1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

No Internet or system restore in windows XP

Discussion in 'Virus & Other Malware Removal' started by jknouse, Jan 22, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. jknouse

    jknouse Thread Starter

    Joined:
    Apr 23, 2007
    Messages:
    28
    I can't access the internet using windows XP unless I boot in the safe mode w/ networking. I think it may be a trojan or a virus because I now cannot open system restore either. Actually I can't open 'system restore' in normal or safe mode, even from a cmd prompt in safe mode. I have both Windows explorer 8 and chrome browsers and neither will allow me internet access in the normal mode. I'm using Microsoft Essentials as a virus program and at this time only have Windows Firewall activated because my McAfee firewall protection has elapsed. I loaded Malwarebytes.org while operating in the safe mode and it did not find anything. I also suspected a rootkit problem and ran Kaspersky but it came up clean as well.

    Hijack file:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:20:01 PM, on 1/22/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\John\My Documents\Downloads\HijackThis (1).exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web2.westlaw.com/signon/defa...=true&rp=/signon/default.wl&rs=WLW5.05&vr=2.0 (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll (file missing)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120722033015.dll (file missing)
    O2 - BHO: DeskBandHelper Class - {9E0B5480-4FF0-4FEE-818B-D4DB0F220D64} - C:\PROGRA~1\LEXISN~2\PCLaw\plietool.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
    O3 - Toolbar: PCLaw Web Timer - {0E1230F8-EA50-42A9-983C-D22ABC2EED4B} - C:\PROGRA~1\LEXISN~2\PCLaw\plietool.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files\Common Files\Comodo\tvnserver.exe" -controlservice -slave
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O9 - Extra button: (no name) - {91d9cee5-3906-40f7-b51a-9b013b59c826} - C:\PROGRA~1\LEXISN~2\PCLaw\plietool.dll
    O9 - Extra 'Tools' menuitem: PCLaw Web Timer Help - {91d9cee5-3906-40f7-b51a-9b013b59c826} - C:\PROGRA~1\LEXISN~2\PCLaw\plietool.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {9d2169e0-0775-4080-9b4e-90fce9945b4a} - C:\PROGRA~1\LEXISN~2\PCLaw\plietool.dll
    O9 - Extra 'Tools' menuitem: PCLaw Web Timer - {9d2169e0-0775-4080-9b4e-90fce9945b4a} - C:\PROGRA~1\LEXISN~2\PCLaw\plietool.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: PLLiveUpWeb - http://support.pclaw.com/PLLiveUpWeb.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1185936121375
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1206027810850
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C828282F-6EF3-46C6-B1D0-F3AD40570559}: NameServer = 205.171.2.65,205.171.3.65
    O17 - HKLM\System\CS1\Services\Tcpip\..\{C828282F-6EF3-46C6-B1D0-F3AD40570559}: NameServer = 205.171.2.65,205.171.3.65
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions Inc. - C:\Program Files\Common Files\Comodo\launcher_service.exe
    O23 - Service: cmdAgent - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: GeekBuddy Remote Screen Protocol (GeekBuddyRSP) - Comodo Security Solutions, Inc. - C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (file missing)
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - Unknown owner - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (file missing)
    O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (file missing)
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (file missing)
    O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (file missing)
    O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\Program Files\McAfee\VirusScan\mcods.exe (file missing)
    O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (file missing)
    O23 - Service: McAfee McShield (McShield) - Unknown owner - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe (file missing)
    O23 - Service: McAfee Firewall Core Service (mfefire) - Unknown owner - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe (file missing)
    O23 - Service: McAfee Online Backup (MOBKbackup) - Unknown owner - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (file missing)
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - Unknown owner - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Zeon License Service (ZNLSvc) - Unknown owner - C:\Program Files\HotDocs 6\Bin\ZNLSvc.exe

    --
    End of file - 10486 bytes
    =====================================================
    Attach.txt:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/31/2007 9:17:55 PM
    System Uptime: 1/22/2013 12:00:27 PM (3 hours ago)
    .
    Motherboard: Dell Inc. | | 0RY206
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket AM2 | 2009/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 50 GiB total, 29.516 GiB free.
    D: is FIXED (NTFS) - 99 GiB total, 98.067 GiB free.
    E: is CDROM ()
    H: is NetworkDisk (NTFS) - 140 GiB total, 121.372 GiB free.
    X: is NetworkDisk (NTFS) - 140 GiB total, 121.372 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: ACPI\AWY0001\2&DABA3FF&0
    Manufacturer:
    Name:
    PNP Device ID: ACPI\AWY0001\2&DABA3FF&0
    Service:
    .
    ==== System Restore Points ===================
    .
    RP1989: 1/2/2013 6:52:27 AM - System Checkpoint
    RP1990: 1/3/2013 7:22:29 AM - System Checkpoint
    RP1991: 1/4/2013 8:11:55 AM - System Checkpoint
    RP1992: 1/5/2013 8:59:54 AM - System Checkpoint
    RP1993: 1/6/2013 9:11:54 AM - System Checkpoint
    RP1994: 1/7/2013 10:02:00 AM - System Checkpoint
    RP1995: 1/8/2013 10:20:28 AM - System Checkpoint
    RP1996: 1/9/2013 11:20:27 AM - System Checkpoint
    RP1997: 1/10/2013 12:20:27 PM - System Checkpoint
    RP1998: 1/11/2013 9:16:38 AM - Software Distribution Service 3.0
    RP1999: 1/11/2013 10:55:48 AM - Software Distribution Service 3.0
    RP2000: 1/12/2013 11:20:22 AM - System Checkpoint
    RP2001: 1/12/2013 11:29:28 AM - Software Distribution Service 3.0
    RP2002: 1/13/2013 2:14:56 AM - Software Distribution Service 3.0
    RP2003: 1/13/2013 11:27:22 AM - Software Distribution Service 3.0
    RP2004: 1/14/2013 11:27:31 AM - Software Distribution Service 3.0
    RP2005: 1/15/2013 11:27:27 AM - Software Distribution Service 3.0
    RP2006: 1/15/2013 11:28:44 AM - Restore Operation
    RP2007: 1/16/2013 8:40:50 AM - Software Distribution Service 3.0
    RP2008: 1/17/2013 8:49:29 AM - Software Distribution Service 3.0
    RP2009: 1/17/2013 10:52:52 AM - Removed GeekBuddy.
    RP2010: 1/18/2013 10:57:13 AM - Software Distribution Service 3.0
    RP2011: 1/19/2013 10:56:52 AM - Software Distribution Service 3.0
    RP2012: 1/20/2013 2:15:45 AM - Software Distribution Service 3.0
    RP2013: 1/21/2013 2:30:00 AM - System Checkpoint
    RP2014: 1/21/2013 4:02:05 PM - Software Distribution Service 3.0
    RP2015: 1/21/2013 4:32:46 PM - Removed AVG 2013
    RP2016: 1/21/2013 4:34:26 PM - Removed AVG 2013
    .
    ==== Installed Programs ======================
    .
    2007 Iowa Support Master
    2008 Iowa Support Master
    2009 Iowa Support Master
    2010 Iowa Support Master
    Acrobat.com
    Adobe Acrobat 7.0 Standard
    Adobe Acrobat 7.1.0 Standard
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader X (10.1.5)
    Compatibility Pack for the 2007 Office system
    Conexant D850 56K V.9x DFVc Modem
    FileWrangler version 5.25
    Google Toolbar for Internet Explorer
    Google Updater
    High Definition Audio Driver Package - KB888111
    HotDocs Developer LE 10
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    IowaDocs
    IowaDocs 2011
    IrfanView (remove only)
    LexisNexis PCLaw
    LightScribe System Software 1.10.16.1
    Limited Liability Companies
    Malwarebytes Anti-Malware version 1.70.0.1100
    McAfee Online Backup
    Microsoft Application Error Reporting
    Microsoft IntelliPoint 7.0
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works 6-9 Converter
    MSN
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    Nero 8 Essentials
    neroxml
    NVIDIA Drivers
    PCLaw MSXML V4 SP2 Redistributable
    PowerDVD
    Realtek High Definition Audio Driver
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Shared C Run-time for x86
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VCRedistSetup
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows XP Service Pack 3
    WinZip
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/22/2013 12:02:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips MOBKFilter MpFilter Processor
    1/22/2013 11:59:07 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MOBKFilter
    1/22/2013 11:55:42 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips IPSec MOBKFilter MpFilter MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip
    1/22/2013 11:55:42 AM, error: Service Control Manager [7003] - The McAfee McShield service depends on the following nonexistent service: mfevtp
    1/22/2013 11:55:42 AM, error: Service Control Manager [7003] - The McAfee Firewall Core Service service depends on the following nonexistent service: mfevtp
    1/22/2013 11:55:42 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    1/22/2013 11:55:42 AM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
    1/22/2013 11:55:42 AM, error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
    1/22/2013 11:55:42 AM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
    1/22/2013 11:55:42 AM, error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
    1/22/2013 11:55:42 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/22/2013 11:55:42 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/22/2013 11:55:42 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
    1/22/2013 10:34:06 AM, error: Service Control Manager [7000] - The McAfee Firewall Core Service service failed to start due to the following error: The system cannot find the path specified.
    1/22/2013 10:33:58 AM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: The system cannot find the file specified.
    1/22/2013 10:33:58 AM, error: Service Control Manager [7000] - The McAfee Inc. mfehidk service failed to start due to the following error: The system cannot find the file specified.
    1/21/2013 3:51:40 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    1/21/2013 3:30:48 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.376.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    1/21/2013 1:57:10 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.376.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    1/21/2013 1:50:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    1/21/2013 1:48:47 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips mfehidk mfetdi2k MOBKFilter MpFilter Processor
    1/21/2013 1:47:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/17/2013 5:28:14 AM, error: TermServDevices [1111] - Driver Microsoft XPS Document Writer required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
    1/17/2013 5:28:14 AM, error: TermServDevices [1111] - Driver HP Officejet 6500 E710n-z required for printer HP Officejet 6500 E710n-z is unknown. Contact the administrator to install the driver before you log in again.
    1/17/2013 5:28:13 AM, error: TermServDevices [1111] - Driver Microsoft Shared Fax Driver required for printer Fax is unknown. Contact the administrator to install the driver before you log in again.
    1/17/2013 5:28:13 AM, error: TermServDevices [1111] - Driver HP psc 1600 series required for printer HP psc 1600 series is unknown. Contact the administrator to install the driver before you log in again.
    1/17/2013 5:28:13 AM, error: TermServDevices [1111] - Driver Fax - HP Officejet 6500 E710n-z required for printer Fax - HP Officejet 6500 E710n-z is unknown. Contact the administrator to install the driver before you log in again.
    1/17/2013 10:41:36 AM, error: Tcpip [4191] - IP could not open the registry key for adapter TCPIP\Parameters\Adapters\NDISWANIP. Interfaces on this adapter will not be initialized.
    1/17/2013 10:41:32 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfehidk mfetdi2k MOBKFilter
    1/17/2013 10:41:31 AM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
    1/17/2013 10:41:31 AM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/17/2013 10:41:31 AM, error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/17/2013 10:41:31 AM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/17/2013 10:41:31 AM, error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/17/2013 10:41:31 AM, error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/17/2013 10:41:31 AM, error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/17/2013 10:41:31 AM, error: Service Control Manager [7000] - The McAfee VirusScan Announcer service failed to start due to the following error: The system cannot find the path specified.
    1/17/2013 10:41:31 AM, error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the path specified.
    1/17/2013 10:41:31 AM, error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: The system cannot find the path specified.
    1/17/2013 10:41:31 AM, error: Service Control Manager [7000] - The McAfee Online Backup service failed to start due to the following error: The system cannot find the path specified.
    .
    ==== End Of File ===========================

    DDS.txt:

    DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
    Internet Explorer: 8.0.6001.18702
    Run by John at 15:58:04 on 2013-01-22
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.614 [GMT -6:00]
    .
    AV: Microsoft Security Essentials Prerelease *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled*
    .
    ============== Running Processes ================
    .
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://web2.westlaw.com/signon/default.wl?bhcp=1&fn=%5Ftop&newdoor=true&rp=%2Fsignon%2Fdefault%2Ewl&rs=WLW5%2E05&vr=2%2E0
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
    BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
    BHO: DeskBandHelper Class: {9E0B5480-4FF0-4FEE-818B-D4DB0F220D64} - c:\program files\lexisnexis\pclaw\PLIETool.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -
    TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -
    TB: PCLaw Web Timer: {0E1230F8-EA50-42A9-983C-D22ABC2EED4B} - c:\program files\lexisnexis\pclaw\PLIETool.dll
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [Synchronization Manager] c:\windows\system32\mobsync.exe /logon
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [tvncontrol] "c:\program files\common files\comodo\tvnserver.exe" -controlservice -slave
    dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-ba7e-000000000002}\SC_Acrobat.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: {91d9cee5-3906-40f7-b51a-9b013b59c826} - {836ece4e-a83a-404a-9433-6b15a66cb0fc} - c:\program files\lexisnexis\pclaw\PLIETool.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {9d2169e0-0775-4080-9b4e-90fce9945b4a} - {2741ca04-5b65-4b10-afc0-4e8387fe6bde} - c:\program files\lexisnexis\pclaw\PLIETool.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: PLLiveUpWeb - hxxp://support.pclaw.com/PLLiveUpWeb.CAB
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185936121375
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206027810850
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: Interfaces\{C828282F-6EF3-46C6-B1D0-F3AD40570559} : NameServer = 205.171.2.65,205.171.3.65
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ============= SERVICES / DRIVERS ===============
    .
    S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
    S1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\mobk.sys --> c:\windows\system32\drivers\MOBK.sys [?]
    S2 CLPSLauncher;COMODO LPS Launcher;c:\program files\common files\comodo\launcher_service.exe [2012-11-1 70352]
    S2 GeekBuddyRSP;GeekBuddy Remote Screen Protocol;c:\program files\common files\comodo\GeekBuddyRSP.exe [2012-10-31 1467088]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\mcafee\siteadvisor\mcsacore.exe" --> c:\program files\mcafee\siteadvisor\McSACore.exe [?]
    S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]
    S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]
    S2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]
    S2 McShield;McAfee McShield;"c:\program files\common files\mcafee\systemcore\\mcshield.exe" --> c:\program files\common files\mcafee\systemcore\\mcshield.exe [?]
    S2 mfefire;McAfee Firewall Core Service;"c:\program files\common files\mcafee\systemcore\\mfefire.exe" --> c:\program files\common files\mcafee\systemcore\\mfefire.exe [?]
    S2 MOBKbackup;McAfee Online Backup;"c:\program files\mcafee online backup\mobkbackup.exe" --> c:\program files\mcafee online backup\MOBKbackup.exe [?]
    S2 ZNLSvc;Zeon License Service;c:\program files\hotdocs 6\bin\ZNLSvc.exe [2008-9-8 186200]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys --> c:\windows\system32\drivers\cfwids.sys [?]
    S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\hipshieldk.sys --> c:\windows\system32\drivers\HipShieldK.sys [?]
    S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys --> c:\windows\system32\drivers\mfeavfk.sys [?]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys --> c:\windows\system32\drivers\mfebopk.sys [?]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys --> c:\windows\system32\drivers\mfefirek.sys [?]
    .
    =============== Created Last 30 ================
    .
    2013-01-22 16:33:32 -------- d-----w- c:\program files\stinger
    2013-01-21 22:02:08 6991832 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{618874f2-a843-4f5f-9f7b-887805b35ab5}\mpengine.dll
    2013-01-21 21:50:30 -------- d-----w- c:\documents and settings\john\application data\AVG2013
    2013-01-21 21:49:37 -------- d-----w- c:\documents and settings\john\application data\TuneUp Software
    2013-01-21 21:49:00 -------- d-----w- c:\documents and settings\all users\application data\AVG2013
    2013-01-21 21:45:13 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
    2013-01-21 21:45:13 -------- d-----w- c:\documents and settings\john\local settings\application data\MFAData
    2013-01-21 21:45:13 -------- d-----w- c:\documents and settings\john\local settings\application data\Avg2013
    2013-01-21 21:45:13 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    2013-01-21 19:54:51 -------- d-----w- c:\documents and settings\john\application data\Malwarebytes
    2013-01-21 19:54:37 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2013-01-21 19:54:36 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-01-21 19:54:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-01-20 08:15:47 6991832 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2013-01-17 16:42:34 281808 ----a-w- C:\7za.dll
    2013-01-17 16:42:34 -------- d-----w- C:\themes
    2013-01-17 16:42:33 3360976 ----a-w- C:\cmdhtml.dll
    2013-01-17 16:42:33 -------- d-----w- C:\cis
    2013-01-17 16:42:29 18946768 ----a-w- C:\cmdinstall.exe
    2013-01-15 17:30:44 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2013-01-15 17:30:44 -------- d-----w- c:\windows\system32\wbem\Repository
    2013-01-11 17:18:39 -------- d-----w- c:\program files\common files\Comodo
    2013-01-11 17:13:31 -------- d-s---w- c:\documents and settings\all users\application data\Shared Space
    2013-01-11 17:11:04 -------- d-----w- c:\documents and settings\all users\application data\COMODO
    2013-01-11 17:10:26 -------- d-----w- c:\documents and settings\john\local settings\application data\COMODO
    2013-01-11 17:10:14 -------- d-----w- c:\program files\Comodo
    2013-01-11 17:10:10 1700352 ----a-w- c:\windows\system32\gdiplus.dll
    2013-01-11 17:10:06 -------- d-----w- c:\documents and settings\all users\application data\Comodo Downloader
    2013-01-11 16:55:48 237072 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-11 16:52:05 -------- d-----w- c:\program files\Microsoft Security Client
    2013-01-11 14:44:55 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
    2013-01-11 14:44:36 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
    2013-01-11 14:44:36 3072 ------w- c:\windows\system32\iacenc.dll
    .
    ==================== Find3M ====================
    .
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-15 02:45:52 32976 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2012-12-15 02:45:50 583912 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2012-12-15 02:45:50 18688 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2012-12-15 02:45:32 35640 ----a-w- c:\windows\system32\cmdcsr.dll
    2012-12-15 02:45:30 350272 ----a-w- c:\windows\system32\guard32.dll
    2012-12-15 02:45:14 260304 ----a-w- c:\windows\system32\cmdvrt32.dll
    2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-06 02:01:39 1371648 ----a-w- c:\windows\system32\msxml6.dll
    2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
    .
    ============= FINISH: 15:58:36.10 ===============

    ======================================================
    ark.txt:

    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-22 16:15:46
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 ->

    \Device\00000065 ST3160815AS rev.3.ADA 149.01GB
    Running: ltx7byv8.exe; Driver:

    C:\DOCUME~1\John\LOCALS~1\Temp\pxtdypog.sys


    ---- Kernel code sections - GMER 2.0 ----

    ? C:\DOCUME~1\John\LOCALS~1\Temp\mbr.sys

    The system cannot find the file specified. !

    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[804]

    USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[804]

    USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AB5

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[804]

    USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[804]

    USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[804]

    USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[804]

    USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[804]

    USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[804]

    USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71FC

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[804]

    USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[804]

    USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[804]

    USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[804]

    USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[804]

    ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB80

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[804]

    ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E75C7

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1176]

    USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1176]

    USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AB5

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1176]

    USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1176]

    USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1176]

    USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1176]

    USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1176]

    USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1176]

    USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71FC

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1176]

    USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1176]

    USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1176]

    USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1176]

    USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1176]

    ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB80

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1176]

    ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E75C7

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1428]

    USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1428]

    USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1428]

    USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1428]

    USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1428]

    USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71FC

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1428]

    USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1428]

    USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1428]

    USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1428]

    USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126

    C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

    Corporation)

    ---- EOF - GMER 2.0 ----
     
  2. jknouse

    jknouse Thread Starter

    Joined:
    Apr 23, 2007
    Messages:
    28
  3. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi there, I got your message. I haven't been too active lately and right now I am fighting a slight flu, but I can definitely get you started with some instructions.

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT! Save ComboFix.exe to your Desktop


    • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Remember to re-enable the protection again afterwards before connecting to the Internet.
    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
     
  4. jknouse

    jknouse Thread Starter

    Joined:
    Apr 23, 2007
    Messages:
    28
    This is the report that combofix generated:

    ComboFix 13-01-28.02 - John 01/28/2013 9:11.1.2 - x86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.366 [GMT -6:00]
    Running from: c:\documents and settings\John\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    AV: Microsoft Security Essentials Prerelease *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\John\Application Data\AdobeDLM.log
    c:\documents and settings\John\WINDOWS
    c:\windows\system32\msxml6.dll.tmp
    c:\windows\wininit.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-28 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-25 16:28 . 2013-01-25 16:28 60872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5AB7F6A-53D2-47B0-9A67-B14DE1375CBF}\offreg.dll
    2013-01-24 21:08 . 2013-01-24 21:08 -------- d-----w- C:\$AVG
    2013-01-24 21:07 . 2013-01-24 21:07 -------- d-----w- c:\program files\AVG
    2013-01-24 20:14 . 2013-01-08 02:57 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5AB7F6A-53D2-47B0-9A67-B14DE1375CBF}\mpengine.dll
    2013-01-22 16:33 . 2013-01-22 17:51 -------- d-----w- c:\program files\stinger
    2013-01-21 22:02 . 2013-01-08 02:57 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-01-21 21:50 . 2013-01-21 21:50 -------- d-----w- c:\documents and settings\John\Application Data\AVG2013
    2013-01-21 21:49 . 2013-01-21 21:49 -------- d-----w- c:\documents and settings\John\Application Data\TuneUp Software
    2013-01-21 21:49 . 2013-01-24 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013
    2013-01-21 21:48 . 2013-01-21 21:53 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Avg2013
    2013-01-21 21:45 . 2013-01-24 21:15 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Avg2013
    2013-01-21 21:45 . 2013-01-24 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2013-01-21 21:45 . 2013-01-21 21:45 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
    2013-01-21 21:45 . 2013-01-21 21:45 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\MFAData
    2013-01-21 19:54 . 2013-01-21 19:54 -------- d-----w- c:\documents and settings\John\Application Data\Malwarebytes
    2013-01-21 19:54 . 2013-01-21 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2013-01-21 19:54 . 2013-01-21 19:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-01-21 19:54 . 2012-12-14 22:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-01-17 16:42 . 2013-01-17 16:42 -------- d-----w- C:\themes
    2013-01-17 16:42 . 2012-12-14 20:45 281808 ----a-w- C:\7za.dll
    2013-01-17 16:42 . 2013-01-17 16:42 -------- d-----w- C:\cis
    2013-01-17 16:42 . 2012-12-14 20:45 3360976 ----a-w- C:\cmdhtml.dll
    2013-01-17 16:42 . 2012-12-14 20:45 18946768 ----a-w- C:\cmdinstall.exe
    2013-01-17 16:39 . 2013-01-17 16:39 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\COMODO
    2013-01-15 17:30 . 2013-01-15 17:30 -------- d-----w- c:\windows\system32\wbem\Repository
    2013-01-11 17:18 . 2013-01-17 16:53 -------- d-----w- c:\program files\Common Files\Comodo
    2013-01-11 17:14 . 2013-01-17 16:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\COMODO
    2013-01-11 17:13 . 2013-01-11 17:13 -------- d-s---w- c:\documents and settings\All Users\Application Data\Shared Space
    2013-01-11 17:11 . 2013-01-11 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
    2013-01-11 17:10 . 2013-01-11 17:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\GeekBuddyRSP
    2013-01-11 17:10 . 2013-01-17 16:54 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\COMODO
    2013-01-11 17:10 . 2013-01-17 16:54 -------- d-----w- c:\program files\Comodo
    2013-01-11 17:10 . 2013-01-11 17:10 1700352 ----a-w- c:\windows\system32\gdiplus.dll
    2013-01-11 17:10 . 2013-01-11 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
    2013-01-11 16:55 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-11 16:52 . 2013-01-11 16:52 -------- d-----w- c:\program files\Microsoft Security Client
    2013-01-11 14:44 . 2012-11-01 12:17 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
    2013-01-11 14:44 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
    2013-01-11 14:44 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-16 12:23 . 2004-08-04 05:56 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-15 02:45 . 2012-12-15 02:45 98904 ----a-w- c:\windows\system32\drivers\inspect.sys
    2012-12-15 02:45 . 2012-12-15 02:45 32976 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2012-12-15 02:45 . 2012-12-15 02:45 583912 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2012-12-15 02:45 . 2012-12-15 02:45 18688 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2012-12-15 02:45 . 2012-12-15 02:45 35640 ----a-w- c:\windows\system32\cmdcsr.dll
    2012-12-15 02:45 . 2012-12-15 02:45 350272 ----a-w- c:\windows\system32\guard32.dll
    2012-12-15 02:45 . 2012-12-15 02:45 260304 ----a-w- c:\windows\system32\cmdvrt32.dll
    2012-11-16 05:33 . 2012-11-16 05:33 94048 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2012-11-13 01:25 . 2004-08-04 04:17 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-06 02:01 . 2009-08-19 23:07 1371648 ----a-w- c:\windows\system32\msxml6.dll
    2012-11-02 02:02 . 2004-08-04 05:56 375296 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-01 12:17 . 2004-08-04 05:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-11-01 12:17 . 2004-08-04 05:56 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-11-01 12:17 . 2004-08-04 05:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-11-01 00:35 . 2004-08-04 03:59 385024 ----a-w- c:\windows\system32\html.iec
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-09-20 455968]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432]
    "nwiz"="nwiz.exe" [2007-06-29 1626112]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-29 81920]
    "RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]
    "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
    "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
    "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2007-8-1 25214]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\program files\Common Files\Comodo\GeekBuddyRSP.exe"= c:\program files\Common Files\Comodo\GeekBuddyRSP.exe:127.0.0.1/255.255.255.255:Enabled:GeekBuddy RSP
    "c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    "3390:TCP"= 3390:TCP:3390RDP
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [10/15/2012 3:48 AM 55776]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 3:46 AM 177376]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/14/2012 3:05 AM 35552]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/21/2012 3:46 AM 164832]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [10/22/2012 1:02 PM 179936]
    S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 3:45 AM 19936]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/2/2012 3:30 AM 159712]
    S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys --> c:\windows\system32\DRIVERS\MOBK.sys [?]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [11/15/2012 11:34 PM 5814904]
    S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/22/2012 1:05 PM 196664]
    S2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\Comodo\launcher_service.exe [11/1/2012 8:52 AM 70352]
    S2 GeekBuddyRSP;GeekBuddy Remote Screen Protocol;c:\program files\Common Files\Comodo\GeekBuddyRSP.exe [10/31/2012 3:46 PM 1467088]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" --> c:\program files\McAfee\SiteAdvisor\McSACore.exe [?]
    S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [?]
    S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
    S2 mfefire;McAfee Firewall Core Service;"c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe" --> c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [?]
    S2 MOBKbackup;McAfee Online Backup;"c:\program files\McAfee Online Backup\MOBKbackup.exe" --> c:\program files\McAfee Online Backup\MOBKbackup.exe [?]
    S2 ZNLSvc;Zeon License Service;c:\program files\HotDocs 6\bin\ZNLSvc.exe [9/8/2008 5:02 PM 186200]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys --> c:\windows\system32\drivers\cfwids.sys [?]
    S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys --> c:\windows\system32\drivers\HipShieldK.sys [?]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys --> c:\windows\system32\drivers\mfefirek.sys [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - cmderd
    *Deregistered* - cmdHlp
    *Deregistered* - Inspect
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-09-20 03:46 451872 -c--a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-21 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
    - c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2012-12-15 02:45]
    .
    2013-01-06 c:\windows\Tasks\Defrag.job
    - c:\windows\Defrag.bat [2007-08-01 17:05]
    .
    2013-01-12 c:\windows\Tasks\Diskcleanup.job
    - c:\windows\Diskcleanup.bat [2007-08-01 15:21]
    .
    2013-01-21 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-06 13:33]
    .
    2013-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-01-11 16:21]
    .
    2013-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-01-11 16:21]
    .
    2013-01-27 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
    - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 23:25]
    .
    2010-09-03 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
    - c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-05-26 19:16]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://web2.westlaw.com/signon/default.wl?bhcp=1&fn=%5Ftop&newdoor=true&rp=%2Fsignon%2Fdefault%2Ewl&rs=WLW5%2E05&vr=2%2E0
    IE: {{91d9cee5-3906-40f7-b51a-9b013b59c826} - {836ece4e-a83a-404a-9433-6b15a66cb0fc} - c:\progra~1\LEXISN~2\PCLaw\plietool.dll
    IE: {{9d2169e0-0775-4080-9b4e-90fce9945b4a} - {2741ca04-5b65-4b10-afc0-4e8387fe6bde} - c:\progra~1\LEXISN~2\PCLaw\plietool.dll
    TCP: Interfaces\{C828282F-6EF3-46C6-B1D0-F3AD40570559}: NameServer = 205.171.2.65,205.171.3.65
    DPF: PLLiveUpWeb - hxxp://support.pclaw.com/PLLiveUpWeb.CAB
    .
    - - - - ORPHANS REMOVED - - - -
    .
    ShellIconOverlayIdentifiers-{3c3f3c1a-9153-7c05-f938-622e7003894d} - c:\program files\McAfee Online Backup\MOBKshell.dll
    ShellIconOverlayIdentifiers-{e6ea1d7d-144e-b977-98c4-84c53c1a69d0} - c:\program files\McAfee Online Backup\MOBKshell.dll
    ShellIconOverlayIdentifiers-{b4caf489-1eec-c617-49ad-8d7088598c06} - c:\program files\McAfee Online Backup\MOBKshell.dll
    HKLM-Run-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
    HKLM-Run-tvncontrol - c:\program files\Common Files\Comodo\tvnserver.exe
    HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
    AddRemove-{27C467F8-F8EF-4f68-BD72-D63632B2096C} - c:\program files\McAfeeMOBK\MozyUninstaller.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-01-28 09:16
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(656)
    c:\windows\system32\l3codeca.acm
    .
    Completion time: 2013-01-28 09:17:43
    ComboFix-quarantined-files.txt 2013-01-28 15:17
    .
    Pre-Run: 31,447,171,072 bytes free
    Post-Run: 31,954,866,176 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 380BEE152566E97054E6AA3C7F4DC92D
     
  5. jknouse

    jknouse Thread Starter

    Joined:
    Apr 23, 2007
    Messages:
    28
    After I ran ComboFix it re-installed the Windows XP 'System Restore' program. It appeared that all of my past restore points were archived so I was able to restore to a previous known 'good' date, (about 3 weeks prior to when my problem showed up). I then updated my Microsoft Essentials virus program, performed a scan and installed ZoneAlarm firewall. It looks like I'm good to go again. Thank for your help!
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Great to hear :) you're welcome
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1086392

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice