W2k: after running Combofix I'm undable to access Internet

Status
Not open for further replies.
W2k: after running Combofix I'm undable to access Internet (!)

I've been going through the 15 steps outlined on this site. After running Combofix I'm unable to access the Internet and the network. Is there a way I can unfix this?

All my IP settings and configurations are unchanged. My other machine that I'm on now can access the internet but not my main computer.

I'm afraid to use Winsockfix because last time I did this it brought back some malware.

Here is the logfile. Thanks for any help.
 
Log file is too big to post without multiple chunks. Let me know if there is a part that might be useful.

Here is the last part:
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [08-01-15 14:12 163840]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [08-01-15 14:13 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 13:05 186640]

C:\Documents and Settings\Jeff\Start Menu\Programs\Startup\
Chimer.lnk - C:\Files\CHIMER\chimer.exe [2008-01-09 11:09:17]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Monitor Apache Servers.lnk - C:\Apache2\bin\ApacheMonitor.exe [2004-06-29 16:00:32]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINNT\system32\awvtu

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINNT\system32\drivers\sp_rsdrv2.sys [07-11-16 21:02 ]
R1 wstcodecc;wstcodecc;C:\WINNT\system32\drivers\wstcodecc.sys [08-01-08 18:54 ]
R2 dmsmbios;dmsmbios;C:\WINNT\System32\dmsmbios.sys [00-05-01 23:42 ]
R2 YRGE;Security Service;C:\WINNT\system32\svcd\svchost.exe [08-01-10 17:57 ]
R3 3cpciadi;3Com Windows Modem Driver PCI ADI;C:\WINNT\system32\DRIVERS\3cpciadi.sys [99-11-01 10:42 ]
R3 FA31X;NETGEAR FA311/FA312 NDIS 5.0 Miniport Driver;C:\WINNT\system32\DRIVERS\FA31XND5.SYS [01-06-06 15:24 ]
S1 AEC671X;AEC671X;C:\WINNT\system32\drivers\AEC671X.SYS [98-05-05 10:06 ]
S1 DMX3191;DMX3191;C:\WINNT\system32\drivers\DMX3191.SYS [99-02-23 00:12 ]
S1 sglfb;sglfb;C:\WINNT\system32\drivers\sglfb.sys [99-12-07 06:00 ]
S1 UMAXIS11;UMAXIS11;C:\WINNT\system32\drivers\UMAXIS11.SYS [98-03-06 11:42 ]
S2 PV8630;PV8631 WDM Device Driver;C:\WINNT\system32\pv8630.sys [00-07-05 12:13 ]
S2 UDNT;UDNT;C:\WINNT\system32\drivers\UDNT.sys [98-09-18 07:48 ]
S3 NC100;Network Everywhere Fast Ethernet Adapter(NC100 v2);C:\WINNT\system32\DRIVERS\NC100A.sys [99-12-24 12:41 ]
S3 wdm_au8830;Aureal Vortex 8830 Audio Driver (WDM);C:\WINNT\system32\drivers\adm8830.sys [99-11-01 10:56 ]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 14:40:08
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="C:/Apache/mysql/bin/mysqld-nt.exe"
.
Completion time: 2008-01-15 14:43:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-15 20:43:44
ComboFix2.txt 2008-01-12 20:14:51
ComboFix3.txt 2008-01-11 20:23:30
ComboFix4.txt 2008-01-11 16:43:08
 
Post the logs as attachments, everything is explained in the stickies so please follow them.
 
Hi,
I did all the 15 steps. It solved quite a few problems but I'm still getting IE popups.

And I'm not sure if this is related, but Windows Update won't work because IE hangs. I updated the Java Runtime. Otherwise IE can view web sites.

Pando is fine.

Here are the log files.

017 is in fact my ISP:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:30 PM, on 1/15/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Apache2\bin\Apache.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Apache2\bin\Apache.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\mgabg.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\Crusty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Apache2\bin\ApacheMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: JSyn Audio - http://www.softsynth.com/jsyn/plugins/archives/jsynv142.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1200359563593
O17 - HKLM\System\CCS\Services\Tcpip\..\{D262411A-E1D3-45BA-ADDF-F7111DEB345F}: NameServer = 68.94.156.1,68.94.157.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Apache2\bin\Apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe
O23 - Service: Security Service (YRGE) - Unknown owner - C:\WINNT\system32\svcd\svchost.exe (file missing)

--
End of file - 5760 bytes
 
Any problem with Internet (e.g. after virus attack) may be resolved with this free download ( helped me many times - safe application):
snapfiles.comget_winsockxpfix.html
...replace "_" with "/" and add w..w.
 
Status
Not open for further replies.
Back