Windows Updates Keep Failing

Hi and welcome to the Daniweb forums :).

Please paste your logs in future rather than attach them. We have no desire to download files from a possibly infected computer :).

Download Dial-a-Fix and run it. Select the 'Check all' (green arrow) and then hit 'GO.'
Reboot when done and see how things are now.

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

System repair breaks Windows Update. Its a known problem.

I managed to fix it before using Dial-A-Fix

http://wiki.lunarsoft.net/wiki/Dial-a-fix

Choose flush SoftwareDistribution then select to fix windows update and windows installer. Reboot.

Like Jbennet said, Repair installs often break windows update. I've had great luck with WUfix:

http://wiki.castlecops.com/Windows_Update_Fixhttp://wiki.castlecops.com/Windows_Update_Fix

Thank you so much for responding. Sorry for my delay in returning. I was pulled away for a day.
I apologize for failing to follow the rules regarding log posting. It totally left my memory in the heat of the moment. I do appreciate your help.

I applied Dial-a-fix and also ran ComboFix whose log will follow, along with a new HJT log .

A new problem came up after the "fixes"...I now cannot connect to the internet!

I've tried everything from uninstalling/reinstalling the ethernet cad. Uninstalling the driver. Running Network Setup Wizard.
Nothing helps.
Windows Explorer Local Area Connection status shows "connected" but FireFox and Internet Explorer both report "Not connected".
In do have required accurate info on the Support tab of Local Area Connection: ip address, subnet mask, and default gateway.
No internet?

I also discovered my AVASTanitivirus taskbar icon no missing even though the task manager shows the process running?

I hope someone can please help me figure this thing out?

Here are the requested Logs:

ComboFix 08-10-25.01 - mstihkal333 2008-10-26 14:18:53.5 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1672 [GMT -7:00]
Running from: C:\Documents and Settings\mstihkal333\Desktop\ComboFix.exe

 * Created a new restore point
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\1.tmp

(((((((((((((((((((((((((   Files Created from 2008-09-26 to 2008-10-26  )))))))))))))))))))))))))))))))


2008-10-26 14:01 . 2008-10-26 14:24    <DIR>    d--------    C:\WINDOWS\system32\CatRoot2
2008-10-26 13:59 . 2006-10-27 14:08    <DIR>    d--------    C:\Dial-a-fix-v0.60.0.24
2008-10-25 04:42 . 2008-10-25 15:36    <DIR>    d--------    C:\Program Files\EsetOnlineScanner
2008-10-24 18:42 . 2008-10-24 18:42    <DIR>    d--------    C:\Program Files\Trend Micro
2008-10-24 13:04 . 2008-10-24 13:04    <DIR>    d--------    C:\fsaua.data
2008-10-24 11:43 . 2004-12-14 14:16    122,880    --a------    C:\DllCompare.exe
2008-10-24 10:55 . 2008-10-24 10:55    27,264    --a------    C:\WINDOWS\system32\drivers\sybex38.sys
2008-10-24 03:06 . 2008-10-24 03:07    <DIR>    d--------    C:\RkUnhooker
2008-10-23 19:07 . 2008-10-23 19:07    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\Nero
2008-10-23 19:06 . 2008-10-23 19:06    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\Digital Patrol
2008-10-23 16:17 . 2008-10-23 16:17    <DIR>    d--------    C:\WINDOWS\C8BB491212D942AEB571E580D8CD1B5B.TMP
2008-10-22 21:04 . 2008-10-22 21:04    54,156    --ah-----    C:\WINDOWS\QTFont.qfn
2008-10-22 21:04 . 2008-10-22 21:04    1,409    --a------    C:\WINDOWS\QTFont.for
2008-10-22 14:10 . 2008-08-14 03:00    2,180,352    -----c---    C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-22 14:10 . 2008-08-14 02:58    2,136,064    -----c---    C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-22 14:10 . 2008-08-14 02:22    2,057,728    -----c---    C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-22 14:10 . 2008-08-14 02:22    2,015,744    -----c---    C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-22 14:04 . 2008-10-22 14:04    <DIR>    d--------    C:\WINDOWS\system32\CatRoot_bak
2008-10-22 13:48 . 2004-08-03 16:04    156,672    --a--c---    C:\WINDOWS\system32\dllcache\winzm.ime
2008-10-22 13:48 . 2004-08-03 16:04    156,672    --a--c---    C:\WINDOWS\system32\dllcache\winsp.ime
2008-10-22 13:48 . 2004-08-03 16:04    156,672    --a--c---    C:\WINDOWS\system32\dllcache\winpy.ime
2008-10-22 13:48 . 2004-08-03 16:04    79,360    --a--c---    C:\WINDOWS\system32\dllcache\winar30.ime
2008-10-22 13:48 . 2004-08-03 17:56    76,800    --a--c---    C:\WINDOWS\system32\dllcache\wam51.dll
2008-10-22 13:48 . 2001-08-23 07:00    69,120    --a--c---    C:\WINDOWS\system32\dllcache\wingb.ime
2008-10-22 13:48 . 2004-08-03 16:04    65,536    --a--c---    C:\WINDOWS\system32\dllcache\winime.ime
2008-10-22 13:48 . 2004-08-03 17:56    53,248    --a--c---    C:\WINDOWS\system32\dllcache\wamreg51.dll
2008-10-22 13:48 . 2001-08-23 07:00    41,600    --a--c---    C:\WINDOWS\system32\dllcache\weitekp9.dll
2008-10-22 13:48 . 2001-08-23 07:00    31,232    --a--c---    C:\WINDOWS\system32\dllcache\weitekp9.sys
2008-10-22 13:48 . 2001-08-23 07:00    28,288    --a--c---    C:\WINDOWS\system32\dllcache\xjis.nls
2008-10-22 13:48 . 2001-08-23 07:00    9,216    --a--c---    C:\WINDOWS\system32\dllcache\wamps51.dll
2008-10-22 13:46 . 2001-08-23 07:00    13,463,552    --a--c---    C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-10-22 13:45 . 2001-08-23 07:00    1,677,824    --a--c---    C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-10-22 13:44 . 2004-05-13 00:39    876,653    --a--c---    C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-10-22 13:42 . 2001-08-23 07:00    16,384    --a--c---    C:\WINDOWS\system32\dllcache\isignup.exe
2008-10-22 13:42 . 2008-10-22 13:42    749    -rah-----    C:\WINDOWS\WindowsShell.Manifest
2008-10-22 13:42 . 2008-10-22 13:42    749    -rah-----    C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-10-22 13:42 . 2008-10-22 13:42    749    -rah-----    C:\WINDOWS\system32\sapi.cpl.manifest
2008-10-22 13:42 . 2008-10-22 13:42    749    -rah-----    C:\WINDOWS\system32\nwc.cpl.manifest
2008-10-22 13:42 . 2008-10-22 13:42    749    -rah-----    C:\WINDOWS\system32\ncpa.cpl.manifest
2008-10-22 13:42 . 2008-10-22 13:42    488    -rah-----    C:\WINDOWS\system32\logonui.exe.manifest
2008-10-22 13:39 . 2001-08-23 07:00    1,161    --a------    C:\WINDOWS\system32\usrlogon.cmd
2008-10-22 13:23 . 2004-08-03 19:03    1,042,903    -ra------    C:\WINDOWS\SET97.tmp
2008-10-22 03:05 . 2008-10-22 03:05    <DIR>    d--------    C:\Program Files\SUPERAntiSpyware
2008-10-22 03:05 . 2008-10-22 03:05    <DIR>    d--------    C:\Documents and Settings\mstihkal333\Application Data\SUPERAntiSpyware.com
2008-10-22 03:05 . 2008-10-22 03:05    <DIR>    d--------    C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-10-21 22:13 . 2008-10-21 22:13    0    --a------    C:\WINDOWS\ativpsrm.bin
2008-10-21 22:11 . 2008-09-23 21:05    593,920    --a------    C:\WINDOWS\system32\ati2sgag.exe
2008-10-21 22:09 . 2008-10-21 22:09    <DIR>    d--------    C:\ATI
2008-10-21 21:33 . 2005-09-16 19:40    1,302,589    --a------    C:\WINDOWS\system\evll.dll
2008-10-21 10:05 . 2008-10-21 10:05    <DIR>    d--------    C:\Program Files\Secunia
2008-10-18 15:48 . 2007-08-14 08:12    5,760    --a------    C:\WINDOWS\system32\15.tmp
2008-10-17 03:34 . 2008-10-17 03:34    <DIR>    d--------    C:\download
2008-10-14 22:48 . 2008-10-14 22:48    <DIR>    d--------    C:\Program Files\PrevxCSI
2008-10-14 22:48 . 2008-10-24 10:58    25,400    --a------    C:\WINDOWS\system32\drivers\pxark.sys
2008-10-01 12:34 . 2008-10-01 12:35    <DIR>    d--------    C:\radix
2008-09-30 05:34 . 2008-09-30 05:34    <DIR>    d--------    C:\Program Files\NictaTech Software
2008-09-30 05:34 . 2008-09-30 05:34    <DIR>    d--------    C:\Documents and Settings\mstihkal333\Application Data\Digital Patrol
2008-09-30 02:15 . 2008-10-23 15:50    <DIR>    d--------    C:\Program Files\Sophos
2008-09-30 02:14 . 2008-09-30 02:14    <DIR>    d--------    C:\SOPHOSstdtsa
2008-09-28 14:14 . 2007-05-30 05:10    10,872    --a------    C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-09-26 03:55 . 2008-09-26 03:55    <DIR>    d--------    C:\Program Files\ERUNT

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 21:28    47,894,560    --sha-w    C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-26 21:27    ---------    d-----w    C:\Documents and Settings\All Users.WINDOWS\Application Data\BOC427
2008-10-26 21:24    568,412    --sha-w    C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-26 20:55    ---------    d-----w    C:\Documents and Settings\mstihkal333\Application Data\SiteAdvisor
2008-10-26 11:11    ---------    d-----w    C:\Documents and Settings\mstihkal333\Application Data\XnView
2008-10-25 08:16    ---------    d-----w    C:\Program Files\Malwarebytes' Anti-Malware
2008-10-25 01:41    ---------    d-----w    C:\Program Files\HJT
2008-10-24 18:38    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2008-10-24 06:15    ---------    d-----w    C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-10-23 23:19    ---------    d-----w    C:\Program Files\Common Files\Wise Installation Wizard
2008-10-23 17:26    ---------    d-----w    C:\Program Files\Outlook ExpressLESS
2008-10-23 16:31    ---------    d---a-w    C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-10-23 16:31    ---------    d-----w    C:\Program Files\SpywareBlaster
2008-10-22 23:10    38,496    ----a-w    C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 23:10    15,504    ----a-w    C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 21:24    ---------    d-----w    C:\Documents and Settings\All Users.WINDOWS\Application Data\PrevxCSI
2008-10-22 09:59    ---------    d-----w    C:\Program Files\Safer Networking
2008-10-22 09:53    ---------    d-----w    C:\Documents and Settings\All Users.WINDOWS\Application Data\logs
2008-10-20 20:12    ---------    d-----w    C:\Program Files\Spybot - Search & Destroy
2008-10-19 02:49    ---------    d-----w    C:\Documents and Settings\mstihkal333\Application Data\SPORE Creature Creator
2008-10-18 22:35    ---------    d-----w    C:\Program Files\ZenGems
2008-10-18 22:35    ---------    d-----w    C:\Program Files\The Great Wall Of Words
2008-10-18 22:35    ---------    d-----w    C:\Program Files\Ingenious
2008-10-18 22:35    ---------    d-----w    C:\Program Files\Charma
2008-10-17 00:04    ---------    d-----w    C:\Program Files\Unlocker
2008-10-16 23:14    ---------    d-----w    C:\Program Files\Winamp
2008-09-26 04:12    38,912    ----a-w    C:\WINDOWS\wizmo.exe
2008-09-24 03:09    3,331,072    ----a-w    C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-09-24 02:18    425,984    ----a-w    C:\WINDOWS\system32\ATIDEMGX.dll
2008-09-24 02:17    311,296    ----a-w    C:\WINDOWS\system32\ati2dvag.dll
2008-09-24 02:09    10,772,480    ----a-w    C:\WINDOWS\system32\atioglxx.dll
2008-09-24 02:07    188,416    ----a-w    C:\WINDOWS\system32\atipdlxx.dll
2008-09-24 02:06    43,520    ----a-w    C:\WINDOWS\system32\ati2edxx.dll
2008-09-24 02:06    26,112    ----a-w    C:\WINDOWS\system32\Ati2mdxx.exe
2008-09-24 02:06    143,360    ----a-w    C:\WINDOWS\system32\Oemdspif.dll
2008-09-24 02:06    143,360    ----a-w    C:\WINDOWS\system32\ati2evxx.dll
2008-09-24 02:04    581,632    ----a-w    C:\WINDOWS\system32\ati2evxx.exe
2008-09-24 02:03    53,248    ----a-w    C:\WINDOWS\system32\ATIDDC.DLL
2008-09-24 01:56    307,200    ----a-w    C:\WINDOWS\system32\atiiiexx.dll
2008-09-24 01:54    4,008,864    ----a-w    C:\WINDOWS\system32\ati3duag.dll
2008-09-24 01:38    2,399,744    ----a-w    C:\WINDOWS\system32\ativvaxx.dll
2008-09-24 01:24    48,640    ----a-w    C:\WINDOWS\system32\amdpcom32.dll
2008-09-24 01:20    380,928    ----a-w    C:\WINDOWS\system32\atikvmag.dll
2008-09-24 01:19    39,424    ----a-w    C:\WINDOWS\system32\atiadlxx.dll
2008-09-24 01:18    53,248    ----a-w    C:\WINDOWS\system32\drivers\ati2erec.dll
2008-09-24 01:18    253,952    ----a-w    C:\WINDOWS\system32\atiok3x2.dll
2008-09-24 01:18    17,408    ----a-w    C:\WINDOWS\system32\atitvo32.dll
2008-09-24 01:12    573,440    ----a-w    C:\WINDOWS\system32\ati2cqag.dll
2008-09-24 00:10    ---------    d-----w    C:\Program Files\IObit
2008-09-23 01:13    1,395,712    ----a-w    C:\WINDOWS\Internet Logs\xDB38.tmp
2008-09-23 01:13    ---------    d-----w    C:\Program Files\Registry Workshop
2008-09-21 21:35    ---------    d-----w    C:\Program Files\Microsoft Baseline Security Analyzer 2
2008-09-20 10:24    ---------    d-----w    C:\Program Files\ZoneAlarm
2008-09-20 10:20    240    ----a-w    C:\WINDOWS\system32\drivers\vsconfig.xml
2008-09-19 21:32    ---------    d-----w    C:\Program Files\Comodo
2008-09-18 21:03    17,408    ----a-w    C:\WINDOWS\Internet Logs\xDB37.tmp
2008-09-18 19:39    18,432    ----a-w    C:\WINDOWS\Internet Logs\xDB36.tmp
2008-09-18 19:12    323,072    ----a-w    C:\WINDOWS\Internet Logs\xDB35.tmp
2008-09-18 02:04    ---------    d-----w    C:\Program Files\Alwil Software
2008-09-18 01:27    ---------    d-----w    C:\Program Files\PopCap Games
2008-09-17 00:32    12,695,846    -c--a-w    C:\WINDOWS\Internet Logs\tvDebug.zip
2008-09-15 04:17    410,976    ----a-w    C:\WINDOWS\system32\deploytk.dll
2008-09-15 04:17    ---------    d-----w    C:\Program Files\Java
2008-09-14 12:27    ---------    d-----w    C:\Program Files\CCleaner
2008-09-12 11:20    ---------    d-----w    C:\Documents and Settings\mstihkal333\Application Data\Ultra Fractal 4
2008-09-12 11:15    ---------    d-----w    C:\Program Files\Nufsoft
2008-09-12 08:33    ---------    d-----w    C:\Documents and Settings\mstihkal333\Application Data\Boomzap
2008-09-12 04:06    ---------    d-----w    C:\Program Files\HP
2008-09-10 04:48    ---------    d-----w    C:\Program Files\XnView
2008-09-06 23:46    ---------    d-----w    C:\Program Files\Mahjong Towers II
2008-09-06 23:46    ---------    d-----w    C:\Program Files\Harmony Assistant
2008-09-06 23:46    ---------    d-----w    C:\Program Files\Haiku Journey
2008-09-06 23:46    ---------    d-----w    C:\Program Files\Framing Studio
2008-09-06 23:46    ---------    d-----w    C:\Program Files\FolderSize
2008-09-06 23:45    ---------    d-----w    C:\Program Files\WhatsRunning
2008-09-06 23:45    ---------    d-----w    C:\Program Files\SolSuite
2008-09-06 23:45    ---------    d-----w    C:\Program Files\Media Player Classic
2008-09-06 23:45    ---------    d-----w    C:\Program Files\JetAudio
2008-09-05 20:11    ---------    d-----w    C:\Program Files\RegScrubXP
2008-09-04 23:01    ---------    d-----w    C:\Program Files\VS Revo Group
2008-08-15 01:49    699,392    ---ha-w    C:\WINDOWS\system32\wodfamoh.dll
2008-08-14 10:00    2,180,352    ----a-w    C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:22    2,057,728    ----a-w    C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-30 17:00    90,112    ----a-w    C:\WINDOWS\system32\atibrtmon.exe
2007-07-21 03:29    24,192    -c--a-w    C:\Documents and Settings\mstihkal333\usbsermptxp.sys
2007-07-21 03:29    22,768    -c--a-w    C:\Documents and Settings\mstihkal333\usbsermpt.sys
2007-03-09 23:02    24,192    -c--a-w    C:\Documents and Settings\SafyrMwn\usbsermptxp.sys
2007-03-09 23:02    22,768    -c--a-w    C:\Documents and Settings\SafyrMwn\usbsermpt.sys
2007-03-09 16:27    92,064    -c--a-w    C:\Documents and Settings\SafyrMwn\mqdmmdm.sys
2007-03-09 16:27    9,232    -c--a-w    C:\Documents and Settings\SafyrMwn\mqdmmdfl.sys
2007-03-09 16:27    79,328    -c--a-w    C:\Documents and Settings\SafyrMwn\mqdmserd.sys
2007-03-09 16:27    66,656    -c--a-w    C:\Documents and Settings\SafyrMwn\mqdmbus.sys
2007-03-09 16:27    6,208    -c--a-w    C:\Documents and Settings\SafyrMwn\mqdmcmnt.sys
2007-03-09 16:27    5,936    -c--a-w    C:\Documents and Settings\SafyrMwn\mqdmwhnt.sys
2007-03-09 16:27    4,048    -c--a-w    C:\Documents and Settings\SafyrMwn\mqdmcr.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BOC-427"="C:\PROGRA~1\Comodo\CBOClean\BOC427.exe" [2008-07-14 351480]
"ZoneAlarm Client"="C:\Program Files\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.fraunhoferacm"= l3codecp.acm
"aux1"= ctwdm32.dll
"aux4"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders    msapsspc.dll, digest.dll, msnsspc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^TabUserW.exe.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\TabUserW.exe.lnk
backup=C:\WINDOWS\pss\TabUserW.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 0 (0x0)
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)
"AllowOutboundParameterProblem"= 0 (0x0)
"AllowInboundMaskRequest"= 0 (0x0)
"AllowInboundRouterRequest"= 0 (0x0)
"AllowOutboundTimeExceeded"= 0 (0x0)
"AllowRedirect"= 0 (0x0)
"AllowOutboundPacketTooBig"= 0 (0x0)

R0 PenClass;Pen Class;C:\WINDOWS\system32\drivers\PenClass.sys [2001-04-09 8138]
R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-10-24 25400]
R0 sybex38;Rootkit Unhooker Driver;C:\WINDOWS\system32\drivers\sybex38.sys [2008-10-24 27264]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe [2008-10-19 880696]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-30 3712]
S3 BDXGFUPNQQ;BDXGFUPNQQ;C:\DOCUME~1\mstihkal333\Local Settings\Temp\BDXGFUPNQQ.exe [ ]
S3 BioNT_BS;BioNT_BS;C:\Program Files\Paragon Software\Total Defrag 2007\bluescrn\BioNT_bs.sys [ ]
S3 BUXODPXTQ;BUXODPXTQ;C:\DOCUME~1\mstihkal333\Local Settings\Temp\BUXODPXTQ.exe [ ]
S3 BZJPK;BZJPK;C:\DOCUME~1\mstihkal333\Local Settings\Temp\BZJPK.exe [ ]
S3 CE;CE;C:\DOCUME~1\mstihkal333\Local Settings\Temp\CE.exe [ ]
S3 ERQ;ERQ;C:\DOCUME~1\mstihkal333\Local Settings\Temp\ERQ.exe [ ]
S3 GRTBECJBMJHD;GRTBECJBMJHD;C:\DOCUME~1\mstihkal333\Local Settings\Temp\GRTBECJBMJHD.exe [ ]
S3 IDQDCN;IDQDCN;C:\DOCUME~1\mstihkal333\Local Settings\Temp\IDQDCN.exe [ ]
S3 IKGV;IKGV;C:\DOCUME~1\mstihkal333\Local Settings\Temp\IKGV.exe [ ]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\1.tmp [ ]
S3 MZ;MZ;C:\DOCUME~1\mstihkal333\Local Settings\Temp\MZ.exe [ ]
S3 NDHADWU;NDHADWU;C:\DOCUME~1\mstihkal333\Local Settings\Temp\NDHADWU.exe [ ]
S3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-06-16 7808]
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2007-03-21 25773]
S3 slicedisk.sys;slicedisk.sys;C:\WINDOWS\system32\slicedisk.sys [ ]
S3 UIZRHZSE;UIZRHZSE;C:\DOCUME~1\mstihkal333\Local Settings\Temp\UIZRHZSE.exe [ ]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 UWNBSAORUC;UWNBSAORUC;C:\DOCUME~1\mstihkal333\Local Settings\Temp\UWNBSAORUC.exe [ ]
S3 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 VKCMBC;VKCMBC;C:\DOCUME~1\mstihkal333\Local Settings\Temp\VKCMBC.exe [ ]
S3 XJYQNQLPYGIDLF;XJYQNQLPYGIDLF;C:\DOCUME~1\mstihkal333\Local Settings\Temp\XJYQNQLPYGIDLF.exe [ ]
S3 YMXVTZERQ;YMXVTZERQ;C:\DOCUME~1\mstihkal333\Local Settings\Temp\YMXVTZERQ.exe [ ]
S4 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-09-14 147456]
S4 kwcxbus;kwcxbus;C:\WINDOWS\system32\DRIVERS\kwcxbus.sys [2005-01-17 52480]
S4 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [ ]
S4 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2008-10-25 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe []

2008-10-26 C:\WINDOWS\Tasks\SmartDefrag.job
- C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2008-09-08 22:02]

2008-10-26 C:\WINDOWS\Tasks\SmartDefrag.job
- C:\Program Files\IObit\IObit SmartDefrag\ [2008-09-23 17:10]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\mstihkal333\Application Data\Mozilla\Firefox\Profiles\84940war.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF -: plugin - C:\Documents and Settings\All Users.WINDOWS\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npsabffx.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF -: plugin - C:\WINDOWS\system32\SuperAdBlocker.com\npsabffx.dll
.
.
------- File Associations -------
.
txtfile=C:\WINDOWS\NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-10-26 14:26:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\1.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\CBOClean\BOCore.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-10-26 14:31:50 - machine was rebooted
ComboFix-quarantined-files.txt  2008-10-26 21:31:32

Pre-Run: 27,982,905,344 bytes free
Post-Run: 28,027,297,792 bytes free

318    --- E O F ---    2008-10-26 12:44:09

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:23:02 AM, on 10/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.com/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [url]http://www.google.com/[/url]
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: [url]http://*.update.microsoft.com[/url]
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url]http://www.pcpitstop.com/betapit/PCPitStop.CAB[/url]
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - [url]http://www.eset.eu/buxus/docs/OnlineScanner.cab[/url]
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - [url]http://support.f-secure.com/ols/fscax.cab[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1EC733C-0709-4735-8170-F7696F8EC602}: NameServer = 192.168.0.1
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BDXGFUPNQQ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\BDXGFUPNQQ.exe (file missing)
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: BUXODPXTQ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\BUXODPXTQ.exe (file missing)
O23 - Service: BZJPK - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\BZJPK.exe (file missing)
O23 - Service: CE - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\CE.exe (file missing)
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: ERQ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\ERQ.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: GRTBECJBMJHD - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\GRTBECJBMJHD.exe (file missing)
O23 - Service: IDQDCN - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\IDQDCN.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IKGV - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\IKGV.exe (file missing)
O23 - Service: MZ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\MZ.exe (file missing)
O23 - Service: NDHADWU - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\NDHADWU.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: UIZRHZSE - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\UIZRHZSE.exe (file missing)
O23 - Service: UWNBSAORUC - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\UWNBSAORUC.exe (file missing)
O23 - Service: VKCMBC - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\VKCMBC.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: XJYQNQLPYGIDLF - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\XJYQNQLPYGIDLF.exe (file missing)
O23 - Service: YMXVTZERQ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\YMXVTZERQ.exe (file missing)

--
End of file - 7275 bytes

Thank You again for any help, it is much appreciated.

Could you tell me why you ran combofix 5 times when I clearly never requested that? Whatever combofix deleted is not shown in that log.

Maybe I'm going crazy, but I only ran combo-fix 1 time.
I had/have no idea that it ran 5 times?
I don't know how that would have happened?
On my end it appeared to run only one time.
Shouldn't I have 5 different log files if I ran it 5 times?
I'm sorry but I'm totally confused! :confused:

I have been advising the use of combofix for quite and while now and have never heard of it running by itself. The number in bold tells me that it has been run 5 times: mstihkal333 2008-10-26 14:18:53.5

Download
SDFix
and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the
following:

• Restart your computer
• After hearing your computer beep once during startup, but before the
  Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.
• In Safe Mode, right click the SDFix.zip folder and choose Extract
  All,
• Open the extracted folder and double click RunThis.bat to
  start the script.
• Type Y to begin the script.
• It will remove the Trojan Services then make some repairs to the
  registry and prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• Your system will take longer that normal to restart as the fixtool
  will be running and removing files.
• When the desktop loads the Fixtool will complete the removal and
  display Finished, then press any key to end the script and load
  your desktop icons.
• Finally open the SDFix folder on your desktop and copy and paste the
  contents of the results file Report.txt back onto the forum with
  a new HijackThis log.

Please post the SDFix log within CODE Tags.

I downloaded SDFix and started running RunThis.bat. My question is how long this script runs before the prompt to press any key to restart? Are we talking minutes or hours? Thank you much for your help!

The SDFix report with new HijackThis log is attached.

Thank You for your time and help!:S

Can you please do the following.

Scan with HijackThis and then place a check next to all the following, if present:

[color=#9933cc][b] O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file) [/b][/color] 

[color=#9933cc][b] O23 - Service: BDXGFUPNQQ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\BDXGFUPNQQ.exe (file missing) [/b][/color] 
[color=#9933cc][b] O23 - Service: BUXODPXTQ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\BUXODPXTQ.exe (file missing) [/b][/color] 
[color=#9933cc][b] O23 - Service: BZJPK - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\BZJPK.exe (file missing) [/b][/color] 
[color=#9933cc][b] O23 - Service: CE - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\CE.exe (file missing) [/b][/color] 
[color=#9933cc][b] O23 - Service: ERQ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\ERQ.exe (file missing) [/b][/color] 
[color=#9933cc][b] O23 - Service: GRTBECJBMJHD - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\GRTBECJBMJHD.exe (file missing) [/b][/color] 
[color=#9933cc][b] O23 - Service: IDQDCN - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\IDQDCN.exe (file missing) [/b][/color] 
[color=#9933cc][b] O23 - Service: IKGV - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\IKGV.exe (file missing) [/b][/color] 
[color=#9933cc][b] O23 - Service: MZ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\MZ.exe (file missing) [/b][/color] 
[color=#9933cc][b] O23 - Service: NDHADWU - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\NDHADWU.exe (file missing) [/b][/color] 
[color=#9933cc][b] O23 - Service: UIZRHZSE - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\UIZRHZSE.exe (file missing) [/b][/color] 
[color=#9933cc][b] O23 - Service: UWNBSAORUC - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\UWNBSAORUC.exe (file missing) [/b][/color] 
[color=#9933cc][b] O23 - Service: VKCMBC - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\VKCMBC.exe (file missing) [/b][/color] 
[color=#9933cc][b] O23 - Service: XJYQNQLPYGIDLF - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\XJYQNQLPYGIDLF.exe (file missing) [/b][/color] 
[color=#9933cc][b] O23 - Service: YMXVTZERQ - Unknown owner - C:\DOCUME~1\mstihkal333\Local Settings\Temp\YMXVTZERQ.exe (file missing) [/b][/color] 

Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

I followed your instructions with Hijackthis fixes.
As you'll see below

O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)

is the only one that would not repair.

Avast Resident Protection taskbar icon still does not appear at system boot.
and
Still no network access?:(

I do not use any messenger service so are these necessary?

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

And these seem questionable to me also?

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1EC733C-0709-4735-8170-F7696F8EC602}: NameServer = 192.168.0.1
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

Thank you again for your time!

Here is the new HJT log after rebooting from the fixes:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:10 PM, on 10/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.com/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [url]http://www.google.com/[/url]
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: [url]http://*.update.microsoft.com[/url]
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url]http://www.pcpitstop.com/betapit/PCPitStop.CAB[/url]
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - [url]http://www.eset.eu/buxus/docs/OnlineScanner.cab[/url]
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - [url]http://support.f-secure.com/ols/fscax.cab[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1EC733C-0709-4735-8170-F7696F8EC602}: NameServer = 192.168.0.1
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5609 bytes

start quote:

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

And these seem questionable to me also?

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1EC733C-0709-4735-8170-F7696F8EC602}: NameServer = 192.168.0.1
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

end quote.

They are all legitimate files.

For Avast. Go to Start | All Programs and locate the Avast entry. Left click to run it. At the top left of the Avast window there is a pyramid shaped button. Left click on that. Go to appearance and on the right, check the box for showing the icon in the tray.
OK out. Does the icon now show?

Please explain your network problems.

Does Windows update now work?

I followed the Avast Appearance options as suggested, but still no Avast icon in the taskbar.
Should I just go ahead and uninstall and then reinstall a new Avast download?

As far as the internet connection - still not connected to the web.

Windows Explorer Local Area Connection status shows "connected" but FireFox and Internet Explorer both report "Not connected".

The required accurate info shows on the Support tab of Local Area Connection:
ip address, subnet mask, and default gateway.

Ipconfig appears to be normal, but still No internet?

Windows Automatic Update says Service Pack 3 is waiting to be installed.
I don't think I should install this though until my other issues are resolved. Is that right?:-/

Thank you for all your help.

Personally I don't think it's worth it to install SP3 regardless.

==

Download and run Winsockfix from here http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml

==

If that does not work, disable or uninstall Zone Alarm and see how you go. A lot of ppl are having this problem with it installed.
If that turns out to be the problem, install COMODO instead.

I ran the Winsockfix as requested. No change in the internet connectivity.

I uninstalled AVAST and reinstalled a new download, ran a boot scan & it came up clean.
Now the AVAST taskbar icon is back and it seems to be working fine.
I followed your suggestion and removed Zone Alarm and installed Comodo. But still no internet!
I uninstalled Comodo firewall and am just using Windows firewall for the time being.

I found this file C:\Qoobox\Quarantine\Registry_backups\tcpip.reg.
Could this have something to do with my internet issues?

Now a NEW logon window requiring me to press Ctrl. Alt. Del. & enter user name and password to start, pops up whenever the system starts? (Never had to do this before?)
Any ideas/suggestions? Thank You for any guidance.:icon_eek:

Here is the newest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:18:22 AM, on 11/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.com/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [url]http://www.google.com/[/url]
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: [url]http://*.update.microsoft.com[/url]
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url]http://www.pcpitstop.com/betapit/PCPitStop.CAB[/url]
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - [url]http://www.eset.eu/buxus/docs/OnlineScanner.cab[/url]
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - [url]http://support.f-secure.com/ols/fscax.cab[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - AppInit_DLLs:  
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 5046 bytes

Qoobox is created by combofix. When did you start having the internet connection problems?

It was after running Dial-a-fix and Combofix.

Let's get rid of Combofix and see if things change. Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

The above procedure will: Delete the following: ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present

Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.

Ran the Combofix /u.

Still no internet.

Don't know if this is of any help but trying to run HijackThis after uninstalling combofix this error popped up:

An unexpected error has occurred at procedure: modRegistry_IniGetString(sFile=system.ini, sSection=boot, sValue =Shell)
Error #5 - Invalid procedure call or argument

Windows Version: Windows NT 5.01.2600
MSIE version: 7.0.5730.13
HijackThis version: 2.02

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:01 AM, on 11/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.com/
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://update.microsoft.com
O15 - Trusted Zone: http://windowsupdate.microsoft.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 4957 bytes

Could you also please look at the startup list created from HiJackthis? :?:
For some reason I think there might be something here that may shed some light on this situation?

StartupList report, 11/2/2008, 3:18:40 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.5730.0013)
* Using default options
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Logitech Hardware Abstraction Layer = KHALMNPR.EXE
BOC-427 = C:\PROGRA~1\Comodo\CBOClean\BOC427.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

HijackThis startup scan = C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[AutorunsDisabled]
KernelFaultCheck = %systemroot%\system32\dumprep 0 -k
ATIModeChange = Ati2mdxx.exe
ZoneAlarm Client = "C:\Program Files\ZoneAlarm\zlclient.exe"

[optionalcomponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[AdobeUpdater]
=

[AutorunsDisabled]
*No values found*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = C:\WINDOWS\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

--------------------------------------------------

Enumerating Task Scheduler jobs:

1-Click Maintenance.job
SmartDefrag.job

--------------------------------------------------

Enumerating Download Program Files:

[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PCPitstop.dll
CODEBASE = http://www.pcpitstop.com/betapit/PCPitStop.CAB

[OnlineScanner Control]
InProcServer32 = C:\WINDOWS\system32\ONLINE~1.OCX
CODEBASE = http://www.eset.eu/buxus/docs/OnlineScanner.cab

[F-Secure Online Scanner 3.3]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.3\fscax.dll
CODEBASE = http://support.f-secure.com/ols/fscax.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx
CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Windows NT/2000/XP services

aswFsBlk: system32\DRIVERS\aswFsBlk.sys (autostart)
avast! iAVS4 Control Service: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (autostart)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
avast! Antivirus: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" (autostart)
AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
BOCore: C:\Program Files\Comodo\CBOClean\BOCORE.exe (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
CSIScanner: "C:\Program Files\PrevxCSI\prevxcsi.exe" /service (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Wired AutoConfig: %SystemRoot%\System32\svchost.exe -k dot3svc (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
Folder Size: "C:\Program Files\FolderSize\FolderSizeSvc.exe" (autostart)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
LBeepKE: System32\Drivers\LBeepKE.sys (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Net Logon: %SystemRoot%\system32\lsass.exe (autostart)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
NWLink IPX/SPX/NetBIOS Compatible Transport Protocol: system32\DRIVERS\nwlnkipx.sys (autostart)
NWLink NetBIOS: system32\DRIVERS\nwlnknb.sys (autostart)
NWLink SPX/SPXII Protocol: system32\DRIVERS\nwlnkspx.sys (autostart)
PfModNT: \??\C:\WINDOWS\system32\PfModNT.sys (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TabletService: C:\WINDOWS\system32\Tablet.exe (autostart)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = sprestrt

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\WINDOWS\Downloaded Program Files\CONFLICT.1||C:\WINDOWS\Downloaded Program Files\CONFLICT.1||C:\32788R22FWJFW\NIRCMD.COM||C:\WINDOWS\Downloaded Program Files\CONFLICT.1||C:\WINDOWS\Downloaded Program Files\CONFLICT.1||C:\WINDOWS\Downloaded Program Files\CONFLICT.1||C:\WINDOWS\Downloaded Program Files\CONFLICT.1||C:\WINDOWS\Downloaded Program Files\CONFLICT.1||C:\WINDOWS\Downloaded Program Files\CONFLICT.1|||l

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
End of report, 12,151 bytes

Thank You again for your time!

You said it was after running both dial-a-fix and combofix. Did you notice which you ran first and/or which one caused the problem?
Have you tried resetting your router/modem?
Do you have any restore points to go back to?

Internet connection problems started after I ran Dial-a-Fix and Combofix.
No internet connection after running those two.
I did not notice which one caused the problem.

I reset the router & modem. No difference.

Combofix /u reset System Restore points, so I don't have that either.

I dread to mention it, but I really am starting to believe a rootkit is involved. :(

Download and Save Blacklight to your desktop:

Double-click on the file, then accept the agreement. Hit the scan button and wait until it's finished running.

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"

I ran the Blacklight scan & it came back with no hidden items found.

Here's the log:
11/02/08 13:16:19 [Info]: BlackLight Engine 2.2.1092 initialized
11/02/08 13:16:19 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/02/08 13:16:19 [Note]: 7019 4
11/02/08 13:16:19 [Note]: 7005 0
11/02/08 13:16:25 [Note]: 7006 0
11/02/08 13:16:25 [Note]: 7011 1872
11/02/08 13:16:25 [Note]: 7035 0
11/02/08 13:16:25 [Note]: 7026 0
11/02/08 13:16:26 [Note]: 7026 0
11/02/08 13:16:28 [Note]: FSRAW library version 1.7.1024
11/02/08 13:29:13 [Note]: 7007 0

Looks clean. Try to resolve it by going through the recommendations found here; http://support.microsoft.com/kb/299357

Hello again and thank you for all your assistance.

I followed the link to Microsoft and used the Guided fix which didn't resolve my problem,
so then I tried the manual reset and still no internet connection!

:'(

:icon_idea:
I think I've determined the Winsock2 key is corrupted with third-party additions.
I need to look a little more to be sure but exhaustion has won me over.
Just wanted to give a heads-up to the path I'm on.

System Information report written at: 11/03/08 21:56:07
System Name: MSTIHKAL333
[Protocol]
Item Value
Name MSAFD nwlnkspx [SPX]
Name MSAFD nwlnkspx [SPX] [Pseudo Stream]
Name MSAFD nwlnkspx [SPX II]
Name MSAFD nwlnkspx [SPX II] [Pseudo Stream]
Name MSAFD nwlnkipx [IPX]
Name MSAFD Tcpip [TCP/IP]
Name MSAFD Tcpip [UDP/IP]
Name RSVP UDP Service Provider
Name RSVP TCP Service Provider
Name MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 3
Name MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 3
Name MSAFD NetBIOS [\Device\NetBT_Tcpip_{50C10784-...}] SEQPACKET 0
Name MSAFD NetBIOS [\Device\NetBT_Tcpip_{50C10784-...}] DATAGRAM 0
Name MSAFD NetBIOS [\Device\NetBT_Tcpip_{B1F994BA-...}] SEQPACKET 4
Name MSAFD NetBIOS [\Device\NetBT_Tcpip_{B1F994BA-...}] DATAGRAM 4
Name MSAFD NetBIOS [\Device\NetBT_Tcpip_{E0793AF1-...}] SEQPACKET 5
Name MSAFD NetBIOS [\Device\NetBT_Tcpip_{E0793AF1-...}] DATAGRAM 5
Name MSAFD NetBIOS [\Device\NetBT_Tcpip_{7E52D4E7-...}] SEQPACKET 1
Name MSAFD NetBIOS [\Device\NetBT_Tcpip_{7E52D4E7-...}] DATAGRAM 1
Name MSAFD NetBIOS [\Device\NetBT_Tcpip_{0C9D68F5-...}] SEQPACKET 2
Name MSAFD NetBIOS [\Device\NetBT_Tcpip_{0C9D68F5-...}] DATAGRAM 2

Any suggestions are most welcome. Thank you!:zzz:

To be quite honest, that stuff is out of my league :(. Unless someone else steps up, you are on your own.

I truly appreciate your honesty, crunchie . Thank you for all your time and help.

I followed the MS instructions for resetting the Winsock key and still no internet.

As much as I dread the task, I believe my best bet will be a reformat. I think I'll wait a couple of days to see if anyone else has any suggestions to avoid the reformat task. Considering the amount of software that needs to be reinstalled it won't be a quick and simple job.

Perhaps someone could shed some light on these entries found at the end of autoexec.nt file:

Rem Install network redirector
lh %SystemRoot%/System32/nw16
lh %SystemRoot%/System32/vwipxspx

Could this have to do with internet connectivity?