No Internet or system restore in windows XP

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

jknouse

Thread Starter
Joined
Apr 23, 2007
Messages
28
I can't access the internet using windows XP unless I boot in the safe mode w/ networking. I think it may be a trojan or a virus because I now cannot open system restore either. Actually I can't open 'system restore' in normal or safe mode, even from a cmd prompt in safe mode. I have both Windows explorer 8 and chrome browsers and neither will allow me internet access in the normal mode. I'm using Microsoft Essentials as a virus program and at this time only have Windows Firewall activated because my McAfee firewall protection has elapsed. I loaded Malwarebytes.org while operating in the safe mode and it did not find anything. I also suspected a rootkit problem and ran Kaspersky but it came up clean as well.

Hijack file:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:20:01 PM, on 1/22/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\John\My Documents\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web2.westlaw.com/signon/defa...=true&rp=/signon/default.wl&rs=WLW5.05&vr=2.0 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120722033015.dll (file missing)
O2 - BHO: DeskBandHelper Class - {9E0B5480-4FF0-4FEE-818B-D4DB0F220D64} - C:\PROGRA~1\LEXISN~2\PCLaw\plietool.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
O3 - Toolbar: PCLaw Web Timer - {0E1230F8-EA50-42A9-983C-D22ABC2EED4B} - C:\PROGRA~1\LEXISN~2\PCLaw\plietool.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files\Common Files\Comodo\tvnserver.exe" -controlservice -slave
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O9 - Extra button: (no name) - {91d9cee5-3906-40f7-b51a-9b013b59c826} - C:\PROGRA~1\LEXISN~2\PCLaw\plietool.dll
O9 - Extra 'Tools' menuitem: PCLaw Web Timer Help - {91d9cee5-3906-40f7-b51a-9b013b59c826} - C:\PROGRA~1\LEXISN~2\PCLaw\plietool.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9d2169e0-0775-4080-9b4e-90fce9945b4a} - C:\PROGRA~1\LEXISN~2\PCLaw\plietool.dll
O9 - Extra 'Tools' menuitem: PCLaw Web Timer - {9d2169e0-0775-4080-9b4e-90fce9945b4a} - C:\PROGRA~1\LEXISN~2\PCLaw\plietool.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PLLiveUpWeb - http://support.pclaw.com/PLLiveUpWeb.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1185936121375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1206027810850
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C828282F-6EF3-46C6-B1D0-F3AD40570559}: NameServer = 205.171.2.65,205.171.3.65
O17 - HKLM\System\CS1\Services\Tcpip\..\{C828282F-6EF3-46C6-B1D0-F3AD40570559}: NameServer = 205.171.2.65,205.171.3.65
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions Inc. - C:\Program Files\Common Files\Comodo\launcher_service.exe
O23 - Service: cmdAgent - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: GeekBuddy Remote Screen Protocol (GeekBuddyRSP) - Comodo Security Solutions, Inc. - C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - Unknown owner - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (file missing)
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (file missing)
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\Program Files\McAfee\VirusScan\mcods.exe (file missing)
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (file missing)
O23 - Service: McAfee McShield (McShield) - Unknown owner - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe (file missing)
O23 - Service: McAfee Firewall Core Service (mfefire) - Unknown owner - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe (file missing)
O23 - Service: McAfee Online Backup (MOBKbackup) - Unknown owner - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - Unknown owner - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Zeon License Service (ZNLSvc) - Unknown owner - C:\Program Files\HotDocs 6\Bin\ZNLSvc.exe

--
End of file - 10486 bytes
=====================================================
Attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/31/2007 9:17:55 PM
System Uptime: 1/22/2013 12:00:27 PM (3 hours ago)
.
Motherboard: Dell Inc. | | 0RY206
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket AM2 | 2009/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 50 GiB total, 29.516 GiB free.
D: is FIXED (NTFS) - 99 GiB total, 98.067 GiB free.
E: is CDROM ()
H: is NetworkDisk (NTFS) - 140 GiB total, 121.372 GiB free.
X: is NetworkDisk (NTFS) - 140 GiB total, 121.372 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\AWY0001\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\AWY0001\2&DABA3FF&0
Service:
.
==== System Restore Points ===================
.
RP1989: 1/2/2013 6:52:27 AM - System Checkpoint
RP1990: 1/3/2013 7:22:29 AM - System Checkpoint
RP1991: 1/4/2013 8:11:55 AM - System Checkpoint
RP1992: 1/5/2013 8:59:54 AM - System Checkpoint
RP1993: 1/6/2013 9:11:54 AM - System Checkpoint
RP1994: 1/7/2013 10:02:00 AM - System Checkpoint
RP1995: 1/8/2013 10:20:28 AM - System Checkpoint
RP1996: 1/9/2013 11:20:27 AM - System Checkpoint
RP1997: 1/10/2013 12:20:27 PM - System Checkpoint
RP1998: 1/11/2013 9:16:38 AM - Software Distribution Service 3.0
RP1999: 1/11/2013 10:55:48 AM - Software Distribution Service 3.0
RP2000: 1/12/2013 11:20:22 AM - System Checkpoint
RP2001: 1/12/2013 11:29:28 AM - Software Distribution Service 3.0
RP2002: 1/13/2013 2:14:56 AM - Software Distribution Service 3.0
RP2003: 1/13/2013 11:27:22 AM - Software Distribution Service 3.0
RP2004: 1/14/2013 11:27:31 AM - Software Distribution Service 3.0
RP2005: 1/15/2013 11:27:27 AM - Software Distribution Service 3.0
RP2006: 1/15/2013 11:28:44 AM - Restore Operation
RP2007: 1/16/2013 8:40:50 AM - Software Distribution Service 3.0
RP2008: 1/17/2013 8:49:29 AM - Software Distribution Service 3.0
RP2009: 1/17/2013 10:52:52 AM - Removed GeekBuddy.
RP2010: 1/18/2013 10:57:13 AM - Software Distribution Service 3.0
RP2011: 1/19/2013 10:56:52 AM - Software Distribution Service 3.0
RP2012: 1/20/2013 2:15:45 AM - Software Distribution Service 3.0
RP2013: 1/21/2013 2:30:00 AM - System Checkpoint
RP2014: 1/21/2013 4:02:05 PM - Software Distribution Service 3.0
RP2015: 1/21/2013 4:32:46 PM - Removed AVG 2013
RP2016: 1/21/2013 4:34:26 PM - Removed AVG 2013
.
==== Installed Programs ======================
.
2007 Iowa Support Master
2008 Iowa Support Master
2009 Iowa Support Master
2010 Iowa Support Master
Acrobat.com
Adobe Acrobat 7.0 Standard
Adobe Acrobat 7.1.0 Standard
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.5)
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
FileWrangler version 5.25
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB888111
HotDocs Developer LE 10
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IowaDocs
IowaDocs 2011
IrfanView (remove only)
LexisNexis PCLaw
LightScribe System Software 1.10.16.1
Limited Liability Companies
Malwarebytes Anti-Malware version 1.70.0.1100
McAfee Online Backup
Microsoft Application Error Reporting
Microsoft IntelliPoint 7.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works 6-9 Converter
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero 8 Essentials
neroxml
NVIDIA Drivers
PCLaw MSXML V4 SP2 Redistributable
PowerDVD
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shared C Run-time for x86
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCRedistSetup
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Service Pack 3
WinZip
.
==== Event Viewer Messages From Past Week ========
.
1/22/2013 12:02:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips MOBKFilter MpFilter Processor
1/22/2013 11:59:07 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MOBKFilter
1/22/2013 11:55:42 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips IPSec MOBKFilter MpFilter MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip
1/22/2013 11:55:42 AM, error: Service Control Manager [7003] - The McAfee McShield service depends on the following nonexistent service: mfevtp
1/22/2013 11:55:42 AM, error: Service Control Manager [7003] - The McAfee Firewall Core Service service depends on the following nonexistent service: mfevtp
1/22/2013 11:55:42 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/22/2013 11:55:42 AM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
1/22/2013 11:55:42 AM, error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
1/22/2013 11:55:42 AM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
1/22/2013 11:55:42 AM, error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
1/22/2013 11:55:42 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/22/2013 11:55:42 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/22/2013 11:55:42 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
1/22/2013 10:34:06 AM, error: Service Control Manager [7000] - The McAfee Firewall Core Service service failed to start due to the following error: The system cannot find the path specified.
1/22/2013 10:33:58 AM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: The system cannot find the file specified.
1/22/2013 10:33:58 AM, error: Service Control Manager [7000] - The McAfee Inc. mfehidk service failed to start due to the following error: The system cannot find the file specified.
1/21/2013 3:51:40 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
1/21/2013 3:30:48 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.376.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
1/21/2013 1:57:10 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.376.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
1/21/2013 1:50:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/21/2013 1:48:47 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips mfehidk mfetdi2k MOBKFilter MpFilter Processor
1/21/2013 1:47:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/17/2013 5:28:14 AM, error: TermServDevices [1111] - Driver Microsoft XPS Document Writer required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
1/17/2013 5:28:14 AM, error: TermServDevices [1111] - Driver HP Officejet 6500 E710n-z required for printer HP Officejet 6500 E710n-z is unknown. Contact the administrator to install the driver before you log in again.
1/17/2013 5:28:13 AM, error: TermServDevices [1111] - Driver Microsoft Shared Fax Driver required for printer Fax is unknown. Contact the administrator to install the driver before you log in again.
1/17/2013 5:28:13 AM, error: TermServDevices [1111] - Driver HP psc 1600 series required for printer HP psc 1600 series is unknown. Contact the administrator to install the driver before you log in again.
1/17/2013 5:28:13 AM, error: TermServDevices [1111] - Driver Fax - HP Officejet 6500 E710n-z required for printer Fax - HP Officejet 6500 E710n-z is unknown. Contact the administrator to install the driver before you log in again.
1/17/2013 10:41:36 AM, error: Tcpip [4191] - IP could not open the registry key for adapter TCPIP\Parameters\Adapters\NDISWANIP. Interfaces on this adapter will not be initialized.
1/17/2013 10:41:32 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfehidk mfetdi2k MOBKFilter
1/17/2013 10:41:31 AM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
1/17/2013 10:41:31 AM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
1/17/2013 10:41:31 AM, error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
1/17/2013 10:41:31 AM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
1/17/2013 10:41:31 AM, error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
1/17/2013 10:41:31 AM, error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
1/17/2013 10:41:31 AM, error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
1/17/2013 10:41:31 AM, error: Service Control Manager [7000] - The McAfee VirusScan Announcer service failed to start due to the following error: The system cannot find the path specified.
1/17/2013 10:41:31 AM, error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the path specified.
1/17/2013 10:41:31 AM, error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: The system cannot find the path specified.
1/17/2013 10:41:31 AM, error: Service Control Manager [7000] - The McAfee Online Backup service failed to start due to the following error: The system cannot find the path specified.
.
==== End Of File ===========================

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by John at 15:58:04 on 2013-01-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.614 [GMT -6:00]
.
AV: Microsoft Security Essentials Prerelease *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://web2.westlaw.com/signon/default.wl?bhcp=1&fn=%5Ftop&newdoor=true&rp=%2Fsignon%2Fdefault%2Ewl&rs=WLW5%2E05&vr=2%2E0
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
BHO: DeskBandHelper Class: {9E0B5480-4FF0-4FEE-818B-D4DB0F220D64} - c:\program files\lexisnexis\pclaw\PLIETool.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -
TB: PCLaw Web Timer: {0E1230F8-EA50-42A9-983C-D22ABC2EED4B} - c:\program files\lexisnexis\pclaw\PLIETool.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Synchronization Manager] c:\windows\system32\mobsync.exe /logon
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [tvncontrol] "c:\program files\common files\comodo\tvnserver.exe" -controlservice -slave
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-ba7e-000000000002}\SC_Acrobat.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {91d9cee5-3906-40f7-b51a-9b013b59c826} - {836ece4e-a83a-404a-9433-6b15a66cb0fc} - c:\program files\lexisnexis\pclaw\PLIETool.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {9d2169e0-0775-4080-9b4e-90fce9945b4a} - {2741ca04-5b65-4b10-afc0-4e8387fe6bde} - c:\program files\lexisnexis\pclaw\PLIETool.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: PLLiveUpWeb - hxxp://support.pclaw.com/PLLiveUpWeb.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185936121375
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206027810850
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{C828282F-6EF3-46C6-B1D0-F3AD40570559} : NameServer = 205.171.2.65,205.171.3.65
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\mobk.sys --> c:\windows\system32\drivers\MOBK.sys [?]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files\common files\comodo\launcher_service.exe [2012-11-1 70352]
S2 GeekBuddyRSP;GeekBuddy Remote Screen Protocol;c:\program files\common files\comodo\GeekBuddyRSP.exe [2012-10-31 1467088]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\mcafee\siteadvisor\mcsacore.exe" --> c:\program files\mcafee\siteadvisor\McSACore.exe [?]
S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]
S2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]
S2 McShield;McAfee McShield;"c:\program files\common files\mcafee\systemcore\\mcshield.exe" --> c:\program files\common files\mcafee\systemcore\\mcshield.exe [?]
S2 mfefire;McAfee Firewall Core Service;"c:\program files\common files\mcafee\systemcore\\mfefire.exe" --> c:\program files\common files\mcafee\systemcore\\mfefire.exe [?]
S2 MOBKbackup;McAfee Online Backup;"c:\program files\mcafee online backup\mobkbackup.exe" --> c:\program files\mcafee online backup\MOBKbackup.exe [?]
S2 ZNLSvc;Zeon License Service;c:\program files\hotdocs 6\bin\ZNLSvc.exe [2008-9-8 186200]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys --> c:\windows\system32\drivers\cfwids.sys [?]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\hipshieldk.sys --> c:\windows\system32\drivers\HipShieldK.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys --> c:\windows\system32\drivers\mfeavfk.sys [?]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys --> c:\windows\system32\drivers\mfebopk.sys [?]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys --> c:\windows\system32\drivers\mfefirek.sys [?]
.
=============== Created Last 30 ================
.
2013-01-22 16:33:32 -------- d-----w- c:\program files\stinger
2013-01-21 22:02:08 6991832 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{618874f2-a843-4f5f-9f7b-887805b35ab5}\mpengine.dll
2013-01-21 21:50:30 -------- d-----w- c:\documents and settings\john\application data\AVG2013
2013-01-21 21:49:37 -------- d-----w- c:\documents and settings\john\application data\TuneUp Software
2013-01-21 21:49:00 -------- d-----w- c:\documents and settings\all users\application data\AVG2013
2013-01-21 21:45:13 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2013-01-21 21:45:13 -------- d-----w- c:\documents and settings\john\local settings\application data\MFAData
2013-01-21 21:45:13 -------- d-----w- c:\documents and settings\john\local settings\application data\Avg2013
2013-01-21 21:45:13 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2013-01-21 19:54:51 -------- d-----w- c:\documents and settings\john\application data\Malwarebytes
2013-01-21 19:54:37 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-01-21 19:54:36 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-21 19:54:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-20 08:15:47 6991832 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-01-17 16:42:34 281808 ----a-w- C:\7za.dll
2013-01-17 16:42:34 -------- d-----w- C:\themes
2013-01-17 16:42:33 3360976 ----a-w- C:\cmdhtml.dll
2013-01-17 16:42:33 -------- d-----w- C:\cis
2013-01-17 16:42:29 18946768 ----a-w- C:\cmdinstall.exe
2013-01-15 17:30:44 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-01-15 17:30:44 -------- d-----w- c:\windows\system32\wbem\Repository
2013-01-11 17:18:39 -------- d-----w- c:\program files\common files\Comodo
2013-01-11 17:13:31 -------- d-s---w- c:\documents and settings\all users\application data\Shared Space
2013-01-11 17:11:04 -------- d-----w- c:\documents and settings\all users\application data\COMODO
2013-01-11 17:10:26 -------- d-----w- c:\documents and settings\john\local settings\application data\COMODO
2013-01-11 17:10:14 -------- d-----w- c:\program files\Comodo
2013-01-11 17:10:10 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2013-01-11 17:10:06 -------- d-----w- c:\documents and settings\all users\application data\Comodo Downloader
2013-01-11 16:55:48 237072 ------w- c:\windows\system32\MpSigStub.exe
2013-01-11 16:52:05 -------- d-----w- c:\program files\Microsoft Security Client
2013-01-11 14:44:55 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-01-11 14:44:36 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-01-11 14:44:36 3072 ------w- c:\windows\system32\iacenc.dll
.
==================== Find3M ====================
.
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-15 02:45:52 32976 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-12-15 02:45:50 583912 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-12-15 02:45:50 18688 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-12-15 02:45:32 35640 ----a-w- c:\windows\system32\cmdcsr.dll
2012-12-15 02:45:30 350272 ----a-w- c:\windows\system32\guard32.dll
2012-12-15 02:45:14 260304 ----a-w- c:\windows\system32\cmdvrt32.dll
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01:39 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 15:58:36.10 ===============

======================================================
ark.txt:

GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-22 16:15:46
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 ->

\Device\00000065 ST3160815AS rev.3.ADA 149.01GB
Running: ltx7byv8.exe; Driver:

C:\DOCUME~1\John\LOCALS~1\Temp\pxtdypog.sys


---- Kernel code sections - GMER 2.0 ----

? C:\DOCUME~1\John\LOCALS~1\Temp\mbr.sys

The system cannot find the file specified. !

---- User code sections - GMER 2.0 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[804]

USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[804]

USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AB5

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[804]

USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[804]

USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[804]

USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[804]

USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[804]

USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[804]

USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71FC

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[804]

USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[804]

USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[804]

USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[804]

USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[804]

ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB80

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[804]

ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E75C7

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1176]

USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1176]

USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AB5

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1176]

USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1176]

USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1176]

USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1176]

USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1176]

USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1176]

USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71FC

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1176]

USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1176]

USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1176]

USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1176]

USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1176]

ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB80

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1176]

ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E75C7

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1428]

USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1428]

USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1428]

USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1428]

USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1428]

USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71FC

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1428]

USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1428]

USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1428]

USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1428]

USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126

C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft

Corporation)

---- EOF - GMER 2.0 ----
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Hi there, I got your message. I haven't been too active lately and right now I am fighting a slight flu, but I can definitely get you started with some instructions.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT! Save ComboFix.exe to your Desktop


  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.
  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
 

jknouse

Thread Starter
Joined
Apr 23, 2007
Messages
28
This is the report that combofix generated:

ComboFix 13-01-28.02 - John 01/28/2013 9:11.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.366 [GMT -6:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials Prerelease *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\John\Application Data\AdobeDLM.log
c:\documents and settings\John\WINDOWS
c:\windows\system32\msxml6.dll.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-28 )))))))))))))))))))))))))))))))
.
.
2013-01-25 16:28 . 2013-01-25 16:28 60872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5AB7F6A-53D2-47B0-9A67-B14DE1375CBF}\offreg.dll
2013-01-24 21:08 . 2013-01-24 21:08 -------- d-----w- C:\$AVG
2013-01-24 21:07 . 2013-01-24 21:07 -------- d-----w- c:\program files\AVG
2013-01-24 20:14 . 2013-01-08 02:57 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5AB7F6A-53D2-47B0-9A67-B14DE1375CBF}\mpengine.dll
2013-01-22 16:33 . 2013-01-22 17:51 -------- d-----w- c:\program files\stinger
2013-01-21 22:02 . 2013-01-08 02:57 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-21 21:50 . 2013-01-21 21:50 -------- d-----w- c:\documents and settings\John\Application Data\AVG2013
2013-01-21 21:49 . 2013-01-21 21:49 -------- d-----w- c:\documents and settings\John\Application Data\TuneUp Software
2013-01-21 21:49 . 2013-01-24 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013
2013-01-21 21:48 . 2013-01-21 21:53 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Avg2013
2013-01-21 21:45 . 2013-01-24 21:15 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Avg2013
2013-01-21 21:45 . 2013-01-24 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2013-01-21 21:45 . 2013-01-21 21:45 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2013-01-21 21:45 . 2013-01-21 21:45 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\MFAData
2013-01-21 19:54 . 2013-01-21 19:54 -------- d-----w- c:\documents and settings\John\Application Data\Malwarebytes
2013-01-21 19:54 . 2013-01-21 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-01-21 19:54 . 2013-01-21 19:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-21 19:54 . 2012-12-14 22:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-17 16:42 . 2013-01-17 16:42 -------- d-----w- C:\themes
2013-01-17 16:42 . 2012-12-14 20:45 281808 ----a-w- C:\7za.dll
2013-01-17 16:42 . 2013-01-17 16:42 -------- d-----w- C:\cis
2013-01-17 16:42 . 2012-12-14 20:45 3360976 ----a-w- C:\cmdhtml.dll
2013-01-17 16:42 . 2012-12-14 20:45 18946768 ----a-w- C:\cmdinstall.exe
2013-01-17 16:39 . 2013-01-17 16:39 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\COMODO
2013-01-15 17:30 . 2013-01-15 17:30 -------- d-----w- c:\windows\system32\wbem\Repository
2013-01-11 17:18 . 2013-01-17 16:53 -------- d-----w- c:\program files\Common Files\Comodo
2013-01-11 17:14 . 2013-01-17 16:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\COMODO
2013-01-11 17:13 . 2013-01-11 17:13 -------- d-s---w- c:\documents and settings\All Users\Application Data\Shared Space
2013-01-11 17:11 . 2013-01-11 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
2013-01-11 17:10 . 2013-01-11 17:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\GeekBuddyRSP
2013-01-11 17:10 . 2013-01-17 16:54 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\COMODO
2013-01-11 17:10 . 2013-01-17 16:54 -------- d-----w- c:\program files\Comodo
2013-01-11 17:10 . 2013-01-11 17:10 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2013-01-11 17:10 . 2013-01-11 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2013-01-11 16:55 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2013-01-11 16:52 . 2013-01-11 16:52 -------- d-----w- c:\program files\Microsoft Security Client
2013-01-11 14:44 . 2012-11-01 12:17 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-01-11 14:44 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-01-11 14:44 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2004-08-04 05:56 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-15 02:45 . 2012-12-15 02:45 98904 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-12-15 02:45 . 2012-12-15 02:45 32976 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-12-15 02:45 . 2012-12-15 02:45 583912 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-12-15 02:45 . 2012-12-15 02:45 18688 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-12-15 02:45 . 2012-12-15 02:45 35640 ----a-w- c:\windows\system32\cmdcsr.dll
2012-12-15 02:45 . 2012-12-15 02:45 350272 ----a-w- c:\windows\system32\guard32.dll
2012-12-15 02:45 . 2012-12-15 02:45 260304 ----a-w- c:\windows\system32\cmdvrt32.dll
2012-11-16 05:33 . 2012-11-16 05:33 94048 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-11-13 01:25 . 2004-08-04 04:17 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01 . 2009-08-19 23:07 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2004-08-04 05:56 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-08-04 05:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 12:17 . 2004-08-04 05:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-04 05:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 00:35 . 2004-08-04 03:59 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-09-20 455968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432]
"nwiz"="nwiz.exe" [2007-06-29 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-29 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2007-8-1 25214]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Common Files\Comodo\GeekBuddyRSP.exe"= c:\program files\Common Files\Comodo\GeekBuddyRSP.exe:127.0.0.1/255.255.255.255:Enabled:GeekBuddy RSP
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
"3390:TCP"= 3390:TCP:3390RDP
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [10/15/2012 3:48 AM 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 3:46 AM 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/14/2012 3:05 AM 35552]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/21/2012 3:46 AM 164832]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [10/22/2012 1:02 PM 179936]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 3:45 AM 19936]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/2/2012 3:30 AM 159712]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys --> c:\windows\system32\DRIVERS\MOBK.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [11/15/2012 11:34 PM 5814904]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/22/2012 1:05 PM 196664]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\Comodo\launcher_service.exe [11/1/2012 8:52 AM 70352]
S2 GeekBuddyRSP;GeekBuddy Remote Screen Protocol;c:\program files\Common Files\Comodo\GeekBuddyRSP.exe [10/31/2012 3:46 PM 1467088]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" --> c:\program files\McAfee\SiteAdvisor\McSACore.exe [?]
S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [?]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S2 mfefire;McAfee Firewall Core Service;"c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe" --> c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [?]
S2 MOBKbackup;McAfee Online Backup;"c:\program files\McAfee Online Backup\MOBKbackup.exe" --> c:\program files\McAfee Online Backup\MOBKbackup.exe [?]
S2 ZNLSvc;Zeon License Service;c:\program files\HotDocs 6\bin\ZNLSvc.exe [9/8/2008 5:02 PM 186200]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys --> c:\windows\system32\drivers\cfwids.sys [?]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys --> c:\windows\system32\drivers\HipShieldK.sys [?]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys --> c:\windows\system32\drivers\mfefirek.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - cmderd
*Deregistered* - cmdHlp
*Deregistered* - Inspect
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-09-20 03:46 451872 -c--a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-21 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2012-12-15 02:45]
.
2013-01-06 c:\windows\Tasks\Defrag.job
- c:\windows\Defrag.bat [2007-08-01 17:05]
.
2013-01-12 c:\windows\Tasks\Diskcleanup.job
- c:\windows\Diskcleanup.bat [2007-08-01 15:21]
.
2013-01-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-06 13:33]
.
2013-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-11 16:21]
.
2013-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-11 16:21]
.
2013-01-27 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 23:25]
.
2010-09-03 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-05-26 19:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://web2.westlaw.com/signon/default.wl?bhcp=1&fn=%5Ftop&newdoor=true&rp=%2Fsignon%2Fdefault%2Ewl&rs=WLW5%2E05&vr=2%2E0
IE: {{91d9cee5-3906-40f7-b51a-9b013b59c826} - {836ece4e-a83a-404a-9433-6b15a66cb0fc} - c:\progra~1\LEXISN~2\PCLaw\plietool.dll
IE: {{9d2169e0-0775-4080-9b4e-90fce9945b4a} - {2741ca04-5b65-4b10-afc0-4e8387fe6bde} - c:\progra~1\LEXISN~2\PCLaw\plietool.dll
TCP: Interfaces\{C828282F-6EF3-46C6-B1D0-F3AD40570559}: NameServer = 205.171.2.65,205.171.3.65
DPF: PLLiveUpWeb - hxxp://support.pclaw.com/PLLiveUpWeb.CAB
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{3c3f3c1a-9153-7c05-f938-622e7003894d} - c:\program files\McAfee Online Backup\MOBKshell.dll
ShellIconOverlayIdentifiers-{e6ea1d7d-144e-b977-98c4-84c53c1a69d0} - c:\program files\McAfee Online Backup\MOBKshell.dll
ShellIconOverlayIdentifiers-{b4caf489-1eec-c617-49ad-8d7088598c06} - c:\program files\McAfee Online Backup\MOBKshell.dll
HKLM-Run-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
HKLM-Run-tvncontrol - c:\program files\Common Files\Comodo\tvnserver.exe
HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
AddRemove-{27C467F8-F8EF-4f68-BD72-D63632B2096C} - c:\program files\McAfeeMOBK\MozyUninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-28 09:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\l3codeca.acm
.
Completion time: 2013-01-28 09:17:43
ComboFix-quarantined-files.txt 2013-01-28 15:17
.
Pre-Run: 31,447,171,072 bytes free
Post-Run: 31,954,866,176 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 380BEE152566E97054E6AA3C7F4DC92D
 

jknouse

Thread Starter
Joined
Apr 23, 2007
Messages
28
After I ran ComboFix it re-installed the Windows XP 'System Restore' program. It appeared that all of my past restore points were archived so I was able to restore to a previous known 'good' date, (about 3 weeks prior to when my problem showed up). I then updated my Microsoft Essentials virus program, performed a scan and installed ZoneAlarm firewall. It looks like I'm good to go again. Thank for your help!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top