP814: 3/8/2011 1:29:15 PM - System Checkpoint

RP815: 3/9/2011 3:00:20 AM - Software Distribution Service 3.0

RP816: 3/10/2011 3:28:11 AM - System Checkpoint

RP817: 3/11/2011 3:29:15 AM - System Checkpoint

RP818: 3/12/2011 3:40:10 AM - System Checkpoint

RP819: 3/13/2011 6:28:11 AM - System Checkpoint

RP820: 3/14/2011 7:40:10 AM - System Checkpoint

RP821: 3/15/2011 9:36:28 AM - System Checkpoint

RP822: 3/16/2011 3:00:19 AM - Software Distribution Service 3.0

RP823: 3/17/2011 3:33:40 AM - System Checkpoint

RP824: 3/18/2011 5:46:08 AM - System Checkpoint

RP825: 3/19/2011 7:33:36 AM - System Checkpoint

RP826: 3/20/2011 9:25:08 AM - System Checkpoint

RP827: 3/21/2011 11:22:50 AM - System Checkpoint

RP828: 3/22/2011 11:32:55 AM - System Checkpoint

RP829: 3/23/2011 11:58:20 AM - System Checkpoint

RP830: 3/24/2011 2:43:36 PM - System Checkpoint

RP831: 3/25/2011 3:00:18 AM - Software Distribution Service 3.0

RP832: 3/26/2011 3:11:41 AM - System Checkpoint

RP833: 3/27/2011 3:33:46 AM - System Checkpoint

RP834: 3/28/2011 5:34:01 AM - System Checkpoint

RP835: 3/29/2011 6:39:47 AM - System Checkpoint

RP836: 3/30/2011 10:21:28 AM - System Checkpoint

RP837: 3/31/2011 10:40:52 AM - System Checkpoint

RP838: 4/1/2011 1:56:40 PM - System Checkpoint

RP839: 4/2/2011 3:18:19 PM - System Checkpoint

RP840: 4/3/2011 3:20:49 PM - System Checkpoint

RP841: 4/4/2011 5:35:36 PM - System Checkpoint

RP842: 4/5/2011 5:59:43 PM - System Checkpoint

RP843: 4/6/2011 9:55:00 PM - System Checkpoint

RP844: 4/7/2011 11:26:17 PM - System Checkpoint

RP845: 4/8/2011 11:38:17 PM - System Checkpoint

RP846: 4/10/2011 1:38:17 AM - System Checkpoint

RP847: 4/11/2011 8:13:54 AM - System Checkpoint

RP848: 4/12/2011 8:30:53 AM - System Checkpoint

RP849: 4/13/2011 10:21:57 AM - System Checkpoint

RP850: 4/14/2011 11:08:59 AM - System Checkpoint

RP851: 4/15/2011 12:09:57 PM - System Checkpoint

RP852: 4/16/2011 12:19:39 PM - System Checkpoint

RP853: 4/17/2011 2:11:02 PM - System Checkpoint

RP854: 4/18/2011 4:09:57 PM - System Checkpoint

RP855: 4/19/2011 4:23:41 PM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.1.2

Adobe Reader 8.1.2 Security Update 1 (KB403742)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft MediaConverter 2

ArcSoft PhotoImpression 5

ArcSoft ShowBiz DVD 2

Audacity 1.2.6

Audacity 1.3.5 (Unicode)

AVS Audio Converter version 5.1

AVS Update Manager 1.0

AVS4YOU Software Navigator 1.3

Bonjour

CA Anti-Spam

CA Anti-Spyware

CA Anti-Virus

CA Internet Security Suite

CA Personal Firewall

Citrix Presentation Server Client - Web Only

Content Transfer

Corel Paint Shop Pro X

Corel Photo Album 6

Dell DataSafe Online

Dell Driver Reset Tool

Dell PC Fax

Dell Photo AIO Printer 926

Dell Support Center

Dell System Restore

Digital Video

DigiTech RP250 Drivers

DigiTech X-Edit 2.4.1

DIY Deck Designer 6.5.4 - The Home Depot

Documentation & Support Launcher

Games, Music, & Photos Launcher

Google Desktop

GoToAssist 8.0.0.514

Guitar Pro 5.2

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections Drivers

Internet Service Offers Launcher

iTunes

J2SE Runtime Environment 5.0 Update 6

Java Auto Updater

Java 6 Update 22

LeapFrog Connect

LeapFrog Tag Plugin

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office Live Meeting 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

MobileMe Control Panel

Mozilla Firefox (3.6.13)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB954459)

Musicmatch for Windows Media Player

NWZ-E350 WALKMAN Guide

PowerDVD

QuickTime

Realtek High Definition Audio Driver

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Safari

SearchAssist

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2289158)

Security Update for 2007 Microsoft Office System (KB2344875)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office Excel 2007 (KB2345035)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office PowerPoint Viewer (KB2413381)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Spybot - Search & Destroy

TWC Customer Controls

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB978506)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)

WebFldrs XP

Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)

Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)

Windows Genuine Advantage Notifications (KB905474)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 10

Windows XP Service Pack 3

XVID Codec Installation

.

==== Event Viewer Messages From Past Week ========

.

4/20/2011 5:27:10 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm KmxAgent KmxFile KmxFw KmxStart VET-FILT VET-REC VETEFILE VETMONNT

4/20/2011 5:26:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

4/20/2011 5:26:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/20/2011 5:25:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

.

==== End Of File ===========================

dds.txt

.

DDS (Ver_11-03-05.01) - NTFSx86 NETWORK

Run by Administrator at 17:44:31.46 on Wed 04/20/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1497 [GMT -4:00]

.

AV: CA Anti-Virus *Enabled/Outdated* {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Administrator\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080604

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us

uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080604

uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us

mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10d.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [ECenter] c:\dell\e-center\EULALauncher.exe

mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s

mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"

mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16

mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe

mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"

mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-5.1.18.0\QOELoader.exe"

mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"

mRun: [cafwc] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: c:\windows\system32\VetRedir.dll

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://webmail.nyatep.org/Remote/msrdp.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

Notify: igfxcui - igfxdev.dll

Notify: PFW - UmxWnp.Dll

AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\07dpdslu.default\

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2008-10-12 21488]

S0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712]

S0 Winmc45;Winmc45;c:\windows\system32\drivers\winmc45.sys --> c:\windows\system32\drivers\Winmc45.sys [?]

S1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]

S1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]

S1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216]

S1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2008-10-12 26352]

S1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2008-10-12 21104]

S1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2010-6-3 746216]

S1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2008-10-12 32240]

S2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2008-10-12 144960]

S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]

S2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]

S2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]

S2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-18 1010192]

S2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]

S2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]

S2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2008-10-12 238928]

S3 CEUSBAUD;DigiTech USB MIDI Driver;c:\windows\system32\drivers\ceusbaud.sys [2009-4-8 17920]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-6-3 30192]

S3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]

S3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704]

S3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2010-6-3 130280]

.

=============== Created Last 30 ================

.

2011-04-07 00:34:20 -------- d-----w- C:\NPE

2011-04-06 23:57:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton

2011-04-06 23:57:21 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\NPE

2011-04-06 23:20:23 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes

2011-04-06 22:50:49 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE

2011-04-06 22:50:32 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Mozilla

2011-04-06 22:48:09 -------- d-sh--w- c:\documents and settings\administrator\IETldCache

.

==================== Find3M ====================

.

2011-04-16 13:38:29 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys

2011-04-16 13:38:27 104 --sh--r- c:\windows\system32\EC2A81B165.sys

2011-02-09 13:53:52 270848 ---ha-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ---ha-w- c:\windows\system32\encdec.dll

2011-02-02 07:58:35 2067456 ---ha-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ---ha-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44:37 439296 ---ha-w- c:\windows\system32\shimgvw.dll

.

============= FINISH: 17:44:58.01 ===============

screen317 · April 22, 2011

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

lcrall · April 25, 2011

Hello,

The combofix will not run, it gives me a message that it can not run with CA Anti-virus installed and to uninstall it. I have uninstalled all of the components except the firewall which gives me an error when uninstalling that it did not uninstall and the combofix will still not run.

Thank you.

Lisa

screen317 · April 27, 2011

Hi Lisa,

Use the following uninstaller which is appropriate for the version you have installed:

2010

2009

2007/2008

After that, restart your computer and try running ComboFix again please.

lcrall · April 27, 2011

Thank you. I did run the uninstall program and combofix did run although it did give me a warning that ca virus scan was running but I ran it anyway at my own risk.

Here is the combox fix log

ComboFix 11-04-27.01 - Lisa Crall 04/27/2011 18:29:29.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1608 [GMT -4:00]

Running from: c:\documents and settings\Lisa Crall\Desktop\ComboFix.exe

AV: CA Anti-Virus *Enabled/Outdated* {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Lisa Crall\Desktop\Setup.exe

c:\documents and settings\Lisa Crall\Desktop\Windows Restore.lnk

c:\documents and settings\Lisa Crall\DesktopLSPFix.exe

c:\documents and settings\Lisa Crall\DesktopSafeMSI.exe

c:\documents and settings\Lisa Crall\DesktopWinsockxpFix.exe

c:\documents and settings\Lisa Crall\g2mdlhlpx.exe

c:\documents and settings\Lisa Crall\Start Menu\Programs\Windows Restore

c:\documents and settings\Lisa Crall\Start Menu\Programs\Windows Restore\Uninstall Windows Restore.lnk

c:\documents and settings\Lisa Crall\Start Menu\Programs\Windows Restore\Windows Restore.lnk

.

Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected

Restored copy from - Kitty had a snack

.

((((((((((((((((((((((((( Files Created from 2011-03-27 to 2011-04-27 )))))))))))))))))))))))))))))))

.

2011-04-27 22:14 . 2011-04-27 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\CA-SupportBridge

2011-04-25 22:11 . 2011-04-25 22:12 -------- d-----w- C:\32788R22FWJFW.2.tmp

2011-04-25 22:04 . 2011-04-25 22:05 -------- d-----w- C:\32788R22FWJFW.1.tmp

2011-04-07 00:34 . 2011-04-07 00:34 -------- d-----w- C:\NPE

2011-04-06 23:57 . 2011-04-06 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2011-04-06 23:57 . 2011-04-07 00:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\NPE

2011-04-06 23:20 . 2011-04-06 23:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-04-06 22:50 . 2011-04-06 22:50 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2011-04-06 22:50 . 2011-04-06 22:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2011-04-06 22:48 . 2011-04-06 22:48 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-09 13:53 . 2004-08-11 22:00 270848 ---ha-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2004-08-11 22:00 186880 ---ha-w- c:\windows\system32\encdec.dll

2011-02-02 07:58 . 2004-08-11 22:11 2067456 ---ha-w- c:\windows\system32\mstscax.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]

"GoToMeeting"="c:\program files\Citrix\GoToMeeting\457\g2mstart.exe" [2010-07-24 39816]

"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-12-26 2356088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-17 142104]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-17 138008]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-12 30192]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]

"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]

"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]

"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]

"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"WDM_DRMKAUD0"="streamci" [X]

"WDM_DRMKAUD1"="streamci" [X]

"WDM_DRMKAUD2"="streamci" [X]

"WDM_SYSAUDIO"="streamci.dll" [2001-08-18 8192]

"WDM_KMIXER0"="streamci.dll" [2001-08-18 8192]

.

c:\documents and settings\Lisa Crall\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-06-04 03:46 10536 ---ha-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmc45.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\WINDOWS\\system32\\dlcxcoms.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]

S0 Winmc45;Winmc45;c:\windows\system32\Drivers\Winmc45.sys --> c:\windows\system32\Drivers\Winmc45.sys [?]

S3 CEUSBAUD;DigiTech USB MIDI Driver;c:\windows\system32\drivers\ceusbaud.sys [4/8/2009 2:53 PM 17920]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/3/2008 11:40 PM 30192]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WUAUSERV

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: gotomeeting.com\www1

FF - ProfilePath - c:\documents and settings\Lisa Crall\Application Data\Mozilla\Firefox\Profiles\xy1ua40y.default\

FF - prefs.js: network.proxy.type - 4

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

HKLM-Run-ECenter - c:\dell\E-Center\EULALauncher.exe

HKLM-Run-cafwc - c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe

HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\iexplore.exe

Notify-PFW - (no file)

MSConfigStartUp-lphcrolj0ea5p - c:\windows\system32\lphcrolj0ea5p.exe

MSConfigStartUp-SMrhcvolj0ea5p - c:\program files\rhcvolj0ea5p\rhcvolj0ea5p.exe

MSConfigStartUp-sysrest32 - c:\windows\system32\sysrest32.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-27 18:35

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(712)

c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

.

- - - - - - - > 'explorer.exe'(1848)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\IEFRAME.dll

c:\windows\system32\WPDShServiceObj.dll

c:\progra~1\ArcSoft\PHOTOI~1\share\pihook.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\dlcxcoms.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\RTHDCPL.EXE

c:\program files\Citrix\GoToMeeting\457\g2mcomm.exe

c:\program files\Citrix\GoToMeeting\457\g2mlauncher.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2011-04-27 18:43:22 - machine was rebooted

ComboFix-quarantined-files.txt 2011-04-27 22:43

.

Pre-Run: 205,981,892,608 bytes free

Post-Run: 206,886,191,104 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 27DB3E6B9001580B4641162FBFC912D7

Here is dds.txt

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Lisa Crall at 18:51:36.09 on Wed 04/27/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1453 [GMT -4:00]

.

AV: CA Anti-Virus *Enabled/Outdated* {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\dlcxcoms.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe

C:\Program Files\Dell Photo AIO Printer 926\memcard.exe

C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe

C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe

C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Lisa Crall\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\457\g2mstart.exe" "/Trigger RunAtLogon"

uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"