Malware or corrupt software

I have been unable to connect to the internet or get email with my desktop computer running W2K Pro, Kaspersky AV (only) and Zone Alarm personal FW, for over a week. I did find that I can connect via safe mode with net working, so I was able to perform some of the pre reqs required for this forum. Unfortunately, even in safe mode, my connection would suddenly dissapear for no apparent reason, and I would have to reboot in safe mode. It seemed to do this only when I was connected to a security oriented site.

Problems I had performing the pre reqs were:
Installing Counterspy - received message that windows installer service could not be accessed due to being in safe mode, so I booted out of safe mode. Then I got the following message: Internal error 2755.110 c:\wWINNT\Download installations\{C32ACEF8-937B-40BL-84B0-FB81EE655 AB4} sunbelt counterspy.MSI

Scanning with Bitdefender - safe mode lost conection and had to reboot

Panda - lost connection twice after scanning - could not export report. Midway through scanning, Panda asked me to set a profile (???) and options were
1. MS Exchange settings
2. Personal settings
3.Rxx Fxxxx Pxxxxx (this is an ex-employer, who I have long suspected of planting spy software by sneaking it onto CDs of training info we needed, to keep track of employess. One of their computer gurus once bragged that he had password crackers, could install programs that no virus protection could detect, is a whiz at networking, servers and firewalls, and has the experience to back up his brags)

Results of the Panda scan were 3 spyware programs, however I could not clean or export as I would receive a message from the scanner that I needed to re-establish my interent connection. Looking at settings>connections I saw that I was still connected.

Hijack This: when navigating to the program files\HJt it did not exist in the listing through Explorer. I saved the notepad listing as analyse.exe

Now for the reason I am posting in this forum:

I have a frustrating problem with my desktop running Win 2K Pro, with Kaspersky 6.0 (virus protection only) and Zone Alarm personal firewall, and I am not sure if it is malware, software or hardware related.

For the last 6 days, I get a can't find server or DNS error when trying to access the Internet, and " the host could not be found..blah blah.. Protocol POP3, Port 110, Secure SSL; no socket error: 1022, error No 0x800CCC0D" when trying to get email.

The problem started after trying to download and install a shareware engineering program from www.pwr-tools.com - a member of Association for Shareware Professionals, and OISV. The download took over 10 minutes on a cable modem. After trying to install on my secondary hard drive, I could not get onto the Internet.

Trying to re-establish a connection, but message was that Ethernet cable was disconnected. Tried new cable - no change. Tried changing the PCI slot of the Ethernet module - no change. Lap top works with wireless so cable modem is ok. Ran Ethernet cable to laptop- that works. Ran Ethernet cable from desktop to cable modem - bypassing router - that did not work. Bought new Ethernet PCI module - did not work.

I rebooted into bios - and looked at PCI connections in advanced section. I have 5 slots, and 5 PCIs were listed, however, I could only arrow down from 1 to 4. I rebooted in safe mode with networking, and could get on the Internet as well as my email. Went to Microsoft and redownloaded IE6 service pack 1. No change. Downloaded Mozilla Firefox but could not get a web page - only a white screen under the tool bar.

While fighting through this over the last two days, I did receive an alert from Kaspersky Proactive defense that HKEY_LOCAL_MACHINE\System\control set 004\services\NMSCFG is trying to gain write access to a list of system services - value Imagepath - whatever that means?? I did not allow this as I was not familiar with it and had not done anything to initiate a call for anything.

Now while I can't access the Internet, Kaspersky has been able to go out and get updated signatures. I used the CMD ping yahoo and got a reply. When I do a CMD ipconfig, I show an IP address, subnet mask, default gateway, but under media state it says cable disconnected. . I downloaded the LSP fix to my laptop and transferred to my desktop. It found no problems. I have tried disabling Zone Alarm, and paused protection with Kaspersky, and still could not get connected.

About a month ago, I wanted to install Comodo Personal Firewall, but the install wizard never showed up after opening the files. After the download file "box" disappeared, I was prompted to disable any third party firewalls and click ok. Since I had already uninstalled previously used products, Trend PC Cillin, and CA AV, I should not have had any firewalls, yet after clicking OK, all boxes/popups disappeared, and nothing else proceeded. From loading Comodo on my laptop, I know that an install wizard should have started up.

So then I tried Zone Alarm, but while trying to install it, my computer locked up, and I had to reboot in safe mode to correct issues. I went back to trying to get Comodo.

Comodo forums recommended that I scan with numerous other free scan services from other AV vendors to insure that I got a good mix of weapons aimed at the problem. However, upon downloading Webroots new AV/FW scan, my computer locked up again, and I had to contact their tech help to reboot in safe mode and download their cleanup utility. Their tech help incidentally was superb.

Spybot S&D would not download. Anything security oriented would not download, yet other programs would download with no problem. Since Kaspersky had notified me upon loading, that it had found an Invader trojan, and Backdoor trojan, I suspected that I had a security problem, and contacted their tech help. While their product might be highly rated, their approach to tech help is that it detracts from profits, and they make it extremely difficult to contact a person, don't respond to email requests, and offer weak solutions/suggestions when you finally do get in touch. Very unhappy with the product.

In desperation, I tried Zone Alarm for a 4th time, and low and behold it loaded. Everything worked fine for a month till this problem of not being able to connect to the internet started last week. I have disabled the program and still can't get a connection.

Meanwhile, Kaspersky periodically notifies me that Microsoft Intellitype Pro is trying to access the internet (I deny), and that Process PID 1048 tried to access Kaspersky Anti-virus 6.0 process PID 680 but has been blocked. Then within a minute of that event, I will get a notice that Running process C:\Program Files\Microsoft Hardware\Keyboard\type 32.exe: detected a new variant of riskware Invader(loader).

I have downloaded Getrunkeys, and Shownew to my laptop, transferred to my desktop and run them, but can’t get on the internet with my desktop. Any ideas where my problem lies and what to do?

 

Here are the final two file attachments per

 

I have followed the directions you have provided and attached the files per your request. I still can't connect to the internet, but did allow HKEY_LOCAL_MACHINE\System\control set 004\services\NMSCFG to connect.

Sorry about misunderstanding the HJT install directions. Trying to move between a dead and working computer to perform unfamiliar tasks is a challenge for those of us who do not know what we're doing! Honestly, I thought I had followed directions, but upon re-reading them, don't see how I missed them. After dealing with 34,000 or so people like me, my hat's off to you and your patience.

I had no problems following your directions. When I ran HJT, the services you asked me to fix did not show up. One thing that I noticed in my Show new log was that at the top of the report, it says that I am missing some System32 drivers. Any idea what I should try next?