Yikes! I think I have a Backdoor Trojan Worm

[MelissaY]

my task bar changes from its normal windows xp blue to the very old school classic beige for a few seconds, then back to normal. tonight it didnt change back; it stayed beige. i re-started my pc but this has already happened several times and i think i have something icky-icky-icky. please let me know what you think and i'm going to start the cleansing process as per your normal protocol and instructions. thanks! :-)

[MelissaY]

As per my original post, and now including all of the necessary scan logs.

my task bar changes from its normal windows xp blue to the very old school classic beige for a few seconds, then back to normal. tonight it didnt change back; it stayed beige. i re-started my pc but this has already happened several times and i think i have something icky-icky-icky. please let me know what you think and i'm going to start the cleansing process as per your normal protocol and instructions. thanks!

MalwareBytes Anti-Malware Log
ESET Online Scanner Log
Hijack This Scan Log
Hijack This Uninstall List

[jholland1964]

Hi Melissa, As you see I have copy/pasted all of your logs here and removed the attachments. We would prefer not to have to open attachments from possibly infected computers.
From your description it sounds to me like your Display, Themes is set to Windows Classic. Have you checked your Display settings? Right Click on the Desktop and choose Properties. Then go to the Themes Tab and make sure that Windows Classic is NOT the chosen Theme. See if you can at least get it to change to Windows XP, click Apply.

One thing I notice in your HJT log is that you have NO services set to run at start up except Norton and your printer, meaning you don't even have the recommended services running. Have you personally turned these off? If so, why?

Check on Black Viper's page below for correct or recommended Services Settings. If you don't know how to get to your Own Services go to Start, Control Panel, Administrative Tools, Services. Check what settings you have for each there and then note the recommended settings given on Black Viper's page below. To change a Service setting, highlight the service and double click to open it's properties. There you can change the startup type. Go through the entire list and change those which are needed. Apply all and then reboot.

http://www.blackviper.com/WinXP/servicecfg.htm

Judy

[MelissaY]

Judy...thank you for responding. when i added my own reply, i have no idea how my attachment became part of the message. i took the proper steps to attach the logs. my apologies, please.

with regard to the settings [classic, etc.] that's the first thing that i verified; it has never been changed and i'm the only user on my pc. perhaps i did not make my problem clear? The task bar is blue then for a few seconds, it changes on its own...to the old beige task bar...then it changes back to the color blue on its own. FYI: one of the scan logs indicates 1 object was found, called, Hijack.StartMenu.

with regard to the services that are not running; i turned off a ton of those on my own because they are not necessary to run in the background. i will go to the link you've been kind enough to reference; and look at the recommended settings provided therein.

i have re-attached the log files.

lastly...THANK YOU! :-)

MelissaY's MBA-M log, Copy/Paste by Judy

Malwarebytes' Anti-Malware 1.44
Database version: 3910
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/25/2010 6:45:28 AM
mbam-log-2010-03-25 (06-45-28).txt

Scan type: Full Scan (C:\|D:\|G:\|)
Objects scanned: 331272
Time elapsed: 2 hour(s), 4 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

MelissaY's ESET Scanner Log Copy/Paste by Judy

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=de634dc3b5cbab4485c3b05c03235a55
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-25 02:50:13
# local_time=2010-03-25 07:50:13 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3588 16777190 85 88 3167972 11023557 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=67187
# found=0
# cleaned=0
# scan_time=3186

MelissaY's HiJackThis Scan Log Copy/Paste by Judy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:55 AM, on 3/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1265935801820
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe

--
End of file - 4423 bytes

MelissaY's Uninstall List Copy/Paste by Judy

ABBYY FineReader 5.0 Sprint Plus
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
Adobe Shockwave Player 11.5
AVD Video Processor 7.7
Cool Edit Pro 2.1
Corel Paint Shop Pro Photo X2
Dell AIO Printer A960
Dell ResourceCD
ESET Online Scanner v3
exPressit S.E. 2.1
Eye Candy 3
Eye Candy 4000 Demo
Freecorder 2.3 (with Skype Call Recording)
Google Earth
Google Update Helper
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
ImTOO MOV Converter
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
Jasc Paint Shop Pro 8
Jasc Paint Shop Pro 8.10 Update Patch
Java(TM) 6 Update 18
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MSN
Nero Suite
Norton Internet Security
OpenOffice.org 3.2
Print to Fax
Rhapsody
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SoundMAX
SpiceFX Packs 3.0v for Movie Maker
tunebite 3.0.1.8
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Creativity Fun Packs - Windows Movie Maker 2
Windows XP Service Pack 3
WinMPG VideoConvert 8.8.0.0
WinZip 11.2

Attachments Removed By Judy

[jholland1964]

Judy...thank you for responding. when i added my own reply, i have no idea how my attachment became part of the message. i took the proper steps to attach the logs. my apologies, please......
with regard to the services that are not running; i turned off a ton of those on my own because they are not necessary to run in the background. i will go to the link you've been kind enough to reference; and look at the recommended settings provided therein.

i have re-attached the log files.
lastly...THANK YOU! :-)

Melissa, I believe you misunderstood my original post...please again note what I said:

Hi Melissa, As you see I have copy/pasted all of your logs here and removed the attachments. We would prefer not to have to open attachments from possibly infected computers.

I am the one who removed the attachments and copy/pasted the logs. We DO NOT want them attached. We want them copy/pasted directly into the post so they can be easily read and NOT have to be opened first. There is always the remote possibility that the attachments could contain infected files from the person attaching them so anyone opening those attachments, which must be done by having them open up on THEIR computer, could bring infection onto THEIR computer and therefore spreading the infection. Again, I am going to open these and copy/paste them to the thread. Please DO NOT remove them and PLEASE do NOT attach them again.

I am going to recommend, as I did earlier, that you re-enable the services again and this time PLEASE do another HJT scan AFTER the computer has been rebooted and with these services are re-enabled and POST that log.

[MelissaY]

Melissa, I believe you misunderstood my original post...please again note what I said:


I am the one who removed the attachments and copy/pasted the logs. We DO NOT want them attached. We want them copy/pasted directly into the post so they can be easily read and NOT have to be opened first. There is always the remote possibility that the attachments could contain infected files from the person attaching them so anyone opening those attachments, which must be done by having them open up on THEIR computer, could bring infection onto THEIR computer and therefore spreading the infection. Again, I am going to open these and copy/paste them to the thread. Please DO NOT remove them and PLEASE do NOT attach them again.

I am going to recommend, as I did earlier, that you re-enable the services again and this time PLEASE do another HJT scan AFTER the computer has been rebooted and with these services are re-enabled and POST that log.

omg judy...i am so sorry again. i read the instructions and will re-read what i've misunderstood. again, my apologies. i'll re-enable the appropriate services as per the link you previously provided as well; reboot my pc; run another HJT scan; then post that log. thank you for your time and expertise but mostly your patience; it's greatly appreciated. thanks! melissay

[jholland1964]

PS. In the services section I found a service that I've never seen before, perhaps you're familiar with it and it's OK? WudfSVC

Nope, that's a trojan. Was it turned off?
You still have very few running services, frankly I find that very odd.

[MelissaY]

yes...the trojan thingy is set to manual/stopped. right now, after reading this; i set it to disabled; then set recovery to take no action (the previous settings were marked as restart this service for the first two sections; restart this service was set to 2 minutes)

silly question; am i all fixed now?

[jholland1964]

No, you are going to have to remove this. Just because it is stopped just means that, it is stopped but not removed.
do the following:
Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

[MelissaY]

J., I'm really appreciating your time and expertise right now. Again...thanks!

Here are the new logs; copy and pasted.

MelissaY's COMBOFIX LOG:
ComboFix 10-03-28.01 - Owner 03/28/2010 18:47:19.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.730 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-29 )))))))))))))))))))))))))))))))
.

2010-03-26 05:24 . 2009-11-17 00:51 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100326.001\Scxpx86.dll
2010-03-26 05:24 . 2009-11-17 00:51 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100326.001\IDSxpx86.dll
2010-03-26 05:24 . 2009-11-17 00:51 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100326.001\IDSviA64.sys
2010-03-26 05:24 . 2009-11-17 00:51 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100326.001\IDSvix86.sys
2010-03-26 05:24 . 2009-11-17 00:51 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100326.001\IDSXpx86.sys
2010-03-25 13:52 . 2010-03-25 13:52 -------- d-----w- c:\program files\ESET
2010-03-25 05:07 . 2010-03-25 05:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-03-25 05:07 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-25 05:07 . 2010-03-25 05:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-25 05:07 . 2010-03-25 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-25 05:07 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-23 22:00 . 2009-11-17 00:51 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100317.002\Scxpx86.dll
2010-03-23 22:00 . 2009-11-17 00:51 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100317.002\IDSxpx86.dll
2010-03-23 22:00 . 2009-11-17 00:51 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100317.002\IDSviA64.sys
2010-03-23 22:00 . 2009-11-17 00:51 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100317.002\IDSvix86.sys
2010-03-23 22:00 . 2009-11-17 00:51 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100317.002\IDSXpx86.sys
2010-03-11 05:02 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-03 18:56 . 2010-03-03 18:56 -------- d-----w- c:\windows\Sun
2010-03-01 21:39 . 2010-03-01 21:39 -------- d-----w- c:\program files\Freecorder
2010-03-01 21:39 . 2010-03-01 21:38 737280 ----a-w- c:\windows\iun6002.exe
2010-03-01 21:14 . 1996-10-30 16:35 32768 ----a-w- c:\windows\system32\plugin.dll
2010-03-01 21:13 . 1994-11-18 09:00 210944 ----a-w- c:\windows\system32\Msvcrt10.dll
2010-03-01 20:03 . 2010-03-01 20:14 -------- d-----w- c:\documents and settings\Owner\Application Data\tunebite
2010-03-01 20:02 . 2010-03-01 20:14 -------- d-----w- c:\program files\tunebite
2010-03-01 20:02 . 2006-06-21 19:47 15488 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2010-03-01 19:14 . 2010-03-01 19:14 -------- d-----w- c:\program files\Pixelan
2010-03-01 19:04 . 2010-03-01 19:04 -------- d-----w- c:\program files\Microsoft Plus! Digital Media Edition
2010-03-01 18:55 . 2010-03-15 01:24 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WMTools Downloaded Files
2010-03-01 07:59 . 2010-03-01 08:02 -------- d-----w- c:\program files\WinMPG VideoConvert
2010-03-01 07:46 . 2010-03-01 07:46 -------- d-----w- c:\documents and settings\Owner\Application Data\ImTOO Software Studio
2010-03-01 07:45 . 2010-03-01 07:45 -------- d-----w- c:\program files\ImTOO
2010-03-01 02:08 . 2010-03-01 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-03-01 01:14 . 2010-03-01 01:14 -------- d-----w- c:\program files\AVD Video Processor 7.7
2010-02-28 22:59 . 2010-03-11 21:07 -------- d-----w- c:\program files\exPressit S.E. 2.1
2010-02-28 22:39 . 2010-02-28 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\MSNDynFiles
2010-02-28 22:39 . 2009-10-15 14:15 625528 ----a-w- c:\documents and settings\All Users\Application Data\MSNDynFiles\SpellChecker\mssp7en.dll
2010-02-28 22:39 . 2009-10-15 14:10 390144 ----a-w- c:\documents and settings\All Users\Application Data\MSNDynFiles\txsrvc.dll
2010-02-28 22:39 . 2009-10-15 14:10 476672 ----a-w- c:\documents and settings\All Users\Application Data\MSNDynFiles\unicows.dll
2010-02-28 22:39 . 2009-10-15 14:10 151552 ----a-w- c:\documents and settings\All Users\Application Data\MSNDynFiles\vid_fly.dll
2010-02-28 22:39 . 2009-10-15 14:10 150528 ----a-w- c:\documents and settings\All Users\Application Data\MSNDynFiles\vid_wide.dll
2010-02-28 22:39 . 2009-10-15 14:10 123392 ----a-w- c:\documents and settings\All Users\Application Data\MSNDynFiles\msndupd.exe
2010-02-28 18:53 . 2010-02-28 18:53 50354 ----a-w- c:\documents and settings\Owner\Application Data\Facebook\uninstall.exe
2010-02-28 18:53 . 2010-02-28 18:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Facebook
2010-02-28 04:57 . 2010-02-28 04:57 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Ahead
2010-02-28 04:53 . 2004-03-04 05:30 5504 ----a-w- c:\windows\system32\drivers\imagedrv.sys
2010-02-28 04:53 . 2004-03-04 05:30 125184 ----a-w- c:\windows\system32\drivers\imagesrv.sys
2010-02-28 04:52 . 2000-06-26 19:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2010-02-28 04:52 . 2001-06-26 16:15 38912 ----a-w- c:\windows\system32\picn20.dll
2010-02-28 04:52 . 2001-07-07 02:24 283920 ----a-w- c:\windows\system32\ImagXpr5.dll
2010-02-28 04:52 . 2001-07-06 22:41 569344 ----a-w- c:\windows\system32\imagr5.dll
2010-02-28 04:52 . 2001-07-06 20:44 544768 ----a-w- c:\windows\system32\imagx5.dll
2010-02-28 04:52 . 2010-02-28 04:56 -------- d-----w- c:\program files\Common Files\Ahead
2010-02-28 04:52 . 2001-07-09 19:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-02-28 04:52 . 2010-02-28 04:52 -------- d-----w- c:\program files\Ahead
2010-02-28 04:26 . 2010-02-28 04:26 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-02-28 04:15 . 2010-03-26 16:45 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Corel
2010-02-28 00:53 . 2010-02-28 00:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Syntrillium
2010-02-28 00:51 . 2010-02-28 00:53 -------- d-----w- c:\program files\coolpro2
2010-02-27 22:41 . 2010-02-27 22:41 -------- d-----w- c:\program files\Common Files\Real
2010-02-27 22:38 . 2010-02-27 22:48 -------- d-----w- c:\program files\Rhapsody
2010-02-27 04:48 . 2010-02-28 04:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Corel
2010-02-27 04:48 . 2010-02-28 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-02-27 04:45 . 2010-02-27 04:46 -------- d-----w- c:\program files\Common Files\Corel
2010-02-27 04:45 . 2010-02-27 04:45 -------- d-----w- c:\program files\Corel
2010-02-27 04:14 . 2010-02-27 04:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Jasc
2010-02-27 03:41 . 2010-02-27 03:41 -------- d-----w- c:\program files\Jasc Software Inc
2010-02-27 03:41 . 2010-02-27 03:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Jasc Software Inc
2010-02-27 03:39 . 2010-02-27 03:39 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-02-27 03:33 . 2010-02-27 03:34 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2010-02-27 03:33 . 2010-02-27 03:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-02-27 03:33 . 2010-02-27 05:18 -------- d-----w- c:\program files\Google
2010-02-27 03:33 . 2010-02-27 03:35 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-03-29 00:03 . 2010-02-12 21:02 -------- d-----w- c:\documents and settings\Owner\Application Data\MSN6
2010-03-26 00:39 . 2010-02-18 01:45 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stam p.sys
2010-03-21 21:49 . 2010-02-12 00:08 318168 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-14 18:31 . 2010-02-18 03:33 -------- d-----w- c:\program files\Veign
2010-02-26 06:41 . 2010-02-26 06:41 847040 ----a-w- c:\documents and settings\Owner\Application Data\Facebook\axfbootloader.dll
2010-02-26 06:41 . 2010-02-26 06:41 5582848 ----a-w- c:\documents and settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-02-18 20:04 . 2010-02-18 20:04 -------- d-----w- c:\program files\MFInstall
2010-02-18 03:30 . 2010-02-17 01:53 -------- d-----w- c:\program files\Java
2010-02-18 03:29 . 2010-02-18 01:42 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-18 03:16 . 2010-02-18 03:16 -------- d-----w- c:\documents and settings\Owner\Application Data\AMPSoft
2010-02-18 01:45 . 2010-02-18 01:45 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org
2010-02-18 01:42 . 2010-02-18 01:42 -------- d-----w- c:\program files\JRE
2010-02-18 00:29 . 2010-02-18 00:29 28552 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-17 22:15 . 2010-02-17 22:15 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-17 01:55 . 2010-02-17 01:55 -------- d-----w- c:\program files\Common Files\Java
2010-02-17 01:53 . 2010-02-17 01:53 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-3c28fe35-n\msvcp71.dll
2010-02-17 01:53 . 2010-02-17 01:53 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-3c28fe35-n\jmc.dll
2010-02-17 01:53 . 2010-02-17 01:53 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-3c28fe35-n\msvcr71.dll
2010-02-17 01:53 . 2010-02-17 01:53 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-18c15f04-n\decora-sse.dll
2010-02-17 01:53 . 2010-02-17 01:53 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-18c15f04-n\decora-d3d.dll
2010-02-17 01:53 . 2010-02-17 01:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-16 03:02 . 2010-02-16 03:02 -------- d-----w- c:\documents and settings\Owner\Application Data\Symantec
2010-02-15 23:08 . 2010-02-15 22:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-15 22:58 . 2010-02-15 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-02-15 22:57 . 2010-02-15 22:57 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-15 22:57 . 2010-02-15 22:57 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-02-15 22:57 . 2010-02-15 22:57 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-02-15 22:57 . 2010-02-15 22:57 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-15 22:57 . 2010-02-15 22:57 -------- d-----w- c:\program files\Symantec
2010-02-15 22:57 . 2010-02-15 22:57 -------- d-----w- c:\program files\Norton Internet Security
2010-02-15 22:57 . 2010-02-15 22:57 -------- d-----w- c:\program files\Windows Sidebar
2010-02-15 22:54 . 2010-02-15 22:54 -------- d-----w- c:\program files\NortonInstaller
2010-02-15 22:54 . 2010-02-15 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-02-15 09:00 . 2010-03-28 23:11 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs \20100328.020\NAVENG.SYS
2010-02-15 09:00 . 2010-03-28 23:11 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs \20100328.020\NAVENG32.DLL
2010-02-15 09:00 . 2010-03-28 23:11 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs \20100328.020\NAVEX32A.DLL
2010-02-15 09:00 . 2010-03-28 23:11 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs \20100328.020\NAVEX15.SYS
2010-02-15 09:00 . 2010-03-28 23:11 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs \20100328.020\EECTRL.SYS
2010-02-15 09:00 . 2010-03-28 23:11 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs \20100328.020\CCERASER.DLL
2010-02-15 09:00 . 2010-03-28 23:11 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs \20100328.020\ECMSVR32.DLL
2010-02-15 09:00 . 2010-03-28 23:11 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs \20100328.020\ERASER.SYS
2010-02-14 21:08 . 2010-02-11 21:22 77423 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-02-12 22:52 . 2010-02-12 22:52 -------- d-----w- c:\documents and settings\Owner\Application Data\MSNInstaller
2010-02-12 21:31 . 2010-02-12 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN Messenger 6.1.0155
2010-02-12 21:02 . 2010-02-12 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2010-02-12 19:24 . 2010-02-12 19:24 0 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2010-02-12 19:03 . 2010-02-12 18:56 -------- d-----w- c:\program files\Microsoft Works
2010-02-12 19:01 . 2010-02-12 19:01 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-02-12 18:56 . 2010-02-12 18:56 -------- d-----w- c:\program files\Microsoft Works Suite 2004
2010-02-12 18:30 . 2010-02-12 18:30 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-11 22:15 . 2010-02-11 22:15 -------- d-----w- c:\program files\Dell Computer
2010-02-11 22:15 . 2010-02-11 22:15 -------- d-----w- c:\program files\ABBYY FineReader 5.0 Sprint
2010-02-11 22:15 . 2010-02-11 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2010-02-11 22:15 . 2010-02-11 22:14 -------- d-----w- c:\program files\Dell AIO Printer A960
2010-02-11 22:15 . 2010-02-11 21:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-11 22:03 . 2010-02-11 22:03 -------- d-----w- c:\program files\Analog Devices
2010-02-11 22:00 . 2010-02-11 22:00 -------- d-----w- c:\program files\Intel
2010-02-11 21:52 . 2010-02-11 21:52 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-11 21:26 . 2010-02-11 21:26 -------- d-----w- c:\program files\microsoft frontpage
2010-02-11 21:19 . 2010-02-11 21:19 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-11 18:44 . 2010-02-11 18:44 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\ 20100211.001\BHRules.dll
2010-02-11 18:44 . 2010-02-11 18:44 1406352 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\ 20100211.001\BHEngine.dll
2010-02-11 18:44 . 2010-02-11 18:44 676912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\ 20100211.001\BHDrvx64.sys
2010-02-11 18:44 . 2010-02-11 18:44 536112 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\ 20100211.001\BHDrvx86.sys
2010-02-11 18:44 . 2010-02-11 18:44 611216 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\ 20100211.001\bbRGen.dll
2010-01-12 05:48 . 2010-01-12 05:48 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-12 05:48 . 2010-01-12 05:48 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-12-31 16:50 . 2003-07-16 20:46 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"Dell AIO Printer A960"="c:\program files\Dell AIO Printer A960\dlbfbmgr.exe" [2003-09-21 270336]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1105000.07F\ SymDS.sys [2/15/2010 3:57 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1105000 .07F\SymEFA.sys [2/15/2010 3:57 PM 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\ 20100211.001\BHDrvx86.sys [2/11/2010 11:44 AM 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1105000.0 7F\cchpx86.sys [2/15/2010 3:57 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1105000.07F \Ironx86.sys [2/15/2010 3:57 PM 116272]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe [2/15/2010 3:57 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/15/2010 3:58 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100326.001\IDSXpx86.sys [3/25/2010 10:24 PM 329592]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/26/2010 8:33 PM 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 03:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-28 18:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N IS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.5.0.127\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2016)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-03-28 18:53:46
ComboFix-quarantined-files.txt 2010-03-29 01:53

Pre-Run: 90,143,703,040 bytes free
Post-Run: 90,248,982,528 bytes free

- - End Of File - - 0064E08E06395A3C3016A8C7BDC2C07B


Melissa Y's HJT SCAN LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:11 PM, on 3/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1265935801820
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe

--
End of file - 4268 bytes


MelissaY's HJT UNINSTALL LIST:
ABBYY FineReader 5.0 Sprint Plus
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
Adobe Shockwave Player 11.5
AVD Video Processor 7.7
Cool Edit Pro 2.1
Corel Paint Shop Pro Photo X2
Dell AIO Printer A960
Dell ResourceCD
ESET Online Scanner v3
exPressit S.E. 2.1
Eye Candy 3
Eye Candy 4000 Demo
Freecorder 2.3 (with Skype Call Recording)
Google Earth
Google Update Helper
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
ImTOO MOV Converter
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
Jasc Paint Shop Pro 8
Jasc Paint Shop Pro 8.10 Update Patch
Java(TM) 6 Update 18
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MSN
Nero Suite
Norton Internet Security
OpenOffice.org 3.2
Print to Fax
Rhapsody
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SoundMAX
SpiceFX Packs 3.0v for Movie Maker
tunebite 3.0.1.8
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Creativity Fun Packs - Windows Movie Maker 2
Windows XP Service Pack 3
WinMPG VideoConvert 8.8.0.0
WinZip 11.2