Tech Support Forum banner
Status
Not open for further replies.
1 - 3 of 3 Posts

·
Registered
Joined
·
3 Posts
Hi -

In safe mode, I can access the internet. In normal mode, even after disabling all the services via msconfig, I can't access the internet via IE, Firefox, Outlook, pings, etc. There were no system restores available prior to the time when the problem began. And Windows Update is not working. And other wierd random behavior such as Add/Remove Programs hangs.

I've tried all kinds of programs to fix but no luck including Malwarebytes, Adaware, Spybot, and others including some registry cleaners. I've also tried turning off Zone Alarm fire alarm and also ipconfig resets.

Attached is the output from DDS and GMER. For GMER, I could not get a good run for all the requested checks so it is only for section and C drive.

Thanks, in advance, for your help. I am at my wits end and nearly ready to wipe out the whole system but I don't want to lose stuff. I have backed-up all of our My Documents folders.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Mark at 12:30:52.89 on Sat 08/28/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.303 [GMT -4:00]

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Sygate\SSA\Smc.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
F:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0411.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mPolicies-explorer: <NO NAME> =
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim95\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\npjpi160_07.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0411.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0000000A-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmsp9dmo.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/downloads/kws/kavwebscan.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - hxxp://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/57.07/uploader2.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/48.13/uploader2.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1223902413573&h=34887952750a8075d1d4d1cc844ae4a8/&filename=jinstall-6u7-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - hxxp://install.wildtangent.com/bgn/partners/aolim/install.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://emeetings.webex.com/client/T27L10NSP11EP1-emeetings/event/ieatgpc.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://bbs01.spt.unisys.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://randolph.mcc.edu/dana-cached/sc/JuniperSetupClient.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\program files\ewido\security suite\shellhook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mark\applic~1\mozilla\firefox\profiles\obmfe19a.default\
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido\security suite\guard.sys [2004-11-22 3072]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-3-7 353672]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2002-11-11 29696]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-3-3 581632]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2002-11-11 219136]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100709.002\NAVENG.sys [2010-7-9 85552]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100709.002\NAVEX15.sys [2010-7-9 1347504]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 naecd;naecd;\??\c:\docume~1\kyle\locals~1\temp\naecd.sys --> c:\docume~1\kyle\locals~1\temp\naecd.sys [?]
S3 P1160COM;Creative PC-CAM 880 (Camera);c:\windows\system32\drivers\P1160Buk.sys [2003-7-21 42784]
S3 P1160VID;Creative PC-CAM 880 (Video);c:\windows\system32\drivers\P1160Vid.sys [2003-7-21 46048]
S3 USBFVNETR;NETGEAR MA101 USB Adapter;c:\windows\system32\drivers\ma101rnd.sys [2004-10-19 80000]
S3 WebSTARNdis;WebSTAR DPX USB Cable Modem Adapter;c:\windows\system32\drivers\WebSTAR.sys [2004-10-20 15417]
S4 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\photoshopelementsfileagent.exe --> c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [?]
S4 ewido security suite control;ewido security suite control;c:\program files\ewido\security suite\ewidoctrl.exe [2004-11-11 16448]
S4 ewido security suite guard;ewido security suite guard;c:\program files\ewido\security suite\ewidoguard.exe [2005-1-25 159808]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-7-19 632792]
S4 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\photoshopelementsdeviceconnect.exe --> c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [?]

=============== Created Last 30 ================

2010-08-28 16:00:38 0 d-----w- c:\program files\Trend Micro
2010-08-28 15:59:23 812344 ----a-w- c:\temp\HJTInstall.exe
2010-07-31 02:25:52 0 d-----w- c:\docume~1\mark\applic~1\SUPERAntiSpyware.com
2010-07-31 02:25:52 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-07-31 02:25:41 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-31 02:24:55 9190248 ----a-w- c:\temp\SUPERAntiSpyware.exe

==================== Find3M ====================

2010-07-29 00:15:16 3388 ----a-w- c:\windows\system32\tmp.reg
2010-06-14 14:31:20 744448 ----a-w- c:\windows\system32\dllcache\helpsvc.exe
2005-04-19 11:39:19 2223833 -c--a-w- c:\program files\mahnamahna.mp3
2005-04-15 19:59:59 2171182 -c--a-w- c:\program files\lemmings_2_-_the_tribes.zip
2005-04-15 19:57:18 342506 -c--a-w- c:\program files\oh_no_more_lemmings.zip
2005-04-15 19:45:23 417646 -c--a-w- c:\program files\lemmings.zip
2005-04-12 20:57:24 37826864 -c--a-w- c:\program files\call_of_duty_1-5_patch.zip
2005-03-25 22:35:49 212849 -c--a-w- c:\program files\hijackthis.zip
2005-03-25 18:47:59 4994648 ----a-w- c:\program files\wpsetup9.exe
2005-03-25 18:46:33 1026336 ----a-w- c:\program files\wpsetup.exe
2004-02-09 21:16:01 5924374 -c--a-w- c:\program files\dnukem3d.zip
2005-05-13 22:12:00 217073 --sha-r- c:\windows\meta4.exe
2005-10-24 16:13:58 66560 --sha-r- c:\windows\MOTA113.exe
2005-10-14 02:27:00 422400 --sha-r- c:\windows\x2.64.exe
2005-10-08 00:14:52 308224 --sha-r- c:\windows\system32\avisynth.dll
2005-07-14 17:31:20 27648 --sha-r- c:\windows\system32\AVSredirect.dll
2005-06-26 20:32:28 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-22 03:37:42 45568 --sha-r- c:\windows\system32\cygz.dll
2004-01-25 05:00:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2006-04-27 15:24:24 2945024 --sha-r- c:\windows\system32\Smab.dll
2005-02-28 18:16:22 240128 --sha-r- c:\windows\system32\x.264.exe
2004-01-25 05:00:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll
2008-10-15 02:27:01 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101420081015\index.dat

============= FINISH: 12:34:22.07 ===============
 

Attachments

1 - 3 of 3 Posts
Status
Not open for further replies.
Top