Computer is running amuck help w/Hijack log

I turned off my computer last night and it starting installing updates now when I open explorer is starts going crazy mouse moving all over, start bar opening emails opening. Please help!! Thank you below is hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 9:09:15 AM, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = %3clocal%3e:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe "
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.brisbet.com
O15 - Trusted Zone: http://secure.overture.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152884892985
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SYSTEM32\bgsvcgen.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

 

PeteC,

Thank you below is the deckard's scan main.txt:
I have run spybot and nothing was found.

Deckard's System Scanner v20071014.68
Run by Owner on 2007-12-12 10:27:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
60: 2007-12-12 16:27:37 UTC - RP710 - Deckard's System Scanner Restore Point
59: 2007-12-12 09:01:27 UTC - RP709 - Software Distribution Service 3.0
58: 2007-12-12 02:10:28 UTC - RP708 - Software Distribution Service 3.0
57: 2007-12-11 04:26:27 UTC - RP707 - Software Distribution Service 3.0
56: 2007-12-10 09:00:58 UTC - RP706 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-10-25 08:01:05 UTC - RP651 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:20 AM, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = %3clocal%3e:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe "
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.brisbet.com
O15 - Trusted Zone: http://secure.overture.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152884892985
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SYSTEM32\bgsvcgen.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 8254 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD>
R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; Bo Brantén; filedisk>

S3 PCDRDRV (Pcdr Helper Driver) - c:\windows\system32\drivers\pcdrdrv.sys (file missing)
S3 PcdrNt - c:\windows\system32\drivers\pcdrnt.sys <Not Verified; PC-Doctor Inc.; PC-Doctor NT 3.0>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 bgsvcgen (B's Recorder GOLD Library General Service) - c:\windows\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD8>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-12 02:13:00 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-12-03 22:52:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-11-12 and 2007-12-12 -----------------------------

2007-12-12 10:22:01 0 dr-h----- C:\Documents and Settings\Owner\Recent
2007-12-03 18:20:56 0 d-------- C:\Documents and Settings\Owner\Application Data\Image Zone Express
2007-11-13 10:48:45 0 d-------- C:\test


-- Find3M Report ---------------------------------------------------------------

2007-12-12 10:23:20 0 d-------- C:\Program Files\Trend Micro
2007-12-12 08:05:23 0 d-------- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2007-12-12 08:05:10 0 d-------- C:\Program Files\SpiralFrog
2007-12-11 14:55:26 0 d-------- C:\Program Files\mIRC
2007-12-06 21:08:40 0 d-------- C:\Program Files\UltimateBet
2007-12-06 08:44:28 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2007-12-03 21:55:17 0 d-------- C:\Program Files\SpywareBlaster
2007-12-03 11:28:54 0 d-------- C:\Program Files\DivX
2007-11-20 10:28:17 0 d-------- C:\Program Files\Empty Temp Folders 2.8.3
2007-11-04 16:51:21 0 d-------- C:\Program Files\oscpmwin
2007-11-03 08:49:40 0 d-------- C:\Documents and Settings\Owner\Application Data\GetRightToGo
2007-10-19 18:56:16 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-10-19 18:54:28 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-10-19 18:54:28 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-10-19 18:54:12 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-10-19 18:54:12 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-10-19 18:54:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-10-19 18:54:10 739840 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-10-18 03:02:34 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-10-14 08:09:09 836 --a------ C:\Documents and Settings\Owner\Application Data\ViewerApp.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [05/07/1998 10:04 AM]
"Recguard "= "C:\WINDOWS\SMINST\RECGUARD.EXE" [06/15/2001 04:34 PM]
"IgfxTray "= "C:\WINDOWS\System32\igfxtray.exe" [08/07/2001 06:25 PM]
"HotKeysCmds "= "C:\WINDOWS\System32\hkcmd.exe" [08/07/2001 05:36 PM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 02:43 AM]
"Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 06:20 PM]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [10/24/2007 06:22 AM]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [12/15/2005 10:18 AM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [04/27/2007 08:41 AM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [06/01/2007 03:51 PM]
"KBD "= "C:\HP\KBD\KBD.EXE" [02/02/2005 03:44 PM]
"SpiralFrog "= "C:\Program Files\SpiralFrog\Spiralfrog.exe" [10/15/2007 01:38 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection "= "C:\Program Files\Microsoft Works\WkDetect.exe" [08/15/2000 06:25 PM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [05/31/2005 01:04 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting "= "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe [6/22/2006 1:15:48 PM]
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2/2/2007 3:54:56 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [12/15/2005 10:40:44 AM]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [6/11/2006 11:32:04 AM]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [6/11/2006 11:31:51 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools "=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp center UI.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp center.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPGamesActiveMenu]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpInspector]

*Newly Created Service* - TMCOMM



-- End of Deckard's System Scanner: finished at 2007-12-12 10:31:30 ------------

 

Thanks again!! While waiting I ran a Kaspersky scan and it found nothing below is report. This is weird because everything is fine then all of a sudden its like some one else is controlling my computer, address book opens, task bar moves from bottom to side, some crazy arrow makes web page shift up and down anyway thanks,

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, December 12, 2007 1:47:26 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/12/2007
Kaspersky Anti-Virus database records: 450509
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\

Scan Statistics:
Total number of scanned objects: 74745
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 02:41:05

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007121220071213\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx Object is locked skipped
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP710\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

 

Hi shammie

I only see one suspicious thing in those logs. Scan again with HijackThis, place a check next to the following entry, close all other windows and click Fix Checked.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = %3clocal%3e:80

Reboot.

If you lose internet connectivity, open HijackThis to the Misc Tools section, Backups and restore that entry.

If still experiencing problems, open your firewall and deny access to everything. Does the behavior persist? If that stops it, re-enable programs systematically to attempt identifying what causes it.

 

Oops ........thanks Pete. Fixed.

 

Thank you for your help. I fixed that entry and have reset my firewall. The problem seemed to have got better, but all of the sudden a stop watch looking thing appeared in my task bar called filterkeys, now I can't type double letters and when I type a wierd noise comes out of the speakers. I searched and found to turn it off go to control panel accessibility options > but when I get there I get "windows can't find c:\WINDOWS\system32\accwiz.exe
This is driving me insane!!!!!!

 

Try holding down both shift keys for 8 seconds.

 

I restarted and filterkeys was gone. Yesterday everything seemed to work fine, now today coing crazy again. All of the sudden windows open, close, ask me if I want to log off. Should I try to restore? I have run kaspersky scan, housecall, adaware, avg antispyware, spybot. all find nothing. I'm at a loss to figure this out. Thanks for your help.

 

Restoring to a date prior to the behavior may do the job, however, I wonder if the problem is due to a specific update or software installation and whether uninstalling it would resolve the problem as well.

Lets see which updates were installed. Go to Windows Update and select the 'Review your Update History' link in the left pane.

Did the problem appear after installing SpiralFrog? mIRC?

 

problem started after I shut down and the following 7 upadates installed. No problem before, but on restart after the updatesno problems with Mric, or spiral frog)

Windows XP Cumulative Security Update for Internet Explorer 7 for Windows XP (KB942615) Tuesday, December 11, 2007 Automatic Updates
Windows XP Security Update for Windows XP (KB941568) Tuesday, December 11, 2007 Automatic Updates
Windows XP Security Update for Windows XP (KB944653) Tuesday, December 11, 2007 Automatic Updates
Windows XP Windows Malicious Software Removal Tool - December 2007 (KB890830) Tuesday, December 11, 2007 Automatic Updates
Windows XP Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB928366) Tuesday, December 11, 2007 Automatic Updates
Windows XP Update for Windows XP (KB942763) Tuesday, December 11, 2007 Automatic Updates
Windows XP Security Update for Windows XP (KB941569) Tuesday, December 11,

These updates have been installed after the problem started looks like the same one over and over again:

Windows XP Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB928366) Friday, December 14, 2007 Automatic Updates
Windows XP Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB928366) Friday, December 14, 2007 Automatic Updates
Windows XP Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB928366) Wednesday, December 12, 2007 Automatic Updates
Windows XP Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB928366) Wednesday, December 12, 2007 Automatic Updates
Windows XP Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB928366) Wednesday, December 12, 2007 Microsoft Update
Windows XP Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB928366) Wednesday, December 12, 2007 Automatic Updates

 

Does this one show up in Add/Remove programs (you may have to select the box to show updates)?
Windows XP Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB928366)
If so, uninstall it and reboot.

 

That one does not show up in add/remove programs

 

Please check that you have both the Net Framework 1.1 and the NET Framework 1.1 Service Pack 1 installed. The update shown (KB928366) is a secruity update for NET Framework 1.1 Service Pack 1, and if you don't have SP1, the update certainly will not install. SP1 was an optional update, so many people don't have it, and the security update is being doled out automatically thereby causing many users problems with it.

 

I have .net framework 1.1 and .netframework 1.1 hotfix (KB886903) but I do not see .netframework service pack 1
should I install it? Thank you for your help

 

Yes ...... install Net Framework Service Pack 1 then try to install KB928366 again.

 

when I try to install I get the following message
"application has generated an exception that could not be handled. Process id=0x4e8 (1256), Thread id=0x710 (1808) Cleck ok to terminate the application. click cancel to debug the application." When I click cancel I get "registered JIT debugger is not available. An attempt to launch a JIT debugger with the following command resulted in an error code of 0x2 (2) Please check computer settings. cordbg.exe !a 0x4e8 "

 

Did you save the installation package to the hard drive or try to run it from the web? Recommend saving it to the drive.

No reason to cancel (debug) unless you have a debugging program installed and know how to interpret it.

Might need to uninstall the NET framework packages completely, run some cleanup tools and re-install them. Time consuming, but should resolve that update issue, whether it's the culprit behind your other issues or not.

You said 'no problem with mIRC or SpiralFrog'. Are you saying those had been installed well in advance of the current behavior (weeks? months?), or just that they seem to be working OK themselves? Were they not just installed?