• Welcome Guest, to the Spybot Forums! It's 2025, and we just upgraded our forum software.

    Today is Safer Internet Day, and with our new forum, you can finally use passkeys to login. That was about time!

    Of course, you could ask if a forum is still useful, with so many social media networks out there where you might already have an account, and met a lot of users. You can now use your login from some of those networks to log in here. And by posting here, your question and data is stored on our servers and not automatically shared with a whole social media network.

    We'll also start using the forum for small bits of information, announcements and more again.

Cannot remove smitfraud-c

H

Herbidatious

New member
Help somone, I have run spybot numerous times and it will not remove smitfraud-c, I have been told that this is a dangerous trojan. Please help. Thnx
 
Hi Herbidatious

Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
 
Log File as requested

Below is the logfile as requested. thnx.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:38, on 16/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vc.freedom.net/html/virus_definition_template.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: SelasI Class - {59F4F380-01A0-4083-9FA4-E3B827319F7E} - C:\WINDOWS\system32\vcbhafjl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hoja Class - {C07F60AC-688D-4F3E-89EC-30B281BDD2CC} - C:\WINDOWS\system32\asclvtym.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\ers_startupmon.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LifeCU] C:\WINDOWS\system32\BastaYa.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jack\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.co.uk
O15 - Trusted Zone: *.musicmatch.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123753183109
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123758956265
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe

--
End of file - 7543 bytes
 
Hi

1. Download combofix from one of these links:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post:

- a fresh HijackThis log
- combofix report
 
Log Files as requested

As requested, thnx.

ComboFix 07-08-14.4 - "Ian" 2007-08-16 18:02:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.33 [GMT 1:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Beth\APPLIC~1\..\err.log
C:\DOCUME~1\Beth\APPLIC~1\ErrorProtector Free
C:\DOCUME~1\Beth\APPLIC~1\ErrorProtector Free\Logs\update.log
C:\DOCUME~1\IAN~1.COL\APPLIC~1\..\err.log
C:\DOCUME~1\Jack\APPLIC~1\..\err.log
C:\DOCUME~1\Jack\APPLIC~1\ErrorProtector Free
C:\DOCUME~1\Jack\APPLIC~1\ErrorProtector Free\Logs\update.log
C:\DOCUME~1\Jack\APPLIC~1\FunWebProducts
C:\DOCUME~1\Jack\APPLIC~1\FunWebProducts\Data\Jack\avatar.dat
C:\DOCUME~1\Jack\APPLIC~1\FunWebProducts\Data\Jack\register.dat
C:\DOCUME~1\Jack\APPLIC~1\WinAntiVirus Pro 2006
C:\DOCUME~1\Jack\APPLIC~1\WinAntiVirus Pro 2006\Logs\update.log
C:\DOCUME~1\Jack\APPLIC~1\WinAntiVirus Pro 2006\Logs\wa6Support.log
C:\DOCUME~1\Jack\APPLIC~1\WinAntiVirus Pro 2006\Logs\winav.log
C:\DOCUME~1\Jack\APPLIC~1\WinAntiVirus Pro 2006\PGE.dat
C:\DOCUME~1\Karen\APPLIC~1\..\err.log
C:\DOCUME~1\Karen\APPLIC~1\ErrorProtector Free
C:\DOCUME~1\Karen\APPLIC~1\ErrorProtector Free\Logs\update.log
C:\DOCUME~1\Luke\APPLIC~1\..\err.log
C:\DOCUME~1\Luke\APPLIC~1\ErrorProtector Free
C:\DOCUME~1\Luke\APPLIC~1\ErrorProtector Free\Logs\update.log
C:\Program Files\Common Files\{38416~1
C:\Program Files\Common Files\{38416~1\Activate.exe
C:\Program Files\Common Files\{38416~1\Uninst.exe
C:\Program Files\Common Files\{D8416~1
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\ystem3~1
C:\WA6P
C:\WINDOWS\smbols~1
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\vcbhafjl.dll
C:\WINDOWS\system32\wnscpsu.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_FOPN
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_VSPF
-------\LEGACY_VSPF_HK


((((((((((((((((((((((((( Files Created from 2007-07-16 to 2007-08-16 )))))))))))))))))))))))))))))))


2007-08-16 18:00 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-16 17:17 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-15 12:44 33,408 --a------ C:\WINDOWS\system32\drivers\freedom.sys
2007-08-15 12:43 <DIR> d-------- C:\Program Files\Common Files\PestPatrol
2007-08-15 12:43 <DIR> d-------- C:\Program Files\Common Files\Command Software
2007-08-15 12:41 <DIR> d-------- C:\Program Files\Virgin Broadband
2007-08-14 19:00 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101a.dll
2007-08-14 19:00 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2007-08-14 19:00 218,112 --a--c--- C:\WINDOWS\system32\dllcache\c_g18030.dll
2007-08-14 19:00 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2007-08-14 19:00 14,336 --a--c--- C:\WINDOWS\system32\dllcache\padrs412.dll
2007-08-14 19:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll
2007-08-14 18:35 <DIR> d-------- C:\Program Files\WindowsUpdate
2007-08-13 20:11 <DIR> d-------- C:\Program Files\BrainTrainAge
2007-08-11 19:02 <DIR> d-------- C:\WINDOWS\pss
2007-08-10 07:35 <DIR> d-------- C:\DOCUME~1\Jack\APPLIC~1\SoftwareDetectionScripts
2007-08-09 19:06 <DIR> d-------- C:\DOCUME~1\IAN~1.COL\APPLIC~1\SoftwareDetectionScripts
2007-08-09 19:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\temp
2007-08-09 18:59 <DIR> d--hs---- C:\WINDOWS\SWFu
2007-08-09 18:59 <DIR> d-------- C:\WINDOWS\system32\SearchTool
2007-08-09 18:59 <DIR> d-------- C:\Program Files\Mywenger
2007-08-09 18:59 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
2007-08-06 10:56 <DIR> d-------- C:\Program Files\PogoSticker
2007-08-06 10:43 <DIR> d-------- C:\Program Files\Speed Thrasher
2007-08-05 12:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-05 12:28 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-04 15:38 <DIR> d-------- C:\Program Files\Disney
2007-07-31 18:14 <DIR> d-------- C:\DOCUME~1\Jack\APPLIC~1\IMVU
2007-07-31 18:13 <DIR> d-------- C:\Program Files\IMVU
2007-07-28 19:55 <DIR> d-------- C:\DOCUME~1\Karen\APPLIC~1\Apple Computer
2007-07-26 15:34 <DIR> d-------- C:\DOCUME~1\IAN~1.COL\APPLIC~1\Apple Computer
2007-07-26 15:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-07-22 14:46 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-07-22 12:32 <DIR> d-------- C:\WINDOWS\.jagex_cache_34


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-15 12:47 --------- d-------- C:\DOCUME~1\IAN~1.COL\APPLIC~1\Virgin Broadband
2007-08-12 20:57 --------- d-------- C:\Program Files\Lexmark X1100 Series
2007-08-10 16:27 --------- d-------- C:\Program Files\Google
2007-08-09 19:13 --------- d-------- C:\Program Files\ntl
2007-07-26 15:32 --------- d-------- C:\Program Files\QuickTime
2007-07-21 11:58 --------- d-------- C:\Program Files\Puppy Luv
2007-07-19 07:59 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-15 20:48 --------- d-------- C:\Program Files\LimeWire
2007-07-13 00:31 765952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-07 12:07 --------- dr-h----- C:\DOCUME~1\IAN~1.COL\APPLIC~1\yahoo!
2007-07-07 11:13 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-07-07 11:13 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2007-07-07 11:09 --------- d-------- C:\Program Files\Motorola Phone Tools
2007-07-07 11:05 --------- d-------- C:\Program Files\Common Files\Motorola Shared
2007-07-07 11:01 --------- d-------- C:\Program Files\Avanquest update
2007-07-07 11:01 --------- d-------- C:\DOCUME~1\IAN~1.COL\APPLIC~1\InstallShield
2007-06-30 12:20 --------- d-------- C:\Program Files\DivX
2007-06-29 17:12 --------- d-------- C:\Program Files\Kontiki
2007-06-29 17:12 --------- d-------- C:\Program Files\Channel4
2007-06-27 23:45 --------- d-------- C:\Program Files\Vizumi
2007-06-27 23:16 --------- d-------- C:\Program Files\Maxis
2007-06-27 23:12 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-27 23:12 --------- d-------- C:\Program Files\Home Cinema
2007-06-27 23:12 --------- d-------- C:\Program Files\CyberLink
2007-06-27 23:07 --------- d-------- C:\Program Files\Disney Interactive
2007-06-27 23:05 --------- d-------- C:\Program Files\Broken Sword II
2007-06-27 15:34 823808 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 15:34 671232 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 15:34 6058496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 15:34 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 15:34 477696 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 15:34 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 15:34 44544 --a--c--- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 15:34 384512 --a--c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 15:34 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 15:34 27648 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 15:34 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 15:34 232960 --a--c--- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 15:34 230400 --a--c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 15:34 193024 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 15:34 153088 --a--c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 15:34 132608 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 15:34 124928 --a--c--- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 15:34 1152000 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 15:34 105984 --a--c--- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 15:34 102400 --a--c--- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 09:27 63488 --a--c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 09:27 625152 --a--c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:27 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 08:00 161792 --a--c--- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 07:08 1104896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-20 21:07 --------- d-------- C:\Program Files\Windows Live
2007-06-20 21:07 --------- d-------- C:\Program Files\MSN Messenger
2007-06-20 21:07 --------- d-------- C:\Program Files\Messenger Plus! Live
2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 14:31 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 11:23 1033216 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 11:23 1033216 --------- C:\WINDOWS\explorer.exe
2007-05-17 12:28 549376 -----c--- C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-05-17 12:28 549376 --------- C:\WINDOWS\system32\oleaut32.dll
2007-05-16 16:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 16:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 16:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 16:12 683520 --------- C:\WINDOWS\system32\inetcomm.dll
2007-05-16 16:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 16:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2006-11-09 09:16 0 --a------ C:\Program Files\Common Files\err.log
2005-07-29 15:24:26 472 --sha-r C:\WINDOWS\SWFu\mqIR.vbs


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C07F60AC-688D-4F3E-89EC-30B281BDD2CC}]
2007-03-11 20:06 421888 --a------ C:\WINDOWS\system32\asclvtym.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03]
"SoundMan"="SOUNDMAN.EXE" [2005-03-25 05:20 C:\WINDOWS\SOUNDMAN.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 19:03]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"Motive SmartBridge"="C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe" [2003-12-30 10:40]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:43]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-08 19:02]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 18:59]
"ERS_check"="C:\Program Files\Common Files\ers_startupmon.exe" []
"CHotkey"="zHotkey.exe" [2004-05-17 18:30 C:\WINDOWS\zHotkey.exe]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-08 15:53 C:\WINDOWS\AGRSMMSG.exe]
"4oD"="C:\Program Files\Kontiki\KHost.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" []
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-01-24 14:12]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-01-24 18:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 16:03]
"LifeCU"="C:\WINDOWS\system32\BastaYa.exe" [2007-01-10 19:40]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]

S3 JL2005;JL2005A Toy Camera;C:\WINDOWS\system32\Drivers\toywdm.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 nsysaudm;nsysaudm;\??\C:\DOCUME~1\Beth\LOCALS~1\Temp\nsysaudm.sys
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
S3 Z302Mic;Vimicro Z302 Mic Audio Filter Driver;C:\WINDOWS\system32\drivers\UsbMicfilt.sys
S3 ZSMC302;PCL-W310;C:\WINDOWS\system32\Drivers\usbvm302.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44c422bd-7bf6-11db-887b-0013d389a330}]
AutoRun\command- G:\setupSNK.exe


Contents of the 'Scheduled Tasks' folder
2007-08-07 17:07:20 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job - C:\Program Files\SpywareBot\SpywareBot.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-16 18:23:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-16 18:26:19 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-16 18:26

--- E O F ---
 
Fresh Hijack log

sorry forgot -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:19, on 16/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vc.freedom.net/html/virus_definition_template.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hoja Class - {C07F60AC-688D-4F3E-89EC-30B281BDD2CC} - C:\WINDOWS\system32\asclvtym.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\ers_startupmon.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LifeCU] C:\WINDOWS\system32\BastaYa.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jack\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.co.uk
O15 - Trusted Zone: *.musicmatch.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123753183109
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123758956265
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe

--
End of file - 7190 bytes
 
Hi

Open HijackThis, click do a system scan only and checkmark these:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hoja Class - {C07F60AC-688D-4F3E-89EC-30B281BDD2CC} - C:\WINDOWS\system32\asclvtym.dll
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\ers_startupmon.exe"
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Close all windows including browser and press fix checked.

Reboot

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
C:\WINDOWS\system32\asclvtym.dll

Folder::
C:\WINDOWS\SWFu

Save this as "CFScript"

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
 
Fresh logs

as requested.
ComboFix 07-08-14.4 - "Ian" 2007-08-16 19:35:33.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.72 [GMT 1:00]
Command switches used :: C:\Documents and Settings\Ian.COLLINSFAMILY\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\asclvtym.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\SWFu
C:\WINDOWS\SWFu\mqIR.vbs


((((((((((((((((((((((((( Files Created from 2007-07-16 to 2007-08-16 )))))))))))))))))))))))))))))))


2007-08-16 19:17 421,888 --a------ C:\WINDOWS\system32\asclbxfe.dll
2007-08-16 19:17 36,864 --a------ C:\WINDOWS\system32\wbhldcwd.exe
2007-08-16 18:00 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-16 17:17 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-15 12:44 33,408 --a------ C:\WINDOWS\system32\drivers\freedom.sys
2007-08-15 12:43 <DIR> d-------- C:\Program Files\Common Files\PestPatrol
2007-08-15 12:43 <DIR> d-------- C:\Program Files\Common Files\Command Software
2007-08-15 12:41 <DIR> d-------- C:\Program Files\Virgin Broadband
2007-08-14 19:00 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101a.dll
2007-08-14 19:00 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2007-08-14 19:00 218,112 --a--c--- C:\WINDOWS\system32\dllcache\c_g18030.dll
2007-08-14 19:00 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2007-08-14 19:00 14,336 --a--c--- C:\WINDOWS\system32\dllcache\padrs412.dll
2007-08-14 19:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll
2007-08-14 18:35 <DIR> d-------- C:\Program Files\WindowsUpdate
2007-08-13 20:11 <DIR> d-------- C:\Program Files\BrainTrainAge
2007-08-11 19:02 <DIR> d-------- C:\WINDOWS\pss
2007-08-10 07:35 <DIR> d-------- C:\DOCUME~1\Jack\APPLIC~1\SoftwareDetectionScripts
2007-08-09 19:06 <DIR> d-------- C:\DOCUME~1\IAN~1.COL\APPLIC~1\SoftwareDetectionScripts
2007-08-09 19:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\temp
2007-08-09 18:59 <DIR> d-------- C:\WINDOWS\system32\SearchTool
2007-08-09 18:59 <DIR> d-------- C:\Program Files\Mywenger
2007-08-09 18:59 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
2007-08-06 10:56 <DIR> d-------- C:\Program Files\PogoSticker
2007-08-06 10:43 <DIR> d-------- C:\Program Files\Speed Thrasher
2007-08-05 12:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-05 12:28 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-04 15:38 <DIR> d-------- C:\Program Files\Disney
2007-07-31 18:14 <DIR> d-------- C:\DOCUME~1\Jack\APPLIC~1\IMVU
2007-07-31 18:13 <DIR> d-------- C:\Program Files\IMVU
2007-07-28 19:55 <DIR> d-------- C:\DOCUME~1\Karen\APPLIC~1\Apple Computer
2007-07-26 15:34 <DIR> d-------- C:\DOCUME~1\IAN~1.COL\APPLIC~1\Apple Computer
2007-07-26 15:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-07-22 14:46 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-07-22 12:32 <DIR> d-------- C:\WINDOWS\.jagex_cache_34


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-16 19:17 45321 --a------ C:\WINDOWS\system32\CAUnst.exe
2007-08-15 12:47 --------- d-------- C:\DOCUME~1\IAN~1.COL\APPLIC~1\Virgin Broadband
2007-08-12 20:57 --------- d-------- C:\Program Files\Lexmark X1100 Series
2007-08-10 16:27 --------- d-------- C:\Program Files\Google
2007-08-09 19:13 --------- d-------- C:\Program Files\ntl
2007-07-26 15:32 --------- d-------- C:\Program Files\QuickTime
2007-07-21 11:58 --------- d-------- C:\Program Files\Puppy Luv
2007-07-19 07:59 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-15 20:48 --------- d-------- C:\Program Files\LimeWire
2007-07-13 00:31 765952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-07 12:07 --------- dr-h----- C:\DOCUME~1\IAN~1.COL\APPLIC~1\yahoo!
2007-07-07 11:13 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-07-07 11:13 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2007-07-07 11:09 --------- d-------- C:\Program Files\Motorola Phone Tools
2007-07-07 11:05 --------- d-------- C:\Program Files\Common Files\Motorola Shared
2007-07-07 11:01 --------- d-------- C:\Program Files\Avanquest update
2007-07-07 11:01 --------- d-------- C:\DOCUME~1\IAN~1.COL\APPLIC~1\InstallShield
2007-06-30 12:20 --------- d-------- C:\Program Files\DivX
2007-06-29 17:12 --------- d-------- C:\Program Files\Kontiki
2007-06-29 17:12 --------- d-------- C:\Program Files\Channel4
2007-06-27 23:45 --------- d-------- C:\Program Files\Vizumi
2007-06-27 23:16 --------- d-------- C:\Program Files\Maxis
2007-06-27 23:12 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-27 23:12 --------- d-------- C:\Program Files\Home Cinema
2007-06-27 23:12 --------- d-------- C:\Program Files\CyberLink
2007-06-27 23:07 --------- d-------- C:\Program Files\Disney Interactive
2007-06-27 23:05 --------- d-------- C:\Program Files\Broken Sword II
2007-06-27 15:34 823808 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 15:34 671232 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 15:34 6058496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 15:34 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 15:34 477696 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 15:34 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 15:34 44544 --a--c--- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 15:34 384512 --a--c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 15:34 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 15:34 27648 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 15:34 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 15:34 232960 --a--c--- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 15:34 230400 --a--c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 15:34 193024 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 15:34 153088 --a--c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 15:34 132608 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 15:34 124928 --a--c--- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 15:34 1152000 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 15:34 105984 --a--c--- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 15:34 102400 --a--c--- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 09:27 63488 --a--c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 09:27 625152 --a--c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:27 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 08:00 161792 --a--c--- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 07:08 1104896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-20 21:07 --------- d-------- C:\Program Files\Windows Live
2007-06-20 21:07 --------- d-------- C:\Program Files\MSN Messenger
2007-06-20 21:07 --------- d-------- C:\Program Files\Messenger Plus! Live
2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 14:31 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 11:23 1033216 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 11:23 1033216 --------- C:\WINDOWS\explorer.exe
2007-05-17 12:28 549376 -----c--- C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-05-17 12:28 549376 --------- C:\WINDOWS\system32\oleaut32.dll
2007-05-16 16:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 16:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 16:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 16:12 683520 --------- C:\WINDOWS\system32\inetcomm.dll
2007-05-16 16:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 16:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2006-11-09 09:16 0 --a------ C:\Program Files\Common Files\err.log


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C07F60AC-688D-4F3E-89EC-30B281BDD2CC}]
2007-08-16 19:17 421888 --a------ C:\WINDOWS\system32\asclbxfe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03]
"SoundMan"="SOUNDMAN.EXE" [2005-03-25 05:20 C:\WINDOWS\SOUNDMAN.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 19:03]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"Motive SmartBridge"="C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe" [2003-12-30 10:40]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:43]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-08 19:02]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 18:59]
"CHotkey"="zHotkey.exe" [2004-05-17 18:30 C:\WINDOWS\zHotkey.exe]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-08 15:53 C:\WINDOWS\AGRSMMSG.exe]
"4oD"="C:\Program Files\Kontiki\KHost.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" []
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-01-24 14:12]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-01-24 18:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 16:03]
"LifeCU"="C:\WINDOWS\system32\BastaYa.exe" [2007-01-10 19:40]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]

S3 JL2005;JL2005A Toy Camera;C:\WINDOWS\system32\Drivers\toywdm.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 nsysaudm;nsysaudm;\??\C:\DOCUME~1\Beth\LOCALS~1\Temp\nsysaudm.sys
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
S3 Z302Mic;Vimicro Z302 Mic Audio Filter Driver;C:\WINDOWS\system32\drivers\UsbMicfilt.sys
S3 ZSMC302;PCL-W310;C:\WINDOWS\system32\Drivers\usbvm302.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44c422bd-7bf6-11db-887b-0013d389a330}]
AutoRun\command- G:\setupSNK.exe


Contents of the 'Scheduled Tasks' folder
2007-08-07 17:07:20 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job - C:\Program Files\SpywareBot\SpywareBot.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-16 19:42:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-16 19:43:02
C:\ComboFix-quarantined-files.txt ... 2007-08-16 19:42
C:\ComboFix2.txt ... 2007-08-16 18:26

--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46:28, on 16/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vc.freedom.net/html/virus_definition_template.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hoja Class - {C07F60AC-688D-4F3E-89EC-30B281BDD2CC} - C:\WINDOWS\system32\asclbxfe.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LifeCU] C:\WINDOWS\system32\BastaYa.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jack\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.co.uk
O15 - Trusted Zone: *.musicmatch.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123753183109
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123758956265
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe

--
End of file - 6917 bytes
 
Hi

Some new baddies there.

Open HijackThis

You should see a line similar to this, but filename might be different

O2 - BHO: Hoja Class - {C07F60AC-688D-4F3E-89EC-30B281BDD2CC} - C:\WINDOWS\system32\asclbxfe.dll

Checkmark that entry and press fix checked.

Delete these:

C:\WINDOWS\system32\asclbxfe.dll
C:\WINDOWS\system32\wbhldcwd.exe

Empty Recycle Bin.

Reboot.

Post a fresh HijackThis log
 
Logfile as requested

Could not find the files you suggested in system32, although I had already run spybot prior to this and it only found 'funwebproducts' which cannot be removed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:36, on 17/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vc.freedom.net/html/virus_definition_template.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hoja Class - {C07F60AC-688D-4F3E-89EC-30B281BDD2CC} - C:\WINDOWS\system32\asclwzwl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LifeCU] C:\WINDOWS\system32\BastaYa.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jack\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.co.uk
O15 - Trusted Zone: *.musicmatch.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123753183109
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123758956265
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe

--
End of file - 6835 bytes
 
Hi

Ok, that file mutates.

We'll do this:

You should see a line similar to this, but filename might be different.

O2 - BHO: Hoja Class - {C07F60AC-688D-4F3E-89EC-30B281BDD2CC} - C:\WINDOWS\system32\asclbxfe.dll

Checkmark that entry and press fix checked.

Delete that file from that entry above.

Empty Recycle Bin.

Reboot.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\DOCUME~1\Beth\LOCALS~1\Temp\nsysaudm.sys

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

C:\DOCUME~1\Beth\LOCALS~1\Temp\nsysaudm.sys

Re-run combofix

Post a fresh HijackThis log, jotti/virustotal results and a fresh HijackThis log.
 
Last edited:
Filelogs as requested.

Cannot find any files beginning with C\docume~1 (am I missing something) change view as required on folder options.

ComboFix 07-08-14.4 - "Ian" 2007-08-17 18:10:52.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.77 [GMT 1:00]


((((((((((((((((((((((((( Files Created from 2007-07-17 to 2007-08-17 )))))))))))))))))))))))))))))))


2007-08-17 18:06 421,888 --a------ C:\WINDOWS\system32\asclvoib.dll
2007-08-17 18:06 36,864 --a------ C:\WINDOWS\system32\wbhldcwd.exe
2007-08-16 18:00 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-16 17:17 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-15 12:44 33,408 --a------ C:\WINDOWS\system32\drivers\freedom.sys
2007-08-15 12:43 <DIR> d-------- C:\Program Files\Common Files\PestPatrol
2007-08-15 12:43 <DIR> d-------- C:\Program Files\Common Files\Command Software
2007-08-15 12:41 <DIR> d-------- C:\Program Files\Virgin Broadband
2007-08-14 19:00 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101a.dll
2007-08-14 19:00 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2007-08-14 19:00 218,112 --a--c--- C:\WINDOWS\system32\dllcache\c_g18030.dll
2007-08-14 19:00 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2007-08-14 19:00 14,336 --a--c--- C:\WINDOWS\system32\dllcache\padrs412.dll
2007-08-14 19:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll
2007-08-14 18:35 <DIR> d-------- C:\Program Files\WindowsUpdate
2007-08-13 20:11 <DIR> d-------- C:\Program Files\BrainTrainAge
2007-08-11 19:02 <DIR> d-------- C:\WINDOWS\pss
2007-08-10 07:35 <DIR> d-------- C:\DOCUME~1\Jack\APPLIC~1\SoftwareDetectionScripts
2007-08-09 19:06 <DIR> d-------- C:\DOCUME~1\IAN~1.COL\APPLIC~1\SoftwareDetectionScripts
2007-08-09 19:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\temp
2007-08-09 18:59 <DIR> d-------- C:\WINDOWS\system32\SearchTool
2007-08-09 18:59 <DIR> d-------- C:\Program Files\Mywenger
2007-08-09 18:59 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
2007-08-06 10:56 <DIR> d-------- C:\Program Files\PogoSticker
2007-08-06 10:43 <DIR> d-------- C:\Program Files\Speed Thrasher
2007-08-05 12:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-05 12:28 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-04 15:38 <DIR> d-------- C:\Program Files\Disney
2007-07-31 18:14 <DIR> d-------- C:\DOCUME~1\Jack\APPLIC~1\IMVU
2007-07-31 18:13 <DIR> d-------- C:\Program Files\IMVU
2007-07-28 19:55 <DIR> d-------- C:\DOCUME~1\Karen\APPLIC~1\Apple Computer
2007-07-26 15:34 <DIR> d-------- C:\DOCUME~1\IAN~1.COL\APPLIC~1\Apple Computer
2007-07-26 15:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-07-22 14:46 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-07-22 12:32 <DIR> d-------- C:\WINDOWS\.jagex_cache_34


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-17 18:06 45321 --a------ C:\WINDOWS\system32\CAUnst.exe
2007-08-15 12:47 --------- d-------- C:\DOCUME~1\IAN~1.COL\APPLIC~1\Virgin Broadband
2007-08-12 20:57 --------- d-------- C:\Program Files\Lexmark X1100 Series
2007-08-10 16:27 --------- d-------- C:\Program Files\Google
2007-08-09 19:13 --------- d-------- C:\Program Files\ntl
2007-07-26 15:32 --------- d-------- C:\Program Files\QuickTime
2007-07-21 11:58 --------- d-------- C:\Program Files\Puppy Luv
2007-07-19 07:59 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-15 20:48 --------- d-------- C:\Program Files\LimeWire
2007-07-13 00:31 765952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-07 12:07 --------- dr-h----- C:\DOCUME~1\IAN~1.COL\APPLIC~1\yahoo!
2007-07-07 11:13 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-07-07 11:13 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2007-07-07 11:09 --------- d-------- C:\Program Files\Motorola Phone Tools
2007-07-07 11:05 --------- d-------- C:\Program Files\Common Files\Motorola Shared
2007-07-07 11:01 --------- d-------- C:\Program Files\Avanquest update
2007-07-07 11:01 --------- d-------- C:\DOCUME~1\IAN~1.COL\APPLIC~1\InstallShield
2007-06-30 12:20 --------- d-------- C:\Program Files\DivX
2007-06-29 17:12 --------- d-------- C:\Program Files\Kontiki
2007-06-29 17:12 --------- d-------- C:\Program Files\Channel4
2007-06-27 23:45 --------- d-------- C:\Program Files\Vizumi
2007-06-27 23:16 --------- d-------- C:\Program Files\Maxis
2007-06-27 23:12 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-27 23:12 --------- d-------- C:\Program Files\Home Cinema
2007-06-27 23:12 --------- d-------- C:\Program Files\CyberLink
2007-06-27 23:07 --------- d-------- C:\Program Files\Disney Interactive
2007-06-27 23:05 --------- d-------- C:\Program Files\Broken Sword II
2007-06-27 15:34 823808 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 15:34 671232 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 15:34 6058496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 15:34 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 15:34 477696 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 15:34 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 15:34 44544 --a--c--- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 15:34 384512 --a--c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 15:34 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 15:34 27648 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 15:34 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 15:34 232960 --a--c--- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 15:34 230400 --a--c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 15:34 193024 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 15:34 153088 --a--c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 15:34 132608 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 15:34 124928 --a--c--- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 15:34 1152000 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 15:34 105984 --a--c--- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 15:34 102400 --a--c--- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 09:27 63488 --a--c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 09:27 625152 --a--c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:27 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 08:00 161792 --a--c--- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 07:08 1104896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-20 21:07 --------- d-------- C:\Program Files\Windows Live
2007-06-20 21:07 --------- d-------- C:\Program Files\MSN Messenger
2007-06-20 21:07 --------- d-------- C:\Program Files\Messenger Plus! Live
2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 14:31 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 11:23 1033216 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 11:23 1033216 --------- C:\WINDOWS\explorer.exe
2007-05-17 12:28 549376 -----c--- C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-05-17 12:28 549376 --------- C:\WINDOWS\system32\oleaut32.dll
2006-11-09 09:16 0 --a------ C:\Program Files\Common Files\err.log


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C07F60AC-688D-4F3E-89EC-30B281BDD2CC}]
2007-08-17 18:06 421888 --a------ C:\WINDOWS\system32\asclvoib.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03]
"SoundMan"="SOUNDMAN.EXE" [2005-03-25 05:20 C:\WINDOWS\SOUNDMAN.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 19:03]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"Motive SmartBridge"="C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe" [2003-12-30 10:40]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:43]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-08 19:02]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 18:59]
"CHotkey"="zHotkey.exe" [2004-05-17 18:30 C:\WINDOWS\zHotkey.exe]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-08 15:53 C:\WINDOWS\AGRSMMSG.exe]
"4oD"="C:\Program Files\Kontiki\KHost.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" []
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-01-24 14:12]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-01-24 18:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 16:03]
"LifeCU"="C:\WINDOWS\system32\BastaYa.exe" [2007-01-10 19:40]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]

S3 JL2005;JL2005A Toy Camera;C:\WINDOWS\system32\Drivers\toywdm.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 nsysaudm;nsysaudm;\??\C:\DOCUME~1\Beth\LOCALS~1\Temp\nsysaudm.sys
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
S3 Z302Mic;Vimicro Z302 Mic Audio Filter Driver;C:\WINDOWS\system32\drivers\UsbMicfilt.sys
S3 ZSMC302;PCL-W310;C:\WINDOWS\system32\Drivers\usbvm302.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44c422bd-7bf6-11db-887b-0013d389a330}]
AutoRun\command- G:\setupSNK.exe


Contents of the 'Scheduled Tasks' folder
2007-08-07 17:07:20 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job - C:\Program Files\SpywareBot\SpywareBot.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-17 18:18:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-17 18:19:49
C:\ComboFix-quarantined-files.txt ... 2007-08-17 18:19
C:\ComboFix2.txt ... 2007-08-16 19:43
C:\ComboFix3.txt ... 2007-08-16 18:26

--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:33:04, on 17/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vc.freedom.net/html/virus_definition_template.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hoja Class - {C07F60AC-688D-4F3E-89EC-30B281BDD2CC} - C:\WINDOWS\system32\asclvoib.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LifeCU] C:\WINDOWS\system32\BastaYa.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jack\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.co.uk
O15 - Trusted Zone: *.musicmatch.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123753183109
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123758956265
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe

--
End of file - 6884 bytes
 
Hi

Were you able to find and delete that file?

I ask because it's still there.

Let's try this (NOTE: if you have shutdown or reboot computer, those instructions won't work.)

Please download the Killbox.
Save it to the desktop.

Please run Killbox.

Select "Standard file kill" and "All files"

Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\system32\asclvoib.dll
C:\WINDOWS\system32\wbhldcwd.exe

Go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

If your computer does not restart automatically, please restart it manually.

My bad, it's
C:\Documents and Settings\Beth\Local Settings\Temp\nsysaudm.sys

Re-run combofix

Post:

- a fresh HijackThis log
- combofix report
- jotti/virustotal
 
Instructions did'nt work

I'd already re-booted my pc. Could not delete file C:\WINDOWS\system32\asclvoib.dll and file C:\WINDOWS\system32\wbhldcwd.exe would not paste into killbox. Please advise, thnx.
 
Hi

You will need to then look new filename from fresh HijackThis log.

Do a scan with HijackThis and check which is the filename for this entry:

O2 - BHO: Hoja Class - {C07F60AC-688D-4F3E-89EC-30B281BDD2CC} - C:\WINDOWS\system32\ascl????.dll

???? stand for any 4 letters.

Then replace C:\WINDOWS\system32\asclvoib.dll with that current filename in my previous instructions.
 
Cannot delete file

I tried to delete file again as hijack this log shows filename - C:\WINDOWS\system32\asclvoib.dll. Did'nt work.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:01:49, on 18/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vc.freedom.net/html/virus_definition_template.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hoja Class - {C07F60AC-688D-4F3E-89EC-30B281BDD2CC} - C:\WINDOWS\system32\asclvoib.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LifeCU] C:\WINDOWS\system32\BastaYa.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jack\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.co.uk
O15 - Trusted Zone: *.musicmatch.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123753183109
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123758956265
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe

--
End of file - 6909 bytes
 
Hi

We'll try then another tool:

Download OTMoveIt by OldTimer to your Desktop.
  • Double click OTMoveIt.exe to launch it.
  • Copy/Paste the contents of the box below into the left hand pane of OTMoveIt.
C:\WINDOWS\system32\asclvoib.dll
C:\WINDOWS\system32\wbhldcwd.exe
Click to expand...
  • Click the Move It button.
  • The list will be processed and the results will appear in the right hand pane.
  • If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • When finished click Exit to exit the program.
  • A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).

Then continue with my previous instructions.
 
Last edited:
Logfiles

ComboFix 07-08-14.4 - "Ian" 2007-08-18 13:22:42.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.56 [GMT 1:00]


((((((((((((((((((((((((( Files Created from 2007-07-18 to 2007-08-18 )))))))))))))))))))))))))))))))


2007-08-18 11:48 <DIR> d-------- C:\!KillBox
2007-08-16 18:00 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-16 17:17 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-15 12:44 33,408 --a------ C:\WINDOWS\system32\drivers\freedom.sys
2007-08-15 12:43 <DIR> d-------- C:\Program Files\Common Files\PestPatrol
2007-08-15 12:43 <DIR> d-------- C:\Program Files\Common Files\Command Software
2007-08-15 12:41 <DIR> d-------- C:\Program Files\Virgin Broadband
2007-08-14 19:00 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101a.dll
2007-08-14 19:00 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2007-08-14 19:00 218,112 --a--c--- C:\WINDOWS\system32\dllcache\c_g18030.dll
2007-08-14 19:00 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2007-08-14 19:00 14,336 --a--c--- C:\WINDOWS\system32\dllcache\padrs412.dll
2007-08-14 19:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll
2007-08-14 18:35 <DIR> d-------- C:\Program Files\WindowsUpdate
2007-08-13 20:11 <DIR> d-------- C:\Program Files\BrainTrainAge
2007-08-11 19:02 <DIR> d-------- C:\WINDOWS\pss
2007-08-10 07:35 <DIR> d-------- C:\DOCUME~1\Jack\APPLIC~1\SoftwareDetectionScripts
2007-08-09 19:06 <DIR> d-------- C:\DOCUME~1\IAN~1.COL\APPLIC~1\SoftwareDetectionScripts
2007-08-09 19:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\temp
2007-08-09 18:59 <DIR> d-------- C:\WINDOWS\system32\SearchTool
2007-08-09 18:59 <DIR> d-------- C:\Program Files\Mywenger
2007-08-09 18:59 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
2007-08-06 10:56 <DIR> d-------- C:\Program Files\PogoSticker
2007-08-06 10:43 <DIR> d-------- C:\Program Files\Speed Thrasher
2007-08-05 12:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-05 12:28 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-04 15:38 <DIR> d-------- C:\Program Files\Disney
2007-07-31 18:14 <DIR> d-------- C:\DOCUME~1\Jack\APPLIC~1\IMVU
2007-07-31 18:13 <DIR> d-------- C:\Program Files\IMVU
2007-07-28 19:55 <DIR> d-------- C:\DOCUME~1\Karen\APPLIC~1\Apple Computer
2007-07-26 15:34 <DIR> d-------- C:\DOCUME~1\IAN~1.COL\APPLIC~1\Apple Computer
2007-07-26 15:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-07-22 14:46 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-07-22 12:32 <DIR> d-------- C:\WINDOWS\.jagex_cache_34


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-17 18:06 45321 --a------ C:\WINDOWS\system32\CAUnst.exe
2007-08-15 12:47 --------- d-------- C:\DOCUME~1\IAN~1.COL\APPLIC~1\Virgin Broadband
2007-08-12 20:57 --------- d-------- C:\Program Files\Lexmark X1100 Series
2007-08-10 16:27 --------- d-------- C:\Program Files\Google
2007-08-09 19:13 --------- d-------- C:\Program Files\ntl
2007-07-26 15:32 --------- d-------- C:\Program Files\QuickTime
2007-07-21 11:58 --------- d-------- C:\Program Files\Puppy Luv
2007-07-19 07:59 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-15 20:48 --------- d-------- C:\Program Files\LimeWire
2007-07-13 00:31 765952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-07 12:07 --------- dr-h----- C:\DOCUME~1\IAN~1.COL\APPLIC~1\yahoo!
2007-07-07 11:13 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-07-07 11:13 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2007-07-07 11:09 --------- d-------- C:\Program Files\Motorola Phone Tools
2007-07-07 11:05 --------- d-------- C:\Program Files\Common Files\Motorola Shared
2007-07-07 11:01 --------- d-------- C:\Program Files\Avanquest update
2007-07-07 11:01 --------- d-------- C:\DOCUME~1\IAN~1.COL\APPLIC~1\InstallShield
2007-06-30 12:20 --------- d-------- C:\Program Files\DivX
2007-06-29 17:12 --------- d-------- C:\Program Files\Kontiki
2007-06-29 17:12 --------- d-------- C:\Program Files\Channel4
2007-06-27 23:45 --------- d-------- C:\Program Files\Vizumi
2007-06-27 23:16 --------- d-------- C:\Program Files\Maxis
2007-06-27 23:12 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-27 23:12 --------- d-------- C:\Program Files\Home Cinema
2007-06-27 23:12 --------- d-------- C:\Program Files\CyberLink
2007-06-27 23:07 --------- d-------- C:\Program Files\Disney Interactive
2007-06-27 23:05 --------- d-------- C:\Program Files\Broken Sword II
2007-06-27 15:34 823808 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 15:34 671232 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 15:34 6058496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 15:34 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 15:34 477696 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 15:34 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 15:34 44544 --a--c--- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 15:34 384512 --a--c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 15:34 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 15:34 27648 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 15:34 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 15:34 232960 --a--c--- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 15:34 230400 --a--c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 15:34 193024 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 15:34 153088 --a--c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 15:34 132608 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 15:34 124928 --a--c--- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 15:34 1152000 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 15:34 105984 --a--c--- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 15:34 102400 --a--c--- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 09:27 63488 --a--c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 09:27 625152 --a--c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:27 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 08:00 161792 --a--c--- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 07:08 1104896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-20 21:07 --------- d-------- C:\Program Files\Windows Live
2007-06-20 21:07 --------- d-------- C:\Program Files\MSN Messenger
2007-06-20 21:07 --------- d-------- C:\Program Files\Messenger Plus! Live
2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 14:31 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 11:23 1033216 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 11:23 1033216 --------- C:\WINDOWS\explorer.exe
2006-11-09 09:16 0 --a------ C:\Program Files\Common Files\err.log


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03]
"SoundMan"="SOUNDMAN.EXE" [2005-03-25 05:20 C:\WINDOWS\SOUNDMAN.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 19:03]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"Motive SmartBridge"="C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe" [2003-12-30 10:40]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:43]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-08 19:02]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 18:59]
"CHotkey"="zHotkey.exe" [2004-05-17 18:30 C:\WINDOWS\zHotkey.exe]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-08 15:53 C:\WINDOWS\AGRSMMSG.exe]
"4oD"="C:\Program Files\Kontiki\KHost.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" []
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-01-24 14:12]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-01-24 18:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 16:03]
"LifeCU"="C:\WINDOWS\system32\BastaYa.exe" [2007-01-10 19:40]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]

S3 JL2005;JL2005A Toy Camera;C:\WINDOWS\system32\Drivers\toywdm.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 nsysaudm;nsysaudm;\??\C:\DOCUME~1\Beth\LOCALS~1\Temp\nsysaudm.sys
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
S3 Z302Mic;Vimicro Z302 Mic Audio Filter Driver;C:\WINDOWS\system32\drivers\UsbMicfilt.sys
S3 ZSMC302;PCL-W310;C:\WINDOWS\system32\Drivers\usbvm302.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44c422bd-7bf6-11db-887b-0013d389a330}]
AutoRun\command- G:\setupSNK.exe


Contents of the 'Scheduled Tasks' folder
2007-08-07 17:07:20 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job - C:\Program Files\SpywareBot\SpywareBot.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-18 13:29:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-18 13:31:52
C:\ComboFix-quarantined-files.txt ... 2007-08-18 13:31
C:\ComboFix2.txt ... 2007-08-17 18:19
C:\ComboFix3.txt ... 2007-08-16 19:43

--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:33:17, on 18/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
C:\ComboFix\vfind.cfexe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vc.freedom.net/html/virus_definition_template.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LifeCU] C:\WINDOWS\system32\BastaYa.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jack\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.co.uk
O15 - Trusted Zone: *.musicmatch.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123753183109
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123758956265
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe

--
End of file - 6837 bytes
 
Hi

Nice, that one is gone :)

How about virustotal/jotti results for C:\Documents and Settings\Beth\Local Settings\Temp\nsysaudm.sys?
 
You must log in or register to reply here.
Back
Top