Yikes! I think I have a Backdoor Trojan Worm

**MelissaY** · 03-28-2010, 09:05 PM

J., I'm really appreciating your time and expertise right now. Again...thanks!

Here are the new logs; copy and pasted.

MelissaY's COMBOFIX LOG:
ComboFix 10-03-28.01 - Owner 03/28/2010 18:47:19.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.730 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-29 )))))))))))))))))))))))))))))))
.

2010-03-26 05:24 . 2009-11-17 00:51 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100326.001\Scxpx86.dll
2010-03-26 05:24 . 2009-11-17 00:51 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100326.001\IDSxpx86.dll
2010-03-26 05:24 . 2009-11-17 00:51 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100326.001\IDSviA64.sys
2010-03-26 05:24 . 2009-11-17 00:51 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100326.001\IDSvix86.sys
2010-03-26 05:24 . 2009-11-17 00:51 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100326.001\IDSXpx86.sys
2010-03-25 13:52 . 2010-03-25 13:52 -------- d-----w- c:\program files\ESET
2010-03-25 05:07 . 2010-03-25 05:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-03-25 05:07 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-25 05:07 . 2010-03-25 05:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-25 05:07 . 2010-03-25 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-25 05:07 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-23 22:00 . 2009-11-17 00:51 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100317.002\Scxpx86.dll
2010-03-23 22:00 . 2009-11-17 00:51 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100317.002\IDSxpx86.dll
2010-03-23 22:00 . 2009-11-17 00:51 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100317.002\IDSviA64.sys
2010-03-23 22:00 . 2009-11-17 00:51 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100317.002\IDSvix86.sys
2010-03-23 22:00 . 2009-11-17 00:51 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100317.002\IDSXpx86.sys
2010-03-11 05:02 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-03 18:56 . 2010-03-03 18:56 -------- d-----w- c:\windows\Sun
2010-03-01 21:39 . 2010-03-01 21:39 -------- d-----w- c:\program files\Freecorder
2010-03-01 21:39 . 2010-03-01 21:38 737280 ----a-w- c:\windows\iun6002.exe
2010-03-01 21:14 . 1996-10-30 16:35 32768 ----a-w- c:\windows\system32\plugin.dll
2010-03-01 21:13 . 1994-11-18 09:00 210944 ----a-w- c:\windows\system32\Msvcrt10.dll
2010-03-01 20:03 . 2010-03-01 20:14 -------- d-----w- c:\documents and settings\Owner\Application Data\tunebite
2010-03-01 20:02 . 2010-03-01 20:14 -------- d-----w- c:\program files\tunebite
2010-03-01 20:02 . 2006-06-21 19:47 15488 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2010-03-01 19:14 . 2010-03-01 19:14 -------- d-----w- c:\program files\Pixelan
2010-03-01 19:04 . 2010-03-01 19:04 -------- d-----w- c:\program files\Microsoft Plus! Digital Media Edition
2010-03-01 18:55 . 2010-03-15 01:24 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WMTools Downloaded Files
2010-03-01 07:59 . 2010-03-01 08:02 -------- d-----w- c:\program files\WinMPG VideoConvert
2010-03-01 07:46 . 2010-03-01 07:46 -------- d-----w- c:\documents and settings\Owner\Application Data\ImTOO Software Studio
2010-03-01 07:45 . 2010-03-01 07:45 -------- d-----w- c:\program files\ImTOO
2010-03-01 02:08 . 2010-03-01 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-03-01 01:14 . 2010-03-01 01:14 -------- d-----w- c:\program files\AVD Video Processor 7.7
2010-02-28 22:59 . 2010-03-11 21:07 -------- d-----w- c:\program files\exPressit S.E. 2.1
2010-02-28 22:39 . 2010-02-28 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\MSNDynFiles
2010-02-28 22:39 . 2009-10-15 14:15 625528 ----a-w- c:\documents and settings\All Users\Application Data\MSNDynFiles\SpellChecker\mssp7en.dll
2010-02-28 22:39 . 2009-10-15 14:10 390144 ----a-w- c:\documents and settings\All Users\Application Data\MSNDynFiles\txsrvc.dll
2010-02-28 22:39 . 2009-10-15 14:10 476672 ----a-w- c:\documents and settings\All Users\Application Data\MSNDynFiles\unicows.dll
2010-02-28 22:39 . 2009-10-15 14:10 151552 ----a-w- c:\documents and settings\All Users\Application Data\MSNDynFiles\vid_fly.dll
2010-02-28 22:39 . 2009-10-15 14:10 150528 ----a-w- c:\documents and settings\All Users\Application Data\MSNDynFiles\vid_wide.dll
2010-02-28 22:39 . 2009-10-15 14:10 123392 ----a-w- c:\documents and settings\All Users\Application Data\MSNDynFiles\msndupd.exe
2010-02-28 18:53 . 2010-02-28 18:53 50354 ----a-w- c:\documents and settings\Owner\Application Data\Facebook\uninstall.exe
2010-02-28 18:53 . 2010-02-28 18:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Facebook
2010-02-28 04:57 . 2010-02-28 04:57 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Ahead
2010-02-28 04:53 . 2004-03-04 05:30 5504 ----a-w- c:\windows\system32\drivers\imagedrv.sys
2010-02-28 04:53 . 2004-03-04 05:30 125184 ----a-w- c:\windows\system32\drivers\imagesrv.sys
2010-02-28 04:52 . 2000-06-26 19:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2010-02-28 04:52 . 2001-06-26 16:15 38912 ----a-w- c:\windows\system32\picn20.dll
2010-02-28 04:52 . 2001-07-07 02:24 283920 ----a-w- c:\windows\system32\ImagXpr5.dll
2010-02-28 04:52 . 2001-07-06 22:41 569344 ----a-w- c:\windows\system32\imagr5.dll
2010-02-28 04:52 . 2001-07-06 20:44 544768 ----a-w- c:\windows\system32\imagx5.dll
2010-02-28 04:52 . 2010-02-28 04:56 -------- d-----w- c:\program files\Common Files\Ahead
2010-02-28 04:52 . 2001-07-09 19:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-02-28 04:52 . 2010-02-28 04:52 -------- d-----w- c:\program files\Ahead
2010-02-28 04:26 . 2010-02-28 04:26 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-02-28 04:15 . 2010-03-26 16:45 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Corel
2010-02-28 00:53 . 2010-02-28 00:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Syntrillium
2010-02-28 00:51 . 2010-02-28 00:53 -------- d-----w- c:\program files\coolpro2
2010-02-27 22:41 . 2010-02-27 22:41 -------- d-----w- c:\program files\Common Files\Real
2010-02-27 22:38 . 2010-02-27 22:48 -------- d-----w- c:\program files\Rhapsody
2010-02-27 04:48 . 2010-02-28 04:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Corel
2010-02-27 04:48 . 2010-02-28 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-02-27 04:45 . 2010-02-27 04:46 -------- d-----w- c:\program files\Common Files\Corel
2010-02-27 04:45 . 2010-02-27 04:45 -------- d-----w- c:\program files\Corel
2010-02-27 04:14 . 2010-02-27 04:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Jasc
2010-02-27 03:41 . 2010-02-27 03:41 -------- d-----w- c:\program files\Jasc Software Inc
2010-02-27 03:41 . 2010-02-27 03:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Jasc Software Inc
2010-02-27 03:39 . 2010-02-27 03:39 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-02-27 03:33 . 2010-02-27 03:34 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2010-02-27 03:33 . 2010-02-27 03:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-02-27 03:33 . 2010-02-27 05:18 -------- d-----w- c:\program files\Google
2010-02-27 03:33 . 2010-02-27 03:35 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-03-29 00:03 . 2010-02-12 21:02 -------- d-----w- c:\documents and settings\Owner\Application Data\MSN6
2010-03-26 00:39 . 2010-02-18 01:45 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stam p.sys
2010-03-21 21:49 . 2010-02-12 00:08 318168 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-14 18:31 . 2010-02-18 03:33 -------- d-----w- c:\program files\Veign
2010-02-26 06:41 . 2010-02-26 06:41 847040 ----a-w- c:\documents and settings\Owner\Application Data\Facebook\axfbootloader.dll
2010-02-26 06:41 . 2010-02-26 06:41 5582848 ----a-w- c:\documents and settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-02-18 20:04 . 2010-02-18 20:04 -------- d-----w- c:\program files\MFInstall
2010-02-18 03:30 . 2010-02-17 01:53 -------- d-----w- c:\program files\Java
2010-02-18 03:29 . 2010-02-18 01:42 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-18 03:16 . 2010-02-18 03:16 -------- d-----w- c:\documents and settings\Owner\Application Data\AMPSoft
2010-02-18 01:45 . 2010-02-18 01:45 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org
2010-02-18 01:42 . 2010-02-18 01:42 -------- d-----w- c:\program files\JRE
2010-02-18 00:29 . 2010-02-18 00:29 28552 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-17 22:15 . 2010-02-17 22:15 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-17 01:55 . 2010-02-17 01:55 -------- d-----w- c:\program files\Common Files\Java
2010-02-17 01:53 . 2010-02-17 01:53 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-3c28fe35-n\msvcp71.dll
2010-02-17 01:53 . 2010-02-17 01:53 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-3c28fe35-n\jmc.dll
2010-02-17 01:53 . 2010-02-17 01:53 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-3c28fe35-n\msvcr71.dll
2010-02-17 01:53 . 2010-02-17 01:53 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-18c15f04-n\decora-sse.dll
2010-02-17 01:53 . 2010-02-17 01:53 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-18c15f04-n\decora-d3d.dll
2010-02-17 01:53 . 2010-02-17 01:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-16 03:02 . 2010-02-16 03:02 -------- d-----w- c:\documents and settings\Owner\Application Data\Symantec
2010-02-15 23:08 . 2010-02-15 22:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-15 22:58 . 2010-02-15 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-02-15 22:57 . 2010-02-15 22:57 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-15 22:57 . 2010-02-15 22:57 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-02-15 22:57 . 2010-02-15 22:57 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-02-15 22:57 . 2010-02-15 22:57 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-15 22:57 . 2010-02-15 22:57 -------- d-----w- c:\program files\Symantec
2010-02-15 22:57 . 2010-02-15 22:57 -------- d-----w- c:\program files\Norton Internet Security
2010-02-15 22:57 . 2010-02-15 22:57 -------- d-----w- c:\program files\Windows Sidebar
2010-02-15 22:54 . 2010-02-15 22:54 -------- d-----w- c:\program files\NortonInstaller
2010-02-15 22:54 . 2010-02-15 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-02-15 09:00 . 2010-03-28 23:11 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs \20100328.020\NAVENG.SYS
2010-02-15 09:00 . 2010-03-28 23:11 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs \20100328.020\NAVENG32.DLL
2010-02-15 09:00 . 2010-03-28 23:11 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs \20100328.020\NAVEX32A.DLL
2010-02-15 09:00 . 2010-03-28 23:11 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs \20100328.020\NAVEX15.SYS
2010-02-15 09:00 . 2010-03-28 23:11 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs \20100328.020\EECTRL.SYS
2010-02-15 09:00 . 2010-03-28 23:11 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs \20100328.020\CCERASER.DLL
2010-02-15 09:00 . 2010-03-28 23:11 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs \20100328.020\ECMSVR32.DLL
2010-02-15 09:00 . 2010-03-28 23:11 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs \20100328.020\ERASER.SYS
2010-02-14 21:08 . 2010-02-11 21:22 77423 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-02-12 22:52 . 2010-02-12 22:52 -------- d-----w- c:\documents and settings\Owner\Application Data\MSNInstaller
2010-02-12 21:31 . 2010-02-12 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN Messenger 6.1.0155
2010-02-12 21:02 . 2010-02-12 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2010-02-12 19:24 . 2010-02-12 19:24 0 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2010-02-12 19:03 . 2010-02-12 18:56 -------- d-----w- c:\program files\Microsoft Works
2010-02-12 19:01 . 2010-02-12 19:01 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-02-12 18:56 . 2010-02-12 18:56 -------- d-----w- c:\program files\Microsoft Works Suite 2004
2010-02-12 18:30 . 2010-02-12 18:30 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-11 22:15 . 2010-02-11 22:15 -------- d-----w- c:\program files\Dell Computer
2010-02-11 22:15 . 2010-02-11 22:15 -------- d-----w- c:\program files\ABBYY FineReader 5.0 Sprint
2010-02-11 22:15 . 2010-02-11 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2010-02-11 22:15 . 2010-02-11 22:14 -------- d-----w- c:\program files\Dell AIO Printer A960
2010-02-11 22:15 . 2010-02-11 21:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-11 22:03 . 2010-02-11 22:03 -------- d-----w- c:\program files\Analog Devices
2010-02-11 22:00 . 2010-02-11 22:00 -------- d-----w- c:\program files\Intel
2010-02-11 21:52 . 2010-02-11 21:52 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-11 21:26 . 2010-02-11 21:26 -------- d-----w- c:\program files\microsoft frontpage
2010-02-11 21:19 . 2010-02-11 21:19 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-11 18:44 . 2010-02-11 18:44 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\ 20100211.001\BHRules.dll
2010-02-11 18:44 . 2010-02-11 18:44 1406352 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\ 20100211.001\BHEngine.dll
2010-02-11 18:44 . 2010-02-11 18:44 676912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\ 20100211.001\BHDrvx64.sys
2010-02-11 18:44 . 2010-02-11 18:44 536112 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\ 20100211.001\BHDrvx86.sys
2010-02-11 18:44 . 2010-02-11 18:44 611216 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\ 20100211.001\bbRGen.dll
2010-01-12 05:48 . 2010-01-12 05:48 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-12 05:48 . 2010-01-12 05:48 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-12-31 16:50 . 2003-07-16 20:46 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"Dell AIO Printer A960"="c:\program files\Dell AIO Printer A960\dlbfbmgr.exe" [2003-09-21 270336]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1105000.07F\ SymDS.sys [2/15/2010 3:57 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1105000 .07F\SymEFA.sys [2/15/2010 3:57 PM 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\ 20100211.001\BHDrvx86.sys [2/11/2010 11:44 AM 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1105000.0 7F\cchpx86.sys [2/15/2010 3:57 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1105000.07F \Ironx86.sys [2/15/2010 3:57 PM 116272]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe [2/15/2010 3:57 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/15/2010 3:58 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\2 0100326.001\IDSXpx86.sys [3/25/2010 10:24 PM 329592]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/26/2010 8:33 PM 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 03:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-28 18:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N IS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.5.0.127\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2016)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-03-28 18:53:46
ComboFix-quarantined-files.txt 2010-03-29 01:53

Pre-Run: 90,143,703,040 bytes free
Post-Run: 90,248,982,528 bytes free

- - End Of File - - 0064E08E06395A3C3016A8C7BDC2C07B

Melissa Y's HJT SCAN LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:11 PM, on 3/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1265935801820
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe

--
End of file - 4268 bytes

MelissaY's HJT UNINSTALL LIST:
ABBYY FineReader 5.0 Sprint Plus
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
Adobe Shockwave Player 11.5
AVD Video Processor 7.7
Cool Edit Pro 2.1
Corel Paint Shop Pro Photo X2
Dell AIO Printer A960
Dell ResourceCD
ESET Online Scanner v3
exPressit S.E. 2.1
Eye Candy 3
Eye Candy 4000 Demo
Freecorder 2.3 (with Skype Call Recording)
Google Earth
Google Update Helper
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
ImTOO MOV Converter
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
Jasc Paint Shop Pro 8
Jasc Paint Shop Pro 8.10 Update Patch
Java(TM) 6 Update 18
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MSN
Nero Suite
Norton Internet Security
OpenOffice.org 3.2
Print to Fax
Rhapsody
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SoundMAX
SpiceFX Packs 3.0v for Movie Maker
tunebite 3.0.1.8
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Creativity Fun Packs - Windows Movie Maker 2
Windows XP Service Pack 3
WinMPG VideoConvert 8.8.0.0
WinZip 11.2

Thread: Yikes! I think I have a Backdoor Trojan Worm

Thread Tools

Display

Threaded View

Thread Information

Users Browsing this Thread

Posting Permissions