Sorry it took so long ... ComboFix refuses to complete in Normal Mode. Before it froze, however, it did complete the deletions.
Below are the logs from ComboFix (Safe) and HJT (Normal):
ComboFix 08-03-23.2 - Administrator 2008-03-23 13:14:49.5 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.376 [GMT -10:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
C:\Documents and Settings\All Users\ymjsetup_22.exe
C:\WINDOWS\system32\Help.ico
C:\WINDOWS\system32\L2F68.tmp
C:\WINDOWS\system32\L32E3.tmp
C:\WINDOWS\system32\LCB57.tmp
C:\WINDOWS\system32\LF6E1.tmp
C:\WINDOWS\system32\pavas.ico
C:\WINDOWS\system32\Uninstall.ico
C:\WINDOWS\system32\winfrun32.bin
.
-- Other TimeOuts --
VFind -td "C:\WINDOWS\system32\baiso*"
CF10690.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\WINDOWS\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-23 C:\WINDOWS\*
CF10690.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*"
CF10690.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.
2008-03-23 12:41 . 2008-03-23 12:41 1,607,047 --a------ C:\ComboFix.exe
2008-03-11 10:30 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-10 17:58 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-03-10 17:37 . 2008-03-10 19:40 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-10 13:53 . 2008-03-10 18:38 <DIR> d-------- C:\super
2008-03-10 13:53 . 2008-03-10 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-10 13:50 . 2008-03-10 13:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-10 12:03 . 2008-03-10 12:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-03-10 11:37 . 2008-03-10 11:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-10 11:37 . 2007-05-30 02:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-09 20:16 . 2008-03-09 20:16 <DIR> d-------- C:\WINDOWS\FLEOK
2008-03-09 19:09 . 2008-03-09 20:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-09 17:24 . 2008-03-09 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-09 17:19 . 2008-03-09 19:09 <DIR> d-------- C:\spybot
2008-03-09 08:28 . 2008-03-09 08:28 <DIR> d-------- C:\Program Files\Sysmnt
2008-03-09 08:28 . 2008-03-09 08:28 <DIR> d-------- C:\Program Files\stc
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 23:11 203,396 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-23 23:11 17,322,016 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-23 23:11 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-03-23 21:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-11 20:51 --------- d-----w C:\Program Files\Trend Micro
2008-03-11 20:30 --------- d-----w C:\Program Files\Java
2008-03-11 04:37 --------- d-----w C:\Program Files\Windows Journal
2008-03-11 04:37 --------- d-----w C:\Program Files\QuickTime
2008-03-11 04:31 --------- d-----w C:\Program Files\iTunes
2008-03-11 04:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-10 21:45 2,660,864 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-01-29 01:48 13,185,487 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-07-29 08:01 334,336 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2007-07-10 06:01 825,344 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2007-05-10 00:29 30,720 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2007-05-09 23:43 2,312,192 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2006-11-21 05:47 2,685,440 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2006-11-21 05:47 1,735,680 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2006-11-03 07:22 1,704,448 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2006-01-26 14:22 1,162,240 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2005-12-15 15:19 893,952 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2005-12-15 15:19 1,152,512 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8041E642-8CFC-4720-BC9D-D2DB8904286F}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-23 07:10 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2007-12-23 07:10 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:56 15360]
"TUlaunch"="C:\WINDOWS\help\latute.hta showme" [ ]
"HP Mobile Printing"="C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE" [2003-05-23 07:12 630784]
"Zinio DLM"="C:\Program Files\Zinio\ZDLM.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletTip"="C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" [2004-08-03 21:56 271872]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-09-22 06:10 4866048]
"nwiz"="nview.dll" [2003-09-22 06:10 852039 C:\WINDOWS\system32\nview.dll]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 19:31 208952]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2003-03-30 21:00 59392]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2003-03-30 21:00 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2003-03-30 21:00 455168]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2003-07-17 07:50 184412]
"Q Menu"="C:\Program Files\HPQ\Q Menu\QICON.exe" [2003-07-28 04:13 204800]
"hpqMcSrv"="C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe" [2003-07-28 05:06 40960]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-06-09 14:31 66680]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-08-02 13:36 124232]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-03-26 05:15 684032]
"TabletWizard"="C:\WINDOWS\help\SplshWrp.exe" [2004-08-03 21:56 16384]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-30 06:01 88267 C:\WINDOWS\AGRSMMSG.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 16:45 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-22 05:49 282624]
"ZoneAlarm Client"="C:\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"CPQDFWAG"="C:\WINDOWS\Cpqdiag\CpqDfwAg.exe" [2003-03-13 10:14 212992]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-09-12 05:42:00 503869]
ymetray.lnk - C:\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-10-03 08:04:38 54776]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\super\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\super\SASWINLO.DLL 2008-03-10 16:38 294912 C:\super\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 2004-08-03 21:56 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
TabBtnWL.dll 2002-08-28 19:41 11776 C:\WINDOWS\system32\tabbtnwl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 2004-08-03 21:56 30208 C:\WINDOWS\system32\tpgwlnot.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R3 WacomSoftPen;Wacom ISD HID MiniDriver;C:\WINDOWS\system32\DRIVERS\wacomsoftpen.sys [2003-09-12 00:03]
S3 WacomPen;Wacom Serial Pen HID Driver;C:\WINDOWS\system32\DRIVERS\wacompen.sys [2004-08-03 20:04]
S4 TabSrv;Tablet PC Service;C:\WINDOWS\system32\tabsrv.exe [2003-01-14 03:22]
*Newly Created Service* - CATCHME
*Newly Created Service* - PXHELP20
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-23 13:18:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????1?1?5?3??????? ?deB???????????????B? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-23 13:19:23
ComboFix-quarantined-files.txt 2008-03-23 23:18:43
ComboFix2.txt 2008-03-11 23:33:25
.
2008-02-12 23:45:23 --- E O F ---