s_m_w_d

Some how I managed to get Backdoor. Trojan & Vundo Trojan on my computer I managed to get Vundo off and then I noticed there was also Backdoor. Trojan and im after turning on my computer and Vundo is back im also getting a popup for Ultimate Defender. Norton Internet Security is able to pick up that there there but it wont delete them I know how to get rid of Vundo but it seems Backdoor is harder to get rid off. Thanks

Here's a highjacklog if its any use.

Logfile of HijackThis v1.99.1
Scan saved at 11:58:52, on 05/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\All Users\Application Data\nebyzkdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Highjackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {BEDF30ED-41B2-4CDC-875A-ED063C81AF7B} - C:\WINDOWS\system32\yayyyxx.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nebyzkdm.exe] C:\Documents and Settings\All Users\Application Data\nebyzkdm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WampServer.lnk = C:\wamp\wampmanager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

__________________

John McKenna

Hi there, can you tell me what you used to rid yourself of Vundo please?


Download ComboFix from either of these links:

http://www.techsupportforum.com/sect...s/ComboFix.exe

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click Combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick Combofix's window whilst it's running. That may cause it to stall.

s_m_w_d

Hey thanks mate just trying it now,I usedVundoFix it seemed to have worked I scanned it with every piece of software I had obviously not at the same time though.

Just ran combofix the log is below and im just running a full scan at the moment but besides some cookies no Trojans have been found yet;

"Stephen" - 2007-06-05 21:21:37 Service Pack 2 NTFS
ComboFix 07-06-3 - Running from: "C:\Documents and Settings\Stephen\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))) )))))


C:\WINDOWS\system32\yayyyxx.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Stephen\APPLIC~1.\macromedia\Flash Player\#SharedObjects\VWYMKDA6\www.broadcaster.com
C:\DOCUME~1\Stephen\APPLIC~1.\macromedia\Flash Player\#SharedObjects\VWYMKDA6\www.broadcaster.com\played_list.sol
C:\DOCUME~1\Stephen\APPLIC~1.\macromedia\Flash Player\#SharedObjects\VWYMKDA6\www.broadcaster.com\video_queue.sol
C:\DOCUME~1\Stephen\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Stephen\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol


((((((((((((((((((((((((( Files Created from 2007-05-05 to 2007-06-05 )))))))))))))))))))))))))))))))


2007-06-05 21:26 262,708 ---hs---- C:\WINDOWS\system32\mljjk.dll
2007-06-05 15:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-06-04 18:45 <DIR> d-------- C:\VundoFix Backups
2007-06-04 17:39 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-04 17:39 <DIR> d-------- C:\DOCUME~1\Stephen\APPLIC~1\Lavasoft
2007-06-04 17:38 <DIR> d-------- C:\Program Files\ewido anti-malware
2007-06-04 17:36 <DIR> d-------- C:\Program Files\Google
2007-06-04 17:36 <DIR> d-------- C:\DOCUME~1\Stephen\APPLIC~1\Google
2007-06-04 17:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-06-01 23:33 57,344 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\nebyzkdm.exe
2007-06-01 23:33 18,944 --------- C:\WINDOWS\system32\winwim32.dll
2007-06-01 15:34 <DIR> dr-h----- C:\DOCUME~1\Stephen\APPLIC~1\SecuROM
2007-06-01 15:20 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-06-01 15:20 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-06-01 15:20 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-06-01 15:20 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-06-01 15:20 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-06-01 15:20 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-06-01 15:09 <DIR> d-------- C:\Program Files\Ubisoft
2007-06-01 15:08 <DIR> d-------- C:\DOCUME~1\Stephen\APPLIC~1\InstallShield
2007-05-30 21:59 <DIR> d-------- C:\DOCUME~1\Stephen\APPLIC~1\Apple Computer
2007-05-28 12:54 <DIR> d-------- C:\wamp
2007-05-25 14:44 <DIR> d-------- C:\WINDOWS\NV16444004.TMP
2007-05-25 14:43 <DIR> d-------- C:\NVIDIA
2007-05-25 13:58 <DIR> d-------- C:\Program Files\QuickTime
2007-05-25 13:58 <DIR> d-------- C:\Program Files\Apple Software Update
2007-05-25 13:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-05-25 12:53 <DIR> d-------- C:\Program Files\GoldWave
2007-05-24 18:27 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-05-24 02:37 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-05-24 02:37 <DIR> d-------- C:\Program Files\MSBuild
2007-05-24 02:35 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-05-24 02:34 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-05-22 20:38 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-05-20 09:32 <DIR> d-------- C:\DOCUME~1\Stephen\APPLIC~1\WhenU
2007-05-20 09:31 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2007-05-20 09:31 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-05-20 09:29 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-05-18 17:47 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-05-18 17:47 <DIR> d-------- C:\a539537b43902b6138f0d81eacb5
2007-05-18 17:46 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-05-18 17:45 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2007-05-18 17:43 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-05-18 17:40 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-05-18 17:40 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-05-18 17:40 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-05-18 17:34 <DIR> d-------- C:\Program Files\ieSpell
2007-05-16 15:29 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-05-13 01:55 <DIR> d-------- C:\DOCUME~1\Stephen\APPLIC~1\teamspeak2
2007-05-12 14:43 21,512 --a------ C:\DOCUME~1\Stephen\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-05-11 12:37 99,904 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-05-11 12:37 63,040 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-05-11 12:37 22,584 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-05-10 08:24 <DIR> d-------- C:\Program Files\Gomez
2007-05-10 08:20 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-05-08 20:02 1,165 --a------ C:\WINDOWS\mozver.dat
2007-05-08 16:44 <DIR> d-------- C:\DOCUME~1\Stephen\APPLIC~1\SystemRequirementsLab
2007-05-07 16:14 0 --a------ C:\WINDOWS\nsreg.dat
2007-05-07 00:12 983,101 --a------ C:\WINDOWS\system32\dlbxgf.dll
2007-05-07 00:12 94,208 --a------ C:\WINDOWS\system32\dlbxinsr.dll
2007-05-07 00:12 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2007-05-07 00:12 77,824 --a------ C:\WINDOWS\system32\dlbxcub.dll
2007-05-07 00:12 741,376 --a------ C:\WINDOWS\system32\dlbxhbn3.dll
2007-05-07 00:12 69,632 --a------ C:\WINDOWS\system32\dlbxcu.dll
2007-05-07 00:12 69,632 --a------ C:\WINDOWS\system32\dlbxcfg.dll
2007-05-07 00:12 659,456 --a------ C:\WINDOWS\system32\dlbxcomc.dll
2007-05-07 00:12 622,592 --a------ C:\WINDOWS\system32\dlbxpmui.dll
2007-05-07 00:12 507,904 --a------ C:\WINDOWS\system32\dlbxhbn1.dll
2007-05-07 00:12 483,328 --a------ C:\WINDOWS\system32\dlbxlmpm.dll
2007-05-07 00:12 450,560 --a------ C:\WINDOWS\system32\dlbxcoms.exe
2007-05-07 00:12 401,408 --a------ C:\WINDOWS\system32\dlbxcomm.dll
2007-05-07 00:12 40,960 --a------ C:\WINDOWS\system32\dlbxvs.dll
2007-05-07 00:12 397,312 --a------ C:\WINDOWS\system32\dlbxutil.dll
2007-05-07 00:12 368,640 --a------ C:\WINDOWS\system32\dlbxcfg.exe
2007-05-07 00:12 32,768 --a------ C:\WINDOWS\system32\dlbxcur.dll
2007-05-07 00:12 319,488 --a------ C:\WINDOWS\system32\dlbxih.exe
2007-05-07 00:12 176,128 --a------ C:\WINDOWS\system32\dlbxinsb.dll
2007-05-07 00:12 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-05-07 00:12 139,264 --a------ C:\WINDOWS\system32\dlbxprox.dll
2007-05-07 00:12 135,168 --a------ C:\WINDOWS\system32\dlbxjswr.dll
2007-05-07 00:12 126,976 --a------ C:\WINDOWS\system32\dlbxins.dll
2007-05-07 00:12 114,688 --a------ C:\WINDOWS\system32\dlbxpplc.dll
2007-05-07 00:12 1,138,688 --a------ C:\WINDOWS\system32\dlbxserv.dll
2007-05-07 00:12 1,085,440 --a------ C:\WINDOWS\system32\dlbxusb1.dll
2007-05-07 00:12 <DIR> d-------- C:\Program Files\Dell Photo AIO Printer 962
2007-05-07 00:11 <DIR> d-------- C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2007-05-07 00:11 <DIR> d-------- C:\Temp
2007-05-05 11:06 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-05-05 11:02 <DIR> d-------- C:\Program Files\SystemRequirementsLab


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-06-05 20:26:13 -------- d-----w C:\DOCUME~1\Stephen\APPLIC~1\uTorrent
2007-06-05 20:13:34 -------- d-----w C:\DOCUME~1\Stephen\APPLIC~1\Xfire
2007-06-05 16:24:32 -------- d-----w C:\Program Files\uTorrent
2007-06-05 14:40:06 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-05 12:53:24 -------- d-s---w C:\Program Files\Xfire
2007-06-01 14:09:12 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-28 11:32:31 -------- d-----w C:\Program Files\LimeWire
2007-05-28 01:20:18 -------- d-----w C:\DOCUME~1\Stephen\APPLIC~1\Skype
2007-05-27 21:28:53 -------- d-----w C:\Program Files\EA GAMES
2007-05-26 14:28:07 -------- d-----w C:\Program Files\FlashFXP
2007-05-22 19:38:32 -------- d-----w C:\Program Files\Skype
2007-05-13 00:55:56 -------- d-----w C:\Program Files\Teamspeak2_RC2
2007-05-06 12:30:42 -------- d-----w C:\DOCUME~1\Stephen\APPLIC~1\Ahead
2007-05-05 09:59:22 -------- d-----w C:\Program Files\Sierra
2007-05-04 09:26:34 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-05-04 09:24:51 527 ----a-w C:\WINDOWS\eReg.dat
2007-05-04 09:24:41 -------- d-----w C:\Program Files\Maxis
2007-05-03 21:56:13 -------- d-----w C:\Program Files\Ventrilo
2007-05-03 21:56:05 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-03 21:55:06 -------- d-----w C:\Program Files\Common Files\Ahead
2007-05-03 21:53:32 -------- d-----w C:\Program Files\Nero
2007-05-03 21:46:00 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-05-03 21:38:06 -------- d-----w C:\Program Files\3Dize
2007-05-03 21:37:05 -------- d-----w C:\Program Files\DivX
2007-05-03 21:34:00 -------- d-----w C:\DOCUME~1\Stephen\APPLIC~1\FlashFXP
2007-05-03 20:57:04 -------- d-----w C:\Program Files\GlobalSCAPE
2007-05-03 19:56:01 -------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-05-03 18:24:17 -------- d-----w C:\Program Files\Spyware Doctor
2007-05-03 16:58:46 -------- d-----w C:\Program Files\Norton Internet Security
2007-05-03 16:58:42 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-05-03 16:58:42 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-05-03 16:58:42 -------- d-----w C:\Program Files\Symantec
2007-05-03 16:52:56 -------- d-----w C:\DOCUME~1\Stephen\APPLIC~1\WinRAR
2007-05-03 16:40:37 -------- d-----w C:\DOCUME~1\Stephen\APPLIC~1\PC Tools
2007-05-03 16:34:58 -------- d-----w C:\Program Files\ToniArts
2007-05-03 16:34:13 -------- d-----w C:\Program Files\Elaborate Bytes
2007-05-03 16:33:35 -------- d-----w C:\Program Files\PC Wizard 2007
2007-05-03 16:30:20 -------- d-----w C:\Program Files\Game Cam v1.4
2007-05-03 15:49:05 -------- d-----w C:\Program Files\Activision
2007-05-03 15:35:22 -------- d-----w C:\Program Files\Electronic Arts
2007-05-03 14:52:35 -------- d-----w C:\Program Files\Valve
2007-05-03 10:01:24 -------- d-----w C:\Program Files\Messenger
2007-05-03 00:56:19 -------- d-----w C:\Program Files\Common Files\ODBC
2007-05-03 00:56:17 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-05-03 00:39:23 -------- d-----w C:\Program Files\MSN Messenger
2007-05-03 00:38:11 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-05-03 00:30:24 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-05-03 00:29:56 -------- d-----w C:\Program Files\Common Files\L&H
2007-05-03 00:15:28 -------- d-----w C:\Program Files\Realtek
2007-05-03 00:14:54 -------- d-----w C:\Program Files\NVIDIA Corporation
2007-05-03 00:05:40 -------- d-----w C:\Program Files\microsoft frontpage
2007-05-03 00:05:18 0 --sha-r C:\MSDOS.SYS
2007-05-03 00:05:18 0 --sha-r C:\IO.SYS
2007-05-03 00:05:18 0 ----a-w C:\CONFIG.SYS
2007-05-03 00:05:18 0 ----a-w C:\AUTOEXEC.BAT
2007-05-03 00:04:26 -------- d--h--w C:\Program Files\WindowsUpdate
2007-05-03 00:03:48 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-05-03 00:03:42 -------- d-----w C:\Program Files\Movie Maker
2007-05-03 00:03:23 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-05-03 00:02:51 -------- d-----w C:\Program Files\Online Services
2007-05-03 00:02:44 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-05-03 00:02:38 -------- d-----w C:\Program Files\Windows NT
2007-04-20 05:05:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-04-20 05:05:00 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-04-20 05:05:00 8,429,568 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-04-20 05:05:00 745,472 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-04-20 05:05:00 6,739,168 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-04-20 05:05:00 6,668,288 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-04-20 05:05:00 6,217,728 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-04-20 05:05:00 5,434,880 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-04-20 05:05:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-04-20 05:05:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-04-20 05:05:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-04-20 05:05:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-04-20 05:05:00 37,888 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-04-20 05:05:00 37,888 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-04-20 05:05:00 344,064 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-04-20 05:05:00 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-04-20 05:05:00 3,538,944 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-04-20 05:05:00 3,289,088 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-04-20 05:05:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-04-20 05:05:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-04-20 05:05:00 2,273,280 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-04-20 05:05:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-04-20 05:05:00 163,908 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-04-20 05:05:00 143,360 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-04-20 05:05:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-04-20 05:05:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-04-20 05:05:00 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-04-20 05:05:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-04-20 05:05:00 1,101,824 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-04-20 05:05:00 1,073,152 ----a-w C:\WINDOWS\system32\nvcpluir.dll
2007-04-20 05:05:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-04-20 05:05:00 1,018,748 ----a-w C:\WINDOWS\system32\nvucode.bin
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75}=C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-01-12 08:04]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}=C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dl l [2005-12-09 16:22]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2007-06-04 17:36]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}=C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dl l [2006-01-06 16:47]
{E5A1691B-D188-4419-AD02-90002030B8EE}=C:\PROGRA~1\FlashFXP\IEFlash.dll [2006-03-31 22:27]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"nwiz"="nwiz.exe" [2007-04-20 06:05 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-17 02:04 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-13 00:58 C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [2005-05-04 02:43 C:\WINDOWS\ALCMTR.EXE]
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 07:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 06:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 08:11]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"nebyzkdm.exe"="C:\Documents and Settings\All Users\Application Data\nebyzkdm.exe" [2007-06-01 23:33]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2006-08-21 12:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 13:00]
"Steam"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 19:43]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2007-06-04 17:36]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Spyware Doctor"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="C:\Program Files\ewido anti-malware\shellhook.dll" [2004-09-30 13:21]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

*Newly Created Service* - AVGIO
*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2007-05-31 08:40:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-04 20:14:34 C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Stephen.job

************************************************** ************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-05 21:30:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\w ampmysqld]
"ImagePath"="c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld"

Completion time: 2007-06-05 21:32:54 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-05 21:32

--- E O F ---

__________________

John McKenna

Has someone suggested to you that installing a second Anti-virus program would be a good idea? I see you have AntiVir installed now as well. This really isn't a good idea and will cause more problems and instability within your machine. I suggest you uninstall it immediately unless Norton has expired in which case Norton should go.


Open notepad (Start > Run and type notepad) and copy/paste the text in the code box below into it:


Save this as ComboFix-Do.txt



Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe

Run ComboFix again and post the resultant log file please with a fresh HJT log.