HijackThis log

**tamwinsle** · 16-03-2008

I've just downloaded HijackThis and here's the first log it's generated. Could someone please let me know whether any of these items are bad and need deleting?
Many thanks.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\nvcoi\nvcoi.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4BEF2B82-D752-4ED4-B375-0C2298206445} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {90562CEC-71F2-4654-863D-761F4CA59658} - C:\WINDOWS\system32\ddaxu.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {AE3FCD60-2CF3-49E3-9E9F-ECBF224C4E35} - C:\WINDOWS\system32\jkklj.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - C:\WINDOWS\system32\ljjhigd.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [PCguardadvisor.exe] "C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BM4f7f71ba] Rundll32.exe "C:\WINDOWS\system32\yglojksr.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingA422] command /c del "C:\WINDOWS\system32\jkklj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1440] cmd /c del "C:\WINDOWS\system32\jkklj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3917] command /c del "C:\WINDOWS\b153.exe_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1818] cmd /c del "C:\WINDOWS\b153.exe_old"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5952] command /c del "C:\WINDOWS\system32\jkklj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4313] cmd /c del "C:\WINDOWS\system32\jkklj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB192] command /c del "C:\WINDOWS\b153.exe_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8940] cmd /c del "C:\WINDOWS\b153.exe_old"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Search - ?p=ZUxdm080YYGB
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {28DF37EA-A0FC-4AA2-AEF8-880737864404} (eDVRMonCtrl Class) - https://members.nurserycam.co.uk/eDVRLiveViewer.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} (IlosoftImageUploadCtl Class) - http://webc.so-to-speak.org/controls...mageUpload.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EnergyPR.local
O17 - HKLM\Software\..\Telephony: DomainName = EnergyPR.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = EnergyPR.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = EnergyPR.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = EnergyPR.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ljjhigd - ljjhigd.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 12634 bytes

**Neal** · 17-03-2008

Welcome, looks like some infections going on there.

If you have previously downloaded ComboFix,please delete that version now.

Now download ComboFix and save to your desktop:

Note:

It is IMPORTANT that it is saved directly to your desktop

Close any open browsers.

Disconnect from the Internet.

Please do not re-connect your machine back to the Internet until Combofix has completely finished.

Disable your antivirus program and any realtime malware scanners now

How To Disable

Double click on combofix.exe and follow the prompts.

When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

Note:
Do not mouseclick combofix's window while it's running.

That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Re-enable your anti-virus and re-connect back to the internet and post the combofix log.

*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

ComboFix SHOULD NOT be used unless requested by a forum helper.

New hijackthis log please.

**tamwinsle** · 18-03-2008

Thanks for that, here are the items you requested. Firstly the CombiFix log, then the new HijackThis log...

ComboFix 08-03-17.1 - Tammy 2008-03-18 10:30:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.400 [GMT 0:00]
Running from: C:\Documents and Settings\Tammy\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Temporary
C:\WINDOWS\BM4f7f71ba.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cphdujnc.dll
C:\WINDOWS\system32\jlkkj.ini
C:\WINDOWS\system32\jlkkj.ini2
C:\WINDOWS\system32\lebecapv.dll
C:\WINDOWS\system32\svycf.ini
C:\WINDOWS\system32\svycf.ini2
C:\WINDOWS\system32\uxadd.ini
C:\WINDOWS\system32\uxadd.ini2
C:\WINDOWS\system32\yttcxtvv.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))
.

2008-03-16 22:10 . 2008-03-16 22:10 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-16 22:10 . 2008-03-16 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-16 22:08 . 2008-03-16 22:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-16 22:07 . 2008-03-16 22:07 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-03-16 22:02 . 2008-03-18 10:20 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-16 22:01 . 2008-03-16 22:08 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-16 22:01 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-03-16 22:00 . 2008-03-16 22:00 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-16 13:37 . 2008-03-16 13:37 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-16 13:37 . 2008-03-16 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-15 15:38 . 2008-03-15 15:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-12 21:53 . 2008-03-18 10:01 <DIR> d-------- C:\Documents and Settings\Tammy\Application Data\AVG7
2008-03-12 21:53 . 2008-03-12 21:53 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-12 21:52 . 2008-03-12 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-12 21:52 . 2008-03-12 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-12 21:07 . 2008-03-12 21:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-03-12 16:32 . 2008-03-16 22:28 <DIR> d-------- C:\Program Files\nvcoi
2008-03-01 14:03 . 2008-03-01 14:03 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-01 14:02 . 2008-03-01 14:06 <DIR> d-------- C:\Program Files\Windows Live
2008-03-01 14:02 . 2008-03-01 14:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-26 20:18 . 2008-02-26 20:18 <DIR> d-------- C:\Documents and Settings\Tammy\Application Data\Printer Info Cache
2008-02-26 20:15 . 2008-02-26 20:15 <DIR> d-------- C:\Program Files\Common Files\HP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-18 10:03 --------- d-----w C:\Documents and Settings\Tammy\Application Data\Skype
2008-03-17 10:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-16 20:51 --------- d-----w C:\Program Files\Java
2008-03-16 19:22 87,608 ----a-w C:\Documents and Settings\Tammy\Application Data\inst.exe
2008-03-16 19:22 47,360 ----a-w C:\Documents and Settings\Tammy\Application Data\pcouffin.sys
2008-03-16 19:22 --------- d-----w C:\Program Files\DVDFab Platinum 4
2008-03-16 19:22 --------- d-----w C:\Documents and Settings\Tammy\Application Data\Vso
2008-03-16 19:20 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-03-16 18:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-14 22:20 --------- d-----w C:\Documents and Settings\Tammy\Application Data\Symantec
2008-02-26 20:18 --------- d-----w C:\Documents and Settings\Tammy\Application Data\Image Zone Express
2008-02-26 20:15 --------- d-----w C:\Program Files\HP
2008-02-17 11:01 854 ----a-w C:\WINDOWS\Fonts\readme.txt
2008-02-17 11:01 129 ----a-w C:\WINDOWS\Fonts\1001freefonts.txt
2008-02-10 23:35 229 ----a-w C:\WINDOWS\Fonts\slidfisk.txt
2008-02-10 23:35 226 ----a-w C:\WINDOWS\Fonts\slidfiss.txt
2008-02-10 23:35 219 ----a-w C:\WINDOWS\Fonts\slidfis.txt
2008-02-10 23:28 676 ----a-w C:\WINDOWS\Fonts\bloub... bloub
2008-02-07 23:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk
2008-02-07 23:19 --------- d-----w C:\Documents and Settings\Tammy\Application Data\DVDFab
2008-01-31 21:04 --------- d-----w C:\Program Files\World of Warcraft
2008-01-21 15:17 --------- d-----w C:\Program Files\Apple Software Update
2008-01-21 15:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-21 14:55 688 ----a-w C:\WINDOWS\Fonts\tunaandhotdog-TOU.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90562CEC-71F2-4654-863D-761F4CA59658}]
C:\WINDOWS\system32\ddaxu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE3FCD60-2CF3-49E3-9E9F-ECBF224C4E35}]
C:\WINDOWS\system32\jkklj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 02:24 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-01-29 15:36 25370152]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-28 08:17 68856]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-30 09:51 120320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 07:31 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 07:27 126976]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 13:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 13:43 688218]
"Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2004-12-10 20:26 1089536]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 10:56 1077327]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-11-15 09:14 118784]
"NDSTray.exe"="NDSTray.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 13:00 143360]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-09-28 01:05 127035]
"CFSServ.exe"="CFSServ.exe" []
"PCguardadvisor.exe"="C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-20 12:09 180269]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 10:38 866816]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-16 19:32 286720]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-12 21:52 579072]
"BM4f7f71ba"="C:\WINDOWS\system32\yglojksr.dll " [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-12 21:52 219136]

C:\Documents and Settings\tammy.ENERGYPR\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Palm\HOTSYNC.EXE [2004-04-13 16:03:10 299008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-07-04 12:07:45 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2007-10-02 19:23:53 151552]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2007-10-02 19:23:39 106496]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-07-04 10:12:10 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjhigd]
ljjhigd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Macromedia\\Contribute\\Contribute.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R1 SMBHC;Microsoft SM Bus Host Controller Driver;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [2001-08-17 13:57]
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2004-12-10 18:12]
R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2004-08-18 17:02]
R3 SMBBATT;Microsoft Smart Battery Driver;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [2004-08-03 23:07]
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
S3 IPN2220;INPROCOMM IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys [2004-11-04 18:29]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 21:41]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-11 15:31:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-18 10:31:55 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-17 16:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2008-03-16 19:15:25 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2005-07-01 16:48:19 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2005-07-01 16:48:20 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 10:45:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopDeskbar2.dll
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
.
************************************************** ************************
.
Completion time: 2008-03-18 10:49:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-18 10:49:05
.
2008-03-12 15:16:42 --- E O F ---

NOW THE HIJACKTHIS LOG...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:16, on 18/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4BEF2B82-D752-4ED4-B375-0C2298206445} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {90562CEC-71F2-4654-863D-761F4CA59658} - C:\WINDOWS\system32\ddaxu.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {AE3FCD60-2CF3-49E3-9E9F-ECBF224C4E35} - C:\WINDOWS\system32\jkklj.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [PCguardadvisor.exe] "C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BM4f7f71ba] Rundll32.exe "C:\WINDOWS\system32\yglojksr.dll",s
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD4313] cmd /c del "C:\WINDOWS\system32\jkklj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8940] cmd /c del "C:\WINDOWS\b153.exe_old"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Search - ?p=ZUxdm080YYGB
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {28DF37EA-A0FC-4AA2-AEF8-880737864404} (eDVRMonCtrl Class) - https://members.nurserycam.co.uk/eDVRLiveViewer.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} (IlosoftImageUploadCtl Class) - http://webc.so-to-speak.org/controls...mageUpload.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EnergyPR.local
O17 - HKLM\Software\..\Telephony: DomainName = EnergyPR.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = EnergyPR.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = EnergyPR.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = EnergyPR.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ljjhigd - ljjhigd.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 12465 bytes

**Neal** · 18-03-2008

Download SDFIX and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

**tamwinsle** · 18-03-2008

OK - I've done that and here are the two reports.

First the SDFix one:

SDFix: Version 1.159

Run by Tammy on 18/03/2008 at 20:54

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\Program Files\nvcoi\mst.stt - Deleted

Folder C:\Program Files\nvcoi - Removed

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 21:00:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Se ssion Manager]
"PendingFileRenameOperations"=str(7):"\x6264\2\xe6 0@\x9870.\xffe0\xffffvolume.inf\0005E.\b\0\x450@\x ffc8\xffff(Standard system devices)\0\xffd8\xffff\x6b76\16\26\0\xa5400\1\0\1\ 0\x6150\x6572\x746e\x6449\x7250\x6665\x7869\0\b\0s W\xff50\xffff\1\x8014\x90\0\x9c\0\24\0000\0\2\34\1 \0\x8002\24\x1ff\17\x101\0\0\x100\0\0\2`\4\0\0\24\ x1fd\2\x101\0\0\x500\22\0\0\30\x1ff\17\x201\0\0\x5 00 \0\x220\0\0\24\x18d\2\x101\0\0\x500\v\0\0\30\x1fd\ 2\x201\0\0\x500 \0\x223\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\x6 b76\5\xffd8\xffff\x6b76\r\b\0\x2ff0$\1\0\1\17\x6e4 9\x5366\x6365\x6974\x6e6f\x7845\x6774\17\xffa8\xff ff\x6b6e \x44e0\xbca6\xa001\x1c5\0\0\x8ba0\1\0\0\0\0\xffff\ xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xff ff\0\0\0\0\0\0\0\0\32\0\4\0\x3030\x3433\0\0\xffa0\ xffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\0034\0\0\0\xffd8\xffff\x1260>\x12a0> \x12c0>\x12e8>\x1328>\x13a8>\x1a68>\xc50>\0\0\xffb 0\xffffUSB\Vid_050d&Pid_0217\5&2ebbfb43&0&4\0#\xff 78\xffffUSB\Vid_03f0&Pid_4811&Rev_0100&MI_03\0USB\ Vid_03f0&Pid_4811&MI_03\0\0\xffd8\xffff\x6b76\tN\0 \x2eb0I\1\0\1y\x6c43\x7361\x4773\x4955\x6544\x656d \D\xff90\xffffUSB\Vid_050d&Pid_0217&Rev_0100\0USB\ Vid_050d&Pid_0217\0\0\xffc8\xffffPSC 1600 series (DOT4)\0\0\0\0\xffe8\xffff7-1-2001\0004\xffa8\xffff\x6b6e \x44e0\xbca6\xa001\x1c5\0\0\x8ba0\1\0\0\0\0\xffff\ xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xff ff\0\0\0\0\0\0\0\0\e\0\4\0\x3030\x3733\0\0\xffa0\x ffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\0037\0\0\0\xffd8\xffff\x73b8$\x73f8$ \x7418$\x7440$\x7480$\x7500$\xdd40\0\x2e60<\0\0\xf ff8\xffff\x2f10@\x6268\x6e69\0@\x1000\0\0\0\0\0\0\ 0\0\0\0\0\xffa8\xffff\x6b6e \x44e0\xbca6\xa001\x1c5\0\0\x8ba0\1\0\0\0\0\xffff\ xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xff ff\0\0\0\0\0\0\0\0\34\0\4\0\x3030\x3833\0\0\xffa0\ xffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\0038\0\0\0\xffd8\xffff\x4cc0\17\x4ce 0\17\x4d10\17\x4d38\17\x4d90\17\x4e10\17\x4e90\17\ x7540$\0\0\xffa8\xffff\x6b6e \x44e0\xbca6\xa001\x1c5\0\0\x8ba0\1\0\0\0\0\xffff\ xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xff ff\0\0\0\0\0\0\0\0\35\0\4\0\x3030\x3933\0\0\xffa0\ xffff{8ECC055D-047F-11D1-A537-0000F8753ED1}\0039\0\0\0\xffd8\xffff\x5610\17\x563 8\17\x5658\17\x5680\17\x56d8\17\x5758\17\x57b8\17\ x4e70\17\0\0\xffa8\xffff\x6b6e \x44e0\xbca6\xa001\x1c5\0\0\x8ba0\1\0\0\0\0\xffff\ xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xff ff\0\0\0\0\0\0\0\0\36\0\4\0\x3030\x3034\0\0\xfe10\ xffff\x686c%\xdcf8?\x2140&\xddd8?\x2141&\xdeb8?\x2 142&\xe020?\x2143&\xe0d8?\x2144&\xe1d0?\x2145&\xe2 b0?\x2146&\xe390?\x2147&\xe4a8?\x2148&\xe588?\x214 9&\xe668?\x2165&\xe748?\x2166&\xe858?\x2167&\xe938 ?\x2168&\x1788K\x2169&\xebd8?\x216b&\xecb8?\x216c& \xede8?\x216d&\xeec8?\x216e&\xefa8?\x218a&\xf0a8?\ x218b&\xf188?\x218c&\xf268?\x218d&\xf348?\x218e&\x f428?\x218f&\xf508?\x2190&\xfc78?\x21b3&\xff18?\x2 1b6& @\x21b7&\x100@\x21b8&\x1e0@\x21d4&\xf5e8?\x21d5&\x cab8@\x21d6&\xa298A\x21d7&\xe978A\x21d8&\xed08A\x2 1d9&\xf128A\x21da&\xf128A\x21da&\xf128A\x21da&\xf1 28A\x21da&\xf128A\x21da&\xf128A\x21da&\xf128A\x21d a&\x9020\26\x21db&\xf128A\x21da&\xf128A\x21da&\xf1 28A\x21da&\x958$\x21db&\0\0\0\0\0\0\0\0\0\0\0\0\0\ 0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\ 0\0\0\0\0\0\0\0\0\0\0\0\0\0\xffd8\xffff\x5e20\17\x 5e58\17\x5e78\17\x5ea0\17\x5ef8\17\x5f78\17\x6020\ 17\x5a58\17\0\0\xffd8\xffff\x6b76\v\4\x8000\0\0\4\ 0\1\0\x6f43\x666e\x6769\x6c46\x6761\x6573\x7963D\x ffd0\xffff\x4fb0%\x5a18%\x7a58%\x9d90%\x9ec8%\x63b 8&\x99b8.\xeda0.\x9158?\xf740?ce\b\0\xffff\xffff\x ffd8\xffff\x6b76\tN\0\x97a0@\1\0\1&\x6c43\x7361\x4 773\x4955\x1a44&\xa970*\xffe0\xffff\x6b76\5\2\x800 0\0\0\1\0\1i\x6c43\x7361s\0\xff88\xffff\x6b6e \x7df0\xa8d6\xa493\x1c5\0\0\xf970\26\1\0\0\0\xd58@ \xffff\xffff\3\0\x9e30%\xd020?\xffff\xffff\0\0\0\0 \32\0002\0*\0&\0\x377b\x3438\x3231\x4336\x2d30\x31 34\x3039\x312d\x4431\x2d34\x3542\x3243\x302d\x4330 \x3430\x3646\x3738\x3641\x7d37*\xffa8\xffff\x6b6e \xd30\x3b92\x8648\x1c7\0\0\xdb58?\0\0\0\0\xffff\xf fff\xffff\xffff\1\0\xa970 \x218\0\xffff\xffff\16\0\0\0\30\0\xce\0\0\0\1\0#\0 \0\0\xff28\xffff\\?\USBSTOR#Disk&Ven_&Prod_USB_DIS K_Pro&Rev_1.20#073C0F19245F&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\0\0\0\0\xff58\xffff\x6b6e \x46b0\x3b9e\x8648\x1c7\0\0\xcd78>\1\0\0\0\x2710@\ xffff\xffff\1\0\x70c80\x218\0\xffff\xffff\16\0\0\0 \34\0N\0\3\0Q\0\x2323\x233f\x5453\x524f\x4741\x234 5\x6552\x6f6d\x6176\x6c62\x4d65\x6465\x6169\x3723\ x3226\x3664\x3839\x3032\x2663\x2630\x4d52\x7b23\x3 335\x3566\x3336\x6130\x622d\x6236\x2d66\x3131\x306 4\x392d\x6634\x2d32\x3030\x3061\x3963\x6531\x6266\ x6238}\0\0\0\xffa8\xffffSTORAGE\RemovableMedia\7&2 d69820c&0&RM\0\0\0\0\xffd8\xffff\x6b76\r\b\0\x7730 %\1\0\1&\x6e49\x5366\x6365\x6974\x6e6f\x7845\xfa74 (\xffd8\xffff\x6b76\f\24\0\xfbd8\26\1\0\1%\x7250\x 766f\x6469\x7265\x614e\x656d\xffe0$\xffa8\xffff\x6 b6e \x2820\xbca0\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\0\0\4\0\x3030\x3030\0\0\xffa8\ xffff\x6b6e \x2820\xbca0\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\1\0\4\0\x3030\x3130\0\0\xffa8\ xffff\x6b6e \x2820\xbca0\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\2\0\4\0\x3030\x3230\0\0\xffd8\ xffffUSB DISK Pro \0\0\xffa8\xffff\x6b6e \x2820\xbca0\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\3\0\4\0\x3030\x3330\0\0\xffa8\ xffff\x6b6e \x2820\xbca0\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\4\0\4\0\x3030\x3430\0\0\xffd8\ xffff\x6b76\f*\0\x5638A\1\0\1D\x7246\x6569\x646e\x 796c\x614e\x656dF\\xffe8\xffffdisk.inf\0\0\xffa8\x ffff\x6b6e \xaf50\xbca1\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\5\0\4\0\x3030\x3530\0\0\xffa8\ xffff\x6b6e \xaf50\xbca1\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\6\0\4\0\x3030\x3630\0\0\xffa8\ xffff\x6b6e \xaf50\xbca1\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\a\0\4\0\x3030\x3730\0\0\xffa8\ xffff\x6b6e \xaf50\xbca1\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\f\0\4\0\x3030\x3231\0\0\xfff8\ xffff\x2ca0@\xffa8\xffff\x6b6e \xaf50\xbca1\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\b\0\4\0\x3030\x3830\0\0\xffa8\ xffff\x6b6e \xaf50\xbca1\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\t\0\4\0\x3030\x3930\0\0\xffa8\ xffff\x6b6e \xaf50\xbca1\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\n\0\4\0\x3030\x3031\0\0\xffa8\ xffff\x6b6e \xaf50\xbca1\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\v\0\4\0\x3030\x3131\0\0\xffa8\ xffff\x6b6e \x3680\xbca3\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\21\0\4\0\x3030\x3831\0\0\xffd8 \xffff\x6b76\v\4\x8000\1\0\4\0\0010\x7244\x7669\x7 265\x6c46\x6761s.4\xfff0\xffff\x686c\1\x34d0@\x214 0&\xffa8\xffff\x6b6e \xaf50\xbca1\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\r\0\4\0\x3030\x3331\0\0\xff60\ xffffC:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Mi crosoft DirectPlay Voice Test\0\0\x6f0%\xfff0\xffff\x2020P\xa020P\x2140&\xf fa8\xffff\x6b6e \x3680\xbca3\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\17\0\4\0\x3030\x3631\0\0\xffa8 \xffff\x6b6e \x3680\xbca3\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\20\0\4\0\x3030\x3731\0\0\xffb0 \xffffMicrosoft Kernel System Audio Device\0\0\xffd8\xffff\x6b76\f\4\x8000\0\0\4\0\1\x 9fd\x6143\x6170\x6962\x696c\x6974\x7365\xc282\x7e1 7\xffd8\xffff\x6b76\f\4\x8000\1\x5003\4\0\1l\x6f43 \x746e\x6f72\x206c\x7954\x6570ll\xfff0\xffff\x8000 \xc562\x1c0\x1c1\0\0\xffd8\xffff\x6b76\n \0\x2fb8@\1\0\1%\x6544\x6976\x6563\x6544\x6373\x47 74\x7461\x7765\b\0\x9d0@\x6268\x6e69\x1000@\x1000\ 0\0\0\0\0\0\0\0\0\0\0\xffa8\xffff\x6b6e \x3680\xbca3\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\22\0\4\0\x3030\x3931\0\0\xffa8 \xffff\x6b6e \x3680\xbca3\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\23\0\4\0\x3030\x3032\0\0\xffa8 \xffff\x6b6e \x3680\xbca3\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\24\0\4\0\x3030\x3132\0\0\xffa8 \xffff\x6b6e \x3680\xbca3\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\25\0\4\0\x3030\x3232\0\0\xffa8 \xffff\x6b6e \x3680\xbca3\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\26\0\4\0\x3030\x3332\0\0\xffa8 \xffff\x6b6e \xbdb0\xbca4\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\27\0\4\0\x3030\x3432\0\0\xffa8 \xffff\x6b6e \xbdb0\xbca4\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\30\0\4\0\x3030\x3532\0\0\xffa8 \xffff\x6b6e \xbdb0\xbca4\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\31\0\4\0\x3030\x3632\0\0\xffa8 \xffff\x6b6e \xcc10\xbca7\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\37\0\4\0\x3030\x3134\x2190&\xf f88\xffff\x6b6e \x8c00\xa961\xa493\x1c5\0\0\x5a28 \1\0\0\0\x1c68@\xffff\xffff\0\0\xffff\xffff\x218\0 \xffff\xffff\0\0\0\0\0\0\0\0\35\0&\0\x377b\x3438\x 3231\x6236\x2d66\x3134\x3039\x312d\x6431\x2d34\x35 62\x3263\x302d\x6330\x3430\x3666\x3738\x3661\x7d37 \0\xffd0\xffff\x8528=\x1c90/\x86c0=\xccb8=\x870>\x1538>\x1678>\x1a90>\x6cb8=\x 5fa8>\x6e65\x5474\xffd8\xffff\x6b76\f\4\x8000\4\0\ 4\0\1*\x6143\x6170\x6962\x696c\x6974\x7365\xf7e0&\ xffe0\xffff5.1.2535.0\0\0\0\0\xff18\xffff\\?\USBST OR#Disk&Ven_NIKON&Prod_NIKON_DSC_E5600&Rev_1.00#00 0061672021&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\0\0\0\0\xff58\xffff\\?\STORAGE#Remov ableMedia#7&23f350bf&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}\0\xffd8\xffff\x6b76\tN\0\x2938@\1\0\ 1$\x6c43\x7361\x4773\x4955\x4444\x7365\x1e63%\xffa 8\xffff\x6b6e \x44e0\xbca6\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\32\0\4\0\x3030\x3433\0\0\xffa0 \xffff{36FC9E60-C465-11CF-8056-444553540000}\0012\0\0\0\xffd8\xffff\x6b76\r\xbe\0 \x8b90B\a\0\1y\x6f43\x706d\x7461\x6269\x656c\x4449 se\xffe0\xffffComposite.Dev\0\b\0\x6265\x7265\xffa 8\xffff\x6b6e \x44e0\xbca6\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\e\0\4\0\x3030\x3733\0\0\xffa8\ xffff\x6b6e \x44e0\xbca6\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\34\0\4\0\x3030\x3833\0\0\xffa8 \xffff\x6b6e \x44e0\xbca6\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\35\0\4\0\x3030\x3933\0\0\xffa8 \xffff\x6b6e \x44e0\xbca6\xa001\x1c5\0\0\x92f8\35\0\0\0\0\xffff \xffff\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xf fff\0\0\0\0\0\0\0\0\36\0\4\0\x3030\x3034\0\0\xfe10 \xffff\x686c&\x7f0@\x2140&\x848@\x2141&\x8a0@\x214 2&\x920@\x2143&\x978@\x2144&\xa10@\x2145&\xa68@\x2 146&\xac0@\x2147&\xb78@\x2148&\xbd0@\x2149&\xc28@\ x2165&\xc80@\x2166&\xb18@\x2167&\xd68@\x2168&\x970 K\x2169&\xc2a8s\x216a&\xe70@\x216b&\xec8@\x216c&\x cd8@\x216d&\x1020@\x216e&\x1078@\x218a&\x10d0@\x21 8b&\x1128@\x218c&\x1180@\x218d&\x11d8@\x218e&\x123 0@\x218f&\x1288@\x2190&\x15e0@\x21b3&\x16e8@\x21b6 &\x1740@\x21b7&\x1798@\x21b8&\x17f0@\x21d4&\x12e0@ \x21d5&\xf548A\x21d6&\x4d80B\x21d7&\x4ec0B\x21d8&\ x4328B\x21d9&\x4380B\x21da&\x4380B\x21da&\x4380B\x 21da&\x4380B\x21da&\x4380B\x21da&\x4380B\x21da&\x4 380B\x21da&\x4380B\x21da&\x4380B\x21da&\x4380B\x21 da&\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\ 0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\ 0\0\0\0\0\0\0\0\xff60\xffff\x6b6e \x49c0\x3b4d\x8648\x1c7\0\0\x9758#\1\0\0\0\x2e40@\ xffff\xffff\1\0\xb0a0*\x218\0\xffff\xffff\16\0\0\0 \34\0F\0\30\0M\0\x2323\x233f\x5355\x2342\x6956\x5f 64\x6430\x6437\x5026\x6469\x305f\x3231\x2330\x3730 \x4333\x4630\x3931\x3432\x4635\x7b23\x3561\x6364\x 6662\x3031\x362d\x3335\x2d30\x3131\x3264\x392d\x31 30\x2d66\x3030\x3063\x6634\x3962\x3135\x6465\xca7d '\xffa8\xffff\x6b6e \x49c0\x3b4d\x8648\x1c7\0\0\x1a38@\0\0\0\0\xffff\x ffff\xffff\xffff\1\0\xb0f0*\x218\0\xffff\xffff\16\ 0\0\0\30\0\x9c\0\0\0\1\0#TAP\xff60\xffff\\?\USB#Vi d_0d7d&Pid_0120#073C0F19245F#{a5dcbf10-6530-11d2-901f-00c04fb951ed}\0\xffa0\xffff\x6b6e \x5220\x1068\xa432\x1c5\0\0\xbe602\0\0\0\0\xffff\x ffff\xffff\xffff\1\0\x7770=\x218\0\xffff\xffff\0\0 \0\0\b\0\2\0\16\0\f\0\x6430\x6437\x3130\x3032\x313 0\x3030\x28f8*\xffd8\xffff\x6b76\v\4\x8000\0\0\4\0 \1@\x6f43\x666e\x6769\x6c46\x6761s\xf138@\xfff0\xf fff.NT\0\0\0\xfff0\xffff\x686c\1\xa6a8@\xf09e\xdb7 5\xffd8\xffff\x6b76\20\20\0\x2b68@\1\0\1@\x614d\x6 374\x6968\x676e\x6544\x6976\x6563\x6449\xffd8\xfff f\x72381\x5648@\x6710@\x6748@\x6788@\x67c0@\x6800@ \x1c78@\x68b8@\xffa8\xffffSTORAGE\RemovableMedia\8 &2d58ac26&0&RM\0\0\0\0\xffd0\xffff\x6b76\26\4\x800 0\1\0\4\0\1$\x654e\x7478\x6150\x6572\x746e\x4449\x 342e\x3437\x3239\x3665\x372e$\xffd0\xffff\x6b76\27 \4\x8000\1\0\4\0\1\0\x654e\x7478\x6150\x6572\x746e \x4449\x332e\x3461\x6136\x6235\x2e347\xff60\xffff\ \?\USB#Vid_04b0&Pid_012e#000061672021#{a5dcbf10-6530-11d2-901f-00c04fb951ed}\0\b\0}\0\xffa0\xffff\x6b6e \x36f0\xe194\x9fff\x1c5\0\0\xbe602\0\0\0\0\xffff\x ffff\xffff\xffff\1\0\x6300,\x218\0\xffff\xffff\0\0 \0\0\b\0\2\0\r\0\f\0\x3830\x3033\x3030\x3035\x3130 \x3030\x2e48(\xffd8\xffff\x6b76\16\4\x8000\a\0\4\0 \1\0\x7954\x6570\x5373\x7075\x6f70\x7472\x6465\0\x ffa0\xffff{36FC9E60-C465-11CF-8056-444553540000}\0013\0\0\0\xff68\xffffUSB\Class_08&S ubClass_06&Prot_50\0USB\Class_08&SubClass_06\0USB\ Class_08\0\0st\xffd8\xffff\x6b76\f\4\x8000\0\0\4\0 \0016\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\0\0\xffe 0\xffff\x6b76\4\4\x8000\1\0\4\0\1.\x7954\x6570\0\0 \xfff0\xffff\x686c\1\x2b08@\xe112\x9c6c\x6268\x6e6 9\x2000@\x1000\0\0\0\0\0\0\0\0\0\0\0\xffa8\xffff{8 ECC055D-047F-11D1-A537-0000F8753ED1}\0ati\xffd8\xffff\x6b76\16J\0\x6bd0D\ 1\0\1\xff23\x6544\x6976\x6563\x6e49\x7473\x6e61\x6 563\xa7e2\xfff0\xffff.NT\0\0\0\xffe0\xffff\x6b76\a \22\0\x9f8@\1\0\1\x4165\x6e49\x5066\x7461h\xffd8\x ffff\x6b76\t\30\0\x3198@\1\0\0013\x6f4d\x6564\x4e6 c\x6d61\x6765\x7673\x7265\x656d\xffd8\xffff\x6b76\ 16\b\0\x18d8$\3\0\1\0\x7244\x7669\x7265\x6144\x657 4\x6144\x6174\0\b\0\x07902\xff90\xffffUSB\Vid_050d &Pid_0217&Rev_0100\0USB\Vid_050d&Pid_0217\0\0\xff8 0\xffffDOT4\Vid_03f0&Pid_4811&MI_02&DOT4&PRINT_HPZ \8&359a316e&0&0\0\0\0\0\xffd8\xffff\x6b76\n\22\0\x 36e8*\1\0\1\0\x7244\x7669\x7265\x6144\x6574\0\0\0\ b\0Wa\xffe0\xffff\x6b76\3>\0\xc260D\1\0\1D\x664dg\ xb3a0D\xffd0\xffff\x6b76\23\34\0\x39802\1\0\1%\x6f 4c\x6163\x6974\x6e6f\x6e49\x6f66\x6d72\x7461\x6f69 n\0\0\xff58\xffff\\?\USB#Vid_050d&Pid_0217#5&2ebbf b43&0&2#{f18a0e88-c30c-11d0-8815-00a0c906bed8}\0\0\0\xffd8\xffff\x6b76\v\4\x8000\0\ 0\4\0\1s\x6f43\x666e\x6769\x6c46\x6761s\0\0\xffe0\ xffffdisk_install\0\0\xffe0\xffff\x6b76\a\16\0\x24 10@\1\0\1@\x6553\x7672\x6369\x7265\xffa0\xffff{6BD D1FC6-810F-11D0-BEC7-08002BE2092F}\0000\0\0\0\b\0\xc1c0\27\xffe8\xffffs srtln\0T\0*\xff68\xffffUSB\Class_09&SubClass_00&Pr ot_00\0USB\Class_09&SubClass_00\0USB\Class_09\0\0\ x7e0%\xfff0\xffff\x8000\xc562\x1c0\x1c1\0\0\xffd8\ xffffTEAC USB Floppy\0\0%\xffd8\xffff\x6b76\r\26\0\x61280\1\0\1\ 35\x7244\x7669\x7265\x6556\x7372\x6f69\xd46e>\b\0\ x7e00)\xffe0\xffffComposite.Dev\0\xffd8\xffff\x6b7 6\20B\0\x4ef8E\1\0\1?\x614d\x6374\x6968\x676e\x654 4\x6976\x6563\x6449\xffd8\xffffHewlett-Packard\0\0\0\xffd0\xffff\x6b76\23"\0\x69a8?\1\0\1 @\x6f4c\x6163\x6974\x6e6f\x6e49\x6f66\x6d72\x7461\ x6f69n\xa748@\xffe0\xffff5.1.2600.0\0rt\0\xffd8\xf fff\x6b76\t2\0\x0790C\1\0\1C\x6d49\x6761\x5065\x74 61hp\0\0\xffd8\xffff\x6b76\16x\0\xa7d0B\1\0\1\0\x6 544\x6976\x6563\x6e49\x7473\x6e61\x6563\0\xffe0\xf fffDisk drive\0D\x1ef8D\xfff0\xffffUSB\0\0\0\xffb0\xffffUS B\Vid_0830&Pid_0050\PalmSN12345678\0\0\xffd8\xffff Unknown Device\0D\x17d0A\xffd0\xffff\x6b76\23"\0\x2b80@\1\ 0\1\0\x6f4c\x6163\x6974\x6e6f\x6e49\x6f66\x6d72\x7 461\x6f69n25\xfff0\xffff\x686c\1\x7a48@#\0\xffe8\x ffffMicrosoft\0\xffa0\xffff\x6b6e \x5ae0\x3b87\x8648\x1c7\0\0\x3568@\2\0\0\0\xa480)\ xffff\xffff\r\0\x6830?\x5c88\r\xffff\xffff"\0\0\0\ 34\0\x170\0\0\0\16\0\x3730\x4333\x4630\x3931\x3432 \x4635\x3026\0\xff58\xffff\\?\STORAGE#RemovableMed ia#7&23f350bf&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\0\xffd0\xffff\x6b76\23 \0\x03b01\1\0\1\0\x6f4c\x6163\x6974\x6e6f\x6e49\x6 f66\x6d72\x7461\x6f69n\0\0\b\0\xc218\27\xffd8\xfff f\x6b76\nl\0\x19e8A\a\0\0015\x6148\x6472\x6177\x65 72\x4449\xffff\xffff\xffff\xffd8\xffff\x6b76\f&\0\ x42a8@\1\0\1E\x7246\x6569\x646e\x796c\x614e\x656d\ x4b40E\xffd8\xffff\x6b76\16\32\0\x4ea81\1\0\1\r\x6 150\x6572\x746e\x6449\x7250\x6665\x7869\r\xffe0\xf fff\x8980?\xc6a0?\xfee0D\xf120D\xf4c0D\xf8d0D\x378 8D\xffd8\xffff\x6b76\16\b\0\x5628%\3\0\1'\x7244\x7 669\x7265\x6144\x6574\x6144\x6174\x7373\xffa8\xfff f{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0\0\0\0\xffe8\xffff\x82e8I\x8308I\x8 330I\x8350I\0e\xffe0\xffff\x6b76\5\16\0\x13f0*\1\0 \1\0\x6c43\x7361\x6373e\xffd0\xffff\x6b76\24\4\x80 00\1\0\4\0\1B\x6f44\x6f4e\x4174\x6c6c\x776f\x7845\ x6563\x7470\x6f69\x736e\xa590B\xffe0\xffffusbstor. inf\0\0\0\xffd8\xffff\x6b76\f\4\x8000\x84\0\4\0\1t \x6143\x6170\x6962\x696c\x6974\x7365\x7375\0\xffa0 \xffff\x6b6e \x5220\x1068\xa432\x1c5\0\0\x3188\r\0\0\0\0\xffff\ xffff\xffff\xffff\1\0\xb928)\x218\0\xffff\xffff\0\ 0\0\0\b\0\2\0\16\0\f\0\x6430\x6437\x3130\x3032\x31 30\x3030\x28f8*\xff98\xffff\x6b6e \x6ee0\x106e\xa432\x1c5\0\0\xc650\17\1\0\0\0\x1ff0 @\xffff\xffff\0\0\xffff\xffff\x5c88\r\xffff\xffff\ 30\0\0\0\0\0\0\0\27\0\21\0\x6956\x5f64\x6430\x6437 \x5026\x6469\x305f\x3231\xf730&\xc110&\xffa0\xffff \x6b6e \x8910\x3b3f\x8648\x1c7\0\0\x2aa0@\2\0\0\0\xee68(\ xffff\xffff\f\0\x4ea0@\x5c88\r\xffff\xffff"\0\0\0& \0\x90\0\0\0\f\0\x3730\x4333\x4630\x3931\x3432\x46 35\xd630&\xffe8\xffffgendisk\0\xa970*\xffd8\xffffT EAC FD-05PUB \0\0\xffc8\xffff\x9970(\x2ee0>\x4b10&\x8760>\xebb0 >\x3040?\x6828.\x2fd0?\x8f08?\x1bb0/\x1ed8/\x2d58/\x6558?\xffd0\xffff\x6b76\26\4\x8000\0\0\4\0\1T\x7 453\x726f\x7365\x6553\x7672\x6369\x4365\x616c\x737 3\x6e49\x6f66\x233e\b\0\x6f56\x466c\xffd0\xffff\x6 b76\23"\0\x8f8@\1\0\1&\x6f4c\x6163\x6974\x6e6f\x6e 49\x6f66\x6d72\x7461\x6f69n\x2b20@\xffd8\xffff\x6b 76\r\x90\0\x37d8@\a\0\1d\x6f43\x706d\x7461\x6269\x 656c\x4449sP\xffd8\xffff\x6b76\r\x90\0\x1a58A\a\0\ 1\0\x6f43\x706d\x7461\x6269\x656c\x4449s\0\b\0\x33 30&\xffd8\xffff\x6b76\f\4\x8000\1\0\4\0\1\0\x654e\ x7478\x6e49\x7473\x6e61\x6563\0\0\xffd8\xffffTEAC USB Floppy\0\0%\xffa8\xffffSTORAGE\RemovableMedia\8&2d 58ac26&0&RM\0\0\0\0\xffd8\xffff\x0eb0B\x0f08B\x0f3 0B\x0f78B\x0f98B\x0fb8B\x1ca0B\xa838A\xb928@\xffe0 \xffffUSBSTOR_CBI\0\0\0\xffe0\xffff\x6b76\5\b\0\x2 658@\1\0\1.\x6c43\x7361s\x6576\xffd0\xffff\x6b76\2 6\4\x8000\0\0\4\0\1\x5379\x7453\x726f\x7365\x6553\ x7672\x6369\x4365\x616c\x7373\x6e49\x6f66\0\xffd8\ xffff\x6b76\tN\0\x1af0A\1\0\1\0\x6c43\x7361\x4773\ x4955D\0\0\0\b\0\0\x704f\xffd0\xffff\x6b76\24\4\x8 000\1\0\4\0\1&\x7845\x5074\x6f72\x4470\x7365\x5363 \x6d65\x7061\x6f68\x6572\x3a50&\xfff0\xffff\x686c\ 1\x1ad8@#\0\xffc8\xffff\xc8c0:\x6a20?\x20a8<\xe130 '\x4f68=\x5788=\x5f30=\xf740.\xb378.\x36f00\x3e300 \xe2e8>\xf620C\xfff0\xffff\x8000\xc562\x1c0\x1c1\0 \0\xffd8\xffff\x6b76\16\4\x8000\a\0\4\0\1w\x7954\x 6570\x5373\x7075\x6f70\x7472\x6465l\xffb0\xffffDOT 4USB\Vid_03f0&Pid_4811&MI_02&DOT4\0\0\xffe0\xffff\ x6b76\4\2\x8000\0\0\3\0\1D\x736f\x6376\0\0\xffe0\x ffff\x6b76\4\x200\0\x31c8I\3\0\1v\x6553\x6465\0\0\ xffd0\xffff\x6b76\23"\0\xa9c8@\1\0\1&\x6f4c\x6163\ x6974\x6e6f\x6e49\x6f66\x6d72\x7461\x6f69n\0\0\xff c8\xffffUSB FloppyDisk Drive\0ice\0\0\xffd8\xffffTEAC USB Floppy\0\0\x704f\xffe0\xffff\x6b76\a\30\0\xa688@\1 \0\1d\x6e49\x5066\x7461h\x6268\x6e69\x3000@\x1000\ 0\0\0\0\0\0\0\0\0\0\0\xffa0\xffffUSB\Vid_03f0&Pid_ 4811&MI_01\6&231a1ea4&0&0001\0\xffd8\xffff\x6b76\f \4\x8000\4\0\4\0\1\0\x6143\x6170\x6962\x696c\x6974 \x7365\0\0\xffd8\xffff\x6b76\n\x84\0\xe628A\a\0\1\ 0\x6148\x6472\x6177\x6572\x4449\0\0\0\xfff8\xffff\ x5c10@\xffe0\xffff\x6b76\4\2\x8000\0\0\3\0\0011\x7 36f\x6376\0\0\xffd8\xffff\x6b76\n\34\0\x4658@\1\0\ 1\0\x6e49\x5366\x6365\x6974\x6e6f\x6464\x6572\x737 3\xfff0\xffff\x8000\xc562\x1c0\x1c1\0\0\xffd8\xfff f\x6b76\f\4\x8000\4\0\4\0\1&\x6143\x6170\x6962\x69 6c\x6974\x7365\0\0\xffc8\xffff\xff68&\x2840@\x6328 3\x2820/\xa3f0?\xc5c0?\x15b8@\x91700\x87100\xa3980\xfbd00\ x2340@\x28a0@\b\0\x41e0@\xffe0\xffffCompactFlashsC \xffa0\xffffUSB\Vid_03f0&Pid_4811&MI_00\6&231a1ea4 &0&0000\0\xffd8\xffff\x6b76\16\32\0\x61d03\1\0\1E\ x6150\x6572\x746e\x6449\x7250\x6665\x7869E\xfff0\x ffff\x8000\xc562\x1c0\x1c1\0\0\xffe8\xffff\x8440I\ x8468I\x8490I\x84b8I\x84e0I\xfff8\xffff\x30d8@\xff d0\xffff\x6b76\23\4\x8000\0\0\4\0\1*\x6552\x6967\x 7473\x7265\x6465\x6953\x636e\x4265\x6f6ft\x746eE\x fff8\xffff\x4768@\xffe0\xffff\x6b76\5\24\0\x3890@\ 1\0\1\0\x6c43\x7361\x79735\xffd8\xffffTEAC FD-05PUB \0\0\xffd8\xffff\x6b76\r\26\0\x5e38?\1\0\1)\x7244\ x7669\x7265\x6556\x7372\x6f69\xb46e*\xffd8\xffff\x 6b76\16\4\x80001\0\1\0\1\0\x6f4e\x6e49\x7473\x6c61 \x436c\x616c\x7373\0\xffd8\xffff\x6b76\20B\0\xcc20 A\1\0\1B\x614d\x6374\x6968\x676e\x6544\x6976\x6563 \x6449\xffa8\xffff\x6b6e \x6ee0\x106e\xa432\x1c5\0\0\x2b08@\0\0\0\0\xffff\x ffff\xffff\xffff\0\0\xffff\xffff\x5c88\r\xffff\xff ff\0\0\0\0\0\0\0\0\1\0\a\0\x6f4c\x4367\x6e6ff\xfff 8\xffff\x4d60@\xffc8\xffffUSB FloppyDisk Drive\0ice\0\0\xffd8\xffffTEAC USB Floppy\0\0%\xfff0\xffff.NT\0\0\0\xffb8\xffff\x6b76/\x98\0\x3b40@\1\0\1&\x3a43\x505c\x6f72\x7267\x6d61 \x4620\x6c69\x7365\x495c\x746e\x7265\x656e\x2074\x 7845\x6c70\x726f\x7265\x495c\x5845\x4c50\x524f\x2e 45\x5845E\xffd0\xffff\x6b76\23"\0\x32c8@\1\0\1\0\x 6f4c\x6163\x6974\x6e6f\x6e49\x6f66\x6d72\x7461\x6f 69n25\xfff8\xffff\x6f78@\xffe8\xffffMicrosoft\0\xf fa8\xffff\x6b6e \x6f40\xa95b\xa493\x1c5\0\0\x4f8@\0\0\0\0\xffff\xf fff\xffff\xffff\v\0\xa658@\x218\0\xffff\xffff\0\0\ 0\0 \0,\0\0\0\4\0\x3030\x3030\0\0\xffd8\xffff\x6b76\n\ 32\0\xef8/\1\0\1\0\x544e\x504d\x7244\x7669\x7265\0\0\0\xffe8 \xffff*NTKERN\0\0*\xff88\xffff\x6b6e \x69a0\x1477\xa432\x1c5\0\0\x3a88'\1\0\0\0\x3b30@\ xffff\xffff\0\0\xffff\xffff\x5c88\r\xffff\xffff\34 \0\0\0\0\0\0\0\1\0$\0\x6944\x6b73\x5626\x6e65\x265 f\x7250\x646f\x555f\x4253\x445f\x5349\x5f4b\x7250\ x266f\x6552\x5f76\x2e31\x3032\0\0\xffa8\xffff{4D36 E980-E325-11CE-BFC1-08002BE10318}\0\0\0\0\xffc0\xffff(Standard floppy disk drives)\0\xffa8\xffffSTORAGE\RemovableMedia\7&2d69 820c&0&RM\0\0\0\0\xffb0\xffffUSB\Vid_04b0&Pid_0409 \5&2ebbfb43&0&2\0 \xffd8\xffff\x6b76\v\4\x8000\v\0\3\0\1v\x6544\x697 6\x6563\x5420\x7079e\xa9e0%\xffe0\xffff\x6b76\b\xa 8\0\xc078B\3\0\1A\x6553\x7563\x6972\x7974\xff90\xf fffUSB\Vid_0830&Pid_0050&Rev_0100\0USB\Vid_0830&Pi d_0050\0\0\xff68\xffffUSB\Class_ff&SubClass_00&Pro t_00\0USB\Class_ff&SubClass_00\0USB\Class_ff\0\0pl \xffe0\xffff\x6b76\3\26\0\x9bf8@\1\0\1a\x664dghe\x ffe8\xffffDiskDrive\0\xffe8\xffffoem11.inf\0\xffd8 \xffff\x6b76\n\32\0\x3960@\1\0\1*\x6e49\x5366\x636 5\x6974\x6e6f\27\xc198\27\xfff8\xffff\x4fd0@\xffa0 \xffff{4D36E967-E325-11CE-BFC1-08002BE10318}\0004\0\0\0\xfff0\xffff\x8000\xc562\x 1c0\x1c1\0\0\xffe0\xffffUSBSTOR_BULK\0&\xfe88\xfff fUSBSTOR\Disk________USB_DISK_Pro____1.20\0USBSTOR \Disk________USB_DISK_Pro____\0USBSTOR\Disk_______ _\0USBSTOR\________USB_DISK_Pro____1\0________USB_ DISK_Pro____1\0USBSTOR\GenDisk\0GenDisk\0\0\0\0\xf fd8\xffff\x6b76\r\x90\0\xeb20A\a\0\1\0\x6f43\x706d \x7461\x6269\x656c\x4449s\0\b\0\x4280@\xfff8\xffff \x3748@\xfff0\xffff\x686c\1\x2738@\x9ef0\x823f\xff 60\xffffC:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer\0\0%\xffd8\xffff\x6b76\r\x90\0\x2708B\a\0 \1\0\x6f43\x706d\x7461\x6269\x656c\x4449s\0\xffd8"

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Progra m Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:Re alPlayer"
"C:\\Program Files\\Macromedia\\Contribute\\Contribute.exe"="C: \\Program Files\\Macromedia\\Contribute\\Contribute.exe:*:En abled:Contribute"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS \\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS \\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizz ard Downloader"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avgine t.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgam svr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.ex e"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Fri 21 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5b662b78 87793c36c7b10d29ea0e0cdc\BITA.tmp"
Mon 11 Jun 2007 8,563,096 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7e2e1f40 5eb8fa40274cf78b95c2a82b\BIT25.tmp"
Fri 21 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e 70c80a1e476f1abf49afecb1\BIT9.tmp"
Tue 12 Jun 2007 3,332,047 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e1804414 68c9be52d5f546364bc4d37e\BIT28.tmp"
Wed 24 Aug 2005 32,256 ...H. --- "C:\Documents and Settings\tammy.ENERGYPR\Application Data\Microsoft\Templates\~WRL1367.tmp"
Mon 5 Dec 2005 0 ...H. --- "C:\Documents and Settings\tammy.ENERGYPR\Application Data\Microsoft\Word\~WRL0128.tmp"
Mon 5 Dec 2005 0 ...H. --- "C:\Documents and Settings\tammy.ENERGYPR\Application Data\Microsoft\Word\~WRL0434.tmp"
Mon 5 Dec 2005 0 ...H. --- "C:\Documents and Settings\tammy.ENERGYPR\Application Data\Microsoft\Word\~WRL0712.tmp"
Mon 5 Dec 2005 0 ...H. --- "C:\Documents and Settings\tammy.ENERGYPR\Application Data\Microsoft\Word\~WRL1030.tmp"
Mon 5 Dec 2005 0 ...H. --- "C:\Documents and Settings\tammy.ENERGYPR\Application Data\Microsoft\Word\~WRL1348.tmp"
Thu 9 Feb 2006 0 ...H. --- "C:\Documents and Settings\tammy.ENERGYPR\Application Data\Microsoft\Word\~WRL1543.tmp"

Finished!

And here's the HijackThis one:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:29, on 18/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4BEF2B82-D752-4ED4-B375-0C2298206445} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {90562CEC-71F2-4654-863D-761F4CA59658} - C:\WINDOWS\system32\ddaxu.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {AE3FCD60-2CF3-49E3-9E9F-ECBF224C4E35} - C:\WINDOWS\system32\jkklj.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [PCguardadvisor.exe] "C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BM4f7f71ba] Rundll32.exe "C:\WINDOWS\system32\yglojksr.dll",s
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD4313] cmd /c del "C:\WINDOWS\system32\jkklj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8940] cmd /c del "C:\WINDOWS\b153.exe_old"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Search - ?p=ZUxdm080YYGB
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {28DF37EA-A0FC-4AA2-AEF8-880737864404} (eDVRMonCtrl Class) - https://members.nurserycam.co.uk/eDVRLiveViewer.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} (IlosoftImageUploadCtl Class) - http://webc.so-to-speak.org/controls...mageUpload.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EnergyPR.local
O17 - HKLM\Software\..\Telephony: DomainName = EnergyPR.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = EnergyPR.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = EnergyPR.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = EnergyPR.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ljjhigd - ljjhigd.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 12534 bytes

Thanks so much once again

**Neal** · 19-03-2008

Your welcome,

If you have "Mywebsearch" in add/remove program please uninstall and reboot afterwards

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:

Run Spybot-S&D
Go to the Mode menu, and make sure "Advanced Mode" is selected
On the left hand side, choose Tools -> Resident
Uncheck "Resident TeaTimer" and OK any prompts

You can reenable TeaTimer once your system is clean.

Run hijackthis and click on "scan system only" button and put checks next to these:

O2 - BHO: (no name) - {4BEF2B82-D752-4ED4-B375-0C2298206445} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {90562CEC-71F2-4654-863D-761F4CA59658} - C:\WINDOWS\system32\ddaxu.dll (file missing)
O2 - BHO: (no name) - {AE3FCD60-2CF3-49E3-9E9F-ECBF224C4E35} - C:\WINDOWS\system32\jkklj.dll (file missing)
O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - (no file)

O4 - HKLM\..\Run: [BM4f7f71ba] Rundll32.exe "C:\WINDOWS\system32\yglojksr.dll",s
O4 - HKCU\..\RunOnce: [SpybotDeletingD4313] cmd /c del "C:\WINDOWS\system32\jkklj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8940] cmd /c del "C:\WINDOWS\b153.exe_old"

O8 - Extra context menu item: &Search - ?p=ZUxdm080YYGB

O20 - Winlogon Notify: ljjhigd - ljjhigd.dll (file missing)

Please close ALL browser windows (including this one).

Everything closed out but hijackthis and click on "fix checked"

Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.

Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):

DELETE FILES:

C:\WINDOWS\system32\yglojksr.dll",s
C:\WINDOWS\system32\jkklj.dll_old
C:\WINDOWS\b153.exe_old

Reboot your PC and do another Combofix scan for me please.

**tamwinsle** · 19-03-2008

I didn't have mywebsearch but have done everything else.

To follow is the new CombiFix log, followed y a new HijackThis log:

ComboFix 08-03-17.1 - Tammy 2008-03-19 10:40:27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.516 [GMT 0:00]
Running from: C:\Documents and Settings\Tammy\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Tammy\Application Data\inst.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))
.

2008-03-18 20:50 . 2008-03-18 20:51 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-18 20:50 . 2008-03-18 21:04 <DIR> d-------- C:\SDFix
2008-03-18 20:48 . 2008-03-19 09:51 330 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-03-16 22:10 . 2008-03-16 22:10 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-16 22:10 . 2008-03-16 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-16 22:08 . 2008-03-16 22:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-16 22:07 . 2008-03-16 22:07 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-03-16 22:02 . 2008-03-19 10:38 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-16 22:01 . 2008-03-16 22:08 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-16 22:01 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-03-16 22:00 . 2008-03-16 22:00 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-16 13:37 . 2008-03-16 13:37 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-16 13:37 . 2008-03-16 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-15 15:38 . 2008-03-15 15:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-12 21:53 . 2008-03-19 09:23 <DIR> d-------- C:\Documents and Settings\Tammy\Application Data\AVG7
2008-03-12 21:53 . 2008-03-12 21:53 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-12 21:52 . 2008-03-12 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-12 21:52 . 2008-03-12 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-12 21:07 . 2008-03-12 21:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-03-01 14:03 . 2008-03-01 14:03 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-01 14:02 . 2008-03-01 14:06 <DIR> d-------- C:\Program Files\Windows Live
2008-03-01 14:02 . 2008-03-01 14:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-26 20:18 . 2008-02-26 20:18 <DIR> d-------- C:\Documents and Settings\Tammy\Application Data\Printer Info Cache
2008-02-26 20:15 . 2008-02-26 20:15 <DIR> d-------- C:\Program Files\Common Files\HP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-19 10:34 --------- d-----w C:\Documents and Settings\Tammy\Application Data\Skype
2008-03-17 10:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-16 20:51 --------- d-----w C:\Program Files\Java
2008-03-16 19:22 47,360 ----a-w C:\Documents and Settings\Tammy\Application Data\pcouffin.sys
2008-03-16 19:22 --------- d-----w C:\Program Files\DVDFab Platinum 4
2008-03-16 19:22 --------- d-----w C:\Documents and Settings\Tammy\Application Data\Vso
2008-03-16 19:20 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-03-16 18:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-14 22:20 --------- d-----w C:\Documents and Settings\Tammy\Application Data\Symantec
2008-02-26 20:18 --------- d-----w C:\Documents and Settings\Tammy\Application Data\Image Zone Express
2008-02-26 20:15 --------- d-----w C:\Program Files\HP
2008-02-17 11:01 854 ----a-w C:\WINDOWS\Fonts\readme.txt
2008-02-17 11:01 129 ----a-w C:\WINDOWS\Fonts\1001freefonts.txt
2008-02-10 23:35 229 ----a-w C:\WINDOWS\Fonts\slidfisk.txt
2008-02-10 23:35 226 ----a-w C:\WINDOWS\Fonts\slidfiss.txt
2008-02-10 23:35 219 ----a-w C:\WINDOWS\Fonts\slidfis.txt
2008-02-10 23:28 676 ----a-w C:\WINDOWS\Fonts\bloub... bloub
2008-02-07 23:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk
2008-02-07 23:19 --------- d-----w C:\Documents and Settings\Tammy\Application Data\DVDFab
2008-01-31 21:04 --------- d-----w C:\Program Files\World of Warcraft
2008-01-21 15:17 --------- d-----w C:\Program Files\Apple Software Update
2008-01-21 15:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-21 14:55 688 ----a-w C:\WINDOWS\Fonts\tunaandhotdog-TOU.txt
.

((((((((((((((((((((((((((((( snapshot@2008-03-18_10.48.08.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-18 18:39:12 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-03-18 20:51:26 6,774,784 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-03-18 20:51:27 217,088 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-03-18 18:39:12 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-03-18 20:51:11 6,774,784 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-03-18 20:51:11 217,088 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2004-01-07 11

24 237,936 ----a-w C:\WINDOWS\system32\unicows.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 02:24 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-01-29 15:36 25370152]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-28 08:17 68856]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-30 09:51 120320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 07:31 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 07:27 126976]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 13:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 13:43 688218]
"Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2004-12-10 20:26 1089536]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 10:56 1077327]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-11-15 09:14 118784]
"NDSTray.exe"="NDSTray.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 13:00 143360]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-09-28 01:05 127035]
"CFSServ.exe"="CFSServ.exe" []
"PCguardadvisor.exe"="C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-20 12:09 180269]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 10:38 866816]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-16 19:32 286720]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-12 21:52 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-12 21:52 219136]

C:\Documents and Settings\tammy.ENERGYPR\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Palm\HOTSYNC.EXE [2004-04-13 16:03:10 299008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-07-04 12:07:45 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2007-10-02 19:23:53 151552]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2007-10-02 19:23:39 106496]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-07-04 10:12:10 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Macromedia\\Contribute\\Contribute.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R1 SMBHC;Microsoft SM Bus Host Controller Driver;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [2001-08-17 13:57]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2004-12-10 18:12]
R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2004-08-18 17:02]
R3 SMBBATT;Microsoft Smart Battery Driver;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [2004-08-03 23:07]
S3 IPN2220;INPROCOMM IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys [2004-11-04 18:29]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 21:41]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-18 15:36:20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-19 10:28:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-18 20:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2008-03-16 19:15:25 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2005-07-01 16:48:19 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2005-07-01 16:48:20 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 10:45:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
.
Completion time: 2008-03-19 10:47:58
ComboFix-quarantined-files.txt 2008-03-19 10:47:51
ComboFix2.txt 2008-03-18 10:49:14
.
2008-03-12 15:16:42 --- E O F ---

here's the new HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:52, on 19/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [PCguardadvisor.exe] "C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {28DF37EA-A0FC-4AA2-AEF8-880737864404} (eDVRMonCtrl Class) - https://members.nurserycam.co.uk/eDVRLiveViewer.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} (IlosoftImageUploadCtl Class) - http://webc.so-to-speak.org/controls...mageUpload.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EnergyPR.local
O17 - HKLM\Software\..\Telephony: DomainName = EnergyPR.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = EnergyPR.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = EnergyPR.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = EnergyPR.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 11519 bytes

**tamwinsle** · 19-03-2008

PS - how did a strange smiley icon appear in the log!!!!!

**Neal** · 20-03-2008

PS - how did a strange smiley icon appear in the log!!!!!

That is normal, just part of it I guess, nothing to worry about.

Both logs are clean, how is your PC behaving now?

**tamwinsle** · 20-03-2008

So much better, thank you. What a great site.

HijackThis log - help please?

HijackThis log - help please?

Similar Threads

hijackthis log

HijackThis

HijackThis! Log