CANNOT access updates

A

AKILLSUX

New member
Hi,first noticed problems when the MS update/clash with ZoneAlarm firewall issues arose.I disabled the firewall and MS updates so I could go online.The firewall could not be re-enabled although the zlclient.exe was still running in the task manager.And I could not access the Windows updates manually.Then my bookmarks disappeared and my homepage was changed.I uninstalled the firewall and the bookmark/homepage problem went away in Firefox, but is still happening in IE.
Next my antivirus was disabled,it has since been restored.
I have 2 different Windows security popups showing when I first connect,one tells me the Windows firewall is off.
I can't get any online scanners to work,but S and D in safe mode shows no threats,a rootkit scan shows 3 unidentified services,
When I try to access the Windows updates it gets to a page,and just hangs.
I can't access the Sun Java updates either
I don't use PtoP,visit porn sites,or go gambling online.I run XP pro,SP2,last updated 21 Jun.
Also have multiple temp/tmp/temp internet files,some of which cannot be deleted
Here is my HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:09 p.m., on 2/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FD76BEB-89CC-4CEB-965D-24200785D4CF}: NameServer = 202.49.233.1 202.49.233.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{1FD76BEB-89CC-4CEB-965D-24200785D4CF}: NameServer = 202.49.233.1 202.49.233.2
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 8483 bytes
 
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.
Click to expand...
Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

----------------------------------------------------------------------------------------

Installed Programs

Please could you give me a list of the programs that are installed.
  • Start HijackThis
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.






Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
 
Hi,thanks for replying...that link didn't take me anywhere so I downloaded direct from bleeping computer.Although I followed the instructions, at the end ,while the log was being created my firewall reactivated itself,and I had no idea whether to allow the actions it mentioned.
Also a couple of things have changed,disabled all the supposedly safe BHOs/ActiveX,in IE7,which I only use for Windows updates,finally got through to the update page,as all that was offered was SP3,I decided to try and install that from my MS CD,but after going through the install process,it told me it had failed,and"Access was denied",and then it uninstalled.
Here are the logs
ComboFix 08-08-07.05 - HP_Administrator 2008-08-08 15:05:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.170 [GMT 12:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\_004902_.tmp.dll
C:\WINDOWS\system32\_004903_.tmp.dll
C:\WINDOWS\system32\_004904_.tmp.dll
C:\WINDOWS\system32\_004905_.tmp.dll
C:\WINDOWS\system32\_004912_.tmp.dll
C:\WINDOWS\system32\_004913_.tmp.dll
C:\WINDOWS\system32\_004914_.tmp.dll
C:\WINDOWS\system32\_004915_.tmp.dll
C:\WINDOWS\system32\_004917_.tmp.dll
C:\WINDOWS\system32\_004918_.tmp.dll
C:\WINDOWS\system32\_004921_.tmp.dll
C:\WINDOWS\system32\_004922_.tmp.dll
C:\WINDOWS\system32\_004924_.tmp.dll
C:\WINDOWS\system32\_004925_.tmp.dll
C:\WINDOWS\system32\_004926_.tmp.dll
C:\WINDOWS\system32\_004928_.tmp.dll
C:\WINDOWS\system32\_004931_.tmp.dll
C:\WINDOWS\system32\_004932_.tmp.dll
C:\WINDOWS\system32\_004936_.tmp.dll
C:\WINDOWS\system32\_004937_.tmp.dll
C:\WINDOWS\system32\_004939_.tmp.dll
C:\WINDOWS\system32\_004942_.tmp.dll
C:\WINDOWS\system32\_004944_.tmp.dll
C:\WINDOWS\system32\_004945_.tmp.dll
C:\WINDOWS\system32\_004946_.tmp.dll
C:\WINDOWS\system32\_004947_.tmp.dll
C:\WINDOWS\system32\_004948_.tmp.dll
C:\WINDOWS\system32\_004951_.tmp.dll
C:\WINDOWS\system32\_004952_.tmp.dll
C:\WINDOWS\system32\_004953_.tmp.dll
C:\WINDOWS\system32\_004954_.tmp.dll
C:\WINDOWS\system32\_004955_.tmp.dll
C:\WINDOWS\system32\_004960_.tmp.dll
C:\WINDOWS\system32\_004962_.tmp.dll
C:\WINDOWS\system32\_004963_.tmp.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-07-08 to 2008-08-08 )))))))))))))))))))))))))))))))
.

2008-08-07 20:20 . 2008-04-14 05:42 354,304 --a------ C:\WINDOWS\system32\SET11F4.tmp
2008-08-07 20:20 . 2008-04-14 05:40 177,152 --a------ C:\WINDOWS\system32\SET1226.tmp
2008-08-07 20:20 . 2008-04-14 05:42 159,232 --a------ C:\WINDOWS\system32\SET120A.tmp
2008-08-07 20:20 . 2008-04-14 05:42 28,672 --a------ C:\WINDOWS\system32\SET11F9.tmp
2008-08-07 20:20 . 2008-04-14 05:41 20,480 --a------ C:\WINDOWS\system32\SET1253.tmp
2008-08-07 20:20 . 2008-04-14 05:41 16,896 --a------ C:\WINDOWS\system32\SET1250.tmp
2008-08-07 20:20 . 2008-04-14 05:42 13,824 --a------ C:\WINDOWS\system32\SET11F0.tmp
2008-08-07 20:19 . 2008-08-07 20:32 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-07 20:19 . 2008-08-07 20:32 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-07 20:19 . 2008-08-07 20:31 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-07 20:19 . 2008-04-14 05:42 80,896 --a------ C:\WINDOWS\system32\SET11EF.tmp
2008-08-07 20:19 . 2008-04-14 05:42 6,656 --a------ C:\WINDOWS\system32\SET11EC.tmp
2008-08-07 20:14 . 2008-04-14 05:42 471,552 --a------ C:\WINDOWS\system32\SET5EE.tmp
2008-08-07 20:14 . 2008-04-14 05:41 95,744 --a------ C:\WINDOWS\system32\SET5F4.tmp
2008-08-07 20:12 . 2008-04-14 05:42 2,843,136 --a------ C:\WINDOWS\system32\SET2C9.tmp
2008-08-07 20:11 . 2008-04-14 05:42 8,461,312 --a------ C:\WINDOWS\system32\SET1EE.tmp
2008-08-07 20:07 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003237_.tmp
2008-08-07 20:04 . 2007-10-26 15:34 8,460,288 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-08-07 20:03 . 2007-02-28 21:10 2,180,352 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-08-07 20:00 . 2008-08-07 20:00 <DIR> d-------- C:\WINDOWS\New Folder
2008-08-07 19:54 . 2008-08-07 20:21 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-06 22:49 . 2008-08-06 22:49 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-06 22:49 . 2008-08-06 22:49 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2008-08-06 22:49 . 2008-08-06 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-06 22:48 . 2008-08-06 22:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-06 20:48 . 2008-08-06 20:48 <DIR> d-------- C:\Program Files\COMODO
2008-08-06 20:48 . 2008-08-06 20:48 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Comodo
2008-08-06 20:48 . 2008-08-06 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-08-06 20:48 . 2008-08-06 20:48 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-08-06 20:48 . 2008-08-06 20:48 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-08-06 20:48 . 2008-08-06 20:48 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-08-02 22:21 . 2008-08-02 22:21 <DIR> d-------- C:\Autoruns
2008-07-25 16:45 . 2008-07-25 16:45 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-25 16:45 . 2008-07-25 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-24 23:15 . 2008-07-24 23:15 <DIR> d-------- C:\Program Files\Safer Networking
2008-07-24 22:43 . 2008-07-24 22:43 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-19 19:41 . 2008-08-03 19:01 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-19 19:41 . 2008-07-19 19:41 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-07-19 19:41 . 2008-07-19 19:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-19 19:41 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-19 19:41 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-18 18:12 . 2008-07-18 18:12 <DIR> d-------- C:\Program Files\Sophos
2008-07-17 16:36 . 2008-07-17 16:36 <DIR> d-------- C:\VundoFix Backups
2008-07-15 15:45 . 2008-07-15 15:45 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-13 18:48 . 2008-07-29 18:03 <DIR> d-------- C:\1954455e9283aee02610

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-08 03:13 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\WTablet
2008-08-01 07:07 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Canon
2008-07-19 02:29 --------- d-----w C:\Program Files\Common Files\Real
2008-07-14 23:32 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-07-11 04:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-23 09:23 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
2008-06-23 09:17 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2008-06-23 09:15 --------- d-----w C:\Program Files\Sonic
2008-06-23 09:14 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-06-23 07:34 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-06-23 02:55 --------- d---a-w C:\Program Files\Common Files\LightScribe
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2005-11-02 09:27 0 ----a-w C:\Program Files\pspbrwse.jbf
.

StartupList report, 6/08/2008, 9:50:17 p.m.
StartupList version: 1.52.2
Started from : C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16674)
* Using default options
* Including empty and uninteresting sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup]
Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
LUMIX Simple Viewer.lnk = ?
Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Ulead AutoDetector v2 = C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
Recguard = C:\WINDOWS\SMINST\RECGUARD.EXE
PS2 = C:\WINDOWS\system32\ps2.exe
OpwareSE2 = "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
LSBWatcher = c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
KBD = C:\HP\KBD\KBD.EXE
hpsysdrv = c:\windows\system\hpsysdrv.exe
High Definition Audio Property Page Shortcut = HDAudPropShortcut.exe
ATIPTA = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
AGRSMMSG = AGRSMMSG.exe
IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
ehTray = C:\WINDOWS\ehome\ehtray.exe
HPHmon06 = C:\WINDOWS\system32\hphmon06.exe
HPHUPD06 = "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
MSPY2002 = "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
SunJavaUpdateSched = "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
PHIME2002ASync = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
PHIME2002A = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
ISUSScheduler = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
ISUSPM Startup = "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
COMODO Firewall Pro = "C:\Program Files\COMODO\Firewall\cfp.exe" -h

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=wbsys.dll C:\WINDOWS\system32\guard32.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[Housecall ActiveX 6.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
CODEBASE = http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

[Java Plug-in 1.5.0_10]
InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

[Java Plug-in 1.5.0]
InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

[Java Plug-in 1.5.0_10]
InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

[Java Plug-in 1.5.0_10]
InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 17,051 bytes
Report generated in 0.141 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Hope this is OK
 
It looks like the ComboFix log got cut off, please can you post it again
C:\Combofix.txt

Can you post the Uninstall list I asked for please.
 
Hi,sorry I posted the wrong HJT.Correct one here
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Shockwave Player 11
Agere Systems PCI Soft Modem
Alien Skin Eye Candy 4000 Demo
Apophysis 2.0
ArcSoft PhotoStudio 5.5
ArtRage 2
ATI Control Panel
ATI Display Driver
avast! Antivirus
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Holidays from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
Browser Hijack Recover(BHR) 2.3
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Drivers 6.0
Canon MP Navigator 1.1
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon ScanGear Starter
Canon Utilities Easy-PhotoPrint
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX (E)
CD-LabelPrint
COMODO Firewall Pro
Corel Paint Shop Pro X
Corel Painter Essentials 3
Corel Painter X
Corel Painter X
Corel Photo Album 6
Crystal Maze from HP Media Center (remove only)
Deep Paint
EasyCleaner
Easy-WebPrint
EzyPaint
Filter Forge 1.008
Final Drive Nitro from HP Media Center (remove only)
GemMaster Mystic
Harry's Filters 3
Help and Support Additions
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
HP Deskjet Printer Preload
HP Image Zone 4.8.6
HP Image Zone for Media Center PC
HP Image Zone Plus 4.8.6
HP Photosmart Cameras 4.5
HP PSC & OfficeJet 4.7
HP Software Update
HP Tunes
HPIZplus450
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
KBD
Lexibox Deluxe from HP Media Center (remove only)
LUMIX Simple Viewer
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Digital Image Suite 2006
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money
Microsoft National Language Support Downlevel APIs
Microsoft Works
Mozilla Firefox (2.0.0.16)
Mozilla Thunderbird (1.0.6)
MS Access 97 SP2
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
muvee autoProducer 4.0
muvee autoProducer unPlugged - HPD
OmniPage SE 2.0
Otto
Overball from HP Media Center (remove only)
PC-Doctor for Windows
PenPlus Personal
Phoenix Assault from HP Media Center (remove only)
Photo Story 3 for Windows
PhotoFiltre
Photosmart 320,370,7400,8100,8400 Series
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
project dogwaffle
PS2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RegAlyzer
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Shinycore Path Styler Pro 1.11 Tryout for Photoshop
Shockwave
Shooting Stars Pool from HP Media Center (remove only)
Slyder from HP Media Center (remove only)
Sonic Activation Module
Sonic DVD for Photo Story 3 for Windows
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sophos Anti-Rootkit 1.3.1
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Super Granny from HP Media Center (remove only)
SUPERAntiSpyware Free Edition
Tablet
The GIMP 2.2.9
Tradewinds from HP Media Center (remove only)
Ulead ArtTexture.Plugin 1.0
Ulead PhotoImpact 10 SE
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
Updates from HP
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Player 10 Hotfix [See KB889858 for more information]
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885354
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB891781
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB895678

The ComboFix log is incomplete,I think, because the Firewall reactivated,its icon was not in the tray,and I could see no option to terminate it,so pressed cancel,do I need to go through the process again?Should I have disabled the firewall in the services?Also my avast antivirus icons have gone from the tray since that reboot,any ideas on how I can get them back?Thanks for your help,all the best
 
Let's see if you can get Java sorted now.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u7
http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The Java Runtime Environment (JRE) 6 update 7 allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check for any item with Java Runtime Environment (JRE or J2SE) in the name.
  • J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 6
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.

Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.



Run ComboFix using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /SkipFix

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.



Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan << LINK
  • Click the Scan Now button
  • Follow the prompts to install the Active X if necessary
  • Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
  • When the scan is finished, a report will be generated
  • Next to Scan Details click the small Save button and save the report to your desktop.
  • Please post the report in your reply.
 
Last edited:
Struck a few difficulties with the Java update.That link would not go thru,just hung.Tried typing http://java.sun.com in the address bar,took me to a site called http://w3.org.That was in Firefox.So tried address in IE7,got to download part which took me to https://cds.sun.com/is-bin/INTERSHO...iewFilteredProducts-SingleVariationTypeFilter
Does this look right?This message appeared(In addition to popups about moving from secure to insecure pages)
The website wants to run Java Web Start Active x control.
Also popup appeared headed "Did you notice Information bar?etc etc
Have seen the latter before during one of my failed attempts at installation
I do not normally use IE so just wanted to check this out with you.
Also when you say to close running programs,do you mean to exit the firewall?Not sure if Avast is running,icons still have not come back
 
Please just run ComboFix using the instructions I gave for the moment
 
Hi again,log as requested
ComboFix 08-08-07.05 - HP_Administrator 2008-08-11 16:11:17.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.223 [GMT 12:00]
Running from: C:\Documents and Settings\HP_Administrator\desktop\combofix.exe
Command switches used :: /SkipFix
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\_004902_.tmp.dll
C:\WINDOWS\system32\_004903_.tmp.dll
C:\WINDOWS\system32\_004904_.tmp.dll
C:\WINDOWS\system32\_004905_.tmp.dll
C:\WINDOWS\system32\_004912_.tmp.dll
C:\WINDOWS\system32\_004913_.tmp.dll
C:\WINDOWS\system32\_004914_.tmp.dll
C:\WINDOWS\system32\_004915_.tmp.dll
C:\WINDOWS\system32\_004917_.tmp.dll
C:\WINDOWS\system32\_004918_.tmp.dll
C:\WINDOWS\system32\_004921_.tmp.dll
C:\WINDOWS\system32\_004922_.tmp.dll
C:\WINDOWS\system32\_004924_.tmp.dll
C:\WINDOWS\system32\_004925_.tmp.dll
C:\WINDOWS\system32\_004926_.tmp.dll
C:\WINDOWS\system32\_004928_.tmp.dll
C:\WINDOWS\system32\_004931_.tmp.dll
C:\WINDOWS\system32\_004932_.tmp.dll
C:\WINDOWS\system32\_004936_.tmp.dll
C:\WINDOWS\system32\_004937_.tmp.dll
C:\WINDOWS\system32\_004939_.tmp.dll
C:\WINDOWS\system32\_004942_.tmp.dll
C:\WINDOWS\system32\_004944_.tmp.dll
C:\WINDOWS\system32\_004945_.tmp.dll
C:\WINDOWS\system32\_004946_.tmp.dll
C:\WINDOWS\system32\_004947_.tmp.dll
C:\WINDOWS\system32\_004948_.tmp.dll
C:\WINDOWS\system32\_004951_.tmp.dll
C:\WINDOWS\system32\_004952_.tmp.dll
C:\WINDOWS\system32\_004953_.tmp.dll
C:\WINDOWS\system32\_004954_.tmp.dll
C:\WINDOWS\system32\_004955_.tmp.dll
C:\WINDOWS\system32\_004960_.tmp.dll
C:\WINDOWS\system32\_004962_.tmp.dll
C:\WINDOWS\system32\_004963_.tmp.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-07-11 to 2008-08-11 )))))))))))))))))))))))))))))))
.

2008-08-07 20:20 . 2008-04-14 05:42 354,304 --a------ C:\WINDOWS\system32\SET11F4.tmp
2008-08-07 20:20 . 2008-04-14 05:40 177,152 --a------ C:\WINDOWS\system32\SET1226.tmp
2008-08-07 20:20 . 2008-04-14 05:42 159,232 --a------ C:\WINDOWS\system32\SET120A.tmp
2008-08-07 20:20 . 2008-04-14 05:42 28,672 --a------ C:\WINDOWS\system32\SET11F9.tmp
2008-08-07 20:20 . 2008-04-14 05:41 20,480 --a------ C:\WINDOWS\system32\SET1253.tmp
2008-08-07 20:20 . 2008-04-14 05:41 16,896 --a------ C:\WINDOWS\system32\SET1250.tmp
2008-08-07 20:20 . 2008-04-14 05:42 13,824 --a------ C:\WINDOWS\system32\SET11F0.tmp
2008-08-07 20:19 . 2008-08-07 20:32 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-07 20:19 . 2008-08-07 20:32 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-07 20:19 . 2008-08-07 20:31 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-07 20:19 . 2008-04-14 05:42 80,896 --a------ C:\WINDOWS\system32\SET11EF.tmp
2008-08-07 20:19 . 2008-04-14 05:42 6,656 --a------ C:\WINDOWS\system32\SET11EC.tmp
2008-08-07 20:14 . 2008-04-14 05:42 471,552 --a------ C:\WINDOWS\system32\SET5EE.tmp
2008-08-07 20:14 . 2008-04-14 05:41 95,744 --a------ C:\WINDOWS\system32\SET5F4.tmp
2008-08-07 20:12 . 2008-04-14 05:42 2,843,136 --a------ C:\WINDOWS\system32\SET2C9.tmp
2008-08-07 20:11 . 2008-04-14 05:42 8,461,312 --a------ C:\WINDOWS\system32\SET1EE.tmp
2008-08-07 20:07 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003237_.tmp
2008-08-07 20:04 . 2007-10-26 15:34 8,460,288 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-08-07 20:03 . 2007-02-28 21:10 2,180,352 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-08-07 20:00 . 2008-08-07 20:00 <DIR> d-------- C:\WINDOWS\New Folder
2008-08-07 19:54 . 2008-08-07 20:21 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-06 22:49 . 2008-08-06 22:49 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-06 22:49 . 2008-08-06 22:49 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2008-08-06 22:49 . 2008-08-06 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-06 22:48 . 2008-08-06 22:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-06 20:48 . 2008-08-06 20:48 <DIR> d-------- C:\Program Files\COMODO
2008-08-06 20:48 . 2008-08-06 20:48 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Comodo
2008-08-06 20:48 . 2008-08-06 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-08-06 20:48 . 2008-08-06 20:48 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-08-06 20:48 . 2008-08-06 20:48 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-08-06 20:48 . 2008-08-06 20:48 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-08-02 22:21 . 2008-08-02 22:21 <DIR> d-------- C:\Autoruns
2008-07-25 16:45 . 2008-07-25 16:45 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-25 16:45 . 2008-07-25 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-24 23:15 . 2008-07-24 23:15 <DIR> d-------- C:\Program Files\Safer Networking
2008-07-24 22:43 . 2008-07-24 22:43 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-19 19:41 . 2008-08-03 19:01 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-19 19:41 . 2008-07-19 19:41 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-07-19 19:41 . 2008-07-19 19:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-19 19:41 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-19 19:41 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-18 18:12 . 2008-07-18 18:12 <DIR> d-------- C:\Program Files\Sophos
2008-07-17 16:36 . 2008-07-17 16:36 <DIR> d-------- C:\VundoFix Backups
2008-07-15 15:45 . 2008-07-15 15:45 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-13 18:48 . 2008-07-29 18:03 <DIR> d-------- C:\1954455e9283aee02610

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-11 03:42 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\WTablet
2008-08-08 05:46 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Canon
2008-08-08 05:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-19 02:29 --------- d-----w C:\Program Files\Common Files\Real
2008-07-14 23:32 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-23 09:23 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
2008-06-23 09:17 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2008-06-23 09:15 --------- d-----w C:\Program Files\Sonic
2008-06-23 09:14 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-06-23 07:34 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-06-23 02:55 --------- d---a-w C:\Program Files\Common Files\LightScribe
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2005-11-02 09:27 0 ----a-w C:\Program Files\pspbrwse.jbf
2005-11-16 07:20 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2006-06-10 01:54 104 --sha-r C:\WINDOWS\system32\11060A099A.sys
2008-03-24 05:22 88 --sha-r C:\WINDOWS\system32\9A090A0611.sys
2008-03-24 05:22 5,018 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 16:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 19:22 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-15 01:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-26 02:17 90112]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 01:54 253952]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-03 03:44 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 21:04 52736]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-01 23:05 339968]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 16:00 208952]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-08 01:38 659456]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 01:44 49152]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 16:00 59392]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-02-14 13:49 278528]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 14:07 49263]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 16:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 16:00 455168]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 09:44 249856]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-08-06 20:48 1655552]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 18:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 22:06 88363 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45 36040]

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 21:28:24 258048]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2006-10-26 22:16:25 57344]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2005-06-29 15:08:27 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-07-20 02:38 78008 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-20 02:35]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-08-06 20:48]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-08-06 20:48]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-20 02:37]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;C:\WINDOWS\system32\drivers\cxfalcon.sys [2005-04-20 22:57]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-15 09:18]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-11-16 07:55]
S3 aswArKrn;aswArKrn;C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\aswArKrn.sys []
S3 GNKPK;GNKPK;C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\GNKPK.exe []
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\2.tmp []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
- - - - ORPHANS REMOVED - - - -

Notify-WB - C:\Program Files\AlienGUIse\fastload.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ny26a2ie.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 16:12:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\2.tmp"
.
Completion time: 2008-08-11 16:15:49
ComboFix-quarantined-files.txt 2008-08-11 04:15:41

Pre-Run: 112,033,419,264 bytes free
Post-Run: 112,023,371,776 bytes free

213
 
You have disabled Avast from running at startup with MSConfig

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-07-20 02:38 78008 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

I recommend that you re-enable it.



Download and Run SD Fix

Please download SDFix( by andymanchesta ) and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F5 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    KillAll::
DirLook::
C:\WINDOWS\New Folder

Comment - Existing Categories

File::
C:\WINDOWS\system32\SET11F4.tmp
C:\WINDOWS\system32\SET1226.tmp
C:\WINDOWS\system32\SET120A.tmp
C:\WINDOWS\system32\SET11F9.tmp
C:\WINDOWS\system32\SET1253.tmp
C:\WINDOWS\system32\SET1250.tmp
C:\WINDOWS\system32\SET11F0.tmp
C:\WINDOWS\system32\SET11EF.tmp
C:\WINDOWS\system32\SET11EC.tmp
C:\WINDOWS\system32\SET5EE.tmp
C:\WINDOWS\system32\SET5F4.tmp
C:\WINDOWS\system32\SET2C9.tmp
C:\WINDOWS\system32\SET1EE.tmp
C:\WINDOWS\003237_.tmp
C:\WINDOWS\system32\11060A099A.sys
C:\WINDOWS\system32\9A090A0611.sys
Folder::
Driver::
aswArKrn
GNKPK
MEMSWEEP2
  • Save this as CFScript.txt and place it on your desktop.


    CFScriptb.gif


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Please try Active Scan now
 
Hi,cannot see how to re-enable antivirus...I only exited it before running Combofix the first time,that's when the icons went...I can't access the system selective startup,"access was denied".I am the administrator of a standalone computer on dialup and used by no one else,how can I get my access and antivirus back?
Will do the next stage,bye for now
 
Back again,really appreciate all your effort,this is so complex to me!
3 logs follow

SDFix: Version 1.215
Run by HP_Administrator on Tue 12/08/2008 at 07:46 p.m.

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 19:58:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4F8561EA-489E-25F2-CD1C-9A6D2753D252}]
"iaepjlkaomgpjjlibk"=hex:6a,61,6c,69,6a,70,67,66,6a,66,69,6c,61,68,6c,67,65,6c,66,6a,00,..
"haoopkjkaelfamgg"=hex:6a,61,6a,69,62,61,6f,63,6c,6b,67,6e,62,66,64,6d,69,66,62,66,00,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"="C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Fri 21 Oct 2005 211 A.SHR --- "C:\BOOT.BAK"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 16 Nov 2005 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Sat 10 Jun 2006 104 A.SHR --- "C:\WINDOWS\system32\11060A099A.sys"
Mon 24 Mar 2008 88 A.SHR --- "C:\WINDOWS\system32\9A090A0611.sys"
Mon 24 Mar 2008 5,018 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Fri 22 Jul 2005 2,045 A..H. --- "C:\WINDOWS\system32\whlb32g.dll"
Mon 31 Oct 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 20 Nov 2005 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv10.bak"
Tue 29 Nov 2005 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv11.bak"
Sat 21 Jan 2006 782 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv12.bak"
Sun 23 Apr 2006 1,163 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv13.bak"
Sat 11 Mar 2006 1,163 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv14.bak"
Sat 11 Mar 2006 1,163 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv15.bak"
Sat 21 Jan 2006 782 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv16.bak"
Sun 23 Apr 2006 782 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv17.bak"
Mon 31 Oct 2005 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv19.bak"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\sdold\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT2.tmp"
Thu 6 Dec 2007 1,123,880 A..H. --- "C:\WINDOWS\sdold\Download\44e979936d19a4e833746e7d6f8e194d\BIT2.tmp"
Sat 5 Jul 2008 0 A..H. --- "C:\WINDOWS\sdold\Download\5daa4302a571c70622f2d915134243e4\BIT2.tmp"
Fri 16 May 2008 9,534,016 A..H. --- "C:\WINDOWS\sdold\Download\7c13b8e6c7c42a03e147155b9886753a\BIT8.tmp"
Mon 7 Apr 2008 9,245,760 A..H. --- "C:\WINDOWS\sdold\Download\90852e52670a109154a93ef73f224b9a\BIT7.tmp"
Fri 11 Jul 2008 601,152 A..H. --- "C:\WINDOWS\sdold\Download\cad1b3db84542881b7f0e03133a51894\BIT100.tmp"
Sun 22 Jun 2008 0 A..H. --- "C:\WINDOWS\sdold\Download\f57152a5a22ab72198f43b935bbd91fa\BIT2.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\sdold\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT2.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\sdold\Download\fe04f301a806183016ad136a2f18fddc\BIT2.tmp"
Thu 7 Aug 2008 6,004 A.SH. --- "C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE1.tmp"

Finished!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:16 p.m., on 12/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\spoolsv.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPHUPD06] "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FD76BEB-89CC-4CEB-965D-24200785D4CF}: NameServer = 202.49.233.1 202.49.233.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{1FD76BEB-89CC-4CEB-965D-24200785D4CF}: NameServer = 202.49.233.1 202.49.233.2
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 8613 bytes

ComboFix 08-08-07.05 - HP_Administrator 2008-08-12 20:17:00.3 - NTFSx86

Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt

FILE ::
C:\WINDOWS\003237_.tmp
C:\WINDOWS\system32\11060A099A.sys
C:\WINDOWS\system32\9A090A0611.sys
C:\WINDOWS\system32\SET11EC.tmp
C:\WINDOWS\system32\SET11EF.tmp
C:\WINDOWS\system32\SET11F0.tmp
C:\WINDOWS\system32\SET11F4.tmp
C:\WINDOWS\system32\SET11F9.tmp
C:\WINDOWS\system32\SET120A.tmp
C:\WINDOWS\system32\SET1226.tmp
C:\WINDOWS\system32\SET1250.tmp
C:\WINDOWS\system32\SET1253.tmp
C:\WINDOWS\system32\SET1EE.tmp
C:\WINDOWS\system32\SET2C9.tmp
C:\WINDOWS\system32\SET5EE.tmp
C:\WINDOWS\system32\SET5F4.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\003237_.tmp
C:\WINDOWS\system32\11060A099A.sys
C:\WINDOWS\system32\9A090A0611.sys
C:\WINDOWS\system32\SET11EC.tmp
C:\WINDOWS\system32\SET11EF.tmp
C:\WINDOWS\system32\SET11F0.tmp
C:\WINDOWS\system32\SET11F4.tmp
C:\WINDOWS\system32\SET11F9.tmp
C:\WINDOWS\system32\SET120A.tmp
C:\WINDOWS\system32\SET1226.tmp
C:\WINDOWS\system32\SET1250.tmp
C:\WINDOWS\system32\SET1253.tmp
C:\WINDOWS\system32\SET1EE.tmp
C:\WINDOWS\system32\SET2C9.tmp
C:\WINDOWS\system32\SET5EE.tmp
C:\WINDOWS\system32\SET5F4.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASWARKRN
-------\Legacy_GNKPK
-------\Legacy_MEMSWEEP2
-------\Service_aswArKrn
-------\Service_GNKPK
-------\Service_MEMSWEEP2


((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.

2008-08-12 19:42 . 2008-08-12 19:43 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-12 19:36 . 2008-08-12 20:01 <DIR> d-------- C:\SDFix
2008-08-07 20:19 . 2008-08-07 20:32 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-07 20:19 . 2008-08-07 20:32 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-07 20:19 . 2008-08-07 20:31 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-07 20:12 . 2008-04-14 05:42 1,703,936 --a------ C:\WINDOWS\system32\SET289.tmp
2008-08-07 20:11 . 2008-04-14 05:42 1,499,136 --a------ C:\WINDOWS\system32\SET1EF.tmp
2008-08-07 20:05 . 2004-08-10 16:00 4,256,768 --a------ C:\WINDOWS\system32\dllcache\wmm2res.dll
2008-08-07 20:04 . 2007-10-26 15:34 8,460,288 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-08-07 20:03 . 2007-02-28 21:10 2,180,352 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-08-07 20:00 . 2008-08-07 20:00 <DIR> d-------- C:\WINDOWS\New Folder
2008-08-07 19:54 . 2008-08-07 20:21 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-06 22:49 . 2008-08-06 22:49 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-06 22:49 . 2008-08-06 22:49 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2008-08-06 22:49 . 2008-08-06 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-06 22:48 . 2008-08-06 22:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-06 20:48 . 2008-08-06 20:48 <DIR> d-------- C:\Program Files\COMODO
2008-08-06 20:48 . 2008-08-06 20:48 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Comodo
2008-08-06 20:48 . 2008-08-06 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-08-06 20:48 . 2008-08-06 20:48 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-08-06 20:48 . 2008-08-06 20:48 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-08-06 20:48 . 2008-08-06 20:48 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-08-02 22:21 . 2008-08-02 22:21 <DIR> d-------- C:\Autoruns
2008-07-25 16:45 . 2008-07-25 16:45 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-25 16:45 . 2008-07-25 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-24 23:15 . 2008-07-24 23:15 <DIR> d-------- C:\Program Files\Safer Networking
2008-07-24 22:43 . 2008-07-24 22:43 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-19 19:41 . 2008-08-03 19:01 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-19 19:41 . 2008-07-19 19:41 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-07-19 19:41 . 2008-07-19 19:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-19 19:41 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-19 19:41 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-18 18:12 . 2008-07-18 18:12 <DIR> d-------- C:\Program Files\Sophos
2008-07-17 16:36 . 2008-07-17 16:36 <DIR> d-------- C:\VundoFix Backups
2008-07-15 15:45 . 2008-07-15 15:45 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-13 18:48 . 2008-07-29 18:03 <DIR> d-------- C:\1954455e9283aee02610

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 07:37 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\WTablet
2008-08-12 06:01 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Canon
2008-08-08 05:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-19 02:29 --------- d-----w C:\Program Files\Common Files\Real
2008-07-14 23:32 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-23 09:23 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
2008-06-23 09:17 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2008-06-23 09:15 --------- d-----w C:\Program Files\Sonic
2008-06-23 09:14 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-06-23 07:34 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-06-23 02:55 --------- d---a-w C:\Program Files\Common Files\LightScribe
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2005-11-02 09:27 0 ----a-w C:\Program Files\pspbrwse.jbf
2005-11-16 07:20 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2008-03-24 05:22 5,018 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\New Folder ----



((((((((((((((((((((((((((((( snapshot@2008-08-11_16.15.18.66 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 04:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-08-12 07:43:15 6,299,648 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-08-12 07:43:15 114,688 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 04:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-08-12 07:42:59 6,299,648 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-08-12 07:42:59 114,688 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-08-12 08:21:01 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_434.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 16:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 19:22 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-15 01:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-26 02:17 90112]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 01:54 253952]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-03 03:44 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 21:04 52736]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-01 23:05 339968]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 16:00 208952]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-08 01:38 659456]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 01:44 49152]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 16:00 59392]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-02-14 13:49 278528]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 14:07 49263]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 16:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 16:00 455168]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 09:44 249856]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-08-06 20:48 1655552]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 18:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 22:06 88363 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45 36040]

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 21:28:24 258048]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2006-10-26 22:16:25 57344]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2005-06-29 15:08:27 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-07-20 02:38 78008 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"uploadmgr"=2 (0x2)
"UMWdf"=3 (0x3)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"TabletService"=2 (0x2)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stllssvr"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"ProtexisLicensing"=2 (0x2)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"PlugPlay"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"MHN"=3 (0x3)
"LmHosts"=2 (0x2)
"LightScribeService"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"iPodService"=3 (0x3)
"ImapiService"=3 (0x3)
"IDriverT"=3 (0x3)
"HTTPFilter"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"GNKPK"=3 (0x3)
"Fax"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"Dnscache"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"cmdAgent"=2 (0x2)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"CCALib8"=2 (0x2)
"Browser"=2 (0x2)
"BITS"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"AudioSrv"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"aswUpdSv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"Alerter"=2 (0x2)
"AdobeActiveFileMonitor4.0"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-20 02:35]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-08-06 20:48]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-08-06 20:48]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-20 02:37]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;C:\WINDOWS\system32\drivers\cxfalcon.sys [2005-04-20 22:57]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-15 09:18]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-11-16 07:55]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 20:21:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-08-12 20:26:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-12 08:26:38
ComboFix2.txt 2008-08-11 04:15:50

Pre-Run: 113,141,280,768 bytes free
Post-Run: 113,128,169,472 bytes free

302
Hope this is ok,thanks again
 
Click Start >> Run

In the Run box, Copy/Paste the following

MSCONFIG

Now click <Enter>

On the General Tab, select Normal Startup

Click OK and reboot

Please rerun ComboFix and post the fresh log
 
Went into MSCONFIG,and did above and rebooted,went back in and the selective startup items are all checked now,is this right?The icons are not back but the firewall shows ashWebSv.exe as being 99.1% of the traffic.
Do you mean run combofix just by clicking on the .exe on the desktop?
 
AKILLSUX said:
Went into MSCONFIG,and did above and rebooted,went back in and the selective startup items are all checked now,is this right?The icons are not back but the firewall shows ashWebSv.exe as being 99.1% of the traffic.
Do you mean run combofix just by clicking on the .exe on the desktop?
Click to expand...

That's correct.
AshWebSv.exe is part of Avast :bigthumb:

Just double click ComboFix.exe
 
ComboFix new log
ComboFix 08-08-07.05 - HP_Administrator 2008-08-13 9:10:34.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.215 [GMT 12:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.

2008-08-12 19:42 . 2008-08-12 19:43 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-12 19:36 . 2008-08-12 20:01 <DIR> d-------- C:\SDFix
2008-08-07 20:19 . 2008-08-07 20:32 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-07 20:19 . 2008-08-07 20:32 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-07 20:19 . 2008-08-07 20:31 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-07 20:12 . 2008-04-14 05:42 1,703,936 --a------ C:\WINDOWS\system32\SET289.tmp
2008-08-07 20:11 . 2008-04-14 05:42 1,499,136 --a------ C:\WINDOWS\system32\SET1EF.tmp
2008-08-07 20:05 . 2004-08-10 16:00 4,256,768 --a------ C:\WINDOWS\system32\dllcache\wmm2res.dll
2008-08-07 20:04 . 2007-10-26 15:34 8,460,288 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-08-07 20:03 . 2007-02-28 21:10 2,180,352 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-08-07 20:00 . 2008-08-07 20:00 <DIR> d-------- C:\WINDOWS\New Folder
2008-08-07 19:54 . 2008-08-07 20:21 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-06 22:49 . 2008-08-06 22:49 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-06 22:49 . 2008-08-06 22:49 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2008-08-06 22:49 . 2008-08-06 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-06 22:48 . 2008-08-06 22:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-06 20:48 . 2008-08-06 20:48 <DIR> d-------- C:\Program Files\COMODO
2008-08-06 20:48 . 2008-08-06 20:48 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Comodo
2008-08-06 20:48 . 2008-08-06 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-08-06 20:48 . 2008-08-06 20:48 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-08-06 20:48 . 2008-08-06 20:48 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-08-06 20:48 . 2008-08-06 20:48 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-08-02 22:21 . 2008-08-02 22:21 <DIR> d-------- C:\Autoruns
2008-07-25 16:45 . 2008-07-25 16:45 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-25 16:45 . 2008-07-25 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-24 23:15 . 2008-07-24 23:15 <DIR> d-------- C:\Program Files\Safer Networking
2008-07-24 22:43 . 2008-07-24 22:43 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-19 19:41 . 2008-08-03 19:01 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-19 19:41 . 2008-07-19 19:41 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-07-19 19:41 . 2008-07-19 19:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-19 19:41 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-19 19:41 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-18 18:12 . 2008-07-18 18:12 <DIR> d-------- C:\Program Files\Sophos
2008-07-17 16:36 . 2008-07-17 16:36 <DIR> d-------- C:\VundoFix Backups
2008-07-15 15:45 . 2008-07-15 15:45 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-13 18:48 . 2008-07-29 18:03 <DIR> d-------- C:\1954455e9283aee02610

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 20:52 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\WTablet
2008-08-12 08:51 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Canon
2008-08-08 05:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-19 02:29 --------- d-----w C:\Program Files\Common Files\Real
2008-07-14 23:32 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-23 09:23 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
2008-06-23 09:17 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2008-06-23 09:15 --------- d-----w C:\Program Files\Sonic
2008-06-23 09:14 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-06-23 07:34 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-06-23 02:55 --------- d---a-w C:\Program Files\Common Files\LightScribe
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock(2)(3).dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dnsapi(2)(3).dll
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2005-11-02 09:27 0 ----a-w C:\Program Files\pspbrwse.jbf
2005-11-16 07:20 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2008-03-24 05:22 5,018 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-08-11_16.15.18.66 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 04:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-08-12 07:43:15 6,299,648 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-08-12 07:43:15 114,688 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 04:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-08-12 07:42:59 6,299,648 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-08-12 07:42:59 114,688 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-08-12 20:50:34 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_568.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 16:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 19:22 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-15 01:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-26 02:17 90112]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 01:54 253952]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-03 03:44 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 21:04 52736]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-01 23:05 339968]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 16:00 208952]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-08 01:38 659456]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 01:44 49152]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 16:00 59392]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-02-14 13:49 278528]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 14:07 49263]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 16:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 16:00 455168]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 09:44 249856]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-08-06 20:48 1655552]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 18:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 22:06 88363 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45 36040]

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 21:28:24 258048]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2006-10-26 22:16:25 57344]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2005-06-29 15:08:27 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-07-20 02:38 78008 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GNKPK"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-20 02:35]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-08-06 20:48]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-08-06 20:48]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-20 02:37]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;C:\WINDOWS\system32\drivers\cxfalcon.sys [2005-04-20 22:57]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-15 09:18]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-11-16 07:55]

*Newly Created Service* - CATCHME
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ny26a2ie.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-13 09:15:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-13 9:17:16
ComboFix-quarantined-files.txt 2008-08-12 21:16:58
ComboFix2.txt 2008-08-12 08:26:49
ComboFix3.txt 2008-08-11 04:15:50

Pre-Run: 113,151,967,232 bytes free
Post-Run: 113,138,364,416 bytes free

166
Bye for now,all the best
 
For Avast please try the following

Click Start >> All Programs >> Avast Antivirus >> Avast Antivirus

When it has opened

Click Menu >> Settings >> Appearance
make sure Show Avast Tray Icon is ticked


Please do a Tracert command for Java and Microsoft


Create A Tracert Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it look.bat Please save it on your desktop.

@echo off
if exist C:\kresults.txt del /q C:\kresults.txt
Echo Tracing Route ..... Please Wait
FOR %%G IN (
java.sun.com
microsoft.com
) DO (
Echo %%G
echo %%G >> C:\kresults.txt
tracert %%G >> C:\kresults.txt
echo. >> C:\kresults.txt
echo. >> C:\kresults.txt
)
Echo Finished
start notepad C:\kresults.txt
del /q %0
exit
Click to expand...
Double click on look.bat
Please be patient, as this may take a while

Notepad will open, please copy/paste the results here.
 
Last edited:
java.sun.com


Tracing route to java.sun.com [72.5.124.55]

over a maximum of 30 hops:



1 145 ms 143 ms 143 ms max3.ps.gen.nz [XXX.XX.XXX.XXX]

2 154 ms 149 ms 143 ms gw.ps.gen.nz [XXX.XX.XXX.XXX]

3 * * * Request timed out.

4 * * * Request timed out.

5 * * * Request timed out.

6 * * * Request timed out.

7 * * * Request timed out.

8 * * * Request timed out.

9 * * * Request timed out.

10 * * * Request timed out.

11 * * * Request timed out.

12 * * * Request timed out.

13 * * * Request timed out.

14 * * * Request timed out.

15 * * * Request timed out.

16 * * * Request timed out.

17 * * * Request timed out.

18 * * * Request timed out.

19 * * * Request timed out.

20 * * * Request timed out.

21 * * * Request timed out.

22 * * * Request timed out.

23 * * * Request timed out.

24 * * * Request timed out.

25 * * * Request timed out.

26 * * * Request timed out.

27 * * * Request timed out.

28 * * * Request timed out.

29 * * * Request timed out.

30 * * * Request timed out.



Trace complete.



microsoft.com


Tracing route to microsoft.com [207.46.197.32]

over a maximum of 30 hops:



1 * * * Request timed out.

2 * * * Request timed out.

3 * * * Request timed out.

4 * * * Request timed out.

5 * * * Request timed out.

6 * * * Request timed out.

7 * * * Request timed out.

8 * * * Request timed out.

9 * * * Request timed out.

10 * * * Request timed out.

11 * * * Request timed out.

12 * * * Request timed out.

13 * * * Request timed out.

14 * * * Request timed out.

15 * * * Request timed out.

16 * * * Request timed out.

17 * * * Request timed out.

18 * * * Request timed out.

19 * * * Request timed out.

20 * * * Request timed out.

21 * * * Request timed out.

22 * * * Request timed out.

23 * * * Request timed out.

24 * * * Request timed out.

25 * * * Request timed out.

26 * * * Request timed out.

27 * * * Request timed out.

28 * * * Request timed out.

29 * * * Request timed out.

30 * * * Request timed out.



Trace complete.
 
Last edited by a moderator:
You must log in or register to reply here.
Back
Top