My computer is running XP SP3. It had Symantec Endpoint Protection before. Three days ago, I noticed that Symantec Endpoint Protection kept popping out messages saying it has found virus. And also I couldn't ping this computer or use Remote Desktop Connection to connect to this computer. So I downloaded MalwareBytes Anti-Malware and scanned my computer. Removed all the things it found. But the ping and RDC problems remain.
So I tried to restore system to a previous restore point. Had to go into Safe Mode to run the restore, and many of my restore points stopped working. I was finally able to restore back to a restore point about two weeks back. Then my computer seemed to have returned to normal. I was able to ping it and also RDC to it.
Then the next day, the same ping/RDC problems occurred. But this time I wasn't able to restore back to any restore point (including the one I successfully used previously). After some research online, I downloaded ComboFix, ran that in Safe Mode, and ComboFix seemed to have fixed the problem (although some of my program links in the Start Menu, such as NotePad++ or Adobe Photoshop, now are broken shortcuts) and returned my computer back to normal. I immediately created a restore point at that time.
Seeing that Symantec Endpoint Protection is obviously not doing its job, I uninstalled it, and then put Microsoft System Center 2012 Endpoint Protection on my computer. Did a quick scan, and it didn't find anything, so I thought my pain was over.
Then when I tried to open Google web site with Chrome, I kept getting Security Certificate Errors. I did some online research and learned that this is caused by malware. So I ran MalwareBytes Anti-Malware again and it did find several malware. After removing those I can open Google web site using Chrome fine. So I thought System Center 2012 Endpoint Protection was not doing its work either. So I downloaded Microsoft Security Essentials and removed System Center 2012 Endpoint Protection using Control Panel. However, MSE would not install. So I decided to run ComboFix again. But ComboFix starts to tell me that System Center 2012 Endpoint Protection is still doing real-time protection on my computer. I risk damaging Windows OS if I keep running ComboFix. So I closed ComboFix and didn't proceed. I tried to boot my computer into Safe Mode and still got the same warning.
Then I researched on how to get rid of System Center 2012 Endpoint Protection. Some one said to run c:\windows\ccmsetup\scepinstall.exe /u /s. However, I don't have a folder called ccmsetup. I found an article talking about manually removing System Center 2012, so I followed that and disabled the Microsoft AntiMalware service, and also went into the registry and manually deleted AntiMalware keys. However, when I try to run ComboFix, I still get the warning saying that System Center 2012 is doing real-time scan. And I still cannot install MSE. I can't even reinstall System Center 2012 Endpoint Protection. Both would stop at error code: 0x80070643. Event viewer log says something like "The error code is 2324. The arguments are: 1920".
I researched online more, and then ran the following:
ESET Online Scanner
Please see attached the logs from those programs.
So right now my computer doesn't have a firewall (Windows Firewall seems to not be there anymore) and doesn't have a virus scan program (although ComboFix keeps thinking System Center 2012 Endpoint Protection is running, and Windows Security Center also says so).