ajfitzer

Hey! I saw another post on here recently just like this, but I decided to follow the directions in hope of getting some help.
I am using windows xp pro sp3. After trying to start up this morning, I noticed that the start up left off several items on the bottom right bar (Antivirus and some other things that usually run at startup). Right away I checked the internet connection, and even though I am good on the network, I cannot get online. I reset the router, the PC, etc, and no love. No programs would update, as the internet connection was not working. Something was blocking it. So I went to safe mode, and scanned with Adaware, Spybot, and my ESET AV Scan. It showed nothing! I called MS Tech support and spent an hour with them to have them tell me it is my AV, as I can get online when ESET is not running at startup. I spent over two hours with tech support at ESET today, and the tech had me try severl times to use the cmd command (both with eset installed and when it was not). I noticed that when I opened cmd windows explorer closes automatically and re-opens after 2 seconds but cmd doesn't open. I am using eset smart security 4 with the latest updates. The ESET tech had me use MALWAREBYTES and it originally found two things, removed them, and then nothing. Where it gets funky is they had me setup another user account to see if perhaps the ADMIN was corrupt. We tried the same steps there but no luck. If I want to be online, I have no firewall and no antivirus. If I install AV and FIrewall I can not get online and cannot update my apps. I had not made ANY changes prior to this happening and my PC showed no signs of any issues yesterday. Please help me. I appreciate your time and attention. - Adam

Here is the DDS.txt

DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 20:28:18.29 on Tue 05/12/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.998.580 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Broadlook Technologies\Contact Capture\ContactCapture.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.prime-objective.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: VMN Toolbar: {4e7bd74f-2b8d-469e-8da9-fd60bb9aae33} - blank
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: VMN Toolbar: {4e7bd74f-2b8d-469e-8da9-fd60bb9aae33} - blank
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: Parse Pro: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No File
TB: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ContactCapture] "c:\program files\broadlook technologies\contact capture\ContactCapture.exe" /autostart
mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" TRAY
StartupFolder: c:\documents and settings\administrator\start menu\programs\startup\SpywareGuard.lnk.disabled
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://secure.netlinksolution.com/includes/icaweb.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {56393399-041A-4650-94C7-13DFCB1F4665} - hxxp://pestpatrol.com/pestscan/pestscan.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172712007218
DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} - hxxp://www.techsmith.com/codec/tsccinst.cab
DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} - hxxp://fitzer.myphotoalbum.com/ImageUploader4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www.gotomeeting.com/default/applets/g2mdlax.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A959E4A5-0B3D-449E-9998-348705BD4092} - hxxp://www.servicemagic.com/smod/smdesktop.CAB
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} - hxxp://images.fotki.com/activex/FotkiUploader.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://starsearcher.webex.com/client/T22L/webex/ieatgpc.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\2tx4h66u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.prime-objective.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.vmn.net/en/error404-dns.php?lg=en&mkt=en&type=dns&tbo=toolbar__2evmn__2enet__2fen__2foptions__2ephp&q=

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R4 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys --> c:\windows\system32\drivers\ehdrv.sys [?]
S3 esihdrv;esihdrv;c:\docume~1\admini~1\locals~1\temp\esihdrv.sys [2009-5-12 107256]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2005-3-28 4736]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2005-3-28 8960]
S3 PortAcc;Spearit Port Access;\??\c:\program files\laplink\pcmover\portacc.sys --> c:\program files\laplink\pcmover\PortAcc.sys [?]
S3 TED200S5;TED200S5 NDIS Protocol Driver;c:\windows\system32\drivers\ted200s5.sys --> c:\windows\system32\drivers\TED200S5.sys [?]
S4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-4-14 33176]

=============== Created Last 30 ================

2009-05-12 19:54 161,792 a------- c:\windows\SWREG.exe
2009-05-12 19:54 98,816 a------- c:\windows\sed.exe
2009-05-12 19:54 389,120 a------- c:\windows\system32\CF28971.exe
2009-05-12 19:54 <DIR> --d----- C:\ComboFix
2009-05-12 16:51 <DIR> --d----- c:\windows\system32\XPSViewer
2009-05-12 16:49 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-05-12 16:49 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-12 16:49 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-12 16:49 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-12 16:49 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-05-12 16:49 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-05-12 16:49 117,760 -------- c:\windows\system32\prntvpt.dll
2009-05-12 16:49 <DIR> --d----- C:\504d7ae4c8d30fca7e
2009-05-12 16:49 <DIR> --d----- c:\windows\SxsCaPendDel
2009-05-12 14:54 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-05-12 14:54 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-12 14:54 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-12 14:54 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-12 14:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-12 14:12 26,643 a------- c:\windows\system32\epfwdata.bin
2009-05-11 10:01 54,156 a---h--- c:\windows\QTFont.qfn
2009-05-11 10:01 1,409 a------- c:\windows\QTFont.for
2009-04-22 10:05 0 a---h--- c:\windows\SwSys2.bmp
2009-04-22 10:05 0 a---h--- c:\windows\SwSys1.bmp
2009-04-22 09:53 212,480 -------- c:\windows\pcdlib32.dll
2009-04-22 09:53 <DIR> --d----- c:\program files\Serif
2009-04-17 08:32 <DIR> --d----- c:\docume~1\admini~1\applic~1\Windows Search
2009-04-16 12:46 <DIR> --d----- c:\documents and settings\administrator\Tracing
2009-04-16 12:45 81,736 a------- c:\windows\system32\lmdimon8.dll
2009-04-16 12:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Applications
2009-04-15 20:50 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 20:50 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 20:50 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-13 15:34 <DIR> --d----- c:\docume~1\admini~1\applic~1\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2009-04-13 15:34 <DIR> --d----- c:\program files\TweetDeck

==================== Find3M ====================

2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 14:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-01-06 16:59 60,744 a------- c:\documents and settings\administrator\g2mdlhlpx.exe
2008-09-16 08:53 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091620080917\index.dat

============= FINISH: 20:29:21.79 ===============

Attached Files

Attach.zip (5.0 KB, 0 views)

ajfitzer

bumpme