Yikes! I think I have a Backdoor Trojan Worm

[MelissaY]

J., I'm really appreciating your time and expertise right now. Again...thanks!

Here are the new logs; copy and pasted.

MelissaY's COMBOFIX LOG:
ComboFix 10-03-28.01 - Owner 03/28/2010 18:47:19.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.730 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-29 )))))))))))))))))))))))))))))))
.

2010-03-26 05:24 . 2009-11-17 00:51 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100326.001\Scxpx86.dll
2010-03-26 05:24 . 2009-11-17 00:51 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100326.001\IDSxpx86.dll
2010-03-26 05:24 . 2009-11-17 00:51 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100326.001\IDSviA64.sys
2010-03-26 05:24 . 2009-11-17 00:51 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100326.001\IDSvix86.sys
2010-03-26 05:24 . 2009-11-17 00:51 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100326.001\IDSXpx86.sys
2010-03-25 13:52 . 2010-03-25 13:52 -------- d-----w- c:\program files\ESET
2010-03-25 05:07 . 2010-03-25 05:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-03-25 05:07 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-25 05:07 . 2010-03-25 05:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-25 05:07 . 2010-03-25 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-25 05:07 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-23 22:00 . 2009-11-17 00:51 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100317.002\Scxpx86.dll
2010-03-23 22:00 . 2009-11-17 00:51 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100317.002\IDSxpx86.dll
2010-03-23 22:00 . 2009-11-17 00:51 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100317.002\IDSviA64.sys
2010-03-23 22:00 . 2009-11-17 00:51 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100317.002\IDSvix86.sys
2010-03-23 22:00 . 2009-11-17 00:51 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100317.002\IDSXpx86.sys
2010-03-11 05:02 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-03 18:56 . 2010-03-03 18:56 -------- d-----w- c:\windows\Sun
2010-03-01 21:39 . 2010-03-01 21:39 -------- d-----w- c:\program files\Freecorder
2010-03-01 21:39 . 2010-03-01 21:38 737280 ----a-w- c:\windows\iun6002.exe
2010-03-01 21:14 . 1996-10-30 16:35 32768 ----a-w- c:\windows\system32\plugin.dll
2010-03-01 21:13 . 1994-11-18 09:00 210944 ----a-w- c:\windows\system32\Msvcrt10.dll
2010-03-01 20:03 . 2010-03-01 20:14 -------- d-----w- c:\documents and settings\Owner\Application Data\tunebite
2010-03-01 20:02 . 2010-03-01 20:14 -------- d-----w- c:\program files\tunebite
2010-03-01 20:02 . 2006-06-21 19:47 15488 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2010-03-01 19:14 . 2010-03-01 19:14 -------- d-----w- c:\program files\Pixelan
2010-03-01 19:04 . 2010-03-01 19:04 -------- d-----w- c:\program files\Microsoft Plus! Digital Media Edition
2010-03-01 18:55 . 2010-03-15 01:24 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WMTools Downloaded Files
2010-03-01 07:59 . 2010-03-01 08:02 -------- d-----w- c:\program files\WinMPG VideoConvert
2010-03-01 07:46 . 2010-03-01 07:46 -------- d-----w- c:\documents and settings\Owner\Application Data\ImTOO Software Studio
2010-03-01 07:45 . 2010-03-01 07:45 -------- d-----w- c:\program files\ImTOO
2010-03-01 02:08 . 2010-03-01 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-03-01 01:14 . 2010-03-01 01:14 -------- d-----w- c:\program files\AVD Video Processor 7.7
2010-02-28 22:59 . 2010-03-11 21:07 -------- d-----w- c:\program files\exPressit S.E. 2.1
2010-02-28 22:39 . 2010-02-28 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\MSNDynFiles
2010-02-28 22:39 . 2009-10-15 14:15 625528 ----a-w- c:\documents and settings\All Users\Application Data\MSNDynFiles\SpellChecker\mssp7en.dll
2010-02-28 22:39 . 2009-10-15 14:10 390144 ----a-w- c:\documents and settings\All Users\Application Data\MSNDynFiles\txsrvc.dll
2010-02-28 22:39 . 2009-10-15 14:10 476672 ----a-w- c:\documents and settings\All Users\Application Data\MSNDynFiles\unicows.dll
2010-02-28 22:39 . 2009-10-15 14:10 151552 ----a-w- c:\documents and settings\All Users\Application Data\MSNDynFiles\vid_fly.dll
2010-02-28 22:39 . 2009-10-15 14:10 150528 ----a-w- c:\documents and settings\All Users\Application Data\MSNDynFiles\vid_wide.dll
2010-02-28 22:39 . 2009-10-15 14:10 123392 ----a-w- c:\documents and settings\All Users\Application Data\MSNDynFiles\msndupd.exe
2010-02-28 18:53 . 2010-02-28 18:53 50354 ----a-w- c:\documents and settings\Owner\Application Data\Facebook\uninstall.exe
2010-02-28 18:53 . 2010-02-28 18:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Facebook
2010-02-28 04:57 . 2010-02-28 04:57 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Ahead
2010-02-28 04:53 . 2004-03-04 05:30 5504 ----a-w- c:\windows\system32\drivers\imagedrv.sys
2010-02-28 04:53 . 2004-03-04 05:30 125184 ----a-w- c:\windows\system32\drivers\imagesrv.sys
2010-02-28 04:52 . 2000-06-26 19:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2010-02-28 04:52 . 2001-06-26 16:15 38912 ----a-w- c:\windows\system32\picn20.dll
2010-02-28 04:52 . 2001-07-07 02:24 283920 ----a-w- c:\windows\system32\ImagXpr5.dll
2010-02-28 04:52 . 2001-07-06 22:41 569344 ----a-w- c:\windows\system32\imagr5.dll
2010-02-28 04:52 . 2001-07-06 20:44 544768 ----a-w- c:\windows\system32\imagx5.dll
2010-02-28 04:52 . 2010-02-28 04:56 -------- d-----w- c:\program files\Common Files\Ahead
2010-02-28 04:52 . 2001-07-09 19:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-02-28 04:52 . 2010-02-28 04:52 -------- d-----w- c:\program files\Ahead
2010-02-28 04:26 . 2010-02-28 04:26 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-02-28 04:15 . 2010-03-26 16:45 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Corel
2010-02-28 00:53 . 2010-02-28 00:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Syntrillium
2010-02-28 00:51 . 2010-02-28 00:53 -------- d-----w- c:\program files\coolpro2
2010-02-27 22:41 . 2010-02-27 22:41 -------- d-----w- c:\program files\Common Files\Real
2010-02-27 22:38 . 2010-02-27 22:48 -------- d-----w- c:\program files\Rhapsody
2010-02-27 04:48 . 2010-02-28 04:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Corel
2010-02-27 04:48 . 2010-02-28 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-02-27 04:45 . 2010-02-27 04:46 -------- d-----w- c:\program files\Common Files\Corel
2010-02-27 04:45 . 2010-02-27 04:45 -------- d-----w- c:\program files\Corel
2010-02-27 04:14 . 2010-02-27 04:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Jasc
2010-02-27 03:41 . 2010-02-27 03:41 -------- d-----w- c:\program files\Jasc Software Inc
2010-02-27 03:41 . 2010-02-27 03:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Jasc Software Inc
2010-02-27 03:39 . 2010-02-27 03:39 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-02-27 03:33 . 2010-02-27 03:34 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2010-02-27 03:33 . 2010-02-27 03:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-02-27 03:33 . 2010-02-27 05:18 -------- d-----w- c:\program files\Google
2010-02-27 03:33 . 2010-02-27 03:35 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-03-29 00:03 . 2010-02-12 21:02 -------- d-----w- c:\documents and settings\Owner\Application Data\MSN6
2010-03-26 00:39 . 2010-02-18 01:45 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stam p.sys
2010-03-21 21:49 . 2010-02-12 00:08 318168 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-14 18:31 . 2010-02-18 03:33 -------- d-----w- c:\program files\Veign
2010-02-26 06:41 . 2010-02-26 06:41 847040 ----a-w- c:\documents and settings\Owner\Application Data\Facebook\axfbootloader.dll
2010-02-26 06:41 . 2010-02-26 06:41 5582848 ----a-w- c:\documents and settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-02-18 20:04 . 2010-02-18 20:04 -------- d-----w- c:\program files\MFInstall
2010-02-18 03:30 . 2010-02-17 01:53 -------- d-----w- c:\program files\Java
2010-02-18 03:29 . 2010-02-18 01:42 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-18 03:16 . 2010-02-18 03:16 -------- d-----w- c:\documents and settings\Owner\Application Data\AMPSoft
2010-02-18 01:45 . 2010-02-18 01:45 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org
2010-02-18 01:42 . 2010-02-18 01:42 -------- d-----w- c:\program files\JRE
2010-02-18 00:29 . 2010-02-18 00:29 28552 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-17 22:15 . 2010-02-17 22:15 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-17 01:55 . 2010-02-17 01:55 -------- d-----w- c:\program files\Common Files\Java
2010-02-17 01:53 . 2010-02-17 01:53 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-3c28fe35-n\msvcp71.dll
2010-02-17 01:53 . 2010-02-17 01:53 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-3c28fe35-n\jmc.dll
2010-02-17 01:53 . 2010-02-17 01:53 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-3c28fe35-n\msvcr71.dll
2010-02-17 01:53 . 2010-02-17 01:53 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-18c15f04-n\decora-sse.dll
2010-02-17 01:53 . 2010-02-17 01:53 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-18c15f04-n\decora-d3d.dll
2010-02-17 01:53 . 2010-02-17 01:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-16 03:02 . 2010-02-16 03:02 -------- d-----w- c:\documents and settings\Owner\Application Data\Symantec
2010-02-15 23:08 . 2010-02-15 22:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-15 22:58 . 2010-02-15 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-02-15 22:57 . 2010-02-15 22:57 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-15 22:57 . 2010-02-15 22:57 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-02-15 22:57 . 2010-02-15 22:57 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-02-15 22:57 . 2010-02-15 22:57 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-15 22:57 . 2010-02-15 22:57 -------- d-----w- c:\program files\Symantec
2010-02-15 22:57 . 2010-02-15 22:57 -------- d-----w- c:\program files\Norton Internet Security
2010-02-15 22:57 . 2010-02-15 22:57 -------- d-----w- c:\program files\Windows Sidebar
2010-02-15 22:54 . 2010-02-15 22:54 -------- d-----w- c:\program files\NortonInstaller
2010-02-15 22:54 . 2010-02-15 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-02-15 09:00 . 2010-03-28 23:11 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs \20100328.020\NAVENG.SYS
2010-02-15 09:00 . 2010-03-28 23:11 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs \20100328.020\NAVENG32.DLL
2010-02-15 09:00 . 2010-03-28 23:11 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs \20100328.020\NAVEX32A.DLL
2010-02-15 09:00 . 2010-03-28 23:11 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs \20100328.020\NAVEX15.SYS
2010-02-15 09:00 . 2010-03-28 23:11 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs \20100328.020\EECTRL.SYS
2010-02-15 09:00 . 2010-03-28 23:11 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs \20100328.020\CCERASER.DLL
2010-02-15 09:00 . 2010-03-28 23:11 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs \20100328.020\ECMSVR32.DLL
2010-02-15 09:00 . 2010-03-28 23:11 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs \20100328.020\ERASER.SYS
2010-02-14 21:08 . 2010-02-11 21:22 77423 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-02-12 22:52 . 2010-02-12 22:52 -------- d-----w- c:\documents and settings\Owner\Application Data\MSNInstaller
2010-02-12 21:31 . 2010-02-12 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN Messenger 6.1.0155
2010-02-12 21:02 . 2010-02-12 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2010-02-12 19:24 . 2010-02-12 19:24 0 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2010-02-12 19:03 . 2010-02-12 18:56 -------- d-----w- c:\program files\Microsoft Works
2010-02-12 19:01 . 2010-02-12 19:01 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-02-12 18:56 . 2010-02-12 18:56 -------- d-----w- c:\program files\Microsoft Works Suite 2004
2010-02-12 18:30 . 2010-02-12 18:30 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-11 22:15 . 2010-02-11 22:15 -------- d-----w- c:\program files\Dell Computer
2010-02-11 22:15 . 2010-02-11 22:15 -------- d-----w- c:\program files\ABBYY FineReader 5.0 Sprint
2010-02-11 22:15 . 2010-02-11 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2010-02-11 22:15 . 2010-02-11 22:14 -------- d-----w- c:\program files\Dell AIO Printer A960
2010-02-11 22:15 . 2010-02-11 21:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-11 22:03 . 2010-02-11 22:03 -------- d-----w- c:\program files\Analog Devices
2010-02-11 22:00 . 2010-02-11 22:00 -------- d-----w- c:\program files\Intel
2010-02-11 21:52 . 2010-02-11 21:52 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-11 21:26 . 2010-02-11 21:26 -------- d-----w- c:\program files\microsoft frontpage
2010-02-11 21:19 . 2010-02-11 21:19 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-11 18:44 . 2010-02-11 18:44 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\ 20100211.001\BHRules.dll
2010-02-11 18:44 . 2010-02-11 18:44 1406352 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\ 20100211.001\BHEngine.dll
2010-02-11 18:44 . 2010-02-11 18:44 676912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\ 20100211.001\BHDrvx64.sys
2010-02-11 18:44 . 2010-02-11 18:44 536112 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\ 20100211.001\BHDrvx86.sys
2010-02-11 18:44 . 2010-02-11 18:44 611216 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\ 20100211.001\bbRGen.dll
2010-01-12 05:48 . 2010-01-12 05:48 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-12 05:48 . 2010-01-12 05:48 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-12-31 16:50 . 2003-07-16 20:46 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"Dell AIO Printer A960"="c:\program files\Dell AIO Printer A960\dlbfbmgr.exe" [2003-09-21 270336]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1105000.07F\ SymDS.sys [2/15/2010 3:57 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1105000 .07F\SymEFA.sys [2/15/2010 3:57 PM 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\ 20100211.001\BHDrvx86.sys [2/11/2010 11:44 AM 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1105000.0 7F\cchpx86.sys [2/15/2010 3:57 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1105000.07F \Ironx86.sys [2/15/2010 3:57 PM 116272]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe [2/15/2010 3:57 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/15/2010 3:58 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100326.001\IDSXpx86.sys [3/25/2010 10:24 PM 329592]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/26/2010 8:33 PM 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 03:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-28 18:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N IS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.5.0.127\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2016)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-03-28 18:53:46
ComboFix-quarantined-files.txt 2010-03-29 01:53

Pre-Run: 90,143,703,040 bytes free
Post-Run: 90,248,982,528 bytes free

- - End Of File - - 0064E08E06395A3C3016A8C7BDC2C07B


Melissa Y's HJT SCAN LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:11 PM, on 3/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1265935801820
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe

--
End of file - 4268 bytes


MelissaY's HJT UNINSTALL LIST:
ABBYY FineReader 5.0 Sprint Plus
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
Adobe Shockwave Player 11.5
AVD Video Processor 7.7
Cool Edit Pro 2.1
Corel Paint Shop Pro Photo X2
Dell AIO Printer A960
Dell ResourceCD
ESET Online Scanner v3
exPressit S.E. 2.1
Eye Candy 3
Eye Candy 4000 Demo
Freecorder 2.3 (with Skype Call Recording)
Google Earth
Google Update Helper
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
ImTOO MOV Converter
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
Jasc Paint Shop Pro 8
Jasc Paint Shop Pro 8.10 Update Patch
Java(TM) 6 Update 18
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MSN
Nero Suite
Norton Internet Security
OpenOffice.org 3.2
Print to Fax
Rhapsody
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SoundMAX
SpiceFX Packs 3.0v for Movie Maker
tunebite 3.0.1.8
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Creativity Fun Packs - Windows Movie Maker 2
Windows XP Service Pack 3
WinMPG VideoConvert 8.8.0.0
WinZip 11.2

[jholland1964]

Well combofix found nothing. Please Uninstall it by following these instructions exactly:
* Click START then RUN
* Now type ComboFix /Uninstall in the runbox and click OK. The space between the combofix and the /uninstall, it must be there.
When shown the disclaimer, Select "2"

Now one thing you need to check is this:
Go to Services again...

Go to Start/Administrative Tools/Services/Themes. Set to Automatic
and make sure it is Started.
Reboot and see if that makes a difference.

[MelissaY]

good morning judy...i followed your instructions.

i typed a space after combofix before /uninstall.
i was not offered to select "2"
combofix was noted as being removed as per the prompt.

i checked services again.
themes was already set to automatic and already started.

i re-booted my pc
should i run another HJT log to post?

services is still showing this;

Windows Driver Foundation -User-mode Driver Framework
GENERAL TAB
WudfSvc
Manages user-mode driver host processes
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
Disabled
Stopped

LOG ON TAB
Local System account is dotted
Profile 1 / Service Enabled

RECOVERY TAB
Take No Action
Take No Action
Take No Action
0 days
1 minutes

DEPENDENCIES TAB
Plug and Play

Windows Task Manager displays six [6] svchost.exe running at different Memory Usage Amounts - for your info:

svchost.exe-LOCAL SERVICE [3,696k]
svchost.exe-SYSTEM [5,200k]
svchost.exe-NETWORK SERVICE [4,256k]
svchost.exe-SYSTEM [25,712k]
svchost.exe-NETWORK SERVICE [3,552k]
svchost.exe-LOCAL SERVICE [7,208k]

[jholland1964]

Ok Melissa, have done more research on this entry. I was wrong it is not an infection but related to Plug and Play drivers. What external devices do you have connected to this machine? This would include printers, external hard drives, flash drives, scanners, cameras, or anything that is not installed inside the case, even something like a USB mouse or keyboard.
The correct setting for this WudfSvc should set to Manual not disabled.

Also go to the Device Manager and click on Display Adapter, is there an error showing there? You may need a new driver or the current driver may have become corrupt. Right Click on your Adapter and choose Uninstall. This will uninstall the adapter. Reboot the computer and allow the computer to find the "new" adapter and install it. See if this makes a difference.
If it does not then go back in there, open that up again, Right click on the Adapter and choose Properties. Click on the Driver Tab. This will give you the driver provider and version. Go to the driver provider's web site and see if there is an updated driver, if there is one, download and install it. Reboot and again see if this makes a difference.

[MelissaY]

hello judy...and thank you for your time and dedication.

external devices;
printer/scanner/fax/copier machine (it's an all-in-one)

xbox 360

secondary pc that's never turned on but fully protected with norton as is the primary pc

external hard drive when needed to do a back-up of files
keyboard
mouse
speakers
modem
digital camera on occassion

i have not yet re-installed my ipod or digital video camera.

i re-set the WudfSvc to its original settings [manual]

device manager
display adapter is working properly
since no errors are showing, i did not uninstall

would the i infected file that was deleted by malware bytes be the culprit?
it was called hijack.startmenu and it's noted on the MBAM log 03-25-2010

[jholland1964]

device manager
display adapter is working properly
since no errors are showing, i did not uninstall

doesn't matter if it shows no errors. Very often the driver file can be corrupt and not show an error. Do as I suggested, uninstall and then reboot and let it find the device and install it.

No, this problem found by MBA-M would not be the culprit.

[MelissaY]

judy...i followed your last set of instructions with regard to display adapter uninstall, rebooted pc, it found the new device driver.

what now? :-)

[jholland1964]

And did it install it?

[MelissaY]

yes...i believe it installed. what exactly will help me confirm for you; where do i look and what will it say? just to be sure i'm giving correct info.

[jholland1964]

If when you booted the computer and it said it found the new device and then said it was installing it then you know it installed. If you are still having the problem then you may need a new driver.
Did you check the manufactures website for an updated driver? I mean the manufacturer of the display adapter.