Internet access problem 1

[SirBlack]

A little background first:

PC running XP Pro SP3 with IE 7

Wife was complaining about PC running slow when online. Upgraded to IE 8. Shortly after that, she could not access web sites Installed Firefox but no help there. Tried installing Google Chrome with no success. Scanned for viruses, malware & spyware and deleted the few minor items found. Still could not access the web. Task bar says it’s connected and Device Manager shows no problems. Uninstalled SP 3 to revert to IE 7, still no access. I had to re-install SP 3 in safe mode. Ran SFC /scannow and got the same result. Tried using system restore but all attempts were not possible for any points in January & was not able to back track to December. She can access AOL & get to some links that way but even those aren’t fully functional.

Finally booted in safe mode and tried to access the Internet. Got the following error message: IEDW.EXE

The Ordinal 363 could not be located in the dynamic link library URLMON.DLL.

Any help anybody can give me would be greatly appreciated

Thanks in advance, Bob

 

[goombawaho]

Wow - you shouldn't have freaked out and removed SP3, but that's water under the bridge.

Sounds like one of three things in this order: malware OR windows corruption OR bad memory

Test memory first with MemTest86+ and/or Windows Memory Diagnostic. This CD has a bunch (

http://www.ultimatebootcd.com/download.html)

For the following - reboot if asked by the application. Don't proceed to next step if asked to reboot WITHOUT rebooting.
1. Run CCleaner and clean out all temp files that it finds.
2. Download and run RKILL.exe (or rkill.scr or rill.com) (google: bleeping computer rkill)
3. Run TDSSKiller

http://www.bleepingcomputer.com/download/roguekiller/

4. Run RogueKiller

https://support.kaspersky.com/viruses/solutions?qid=208280684

Finally, if you found a lot of malware OR if you still don't have internet (trying multiple browsers), do the following.
5. Remove your anti-virus program and reboot. Run Combofix. (google: bleeping computer combofix)

PLEASE REPORT BACK

 

[SirBlack]

Sorry for the delay in replying but this is what I’ve done & the results:

PC would not allow me to change boot sequence. Boot menu was oversized & unusable.

Ran CCleaner, cleaned out all junk files and fixed all registry issues.

Ran RKILL, TGSSKiller RogueKiller in that order. Still no access. Ran Combo Fix with same results. Here are the log files:

Rkill 2.4.6 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Program started at: 01/21/2013 03:22:12 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Manual

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic

* Automatic Updates (wuauserv) is not Running.
Startup Type set to: Automatic

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 01/21/2013 03:23:44 PM
Execution time: 0 hours(s), 1 minute(s), and 32 seconds(s)


ComboFix 13-01-21.04 - Dianne 01/21/2013 15:49:17.2.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1075 [GMT -5:00]
Running from: c:\documents and settings\Anyone\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((( Files Created from 2012-12-21 to 2013-01-21 )))))))))))))))))))))))))))))))
.
.
2013-01-19 17:10 . 2009-11-27 17:11 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2013-01-19 17:09 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2013-01-19 17:06 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2013-01-19 17:03 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2013-01-19 17:02 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2013-01-18 23:26 . 2008-04-14 03:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2013-01-18 23:26 . 2008-04-14 10:42 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
2013-01-18 23:26 . 2008-04-14 10:42 9728 ------w- c:\windows\system32\rwnh.dll
2013-01-18 23:26 . 2008-04-14 10:42 10752 ------w- c:\windows\system32\smtpapi.dll
2013-01-18 22:31 . 2013-01-18 22:31 -------- d-----w- c:\documents and settings\Anyone\Local Settings\Application Data\Deployment
2013-01-18 21:42 . 2013-01-18 21:42 -------- d-----w- c:\program files\GUM34.tmp
2013-01-18 15:33 . 2013-01-18 15:40 4096000 ----a-w- c:\program files\GUT35.tmp
2013-01-16 04:56 . 2013-01-16 04:56 -------- d-s---w- c:\documents and settings\LocalService\IETldCache
2013-01-16 04:47 . 2012-10-30 23:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-16 04:47 . 2012-10-30 23:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-16 04:47 . 2012-10-30 23:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-01-16 04:47 . 2012-10-30 23:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-16 04:47 . 2012-10-30 23:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-16 04:47 . 2012-10-30 23:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2013-01-16 04:47 . 2012-10-30 23:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2013-01-16 04:47 . 2012-10-30 23:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2013-01-16 04:46 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-16 04:46 . 2012-10-30 23:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-16 04:45 . 2013-01-16 04:45 -------- d-----w- c:\program files\AVAST Software
2013-01-16 04:45 . 2013-01-16 04:45 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2013-01-16 04:11 . 2013-01-16 04:11 -------- d-----w- c:\documents and settings\Anyone\Application Data\QuickScan
2013-01-15 23:15 . 2003-11-10 23:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2013-01-15 23:15 . 2003-11-10 23:10 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2013-01-15 23:15 . 2003-11-10 23:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2013-01-15 23:15 . 2003-11-10 23:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2013-01-15 23:15 . 2003-11-10 23:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2013-01-15 23:15 . 2013-01-15 23:15 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2013-01-15 23:15 . 2013-01-15 23:15 -------- d-----w- C:\NVIDIA
2013-01-15 16:00 . 2013-01-15 16:00 -------- d-s---w- c:\documents and settings\Anyone\PrivacIE
2013-01-15 15:54 . 2013-01-15 15:54 -------- d-s---w- c:\documents and settings\NetworkService\IETldCache
2013-01-15 15:52 . 2013-01-15 15:52 -------- d-s---w- c:\documents and settings\Anyone\IETldCache
2013-01-15 15:38 . 2013-01-17 02:50 -------- d-----w- c:\windows\ie8updates
2013-01-15 15:31 . 2012-11-01 03:30 78336 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2013-01-15 15:31 . 2012-11-01 03:30 78336 ----a-w- c:\windows\system32\ieencode.dll
2013-01-15 15:25 . 2012-11-01 12:17 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-01-15 15:24 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-01-15 15:24 . 2012-11-01 12:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-01-15 15:24 . 2012-11-01 12:17 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-01-15 15:24 . 2012-11-01 12:17 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-01-15 15:14 . 2013-01-15 15:14 -------- d-----w- c:\program files\Common Files\Java
2013-01-15 15:13 . 2013-01-15 15:12 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-15 15:13 . 2013-01-15 15:12 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-15 15:12 . 2013-01-15 15:12 -------- d-----w- c:\program files\Java
2013-01-15 15:08 . 2013-01-15 15:08 -------- d-----w- C:\Sun
2013-01-15 00:47 . 2002-09-03 13:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2013-01-14 14:00 . 2013-01-14 14:04 -------- d-----w- C:\Kingston Bu
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-15 15:12 . 2012-06-18 15:35 859552 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-15 15:12 . 2010-11-10 18:58 780192 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-14 21:49 . 2009-03-05 14:35 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-13 20:54 . 2012-07-06 14:37 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-13 20:54 . 2011-05-23 04:58 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-08 16:29 . 2012-11-08 16:29 1402312 ----a-w- c:\windows\system32\msxml4.dll
2012-11-07 17:47 . 2012-11-13 03:20 1266056 ----a-w- C:\WindowsXP-KB927891-v3-x86-ENU.exe
2012-11-07 17:45 . 2012-11-13 03:19 3038 ----a-w- C:\fix_svchost.bat
2012-11-07 17:45 . 2012-11-13 03:20 6216032 ----a-w- C:\windowsupdateagent30-x86.exe
2012-11-01 03:30 . 2002-09-03 13:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 03:30 . 2002-09-03 13:00 17408 ----a-w- c:\windows\system32\corpol.dll
2002-09-14 19:23 . 2002-09-14 19:23 2006009 -c--a-w- c:\program files\Windows XP Media Center Edition Screen Saver.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2005-06-18 25600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2003-03-20 1855488]
"AsioReg"="CTASIO.DLL" [2005-06-18 73728]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 8.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=c:\windows\pss\AOL Companion.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ScanButton 2.4.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ScanButton 2.4.lnk
backup=c:\windows\pss\ScanButton 2.4.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Anyone^Start Menu^Programs^Startup^Corel Custom Photo Registration.lnk]
path=c:\documents and settings\Anyone\Start Menu\Programs\Startup\Corel Custom Photo Registration.lnk
backup=c:\windows\pss\Corel Custom Photo Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-24 01:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto EPSON Stylus CX8400 Series on BOBSPC]
2007-02-15 10:00 179200 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICEA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2005-06-18 18:01 16384 ----a-w- c:\windows\CTHELPER.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dimension4]
2004-02-04 05:26 200704 ----a-w- c:\program files\D4\D4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-02-26 06:01 437160 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C62 Series]
2002-04-10 07:00 74240 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S0BIC1.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 06:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2003-06-18 17:00 200704 -c--a-w- c:\program files\Microsoft Money\System\mnyexpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --s---w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2009-04-07 19:34 642856 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 18:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2011-02-24 22:10 26112 -c--a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
2003-01-09 14:21 253952 -c--a-w- c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2003-01-13 15:19 757760 -c--a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
2003-01-13 19:05 69632 -c--a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 14:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-11-14 01:17 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 -c--a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"TomTomHOMEService"=2 (0x2)
"ose"=3 (0x3)
"Secunia PSI Agent"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"nmservice"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\D4\\D4.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017
.
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [9/10/2010 11:40 PM 27576]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 6:38 PM 116608]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/15/2013 11:47 PM 738504]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/15/2013 11:47 PM 361032]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [9/10/2010 11:40 PM 239368]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/15/2013 11:47 PM 21256]
S3 BEL6001P;Belkin 11Mbps Wireless Desktop Adapter (F5D6001 V.2);c:\windows\system32\DRIVERS\BEL6001P.sys --> c:\windows\system32\DRIVERS\BEL6001P.sys [?]
S3 pcand5bk;PCAND5BK PCANDIS5 Protocol Driver;\??\c:\windows\system32\pcand5bk.SYS --> c:\windows\system32\pcand5bk.SYS [?]
S3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\Drivers\Pcouffin.sys --> c:\windows\system32\Drivers\Pcouffin.sys [?]
S3 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [3/7/2011 7:21 PM 229376]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 6:31 AM 92008]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 79331913
*NewlyCreated* - WUDFSVC
*Deregistered* - 79331913
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-16 20:54]
.
2013-01-21 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-01-16 23:50]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: jigzone.com\www
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4BA8CA40-A428-47AB-ABE9-45205BA0AED2}: NameServer = 156.154.70.22,156.154.71.22
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

http://www.gmer.net

Rootkit scan 2013-01-21 15:58
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(688)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(1428)
c:\windows\system32\ieframe.dll
.
Completion time: 2013-01-21 16:02:52
ComboFix-quarantined-files.txt 2013-01-21 21:02
ComboFix2.txt 2013-01-20 01:30
.
Pre-Run: 36,945,088,512 bytes free
Post-Run: 36,920,467,456 bytes free
.
- - End Of File - - 89A2BC9AB01E0977647869C7FA687FA5

Any other ideas?

Thanks, Bob



Remember, if you can't stand behind our troops, feel free to stand in front of them!

Bob B-)

 

[goombawaho]

Two things of note: Did you NOT remove anti-virus products before running Combofix scan?? Also, it showed that you have both avast! Antivirus and Microsoft Security Essentials installed. At least uninstall one of those as you should never run more than on A-V.

If you DID uninstall the A-V before running combofix, then do the following and run it again, but later.
At a cmd prompt - run these commands, ENTER after each line
net stop winmgmt /y
cd %windir%\system32\wbem
ren repository repository.old
net start winmgmt /y

Because this is a weird problem and it doesn't appear that you have malware, why don't you remove all three items - avast!, Microsoft Security Essentials and Comodo firewall. Reboot after each uninstall, one at a time (yes a pain). Then run this XP winsock reset tool and reboot to see if things are working. Add your firewall and one A-V back after everything is normal.

http://www.snapfiles.com/get/winsockxpfix.html

If that fails to restore internet, run MiniToolBox and post results. UNcheck the last 3 items before running: List users.., List Minidump, List Restore

http://www.bleepingcomputer.com/download/minitoolbox/

 

[SirBlack]

I did not remove Avast; I simply disabled it. Although it reported MSE was running, I uninstalled it using Revo a long time back as well as Comodo. A check of programs in Revo & Windows add/remove did not list either. I did find a few leftover files for both of them, which I deleted. I uninstalled Avast (again using Revo & deleted any leftover files found by search).

I then ran the cmd prompts with results:

net stop winmgmt /y ENTER
cd %windir%\system32\wbem ENTER
ren repository repository. old ENTER
“ACCESS DENIED”
net start winmgmt /y
“ALREADY STARTED”


Tried installing XP winsock reset tool and got the following error message:

“Install_WinsockFix.exe has encountered a problem and needs to close.”

Unchecked the last 3 items and ran MiniToolBox but still no internet access.

Here is that log file:

MiniToolBox by Farbar Version:10-01-2013
Ran by Dianne (administrator) on 29-01-2013 at 13:32:27
Running from "C:\Documents and Settings\Anyone\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8169/8110 Family Gigabit Ethernet NIC = Local Area Connection 2 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=static addr=156.154.70.22 register=PRIMARY
add dns name="Local Area Connection 2" addr=156.154.71.22 index=2
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : gway1500

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 2:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8169/8110 Family Gigabit Ethernet NIC

Physical Address. . . . . . . . . : 00-1E-2A-3F-77-88

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.102

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 156.154.70.22

156.154.71.22

Lease Obtained. . . . . . . . . . : Tuesday, January 29, 2013 1:14:19 PM

Lease Expires . . . . . . . . . . : Wednesday, January 30, 2013 1:14:19 PM

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 156.154.70.22

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.


Pinging google.com [74.125.228.73] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 74.125.228.73:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 156.154.70.22

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1e 2a 3f 77 88 ...... Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.102 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.102 192.168.0.102 20
192.168.0.102 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.102 192.168.0.102 20
224.0.0.0 240.0.0.0 192.168.0.102 192.168.0.102 20
255.255.255.255 255.255.255.255 192.168.0.102 192.168.0.102 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/29/2013 01:31:00 PM) (Source: Application Error) (User: )
Description: Faulting application install_winsockxpfix.exe, version 0.0.0.0, faulting module install_winsockxpfix.exe, version 0.0.0.0, fault address 0x000e798c.
Processing media-specific event for [install_winsockxpfix.exe!ws!]

Error: (01/29/2013 01:14:30 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (01/29/2013 01:14:30 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (01/29/2013 01:14:27 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (01/29/2013 01:14:27 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (01/29/2013 01:02:09 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 7.0.6000.17115, faulting module urlmon.dll, version 6.0.2900.5512, fault address 0x000037b4.
Processing media-specific event for [iexplore.exe!ws!]

Error: (01/29/2013 00:50:29 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (01/29/2013 00:50:29 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (01/29/2013 00:50:22 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (01/29/2013 00:50:22 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.


System errors:
=============
Error: (01/29/2013 01:15:24 PM) (Source: Service Control Manager) (User: )
Description: The Human Interface Device Access service terminated with the following error:
%%126

Error: (01/29/2013 00:50:49 PM) (Source: Service Control Manager) (User: )
Description: The Human Interface Device Access service terminated with the following error:
%%126

Error: (01/29/2013 00:48:23 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/29/2013 00:45:27 PM) (Source: DCOM) (User: GWAY1500)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (01/29/2013 00:44:19 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/29/2013 00:43:53 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Aavmker4
AFD
AswRdr
aswSnx
aswSP
aswTdi
cmdGuard
cmdHlp
Fips
IPSec
MpFilter
MRxSmb
NetBIOS
NetBT
Processor
RasAcd
Rdbss
SASDIFSV
SASKUTIL
Tcpip
WS2IFSL

Error: (01/29/2013 00:43:53 PM) (Source: Service Control Manager) (User: )
Description: The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error:
%%1068

Error: (01/29/2013 00:43:53 PM) (Source: Service Control Manager) (User: )
Description: The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error:
%%1068

Error: (01/29/2013 00:43:53 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Error: (01/29/2013 00:43:53 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31


Microsoft Office Sessions:
=========================
Error: (01/29/2013 01:31:00 PM) (Source: Application Error)(User: )
Description: install_winsockxpfix.exe0.0.0.0install_winsockxpfix.exe0.0.0.0000e798c

Error: (01/29/2013 01:14:30 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (01/29/2013 01:14:30 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (01/29/2013 01:14:27 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (01/29/2013 01:14:27 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (01/29/2013 01:02:09 PM) (Source: Application Error)(User: )
Description: iexplore.exe7.0.6000.17115urlmon.dll6.0.2900.5512000037b4

Error: (01/29/2013 00:50:29 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (01/29/2013 00:50:29 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (01/29/2013 00:50:22 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (01/29/2013 00:50:22 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}


=========================== Installed Programs ============================

4th of July Fireworks 3D Screensaver 1.0 (Version: 1.0)
7-Zip 9.20
Acrobat.com (Version: 2.1.0)
Acrobat.com (Version: 2.1.0.0)
Adobe AIR (Version: 3.5.0.880)
Adobe Flash Player 10 Plugin (Version: 10.3.183.43)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Reader XI (Version: 11.0.00)
AiO_Scan_CDA (Version: 70.0.149.000)
AiOSoftwareNPI (Version: 70.0.149.000)
America Online (Choose which version to remove)
ArcSoft Print Creations
autumnmemories_3113668 Screen Saver
Belarc Advisor 7.2
BufferChm (Version: 70.0.170.000)
CameraDrivers (Version: 6.0.0.204)
CameraUserGuides (Version: 6.0.0.204)
CCleaner (Version: 3.26)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Corel Applications
Destinations (Version: 70.0.170.000)
Dimension 4 v5.0 (Version: 5.0.33)
DocProc (Version: 7.0.0.0)
DocProcQFolder (Version: 1.00.0000)
Easy CD & DVD Creator 6 (Version: 6.0.0.171)
EPSON Printer Software
Fax_CDA (Version: 70.0.149.000)
Gateway Download Assistant (Version: 1.0.0)
HP Imaging Device Functions 7.0 (Version: 7.0)
HP Photosmart and Deskjet 7.0.A
HP Photosmart Cameras 6.0 (Version: 6.0)
HP Photosmart Essential (Version: 1.9.1.3)
HP Software Update (Version: 3.0.7.014)
HP Solution Center 7.0 (Version: 7.0)
hpiCamDrvQFolder (Version: 6.0.0)
HPPhotoSmartExpress (Version: 70.0.170.000)
HPProductAssistant (Version: 70.0.170.000)
InstantShareDevicesMFC (Version: 70.0.170.000)
Intel(R) 537EP V9x DF PCI Modem
Java 7 Update 11 (Version: 7.0.110)
Java Auto Updater (Version: 2.1.9.0)
KODAK Picture CD Volume 3 Issue 2
Mahjongg Master 4
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware (Version: 2.1.6805.0)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004 (Version: 12.0.50)
Microsoft Money 2004 System Pack (Version: 12.0.80)
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSConfig CleanUp 1.2
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
NewCopy_CDA (Version: 70.0.149.000)
OCR Software by I.R.I.S 7.0 (Version: 7.0)
PanoStandAlone (Version: 70.0.170.000)
PCI Audio Driver
ProductContextNPI (Version: 70.0.149.000)
Puran Defrag Free Edition 7.2
Pure Networks Platform (Version: 11.2.9117.0)
QuickTime (Version: 7.71.80.42)
Readme (Version: 70.0.149.000)
RealPlayer Basic
Revo Uninstaller 1.94 (Version: 1.94)
Scan (Version: 7.0.0.0)
ScannerCopy (Version: 7.0.0.0)
SereneScene Marine Aquarium 2
SolutionCenter (Version: 70.0.170.000)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 4.6 (Version: 4.6.1)
Status (Version: 70.0.170.000)
SUPERAntiSpyware (Version: 5.5.1006)
TomTom HOME 2.7.3.1894 (Version: 2.7.3.1894)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Toolbox (Version: 70.0.170.000)
TrayApp (Version: 70.0.170.000)
Tweak UI
Unload (Version: 7.0.0)
Unlocker 1.9.1 (Version: 1.9.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
Viewpoint Media Player
VLC media player 0.9.4 (Version: 0.9.4)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 70.0.170.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Devices: ================================

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


**** End of log ****


A few other notes, Windows Update was able to download 35 updates and I was able to install all. Also, she is still able to sign on to her AOL account and get to web sites there but with limited functionality. She does get the following error message after signing on to AOL:

“The procedure entry point CoInternetCombineUrlEx could not be located in the dynamic link library URLMON.DLL.”

Also, I was unable to install Mozilla Firefox but was able to install Google Chrome but it too would not allow access to the web.

I reran combofix and it still insists MSE is running. I continued & then was warned that the version I was using had expired and would be run with “reduced functionality”. Unfortunately, bleeping computer’s web site was down for that app. Here’s that log:

ComboFix 13-01-21.04 - Dianne 01/29/2013 14:59:36.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1087 [GMT -5:00]
Running from: C:\Documents and Settings\Anyone\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

- REDUCED FUNCTIONALITY MODE -


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Anyone\Start Menu\Internet Explorer.lnk

---- Previous Run -------

C:\Documents and Settings\Anyone\Start Menu\Internet Explorer.lnk


((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-29 )))))))))))))))))))))))))))))))


2013-01-29 19:39:26 . 2013-01-29 19:39:26 -------- d-----w- C:\WINDOWS\LastGood
2013-01-22 08:41:02 . 2011-02-08 13:33:55 978944 -c----w- C:\WINDOWS\system32\dllcache\mfc42.dll
2013-01-22 08:41:02 . 2010-09-18 06:53:25 953856 -c----w- C:\WINDOWS\system32\dllcache\mfc40u.dll
2013-01-22 08:39:22 . 2011-07-15 13:29:31 456320 -c----w- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2013-01-22 08:38:01 . 2010-08-23 16:12:04 617472 -c----w- C:\WINDOWS\system32\dllcache\comctl32.dll
2013-01-22 08:36:09 . 2010-11-02 15:17:02 40960 -c----w- C:\WINDOWS\system32\dllcache\ndproxy.sys
2013-01-22 08:33:45 . 2011-08-17 13:49:54 138496 -c----w- C:\WINDOWS\system32\dllcache\afd.sys
2013-01-22 08:33:41 . 2012-12-16 12:23:59 290560 -c----w- C:\WINDOWS\system32\dllcache\atmfd.dll
2013-01-22 08:33:22 . 2011-04-21 13:37:43 105472 -c----w- C:\WINDOWS\system32\dllcache\mup.sys
2013-01-22 08:30:25 . 2009-11-27 16:07:34 48128 -c----w- C:\WINDOWS\system32\dllcache\iyuv_32.dll
2013-01-22 08:30:21 . 2012-05-28 18:16:33 536576 -c----w- C:\WINDOWS\system32\dllcache\msado15.dll
2013-01-22 08:29:05 . 2010-06-18 13:36:12 3558912 -c----w- C:\WINDOWS\system32\dllcache\moviemk.exe
2013-01-22 08:29:02 . 2012-07-04 14:05:18 139784 -c----w- C:\WINDOWS\system32\dllcache\rdpwd.sys
2013-01-21 22:42:58 . 2009-11-21 15:51:04 471552 -c----w- C:\WINDOWS\system32\dllcache\aclayers.dll
2013-01-21 21:28:01 . 2011-07-08 14:02:00 10496 -c----w- C:\WINDOWS\system32\dllcache\ndistapi.sys
2013-01-21 21:27:10 . 2010-10-11 14:59:30 45568 -c----w- C:\WINDOWS\system32\dllcache\wab.exe
2013-01-21 21:27:07 . 2010-08-16 08:45:00 590848 -c----w- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2013-01-19 17:10:57 . 2009-11-27 17:11:44 17920 -c----w- C:\WINDOWS\system32\dllcache\msyuv.dll
2013-01-19 17:09:35 . 2010-07-12 12:55:03 218112 -c----w- C:\WINDOWS\system32\dllcache\wordpad.exe
2013-01-19 17:06:52 . 2010-06-14 14:31:20 744448 -c----w- C:\WINDOWS\system32\dllcache\helpsvc.exe
2013-01-19 17:03:06 . 2008-05-08 14:02:52 203136 -c----w- C:\WINDOWS\system32\dllcache\rmcast.sys
2013-01-19 17:02:51 . 2008-05-01 14:33:02 331776 -c----w- C:\WINDOWS\system32\dllcache\msadce.dll
2013-01-18 23:26:38 . 2008-04-14 03:57:20 79872 -c----w- C:\WINDOWS\system32\dllcache\msxml6r.dll
2013-01-18 23:26:37 . 2012-11-06 02:01:39 1371648 -c----w- C:\WINDOWS\system32\dllcache\msxml6.dll
2013-01-18 23:26:27 . 2008-04-14 10:42:06 9728 ------w- C:\WINDOWS\system32\rwnh.dll
2013-01-18 23:26:26 . 2008-04-14 10:42:08 10752 ------w- C:\WINDOWS\system32\smtpapi.dll
2013-01-18 22:31:10 . 2013-01-18 22:31:11 -------- d-----w- C:\Documents and Settings\Anyone\Local Settings\Application Data\Deployment
2013-01-18 21:42:05 . 2013-01-18 21:42:08 -------- d-----w- C:\Program Files\GUM34.tmp
2013-01-18 15:33:07 . 2013-01-18 15:40:56 4096000 ----a-w- C:\Program Files\GUT35.tmp
2013-01-16 04:56:14 . 2013-01-16 04:56:14 -------- d-s---w- C:\Documents and Settings\LocalService\IETldCache
2013-01-16 04:11:50 . 2013-01-16 04:11:50 -------- d-----w- C:\Documents and Settings\Anyone\Application Data\QuickScan
2013-01-15 23:15:31 . 2003-11-10 23:12:12 192512 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2013-01-15 23:15:31 . 2003-11-10 23:10:06 32768 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2013-01-15 23:15:30 . 2003-11-10 23:13:28 69715 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2013-01-15 23:15:30 . 2003-11-10 23:12:42 266240 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2013-01-15 23:15:30 . 2003-11-10 23:11:58 5632 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2013-01-15 23:15:23 . 2013-01-15 23:15:23 188548 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2013-01-15 23:15:00 . 2013-01-15 23:15:00 -------- d-----w- C:\NVIDIA
2013-01-15 16:00:11 . 2013-01-15 16:00:12 -------- d-s---w- C:\Documents and Settings\Anyone\PrivacIE
2013-01-15 15:54:36 . 2013-01-15 15:54:36 -------- d-s---w- C:\Documents and Settings\NetworkService\IETldCache
2013-01-15 15:52:24 . 2013-01-15 15:52:24 -------- d-s---w- C:\Documents and Settings\Anyone\IETldCache
2013-01-15 15:38:20 . 2013-01-17 02:50:08 -------- d-----w- C:\WINDOWS\ie8updates
2013-01-15 15:31:44 . 2012-11-01 03:30:04 78336 -c--a-w- C:\WINDOWS\system32\dllcache\ieencode.dll
2013-01-15 15:31:44 . 2012-11-01 03:30:04 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll
2013-01-15 15:25:35 . 2012-11-01 12:17:54 521728 -c----w- C:\WINDOWS\system32\dllcache\jsdbgui.dll
2013-01-15 15:24:44 . 2011-08-16 10:45:39 6144 -c----w- C:\WINDOWS\system32\dllcache\iecompat.dll
2013-01-15 15:24:36 . 2012-11-01 12:17:54 12800 -c----w- C:\WINDOWS\system32\dllcache\xpshims.dll
2013-01-15 15:24:35 . 2012-11-01 12:17:53 743424 -c----w- C:\WINDOWS\system32\dllcache\iedvtool.dll
2013-01-15 15:24:34 . 2012-11-01 12:17:54 247808 -c----w- C:\WINDOWS\system32\dllcache\ieproxy.dll
2013-01-15 15:14:17 . 2013-01-15 15:14:17 -------- d-----w- C:\Program Files\Common Files\Java
2013-01-15 15:13:48 . 2013-01-15 15:12:52 143872 ----a-w- C:\WINDOWS\system32\javacpl.cpl
2013-01-15 15:13:23 . 2013-01-15 15:12:56 94112 ----a-w- C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-01-15 15:12:43 . 2013-01-15 15:12:43 -------- d-----w- C:\Program Files\Java
2013-01-15 15:08:45 . 2013-01-15 15:08:45 -------- d-----w- C:\Sun
2013-01-15 00:47:10 . 2002-09-03 13:00:00 10096640 -c--a-w- C:\WINDOWS\system32\dllcache\hwxcht.dll
2013-01-14 14:00:31 . 2013-01-14 14:04:00 -------- d-----w- C:\Kingston Bu
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-01-15 15:12:52 . 2012-06-18 15:35:29 859552 ----a-w- C:\WINDOWS\system32\npDeployJava1.dll
2013-01-15 15:12:52 . 2010-11-10 18:58:30 780192 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2012-12-16 12:23:59 . 2002-09-03 13:00:00 290560 ----a-w- C:\WINDOWS\system32\atmfd.dll
2012-12-14 21:49:28 . 2009-03-05 14:35:02 21104 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2012-12-13 20:54:36 . 2012-07-06 14:37:39 697272 ----a-w- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-12-13 20:54:36 . 2011-05-23 04:58:10 73656 -c--a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2012-11-13 01:25:12 . 2010-02-09 22:12:29 1866368 ----a-w- C:\WINDOWS\system32\win32k.sys
2012-11-08 16:29:12 . 2012-11-08 16:29:12 1402312 ----a-w- C:\WINDOWS\system32\msxml4.dll
2012-11-07 17:47:48 . 2012-11-13 03:20:32 1266056 ----a-w- C:\WindowsXP-KB927891-v3-x86-ENU.exe
2012-11-07 17:45:58 . 2012-11-13 03:19:41 3038 ----a-w- C:\fix_svchost.bat
2012-11-07 17:45:04 . 2012-11-13 03:20:14 6216032 ----a-w- C:\windowsupdateagent30-x86.exe
2012-11-06 02:01:39 . 2008-04-14 00:12:01 1371648 ----a-w- C:\WINDOWS\system32\msxml6.dll
2012-11-02 02:02:42 . 2002-09-03 13:00:00 375296 ----a-w- C:\WINDOWS\system32\dpnet.dll
2012-11-01 03:30:04 . 2002-09-03 13:00:00 1830912 ----a-w- C:\WINDOWS\system32\inetcpl.cpl
2012-11-01 03:30:04 . 2002-09-03 13:00:00 17408 ----a-w- C:\WINDOWS\system32\corpol.dll
2002-09-14 19:23:00 . 2002-09-14 19:23:00 2006009 -c--a-w- C:\Program Files\Windows XP Media Center Edition Screen Saver.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2005-06-18 17:50:48 25600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2003-03-20 06:21:00 1855488]
"AsioReg"="CTASIO.DLL" [2005-06-18 17:53:24 73728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 06:01:00 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 00:02:18 113024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ScanButton 2.4.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ScanButton 2.4.lnk
backup=C:\WINDOWS\pss\ScanButton 2.4.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=C:\WINDOWS\pss\Secunia PSI Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Anyone^Start Menu^Programs^Startup^Corel Custom Photo Registration.lnk]
path=C:\Documents and Settings\Anyone\Start Menu\Programs\Startup\Corel Custom Photo Registration.lnk
backup=C:\WINDOWS\pss\Corel Custom Photo Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-24 01:43:34 926896 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto EPSON Stylus CX8400 Series on BOBSPC]
2007-02-15 10:00:00 179200 -c--a-w- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICEA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2005-06-18 18:01:42 16384 ----a-w- C:\WINDOWS\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dimension4]
2004-02-04 05:26:42 200704 ----a-w- C:\Program Files\D4\D4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-02-26 06:01:00 437160 ----a-w- C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C62 Series]
2002-04-10 07:00:00 74240 -c--a-w- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S0BIC1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 06:41:10 49152 ----a-w- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2003-06-18 17:00:00 200704 -c--a-w- C:\Program Files\Microsoft Money\System\mnyexpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12:28 1695232 --s---w- C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2009-04-07 19:34:40 642856 ----a-w- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 18:28:52 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2011-02-24 22:10:22 26112 -c--a-w- C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
2003-01-09 14:21:26 253952 -c--a-w- C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2003-01-13 15:19:26 757760 -c--a-w- C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
2003-01-13 19:05:42 69632 -c--a-w- C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 14:04:54 252848 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-11-14 01:17:33 4763008 ----a-w- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31:12 247144 -c--a-w- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51:26 17408 ----a-w- C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"TomTomHOMEService"=2 (0x2)
"ose"=3 (0x3)
"Secunia PSI Agent"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"nmservice"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\D4\\D4.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\WINDOWS\system32\drivers\cmdGuard.sys [9/10/2010 11:40:52 PM 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\WINDOWS\system32\drivers\cmdhlp.sys [9/10/2010 11:40:52 PM 27576]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27:02 AM 12880]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55:22 PM 67664]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 6:38:07 PM 116608]
S3 BEL6001P;Belkin 11Mbps Wireless Desktop Adapter (F5D6001 V.2);C:\WINDOWS\system32\DRIVERS\BEL6001P.sys --> C:\WINDOWS\system32\DRIVERS\BEL6001P.sys [?]
S3 pcand5bk;PCAND5BK PCANDIS5 Protocol Driver;\??\C:\WINDOWS\system32\pcand5bk.SYS --> C:\WINDOWS\system32\pcand5bk.SYS [?]
S3 Pcouffin;Low level access layer for CD devices;C:\WINDOWS\system32\Drivers\Pcouffin.sys --> C:\WINDOWS\system32\Drivers\Pcouffin.sys [?]
S3 PuranDefrag;PuranDefrag;C:\WINDOWS\system32\PuranDefragS.exe [3/7/2011 7:21:30 PM 229376]
S4 TomTomHOMEService;TomTomHOMEService;C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 6:31:14 AM 92008]

Contents of the 'Scheduled Tasks' folder

2013-01-29 C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-16 00:23:39 . 2012-12-13 20:54:38]


------- Supplementary Scan -------

uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: jigzone.com\www
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4BA8CA40-A428-47AB-ABE9-45205BA0AED2}: NameServer = 156.154.70.22,156.154.71.22
DPF: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab


Thanks again for all your help, Bob



Remember, if you can't stand behind our troops, feel free to stand in front of them!

Bob B-)

 

[goombawaho]

Okay, so this is what I think is going on based on your ability to browse some sites & the fact that a lot of services did not start (from the report). Something has happened and Comodo is partially disabled/non-functioning and not fully installed but it's blocking internet access because its DNS is still listed (156.154.71.22).

See if you can remove the COMDODO completely with a removal tool from them. Reboot after that. Check internet.
Run CCleaner registry cleaner and make a backup of the changes before FIXing each time (it will ask you). Run until no errors found OR same one is found.
Reboot and check internet

Even if things are working after that, I would find and run a removal tool for Avast and this one for MSE.

http://support.microsoft.com/kb/2483120

I'm wondering even if you get internet working, windows is not more profoundly screwed up. Otherwise, why all these problems with programs that normally uninstall.

If successful above, try doing an SFC /scannow from regular mode and see if it works. Pretty soon it's time to say "reload" or "repair install".

 

[SirBlack]

Sorry again for the delay in replying but I was in an accident. All is fine now for me anyway. PC still won’t access the Internet (she can’t even sign on to AOL now). I did a repair install (using the OS disk with SP 2). All her files seem to be intact but she still does not have Internet access. A search of the registry showed 9 entries for Comodo but none allowed me to delete them. They were in:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet0003\Enum\Root\LEGACY_CMDGUARD\000
_CMDHELP\000
_INSPECT\000

The same entries for ControlSet005 and CurrentControlSet.

I was finally able to update to SP 3 in Safe mode but still no internet access with IE, Chrome & Firefox. IE is v.6.0. I booted back in Safe mode with networking & ran Avast, MBAM & Spybot (no threats found). Most importantly, I discovered the PC was now able to access the Internet. I was able to update all critical apps except for Windows. Booting in Normal mode, I lost access. I’m assuming that something starts running in Normal that denies me access. Wife insists she didn’t download anything or open any odd e-mail. She did say she started playing games in Facebook. Any other suggestions (other than doing a clean install)?

Thanks again for all your help so far, Bob


Remember, if you can't stand behind our troops, feel free to stand in front of them!

Bob B-)

 

[goombawaho]

For as much time as you've spent on this, a clean install would have been the wiser move. I'm kind of dumping out of this thread at this point. Last piece of advice from me:

Uninstall any mention of Comodo from Add/Remove Programs. Then get the removal tool for Comodo and run it. Then use Autoruns to uncheck all entries associated with it. that MIGHT be left over.

https://forums.comodo.com/install-s...taller-tool-for-comodo-products-t71897.0.html

 

[SirBlack]

Good news! I was finally able to download & run the Comodo Removal Tool (those 9 entries are still in the registry). She now has internet access thru Google Chrome. Windows update ran after that & installed numerous patches. IE still doesn't work; that might be corrected when I update it from v.6.0 to current. I don't understand why Comodo decided to start blocking the Web. I'm going to copy all her files to an external HD in case I have to do a clean install. Thank you so much for all your help.

Bob

Remember, if you can't stand behind our troops, feel free to stand in front of them!

Bob B-)

 

[goombawaho]

Wow - just as I was going to dump out of this thread, success. Personally, I would update IE but never use it. Use Chrome or Firefox instead, exclusively. Just less hassles, less crashes and less vulnerabilities.

Why don't you run CCleaner temp file cleaner and then registry cleaner before doing anything else. Save a backup before FIXING each time in registry cleaner. Keep running it until nothing is left to fix OR the same thing won't go away. REBOOT.

Update IE to latest.