Ok. Thank you. That worked. Here is the CombFix log followed by the new DDS log:
ComboFix 09-03-19.02 - Courtney 2009-03-21 10:58:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1678 [GMT -7:00]
Running from: c:\documents and settings\Courtney\Desktop\CombbFxx.exe
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Courtney\Application Data\AntispywareBot
c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
c:\windows\system32\drivers\UAClrqhkdui.sys
c:\windows\system32\tmp.reg
c:\windows\system32\twain_32
c:\windows\system32\twain_32\local.ds
c:\windows\system32\twain_32\user.ds
c:\windows\system32\twext.exe
c:\windows\system32\UACdpasrsip.dll
c:\windows\system32\UACensgumii.dll
c:\windows\system32\UACfuwntjko.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjeypnwmd.log
c:\windows\system32\UACltptnkro.dll
c:\windows\system32\UACqebxuboy.log
c:\windows\system32\UACqrrvdylk.dll
c:\windows\system32\UACtudpglsq.dat
c:\windows\system32\UACwannoygf.log
c:\windows\system32\x64
E:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-02-21 to 2009-03-21 )))))))))))))))))))))))))))))))
.
2009-03-19 15:26 . 2009-03-21 10:58 <DIR> d-------- C:\QUARANTINE
2009-03-18 09:43 . 2008-04-13 17:11 96,256 --a------ c:\windows\system32\ci.dll
2009-03-17 06:41 . 2009-03-19 14:38 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-16 15:35 . 2009-03-16 15:35 <DIR> d-------- C:\!KillBox
2009-03-16 15:26 . 2009-03-16 15:26 <DIR> d-------- C:\VundoFix Backups
2009-03-16 13:25 . 2009-03-16 13:25 200 --a------ c:\windows\WININIT.INI
2009-03-16 10:08 . 2009-03-16 10:08 <DIR> d-------- c:\documents and settings\Home
2009-03-16 07:57 . 2009-03-16 07:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Applications
2009-03-16 07:39 . 2009-03-16 11:49 <DIR> d-------- c:\program files\Windows Live Safety Center
2009-03-15 13:44 . 2009-03-15 13:44 <DIR> d-------- c:\program files\ERUNT
2009-03-03 15:05 . 2009-03-03 15:05 <DIR> d-------- c:\program files\2nd Story Software
2009-03-03 15:05 . 2009-03-03 15:05 57 --a------ c:\windows\TaxACT08.ini
2009-02-28 11:09 . 2009-02-28 11:09 47 --a------ c:\windows\Taxact07.ini
2009-02-26 13:17 . 2009-02-26 13:17 <DIR> d-------- c:\program files\Common Files\xing shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 21:37 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-19 20:35 --------- d-----w c:\program files\Java
2009-03-19 20:14 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-16 20:24 --------- d-----w c:\program files\Common Files\Roxio Shared
2009-03-16 17:16 --------- d-----w c:\program files\Google
2009-03-16 17:08 --------- d-----w c:\program files\GetRight
2009-02-26 20:17 --------- d-----w c:\program files\Common Files\Real
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-06 18:30 --------- d-----w c:\documents and settings\All Users\Application Data\Dell
2009-01-17 05:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll
2009-01-15 14:55 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-10-02 22:52 60 ----a-w c:\documents and settings\Courtney\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B709835C-2AFC-43C2-8E3E-F71C68B27657}]
2008-04-13 17:11 96256 --a------ c:\windows\system32\ci.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-16 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-16 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-16 138008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-12 57344]
"Propel Accelerator"="c:\program files\Propel Accelerator\trayctl.exe" [2008-07-16 69632]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2003-02-25 139347]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2003-03-06 90182]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-26 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-15 136600]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-16 c:\windows\RTHDCPL.EXE]
c:\documents and settings\Courtney\Start Menu\Programs\Startup\
VZAccess Manager.lnk - c:\program files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2008-10-01 1738032]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-09-22 50688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-09-22 11:42 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
S2 0007511223519928mcinstcleanup;McAfee Application Installer Cleanup (0007511223519928);c:\docume~1\Courtney\LOCALS~1\Temp\000751~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\Courtney\LOCALS~1\Temp\000751~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0bfaba3-8fca-11dd-99a4-00219b08495b}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKLM-Run-WordPerfect Office 1215 - c:\program files\WordPerfect Office 12\Programs\Registration.exe
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Propel Accelerator\prplsf.dll
FF - ProfilePath - c:\documents and settings\Courtney\Application Data\Mozilla\Firefox\Profiles\l0g4iauw.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-21 11:00:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(544)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
- - - - - - - > 'lsass.exe'(600)
c:\program files\Propel Accelerator\prplsf.dll
.
Completion time: 2009-03-21 11:01:33
ComboFix-quarantined-files.txt 2009-03-21 18:01:31
Pre-Run: 293,340,880,896 bytes free
Post-Run: 293,477,007,360 bytes free
149 --- E O F --- 2009-03-11 22:46:49
DDS (Ver_09-03-16.01) - NTFSx86
Run by Courtney at 11:05:18.40 on Sat 03/21/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1570 [GMT -7:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Seagate\SeagateManager\Sync\MaxSync.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Documents and Settings\Courtney\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {60c01892-ada7-487e-8518-5a9a7defa320} - c:\windows\system32\ci.dll
BHO: Accelerator Plugin: {656ec4b7-072b-4698-b504-2a414c1f0037} - c:\progra~1\propel~1\PRPL_I~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: {b709835c-2afc-43c2-8e3e-f71c68b27657} - c:\windows\system32\ci.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Lexmark 1200 Series] "c:\program files\lexmark 1200 series\lxczbmgr.exe"
mRun: [Propel Accelerator] "c:\program files\propel accelerator\trayctl.exe" /STARTUPLAUNCH
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe"
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\courtney\startm~1\programs\startup\vzacce~1.lnk - c:\program files\verizon wireless\vzaccess manager\VZAccess Manager.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: c:\program files\propel accelerator\prplsf.dll
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: {73674A58-D3DC-4B73-8B73-E0B6D3758B82} = 66.174.92.14 69.78.96.14
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\courtney\applic~1\mozilla\firefox\profiles\l0g4iauw.default\
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
============= SERVICES / DRIVERS ===============
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2008-10-9 106586]
R2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\Mcshield.exe [2003-3-6 233595]
R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2003-3-6 127050]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2003-3-6 84448]
S2 0007511223519928mcinstcleanup;McAfee Application Installer Cleanup (0007511223519928);c:\docume~1\courtney\locals~1\temp\000751~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\courtney\locals~1\temp\000751~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
=============== Created Last 30 ================
2009-03-21 10:52 161,792 a------- c:\windows\SWREG.exe
2009-03-21 10:52 98,816 a------- c:\windows\sed.exe
2009-03-21 10:52 <DIR> --d----- C:\CombbFxx
2009-03-19 15:26 <DIR> --d----- C:\QUARANTINE
2009-03-19 14:59 <DIR> --dshr-- C:\cmdcons
2009-03-19 14:59 <DIR> --d----- c:\windows\setup.pss
2009-03-19 14:59 <DIR> --d----- c:\windows\setupupd
2009-03-18 09:43 96,256 a------- c:\windows\system32\ci.dll
2009-03-17 06:41 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-16 15:35 <DIR> --d----- C:\!KillBox
2009-03-16 15:26 <DIR> --d----- C:\VundoFix Backups
2009-03-16 13:25 200 a------- c:\windows\WININIT.INI
2009-03-16 07:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Applications
2009-03-03 15:05 57 a------- c:\windows\TaxACT08.ini
2009-03-03 15:05 <DIR> --d----- c:\program files\2nd Story Software
2009-02-28 11:09 47 a------- c:\windows\Taxact07.ini
2009-02-26 13:17 <DIR> --d----- c:\program files\common files\xing shared
==================== Find3M ====================
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 04:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-01-16 22:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
2009-01-15 07:55 410,984 a------- c:\windows\system32\deploytk.dll
2008-10-02 15:52 60 a------- c:\docume~1\courtney\applic~1\wklnhst.dat
============= FINISH: 11:05:29.75 ===============