Solved infection [Internet Options cpl won't open]

[Resolved] infection [Internet Options cpl won't open]

I was told to post here instead of windows xp so here is th log to see what is going on with my control panel settings for Internet Options. It will not open. Deckard's System Scanner v20071014.68
Run by tom on 2008-04-13 10:04:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
15: 2008-04-13 15:04:38 UTC - RP343 - Deckard's System Scanner Restore Point
14: 2008-04-12 22:06:53 UTC - RP342 - Cleaned registry with Windows Live OneCare safety scanner
13: 2008-04-12 15:56:48 UTC - RP341 - System Checkpoint
12: 2008-04-10 12:22:49 UTC - RP340 - Software Distribution Service 3.0
11: 2008-04-10 08:08:28 UTC - RP339 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-03-22 20:42:15 UTC - RP329 - Norton Security Online post configuration restore point


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as tom.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:06 AM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\tom\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\tom.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6B184A91-2ECA-4919-31A4-C1C3DE8A9BFE} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {BE307A48-71E6-46E7-B692-3B532E700E75} - (no file)
O2 - BHO: (no name) - {F1E74DAA-8B7B-48A1-A089-6D4A0AC4B0FC} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FE64D334-BF5D-4434-896E-52CB9CDC5DF1} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Enigma Client.lnk.disabled
O4 - Startup: LimeWire On Startup.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/v/8.1.1.1/applet/slots/alibaba-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/v/8.1.1.1/applet/fancy/fancy-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/v/8.1.1.1/applet/lottso/lottso-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/v/8.1.2.12/applet/poppit2/poppit2-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/v/8.1.1.13/applet/spades2/spades2-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo - http://game1.pogo.com/v/8.1.3.26/applet/sweettooth2/sweettooth2-en_US.cab
O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/v/8.1.1.18/applet/simball/simball-en_US.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - http://www.00110.net/tj2007/00110.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - Winlogon Notify: geebb - C:\WINDOWS\
O20 - Winlogon Notify: jkkifcd - jkkifcd.dll (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 9883 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - shell\edit\command - NOTEDAD.EXE %1
.ini - inifile - shell\open\command - NOTEDAD.EXE %1
.reg - regfile - shell\edit\command - NOTEDAD.EXE %1
.txt - txtfile - shell\open\command - NOTEDAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>

S3 SUPERWEBCAM (SuperWebcam, WDM Virtual Video Capture Device) - c:\windows\system32\drivers\superwebcam.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >

S3 gusvc (Google Updater Service) - "c:\program files\google\common\google updater\googleupdaterservice.exe" (file missing)
S3 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-09 09:32:29 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-13 and 2008-04-13 -----------------------------

2008-04-13 09:35:05 0 d-------- C:\Program Files\Trend Micro
2008-04-13 01:42:54 0 d-------- C:\Documents and Settings\guest 2\Application Data\Identities
2008-04-13 01:42:33 0 d--h----- C:\Documents and Settings\guest 2\Templates
2008-04-13 01:42:33 0 dr------- C:\Documents and Settings\guest 2\Start Menu
2008-04-13 01:42:33 0 dr-h----- C:\Documents and Settings\guest 2\SendTo
2008-04-13 01:42:33 0 dr-h----- C:\Documents and Settings\guest 2\Recent
2008-04-13 01:42:33 0 d--h----- C:\Documents and Settings\guest 2\PrintHood
2008-04-13 01:42:33 0 d--h----- C:\Documents and Settings\guest 2\NetHood
2008-04-13 01:42:33 0 dr------- C:\Documents and Settings\guest 2\My Documents
2008-04-13 01:42:33 0 d--h----- C:\Documents and Settings\guest 2\Local Settings
2008-04-13 01:42:33 0 dr------- C:\Documents and Settings\guest 2\Favorites
2008-04-13 01:42:33 0 d-------- C:\Documents and Settings\guest 2\Desktop
2008-04-13 01:42:33 0 d--hs---- C:\Documents and Settings\guest 2\Cookies
2008-04-13 01:42:33 0 dr-h----- C:\Documents and Settings\guest 2\Application Data
2008-04-13 01:42:33 0 d---s---- C:\Documents and Settings\guest 2\Application Data\Microsoft
2008-04-13 01:42:32 786432 --ah----- C:\Documents and Settings\guest 2\NTUSER.DAT
2008-04-12 22:20:21 691545 --a------ C:\WINDOWS\unins000.exe
2008-04-12 21:27:04 0 --a------ C:\Documents and Settings\tom\undockwithoutlogonREG_DWORD0x1
2008-04-12 21:26:51 0 --a------ C:\Documents and Settings\tom\shutdownwithoutlogonREG_DWORD0x1
2008-04-12 21:26:51 0 --a------ C:\Documents and Settings\tom\legalnoticetextREG_SZ
2008-04-12 21:26:51 0 --a------ C:\Documents and Settings\tom\legalnoticecaptionREG_SZ
2008-04-12 21:26:51 0 --a------ C:\Documents and Settings\tom\dontdisplaylastusernameREG_DWORD0x0
2008-04-12 21:26:51 0 --a------ C:\Documents and Settings\tom\{0DF44EAA-FF21-4412-828E-260A8728E7F1}Applica
2008-04-12 21:26:50 0 --a------ C:\Documents and Settings\tom\NoDriveTypeAutoRunREG_BINARY5F000000
2008-04-12 21:26:50 0 --a------ C:\Documents and Settings\tom\{BDEADF00-C265-11D0-BCED-00A0C90AB50F}Applica
2008-04-12 21:26:50 0 --a------ C:\Documents and Settings\tom\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}Applica
2008-04-12 21:26:50 0 --a------ C:\Documents and Settings\tom\!
2008-04-12 19:43:37 0 d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-04-12 16:56:41 0 d-------- C:\Program Files\Windows Live Safety Center
2008-04-12 16:01:11 0 dr-h----- C:\Documents and Settings\tom\Recent
2008-04-12 09:19:11 0 dr-h----- C:\Documents and Settings\sharon jones\Recent
2008-04-10 03:23:40 0 d-------- C:\0447d2e626ba2040e50e452775
2008-03-22 15:32:14 0 d-------- C:\Program Files\Common Files\Symantec Shared


-- Find3M Report ---------------------------------------------------------------

2008-04-12 22:20:21 5550 --a------ C:\WINDOWS\unins000.dat
2008-04-12 19:57:32 0 d-------- C:\Program Files\PCPitstop
2008-04-12 19:53:47 0 d-a------ C:\Program Files\Common Files
2008-04-12 09:12:05 0 d-------- C:\Program Files\Yahoo!
2008-03-29 09:15:42 0 d-------- C:\Program Files\Logitech
2008-03-29 09:14:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-25 16:41:19 0 d-------- C:\Documents and Settings\tom\Application Data\Yahoo!
2008-03-18 13:53:15 0 d-------- C:\Documents and Settings\tom\Application Data\LimeWire
2008-03-08 22:50:40 0 d-------- C:\Program Files\Java
2008-02-28 21:29:04 0 d-------- C:\Program Files\Microsoft Picture It! 2002
2008-02-28 21:19:20 0 d-------- C:\Program Files\Microsoft Streets & Trips
2008-02-28 21:11:11 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-28 21:09:03 0 d-------- C:\Program Files\Microsoft Money
2008-02-17 12:29:13 0 d-------- C:\Program Files\Camstreams Media Encoder
2008-02-17 11:12:59 0 d-------- C:\Program Files\Enigma
2008-02-17 10:38:13 0 d-------- C:\Program Files\Creative
2008-02-16 14:13:31 0 d-------- C:\Program Files\SoundSpectrum
2008-02-16 11:15:50 0 d-------- C:\Program Files\Lavasoft(2)


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B184A91-2ECA-4919-31A4-C1C3DE8A9BFE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE307A48-71E6-46E7-B692-3B532E700E75}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1E74DAA-8B7B-48A1-A089-6D4A0AC4B0FC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE64D334-BF5D-4434-896E-52CB9CDC5DF1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YBrowser "= "C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/2006 04:19 PM]
"LogitechCommunicationsManager "= "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 05:33 PM]
"LogitechQuickCamRibbon "= "C:\Program Files\Logitech\QuickCam\Quickcam.exe" [10/25/2007 05:37 PM]
"SweetIM "= "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [01/02/2008 09:15 PM]
"Microsoft Works Update Detection "= "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [08/16/2001 11:41 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM "= "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [01/02/2008 09:15 PM]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]

C:\Documents and Settings\tom\Start Menu\Programs\Startup\
Enigma Client.lnk.disabled [2/16/2008 5:18:12 PM]
LimeWire On Startup.lnk.disabled [2/16/2008 2:30:52 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geebb]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkifcd]
jkkifcd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk.disabled
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk.disabled
backup=C:\WINDOWS\pss\AT&T Self Support Tool.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk.disabled
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^sharon jones^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\sharon jones\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIAGENT]
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMC_AutoUpdate]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager "=~ "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Motive SmartBridge "=C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
"YBrowser "=C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
"LXSUPMON "=C:\WINDOWS\System32\LXSUPMON.EXE RUN
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe "
"WinampAgent "=C:\Program Files\Winamp\winampa.exe
"Microsoft Works Portfolio "=C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
"MoneyStartUp10.0 "= "C:\Program Files\Microsoft Money\System\Activation.exe "
"MimBoot "=C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
"DIAGENT "=C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
"AHQInit "=C:\Program Files\Creative\SBLive\Program\AHQInit.exe
"UpdReg "=C:\WINDOWS\Updreg.exe




-- End of Deckard's System Scanner: finished at 2008-04-13 10:08:35 ------------Deckard's System Scanner v20071014.6

 

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.00GHz
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 510.8 MiB / 243.45 MiB
Pagefile Memory (total/avail): 865.64 MiB / 653.66 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.22 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.27 GiB total, 16.14 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - MAXTOR 6L040J2 - 37.28 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.27 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\WINDOWS\\system32\\LEXPPS.EXE "= "C:\\WINDOWS\\system32\\LEXPPS.EXE:*isabled:LEXPPS.EXE "
"C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe "= "C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe:*:Enabled:Yahoo! Browser "
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\\Program Files\\LimeWire\\LimeWire.exe "= "C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire "
"C:\\Program Files\\BitTorrent\\bittorrent.exe "= "C:\\Program Files\\BitTorrent\\bittorrent.exe:*isabled:BitTorrent "
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe "= "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*isabled:Veoh Client "
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*isabled:Yahoo! Messenger "
"C:\\Documents and Settings\\tom\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe "= "C:\\Documents and Settings\\tom\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe:*:Enabled:Symantec Removal Utility "
"C:\\WINDOWS\\system32\\mmc.exe "= "C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\tom\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SHARON-4I6XT4GA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\tom
LOGONSERVER=\\SHARON-4I6XT4GA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\tom\LOCALS~1\Temp
TMP=C:\DOCUME~1\tom\LOCALS~1\Temp
USERDOMAIN=SHARON-4I6XT4GA
USERNAME=tom
USERPROFILE=C:\Documents and Settings\tom
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

sharon jones (admin)
tom (admin)
guest 2 (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> C:\Program Files\Creative\SBLive\Program\Upddrv2k.EXE
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\SBC LightSpeed Self Support Tool\CustomUninstall.exe SBC
--> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Creative\News\CTNews.isu "
--> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Creative\SBLive\AudioHQ.isu "
--> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Creative\SBLive\CTMixer.isu "
--> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Creative\SBLive\Diagnose2.isu "
--> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Creative\SBLive\HTML.isu "
--> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Creative\SBLive\Midi.isu "
--> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Creative\SBLive\PlayCenter2\Player2.isu "
--> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Creative\SBLive\Recorder\Recorder.isu "
--> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Creative\SBLive\Restore.isu "
--> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Creative\SBLive\SoundFont.isu "
--> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Creative\SBLive\WaveStudio\Wstudio.isu "
--> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Creative\Uninstall\Installer.isu "
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2Wire Wireless Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\Setup.exe" -l0x9 -L0x9
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AT&T Self Support Tool --> C:\WINDOWS\Motive\SBC\MCCUninst.exe
AT&T Yahoo! Applications --> C:\PROGRA~1\Yahoo!\common\uninstall.exe
Camstreams Media Encoder --> C:\PROGRA~1\CAMSTR~1\UNWISE.EXE C:\PROGRA~1\CAMSTR~1\INSTALL.LOG
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini "
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini "
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini "
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini "
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini "
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini "
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini "
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini "
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini "
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini "
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini "
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe "
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
G-Force --> C:\Program Files\SoundSpectrum\G-Force\Uninstall.exe
getPlus(R)_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Lexmark Supplies Monitor --> C:\WINDOWS\System32\LXSMUNIN.EXE
Lexmark Z45 --> C:\WINDOWS\System32\spool\drivers\w32x86\3\LXAZUN5C.EXE -dLexmark Z45
Logitech Legacy USB Camera Driver Package --> "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\11.10.2016\LgDrvInst.exe" -remove -instdir "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey "legacyqcam_11.10" /clone_wait /hide_progress
Logitech QuickCam --> MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Logitech QuickCam Driver Package --> "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey "lvdrivers_11.50" /clone_wait /hide_progress
Macrogaming SweetIM 2.1 --> MsiExec.exe /X{502358FB-0718-45BC-B142-7511F1694D58}
Microsoft Picture It! Photo 2002 --> MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06}
Microsoft Streets and Trips 2002 --> MsiExec.exe /I{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2002 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe D:\
Microsoft Works 6.0 --> MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sound Blaster Live! Value --> C:\Program Files\Creative\Uninstall\CTUNINST.EXE /U:UNINST1.INI
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe "
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe "
Sure Delete 5.1.1 --> "C:\Program Files\Sure Delete\unins000.exe "
SweetIM For Internet Explorer 3.0b --> MsiExec.exe /X{F6D63A65-BD23-46F3-B9A3-87F442423481}
WebFldrs XP -->
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe "
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll ",UninstallFunction WLSC_SCANNER_PRODUCT
Works Suite OS Pack -->
Works Synchronization -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type11607 / Error
Event Submitted/Written: 04/13/2008 10:06:52 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ybrowser.exe, version 2006.8.11.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type11606 / Warning
Event Submitted/Written: 04/13/2008 08:12:14 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam' failed during request for component '{3BBB8098-03C8-48DC-AA83-9B2159E12E0D}'

Event Record #/Type11605 / Warning
Event Submitted/Written: 04/13/2008 08:12:14 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' does not exist.

Event Record #/Type11604 / Warning
Event Submitted/Written: 04/13/2008 08:12:14 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam' failed during request for component '{3BBB8098-03C8-48DC-AA83-9B2159E12E0D}'

Event Record #/Type11603 / Warning
Event Submitted/Written: 04/13/2008 08:12:14 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type18585 / Error
Event Submitted/Written: 04/12/2008 03:36:57 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Automatic LiveUpdate Scheduler service failed to start due to the following error:
%%2

Event Record #/Type18556 / Error
Event Submitted/Written: 04/12/2008 03:22:40 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Automatic LiveUpdate Scheduler service failed to start due to the following error:
%%2

Event Record #/Type18552 / Warning
Event Submitted/Written: 04/12/2008 00:50:50 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00C0A8834D32. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type18546 / Warning
Event Submitted/Written: 04/12/2008 00:34:18 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00C0A8834D32. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type18523 / Error
Event Submitted/Written: 04/12/2008 09:51:27 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Automatic LiveUpdate Scheduler service failed to start due to the following error:
%%2



-- End of Deckard's System Scanner: finished at 2008-04-13 10:08:35 ------------

 

Hi boggie

Spybot's TeaTimer can prevent needed changes, so we need to disable it for now. TeaTimer can be re-activated once your computer is clean.

• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose "Yes" at the Warning prompt.
• Expand the "Tools" menu.
• Click "Resident ".
• Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
• In the File menu click "Exit" to exit Spybot Search & Destroy.

Reboot.

Now, highlight and copy the bolded command below.

"%userprofile%\desktop\dss.exe" /daft

• Click Start>Run and paste the command in, then hit enter.
• An interface of Deckards file association fix will open.
• Click Scan.
• Check the box next to the following entries, then click Fix.
  • .bat
  • .ini
  • .reg
  • .txt
• Exit when complete.

Next, download ComboFix by sUBs from here, saving the file to your desktop.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

thanksLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35, on 2008-04-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6B184A91-2ECA-4919-31A4-C1C3DE8A9BFE} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {BE307A48-71E6-46E7-B692-3B532E700E75} - (no file)
O2 - BHO: (no name) - {F1E74DAA-8B7B-48A1-A089-6D4A0AC4B0FC} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FE64D334-BF5D-4434-896E-52CB9CDC5DF1} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Enigma Client.lnk.disabled
O4 - Startup: LimeWire On Startup.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/v/8.1.1.1/applet/slots/alibaba-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/v/8.1.1.1/applet/fancy/fancy-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/v/8.1.1.1/applet/lottso/lottso-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/v/8.1.2.12/applet/poppit2/poppit2-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/v/8.1.1.13/applet/spades2/spades2-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo - http://game1.pogo.com/v/8.1.3.26/applet/sweettooth2/sweettooth2-en_US.cab
O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/v/8.1.1.18/applet/simball/simball-en_US.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - http://www.00110.net/tj2007/00110.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - Winlogon Notify: geebb - C:\WINDOWS\
O20 - Winlogon Notify: jkkifcd - jkkifcd.dll (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\WINDOWS\PSEXESVC.EXE

--
End of file - 9553 bytes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions
NoBrowserOptions REG_DWORD 0x0

 

de{9 {dffavgflcaldaxf`dvf.fffffcanlv4<35 "31?% "$/llvvvvvvvvv8$37 "3;&:lv~f.ff`nb{f.ffffffff{&&9&9% "3%%713
82
de{9 {dffavgflcaldaxfanvf.fffffcanlv4<35 "31?% "$/llvvvvvvvvv8$37 "3;&:lv~f.ff`fcn{f.ffffffff{7?8
82:1
de{9 {dffavgflcaldnxfoevf.fffffcanlv4<35 "31?% "$/llvvvvvvvv83% "$9/;&:lv~f.ff`fcn{f.ffffffff{7?8
82:1
de{9 {dffavgflcaldnxfoevf.fffffcanlv4<35 "31?% "$/llvvvvvvvv83% "$9/;&:lv~f.ff`nb{f.ffffffff{&&9&9% "3%%713
82
de{9 {dffavgalgnlbfxeofvf.fffffonlv4<35 "31?% "$/llvv83% "$9/
?829!;&:lv~f.ff`fcn{f.ffffbn{7?8
82:1
de{9 {dffavgalgnlbfx`dcvf.fffffonlv4<35 "31?% "$/llvv83% "$9/
?829!;&:lv~f.ffoan{f.fffgf`d{#4%5$?& "?9878713$
de{9 {dffavgalgnlbfx`dcvf.fffffonlv4<35 "31?% "$/llvv83% "$9/
?829!;&:lv~f.ffo`af{f.fffgf`ef{9478713$
de{9 {dffavgalgnlbgxfffvf.fffffonlv4<35 "31?% "$/llvv83% "$9/
?829!;&:lv~f.ffocen{f.fffgf`e`{>35=9$#4%5$?& "?98%
de{9 {dffavgalgnlbgxfgcvf.fffffonlv4<35 "31?% "$/llvv83% "$9/
?829!;&:lv~f.fgffebon{f.fffgf`en{
34?$35 "9$/
82
de{9 {dffavgalgnlbdx`agvf.fffffonlv4<35 "31?% "$/llvvvvvvvv83% "$9/;&:lv~f.fgffebon{f.ffffffff{
34?$35 "9$/
82
de{9 {dffavgalgnlbexecovf.fffffonlv4<35 "31?% "$/llvvvvvvvv83% "$9/;&:lv~f.ffocen{f.ffffffff{>35=9$#4%5$?& "?98%
de{9 {dffavgalgnlbexndnvf.fffffonlv4<35 "31?% "$/llvvvvvvvv83% "$9/;&:lv~f.ffo`af{f.ffffffff{9478713$
de{9 {dffavgalgnlbexncovf.fffffonlv4<35 "31?% "$/llvvvvvvvv83% "$9/;&:lv~f.ffoan{f.ffffffff{#4%5$?& "?9878713$
de{9 {dffavgalgnlbexnacvf.fffffonlv4<35 "31?% "$/llvvvvvvvv83% "$9/;&:lv~f.ff`fcn{f.ffffffff{7?8
82:1
de{9 {dffavgalgnlbexocevf.fffffonlv4<35 "31?% "$/llvv83% "$9/
?829!;&:lv~f.ff`nb{f.fffgfca{&&9&9% "3%%713
82
de{9 {dffavgalgnlbexocevf.fffffonlv4<35 "31?% "$/llvvvvvvvv83% "$9/;&:lv~f.ff`nb{f.ffffffff{&&9&9% "3%%713
82
sorry this is another log on desktop missed it dont mean to be so much trouble Noadfear but thank you

 

I have no idea what that is. Did you run ComboFix as I instructed here? If you did, I need to see the log. It will be located at C:\ComboFix.txt

 

sorry i thought it was part of the log the only other log is at bottom of hjt will try again to run combofix again

 

0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 14:10:42
Windows 5.1.2600 Service Pack 2

scanning processes ...

IPC error: 2 The system cannot find the file specified.
System [4]
C:\WINDOWS\system32\smss.exe [460] 0x82116998
C:\WINDOWS\system32\csrss.exe [524] 0x821146A8
C:\WINDOWS\system32\winlogon.exe [548] 0x821131E0
C:\WINDOWS\system32\services.exe [592] 0x82014DA0
C:\WINDOWS\system32\lsass.exe [604] 0x8216F5C0
C:\WINDOWS\system32\svchost.exe [792] 0x81FAE458
C:\WINDOWS\system32\svchost.exe [856] 0x81BF3DA0
C:\WINDOWS\system32\svchost.exe [940] 0x821B78B0
C:\WINDOWS\system32\svchost.exe [1032] 0x82219908
C:\WINDOWS\system32\LEXBCES.EXE [1288] 0x820CB6D8
C:\WINDOWS\system32\spoolsv.exe [1312] 0x821F0248
C:\WINDOWS\system32\LEXPPS.EXE [1320] 0x81C01258
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [1388] 0x81FD78B8
C:\WINDOWS\system32\devldr32.exe [1624] 0x82312DA0
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [1840] 0x82043DA0
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [1848] 0x82126748
C:\Program Files\Logitech\QuickCam\Quickcam.exe [1864] 0x81C00DA0
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [1872] 0x81FDD800
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [1896] 0x82167620
C:\PROGRA~1\Yahoo!\browser\ycommon.exe [1916] 0x82172588
C:\WINDOWS\system32\ctfmon.exe [1928] 0x82018DA0
C:\WINDOWS\system32\CTSVCCDA.EXE [224] 0x82024BC0
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [380] 0xFFBB6BC0
C:\WINDOWS\system32\svchost.exe [772] 0x81C433A8
C:\WINDOWS\system32\wdfmgr.exe [984] 0xFFA94260
C:\WINDOWS\system32\MsPMSPSv.exe [1084] 0xFFA9A768
C:\Program Files\Canon\CAL\CALMAIN.exe [1644] 0xFFA727D0
C:\WINDOWS\system32\wscntfy.exe [1956] 0xFFA5B440
C:\WINDOWS\system32\alg.exe [2152] 0x8201B278
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2312] 0xFFA5D798
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe [2772] 0xFF9FFBC0
C:\WINDOWS\system32\CF20606.exe [1948] 0x81BFC998
C:\WINDOWS\system32\CF20606.exe [144] 0xFF972638
C:\WINDOWS\explorer.exe [4104] 0xFF998020
C:\WINDOWS\system32\CF20606.exe [10396] 0xFF028638
C:\ComboFix\findstr.cfexe [11124] 0xFF09F020
C:\ComboFix\mtee.cfexe [11172] 0xFF0B0020
C:\ComboFix\sed.cfexe [11152] 0xFF10B020
C:\ComboFix\mtee.cfexe [11204] 0xFF09B3B8
C:\ComboFix\catchme.cfexe [11244] 0x81A65780
C:\ComboFix\sed.cfexe [11296] 0xFF315B30
hope this willhelp this is the log thanks again

 

I don't know what that is either. Is that the contents of the file C:\ComboFix.txt? Is that the file that opened when ComboFix completed?

 

its what pop up while combo fix was running

 

Please run ComboFix again. Do NOT click on the command window once it starts (click only messages that require a response, and only if you have to click on them). Do NOT run any other applications or have any other windows open while ComboFix is running. When it completes, either a log will open or the computer will need to restart and combofix will run again then produce a log when you again logon. It should look similar in format (you won't see the colors, bold lettering, etc.) to the log in this post, less the HijackThis log. Please post that log here.

 

ComboFix 08-04-12.10 - tom 2008-04-13 14:00:49.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.285 [GMT -5:00]
Running from: C:\Documents and Settings\tom\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.this is the only thing i could find in a c/ search hope this is it so sorry

 

That is the top of the log only. Is that all that the log contains?

 

yes that is all of log just ran combofix again and did not touch any thing ran for 30 mins. Stops at completed stage_41, no log.

 

If the CF window is still open and hung at 'completed stage_41', please open the Task Manager by pressing Ctrl+Alt+Del, select the Processes tab, then end task on any of the following processes.

sed.exe
grep.exe
vfind.exe
findstr.exe

ComboFix should continue on. If none are present, check for nircmd.exe but do not end it just yet. Post back and let me know.

 

none of processes are there and did not see nircmd exe

 

Please close the command window. If your desktop is blank, open the task manager, Click File>New Task (run) on the menu, then type explorer and hit Enter.

Please download this file and run it. It will search your machine for the C:\ComboFix folder & when found, will create a zip file comprising of files from the C:\ComboFix folder. This zipped file shall be named _sUBs-.zip & should be located on your Desktop. Please upload this file to the developer's submission channel using the Browse button so that he can attempt to determine what caused CF to hang. Make sure to leave a link back to this topic by copying the address from the browser window you are viewing this post with, then pasting it into the 'Link to topic' field. Add a comment that I requested the upload due to CF hanging. Thanks!


Now, ComboFix has already been updated since you downloaded it. Please delete the ComboFix.exe file you currently have and download a fresh copy from here, saving it to your desktop.

With ComboFix.exe on the desktop, copy the following command.

"%userprofile%\desktop\ComboFix.exe" /killall

Close ALL open windows and programs, then click Start>Run and paste the command and hit Enter. Hopefully, ComboFix will run through to completion this time. Post the log it produces please.

 

ComboFix 08-04-13.1 - tom 2008-04-13 18:56:10.10 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.320 [GMT -5:00]
Running from: C:\Documents and Settings\tom\desktop\ComboFix.exe
Command switches used :: /killall
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\sharon jones\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\documents\setup.exe
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\WINDOWS\Downloaded Program Files\Quarantine
C:\WINDOWS\opera6.ini
C:\WINDOWS\system32\regapi.exe
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\T4
C:\WINDOWS\system32\T6
C:\WINDOWS\system32\T8

.
((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-13 10:03 . 2008-04-13 10:03 <DIR> d-------- C:\Deckard
2008-04-13 09:35 . 2008-04-13 09:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-13 01:42 . 2008-04-13 01:42 <DIR> d-------- C:\Documents and Settings\guest 2
2008-04-12 22:20 . 2008-04-12 22:15 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-12 19:43 . 2008-04-12 19:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-04-12 18:38 . 2006-11-07 21:01 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-04-12 16:56 . 2008-04-12 17:03 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-03-22 16:10 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DL1
2008-03-22 16:10 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DL1
2008-03-22 15:47 . 2008-03-22 15:55 16 --a------ C:\WINDOWS\system32\coh.cache
2008-03-22 15:32 . 2008-04-12 16:35 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 03:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-13 03:31 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-13 00:57 --------- d-----w C:\Program Files\PCPitstop
2008-04-13 00:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\CA
2008-04-12 14:12 --------- d-----w C:\Program Files\Yahoo!
2008-04-12 14:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-12 14:03 --------- d-----w C:\Documents and Settings\sharon jones\Application Data\Yahoo!
2008-03-31 20:19 --------- d-----w C:\Documents and Settings\sharon jones\Application Data\LimeWire
2008-03-29 14:15 --------- d-----w C:\Program Files\Logitech
2008-03-29 14:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-25 21:41 --------- d-----w C:\Documents and Settings\tom\Application Data\Yahoo!
2008-03-18 18:53 --------- d-----w C:\Documents and Settings\tom\Application Data\LimeWire
2008-03-09 03:50 --------- d-----w C:\Program Files\Java
2008-02-29 02:29 --------- d-----w C:\Program Files\Microsoft Picture It! 2002
2008-02-29 02:19 --------- d-----w C:\Program Files\Microsoft Streets & Trips
2008-02-29 02:11 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-29 02:09 --------- d-----w C:\Program Files\Microsoft Money
2008-02-17 17:29 --------- d-----w C:\Program Files\Camstreams Media Encoder
2008-02-17 16:12 --------- d-----w C:\Program Files\Enigma
2008-02-17 15:38 --------- d-----w C:\Program Files\Creative
2008-02-16 19:13 --------- d-----w C:\Program Files\SoundSpectrum
2008-02-16 16:15 --------- d-----w C:\Program Files\Lavasoft(2)
2008-02-04 22:54 275 ----a-w C:\Documents and Settings\Incomplete\downloads.dat
2007-05-30 22:28 1,569,898 --sha-w C:\WINDOWS\system32\bbeeg.bak1
2007-05-31 23:34 1,549,398 --sha-w C:\WINDOWS\system32\bbeeg.bak2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B184A91-2ECA-4919-31A4-C1C3DE8A9BFE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE307A48-71E6-46E7-B692-3B532E700E75}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1E74DAA-8B7B-48A1-A089-6D4A0AC4B0FC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE64D334-BF5D-4434-896E-52CB9CDC5DF1}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM "= "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 21:15 103712]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YBrowser "= "C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19 129536]
"LogitechCommunicationsManager "= "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"LogitechQuickCamRibbon "= "C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"SweetIM "= "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 21:15 103712]
"Microsoft Works Update Detection "= "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 23:41 28738]

C:\Documents and Settings\tom\Start Menu\Programs\Startup\
Enigma Client.lnk.disabled [2008-02-16 17:18:12 666]
LimeWire On Startup.lnk.disabled [2008-02-16 14:30:52 1538]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geebb]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkifcd]
jkkifcd.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk.disabled
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk.disabled
backup=C:\WINDOWS\pss\AT&T Self Support Tool.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk.disabled
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^sharon jones^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\sharon jones\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a--c--- 2002-04-10 19:44 679936 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIAGENT]
--a------ 2001-08-30 02:00 172122 C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a--c--- 2001-08-16 23:41 28738 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMC_AutoUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
--a--c--- 2001-10-05 19:34 24576 C:\Program Files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager "=~ "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Motive SmartBridge "=C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
"YBrowser "=C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
"LXSUPMON "=C:\WINDOWS\System32\LXSUPMON.EXE RUN
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe "
"WinampAgent "=C:\Program Files\Winamp\winampa.exe
"Microsoft Works Portfolio "=C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
"MoneyStartUp10.0 "= "C:\Program Files\Microsoft Money\System\Activation.exe "
"MimBoot "=C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
"DIAGENT "=C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
"AHQInit "=C:\Program Files\Creative\SBLive\Program\AHQInit.exe
"UpdReg "=C:\WINDOWS\Updreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\WINDOWS\\system32\\LEXPPS.EXE "=
"C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"C:\\WINDOWS\\system32\\mmc.exe "=

R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-04 00:29]
S3 ati2mpaa;ati2mpaa;C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys [2001-08-17 07:48]
S3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;C:\WINDOWS\system32\DRIVERS\superwebcam.sys [2006-06-27 08:56]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-09 14:32:29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 19:00:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-13 19:04:16 - machine was rebooted [tom]
ComboFix-quarantined-files.txt 2008-04-14 00:04:05

Pre-Run: 17,138,151,424 bytes free
Post-Run: 17,126,825,984 bytes free
.
2008-04-10 12:29:08 --- E O F ---

 

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

KillAll::
File::
C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\bbeeg.bak2
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B184A91-2ECA-4919-31A4-C1C3DE8A9BFE}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE307A48-71E6-46E7-B692-3B532E700E75}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1E74DAA-8B7B-48A1-A089-6D4A0AC4B0FC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE64D334-BF5D-4434-896E-52CB9CDC5DF1}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geebb]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkifcd]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log along with a fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Once you've posted the ComboFix and HijackThis logs, download and install AVG Anti-Spyware (AVG-AS)

• When installation completes, start AVG-AS then click the Update tab at the top. Under Manual Update click Start update.
• After the update finishes (the status bar at the bottom will display "Update successful "), click on the Scanner tab at the top.
• Click the "Settings" tab and change the recommended action to Quarantine.
• Select Do Not Automatically Generate a Report after Every Scan.
• Go back to the "Scan" tab and click "Complete System Scan ". This scan can take quite a while to run, so sit back and wait.
• AVG-AS will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action.
• Click the Apply all actions button. AVG-AS will display "All actions have been applied" on the right hand side.
• Click on "Save Report ", then "Save Report As ". Save the report where you know you can find it again (like on the Desktop) and take note of the name.
• Close AVG-AS and reboot.

Please post the contents of the AVG-AS report.

 

ComboFix 08-04-13.1 - tom 2008-04-13 20:00:50.11 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.262 [GMT -5:00]
Running from: C:\Documents and Settings\tom\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\tom\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\bbeeg.bak2
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\bbeeg.bak2

.
((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 )))))))))))))))))))))))))))))))
.

2008-04-13 10:03 . 2008-04-13 10:03 <DIR> d-------- C:\Deckard
2008-04-13 09:35 . 2008-04-13 09:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-13 01:42 . 2008-04-13 01:42 <DIR> d-------- C:\Documents and Settings\guest 2
2008-04-12 22:20 . 2008-04-12 22:15 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-12 19:43 . 2008-04-12 19:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-04-12 18:38 . 2006-11-07 21:01 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-04-12 16:56 . 2008-04-12 17:03 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-03-22 16:10 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DL1
2008-03-22 16:10 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DL1
2008-03-22 15:47 . 2008-03-22 15:55 16 --a------ C:\WINDOWS\system32\coh.cache
2008-03-22 15:32 . 2008-04-12 16:35 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 03:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-13 03:31 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-13 00:57 --------- d-----w C:\Program Files\PCPitstop
2008-04-13 00:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\CA
2008-04-12 14:12 --------- d-----w C:\Program Files\Yahoo!
2008-04-12 14:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-12 14:03 --------- d-----w C:\Documents and Settings\sharon jones\Application Data\Yahoo!
2008-03-31 20:19 --------- d-----w C:\Documents and Settings\sharon jones\Application Data\LimeWire
2008-03-29 14:15 --------- d-----w C:\Program Files\Logitech
2008-03-29 14:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-25 21:41 --------- d-----w C:\Documents and Settings\tom\Application Data\Yahoo!
2008-03-18 18:53 --------- d-----w C:\Documents and Settings\tom\Application Data\LimeWire
2008-03-09 03:50 --------- d-----w C:\Program Files\Java
2008-02-29 02:29 --------- d-----w C:\Program Files\Microsoft Picture It! 2002
2008-02-29 02:19 --------- d-----w C:\Program Files\Microsoft Streets & Trips
2008-02-29 02:11 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-29 02:09 --------- d-----w C:\Program Files\Microsoft Money
2008-02-17 17:29 --------- d-----w C:\Program Files\Camstreams Media Encoder
2008-02-17 16:12 --------- d-----w C:\Program Files\Enigma
2008-02-17 15:38 --------- d-----w C:\Program Files\Creative
2008-02-16 19:13 --------- d-----w C:\Program Files\SoundSpectrum
2008-02-16 16:15 --------- d-----w C:\Program Files\Lavasoft(2)
2008-02-04 22:54 275 ----a-w C:\Documents and Settings\Incomplete\downloads.dat
.

((((((((((((((((((((((((((((( snapshot@2008-04-13_19.03.48.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-13 23:59:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 01:03:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM "= "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 21:15 103712]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YBrowser "= "C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19 129536]
"LogitechCommunicationsManager "= "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"LogitechQuickCamRibbon "= "C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"SweetIM "= "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 21:15 103712]
"Microsoft Works Update Detection "= "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 23:41 28738]

C:\Documents and Settings\tom\Start Menu\Programs\Startup\
Enigma Client.lnk.disabled [2008-02-16 17:18:12 666]
LimeWire On Startup.lnk.disabled [2008-02-16 14:30:52 1538]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk.disabled
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk.disabled
backup=C:\WINDOWS\pss\AT&T Self Support Tool.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk.disabled
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^sharon jones^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\sharon jones\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a--c--- 2002-04-10 19:44 679936 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIAGENT]
--a------ 2001-08-30 02:00 172122 C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a--c--- 2001-08-16 23:41 28738 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMC_AutoUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
--a--c--- 2001-10-05 19:34 24576 C:\Program Files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager "=~ "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Motive SmartBridge "=C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
"YBrowser "=C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
"LXSUPMON "=C:\WINDOWS\System32\LXSUPMON.EXE RUN
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe "
"WinampAgent "=C:\Program Files\Winamp\winampa.exe
"Microsoft Works Portfolio "=C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
"MoneyStartUp10.0 "= "C:\Program Files\Microsoft Money\System\Activation.exe "
"MimBoot "=C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
"DIAGENT "=C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
"AHQInit "=C:\Program Files\Creative\SBLive\Program\AHQInit.exe
"UpdReg "=C:\WINDOWS\Updreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\WINDOWS\\system32\\LEXPPS.EXE "=
"C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"C:\\WINDOWS\\system32\\mmc.exe "=

R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-04 00:29]
S3 ati2mpaa;ati2mpaa;C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys [2001-08-17 07:48]
S3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;C:\WINDOWS\system32\DRIVERS\superwebcam.sys [2006-06-27 08:56]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-09 14:32:29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 20:04:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2008-04-13 20:08:02 - machine was rebooted [tom]
ComboFix-quarantined-files.txt 2008-04-14 01:07:51
ComboFix2.txt 2008-04-14 00:04:17

Pre-Run: 17,359,323,136 bytes free
Post-Run: 17,347,010,560 bytes free
.
2008-04-10 12:29:08 --- E O F ---