CANNOT access updates

Gmer Result
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-08-20 16:32:31
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB6D78618]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB6D784D4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB6D789B2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB6D780AC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB6D785AE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB6D77FEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB6D78050]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB6D786CE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB6D7868E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB6D7880E]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB6E72F20]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\system32\services.exe[672] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005B0002
IAT C:\WINDOWS\system32\services.exe[672] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005B0000

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SSFS0509.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc (www.webroot.com))
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat SSFS0509.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{4F8561EA-489E-25F2-CD1C-9A6D2753D252}\InProcServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{4F8561EA-489E-25F2-CD1C-9A6D2753D252}\InProcServer32@jakpjekoohglpkcgfdka 0x6A 0x61 0x6C 0x69 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{4F8561EA-489E-25F2-CD1C-9A6D2753D252}\InProcServer32@iakppdekjijiffjkig 0x6A 0x61 0x6A 0x69 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{6D76D6D7-A7CC-131F-797F424BC93C15B8}\{47289824-B993-06F3-156E190938736781}\{502C4C98-88D9-9643-C836CEAED1829527}
Reg HKLM\SOFTWARE\Classes\CLSID\{6D76D6D7-A7CC-131F-797F424BC93C15B8}\{47289824-B993-06F3-156E190938736781}\{502C4C98-88D9-9643-C836CEAED1829527}@TKXOCIF12AS45MG3KJPY6BAVAE1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{757F58AC-056D-78F5-1369DDDE8D3DA057}\{8E7CB394-6DC8-952F-BBD65168C0AE0804}\{90FEEFF2-F058-330D-A5C639EBEDCEE7EE}
Reg HKLM\SOFTWARE\Classes\CLSID\{757F58AC-056D-78F5-1369DDDE8D3DA057}\{8E7CB394-6DC8-952F-BBD65168C0AE0804}\{90FEEFF2-F058-330D-A5C639EBEDCEE7EE}@TKXOCIF12AS45MG3KJPY6BAVAE1 0x01 0x00 0x01 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4F8561EA-489E-25F2-CD1C-9A6D2753D252}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4F8561EA-489E-25F2-CD1C-9A6D2753D252}@iaepjlkaomgpjjlibk 0x6A 0x61 0x6C 0x69 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4F8561EA-489E-25F2-CD1C-9A6D2753D252}@haoopkjkaelfamgg 0x6A 0x61 0x6A 0x69 ...

---- EOF - GMER 1.0.14 ----
 
When I went to run Combofix a little message came up telling me"there is a newer version of ComboFix.would you like to update"Could not escape from it,terminated nircmd.exe,and it went.
 
Hi,pages still loading very slowly,and reply page would not appear,i killed oleaut32.dll in Firefox,and it suddenly came right.Anyway here is Combo log
ComboFix 08-08-18.05 - HP_Administrator 2008-08-20 21:25:11.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.220 [GMT 12:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\CFIX.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Administrator\UserData
C:\Documents and Settings\HP_Administrator\UserData\index.dat

.
((((((((((((((((((((((((( Files Created from 2008-07-20 to 2008-08-20 )))))))))))))))))))))))))))))))
.

2008-08-20 16:38 . 2008-08-20 16:38 <DIR> d-------- C:\ComboFix
2008-08-20 16:17 . 2008-08-20 16:17 250 --a------ C:\WINDOWS\gmer.ini
2008-08-20 16:06 . 2008-08-20 16:16 <DIR> d-------- C:\Program Files\GMER
2008-08-17 12:20 . 2008-08-17 12:20 0 --a------ C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2008-08-13 20:47 . 2008-08-14 19:30 <DIR> d--hs---- C:\WINDOWS\Installer
2008-08-12 19:42 . 2008-08-12 19:43 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-12 19:36 . 2008-08-12 20:01 <DIR> d-------- C:\SDFix
2008-08-07 20:19 . 2008-08-07 20:32 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-07 20:19 . 2008-08-07 20:32 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-07 20:19 . 2008-08-07 20:31 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-07 20:12 . 2008-04-14 05:42 1,703,936 --a------ C:\WINDOWS\system32\SET289.tmp
2008-08-07 20:11 . 2008-04-14 05:42 1,499,136 --a------ C:\WINDOWS\system32\SET1EF.tmp
2008-08-07 20:05 . 2004-08-10 16:00 4,256,768 --a------ C:\WINDOWS\system32\dllcache\wmm2res.dll
2008-08-07 20:04 . 2007-10-26 15:34 8,460,288 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-08-07 20:03 . 2007-02-28 21:10 2,180,352 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-08-07 20:00 . 2008-08-07 20:00 <DIR> d-------- C:\WINDOWS\New Folder
2008-08-07 19:54 . 2008-08-07 20:21 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-06 22:49 . 2008-08-06 22:49 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-06 22:49 . 2008-08-06 22:49 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2008-08-06 22:49 . 2008-08-06 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-06 22:48 . 2008-08-06 22:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-06 20:48 . 2008-08-19 19:27 <DIR> d-------- C:\Program Files\COMODO
2008-08-06 20:48 . 2008-08-19 19:27 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Comodo
2008-08-06 20:48 . 2008-08-19 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-08-02 22:21 . 2008-08-02 22:21 <DIR> d-------- C:\Autoruns
2008-07-25 16:45 . 2008-07-25 16:45 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-25 16:45 . 2008-07-25 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-24 23:15 . 2008-07-24 23:15 <DIR> d-------- C:\Program Files\Safer Networking
2008-07-24 22:43 . 2008-07-24 22:43 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-20 07:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-20 03:56 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\WTablet
2008-08-18 22:44 --------- d-----w C:\Program Files\Trend Micro
2008-08-14 22:16 --------- d-----w C:\Program Files\Java
2008-08-12 08:51 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Canon
2008-08-03 07:01 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-07-30 08:07 38,472 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-30 08:07 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-07-19 07:41 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-07-19 07:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-19 02:29 --------- d-----w C:\Program Files\Common Files\Real
2008-07-18 06:12 --------- d-----w C:\Program Files\Sophos
2008-07-14 23:32 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-23 09:23 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
2008-06-23 09:17 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2008-06-23 09:15 --------- d-----w C:\Program Files\Sonic
2008-06-23 09:14 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-06-23 07:34 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-06-23 02:55 --------- d---a-w C:\Program Files\Common Files\LightScribe
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock(2)(3).dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dnsapi(2)(3).dll
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2005-11-02 09:27 0 ----a-w C:\Program Files\pspbrwse.jbf
2005-11-16 07:20 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2008-03-24 05:22 5,018 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-08-11_16.15.18.66 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 04:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-08-12 07:43:15 6,299,648 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-08-12 07:43:15 114,688 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 04:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-08-12 07:42:59 6,299,648 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-08-12 07:42:59 114,688 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-08-20 04:17:34 884,736 ----a-w C:\WINDOWS\gmer.dll
+ 2008-04-17 09:13:02 811,008 ----a-w C:\WINDOWS\gmer.exe
+ 2008-08-20 04:17:34 85,969 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
- 2008-07-23 06:27:31 179,668 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-08-18 22:46:10 1,175,528 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-08-20 03:54:40 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_528.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 16:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 19:22 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-15 01:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-26 02:17 90112]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 01:54 253952]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-03 03:44 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 21:04 52736]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-01 23:05 339968]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 16:00 208952]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-08 01:38 659456]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 01:44 49152]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 16:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 16:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 16:00 455168]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 09:44 249856]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 18:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 22:06 88363 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45 36040]

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk.disabled [2005-12-21 20:58:15 999]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 21:28:24 258048]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2006-10-26 22:16:25 57344]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2005-06-29 15:08:27 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-07-20 02:38 78008 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GNKPK"=3 (0x3)
"cmdAgent"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-20 02:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-20 02:37]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;C:\WINDOWS\system32\drivers\cxfalcon.sys [2005-04-20 22:57]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-15 09:18]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-11-16 07:55]
S3 aswArKrn;aswArKrn;C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\aswArKrn.sys []

*Newly Created Service* - GMER
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ny26a2ie.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 21:28:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-20 21:29:22
ComboFix-quarantined-files.txt 2008-08-20 09:29:12
ComboFix2.txt 2008-08-12 21:17:17
ComboFix3.txt 2008-08-12 08:26:49
ComboFix4.txt 2008-08-11 04:15:50

Pre-Run: 113,244,934,144 bytes free
Post-Run: 113,232,240,640 bytes free

177
 
There is no malware that would be causing your problems now, the only thing I can suggest is that your system has become unstable for some reason.

How old is the machine, have you ever reformatted or reinstalled the OS ?
 
So all the GMER entries mean nothing?The machine is only 3 years old,and has not had any reinstallation or reformatting.All the troubles started when that MS update in July clashed with the Zone Alarm,and I turned both off.Previously everything was fine
 
There is no malware that would be causing your problem.
The failed MS update has obviously changed some files and not others,

Unfortunately you are now outside my area of knowledge, so I'm going to have to recommend that you visit one of the tech forums for assistance.

http://www.techsupportforum.com/
http://www.bleepingcomputer.com/forums/
http://forums.whatthetech.com/forums.html

All the forums above have good support for software/OS problems, and I'm sure they will be able to help.

When you start your thread, explain what the problem is and let them know that you have been checked for malware.
Give them the following link, so they can see the logs if needed
Code: 
http://forums.spybot.info/showthread.php?t=31919




  • This will clear your System Volume Information restore points and remove all the infected files that were quarantined
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    • CF_Cleanup.png
You can also delete any logs we have produced, and empty your Recycle bin.


Open OTMoveIt Click Cleanup,
it will now connect to the internet and get a list of files to delete.
When a box pops up click YES.
 
just to check,i haven't downloaded Ot move it yet,do i need to copy that code,you wrote earlier.Also can you give any advice on getting msconfig back to normal startup?it is stuck in selective and when i try and change it,i get a restart message,and when i restart i get those popups saying firewall is turned off(which it isn't),and then the other matching one saying auto updates is off(which is)
thanks so much for trying to help
 
Don't bother with the OTMoveIt instructions, you should be able to uninstall the Adobe and Java when the OS is running properly.

RE. MSConfig,
If you followed my previous instructions, MSConfig should already be in normal startup.
The Firewall and autoupdate notifications come from Security Centre, not MSConfig.
 
Sorry,mean that those double popups only appear after I try and change msconfig back to normal startup,I also get the message saying that i must restart to make any changes take place,but whether i restart or not,it is still stuck in selective.also last couple of times I've started up there is a panel saying I've made changes to System configuration etc,when I haven,t.
Also have lost System restore again
Just for reference,what kind of service and registry entries have all those numbers and are hidden,just so I know (roughly) what to ignore in future?
Many thanks again,last questions I promise!
 
Just posting a final HJT log,can't restart system restore in Services,and there is no tab to click on My computer/properties etc
Msconfig still stuck in selective startup,as advised a few pages back
a few things seem to have changed in the HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:46:50 p.m., on 26/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\dllhost.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://security.kolla.de/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FD76BEB-89CC-4CEB-965D-24200785D4CF}: NameServer = 60.234.1.1 60.234.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{1FD76BEB-89CC-4CEB-965D-24200785D4CF}: NameServer = 60.234.1.1 60.234.2.2
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 8221 bytes
 
There is no evidence of any active malware, you need to start a thread at one of the tech forums I suggested and get your OS sorted.
If you are still having problems after that, then you can come back and have another check.
 
You must log in or register to reply here.
Back
Top