Cannot Access Internet No Longer
#1
Posted 08 April 2005 - 12:23 PM
Register to Remove
#2
Posted 08 April 2005 - 04:43 PM
You may want to try one of these depending on your Operating System: WinSockFix2KXP or WinSockFixWin9xME.
Hope this helps!
Ad-Aware|Spybot S & D|SpywareBlaster|SpywareGuard|IE-SPYAD
Instructions for Spybot & Ad-Aware|Uderstanding Spyware|How did I get infected?
#3
Posted 08 April 2005 - 04:57 PM
#4
Posted 08 April 2005 - 05:36 PM
Run and scan with HijackThis. Don't fix anything yet. Copy and paste the complete log into a reply here.
Ad-Aware|Spybot S & D|SpywareBlaster|SpywareGuard|IE-SPYAD
Instructions for Spybot & Ad-Aware|Uderstanding Spyware|How did I get infected?
#5
Posted 08 April 2005 - 08:40 PM
#6
Posted 08 April 2005 - 08:44 PM
Ad-Aware|Spybot S & D|SpywareBlaster|SpywareGuard|IE-SPYAD
Instructions for Spybot & Ad-Aware|Uderstanding Spyware|How did I get infected?
#7
Posted 08 April 2005 - 11:49 PM
Logfile of HijackThis v1.99.1
Scan saved at 10:35:39 PM, on 4/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\hijack this\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sbc.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D28-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_0_8_6.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_0_8_6.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SBC Yahoo! Connection Manager] "C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\JetCar.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\JetCar.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\PROGRA~1\Yahoo!\PARENT~1\YPCSER~1.EXE
Edited by uneekname, 08 April 2005 - 11:51 PM.
#8
Posted 09 April 2005 - 12:23 AM
Ad-Aware|Spybot S & D|SpywareBlaster|SpywareGuard|IE-SPYAD
Instructions for Spybot & Ad-Aware|Uderstanding Spyware|How did I get infected?
#9
Posted 09 April 2005 - 02:47 AM
#10
Posted 09 April 2005 - 04:15 AM
Register to Remove
#11
Posted 09 April 2005 - 09:53 AM
Open up a new text document.
Copy/paste the following qoute box into it.
REGEDIT4
[HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root]
"legacy.tbpssvc"=-
"legacy_wintoolssvc"=-
Save as: fixme.reg
File Type: All
Save it on your desktop. Right click on fixme.reg, choose Merge, when Windows asks if you are sure, proceed with merging it into the registry. Reboot into Safe Mode.
Run CCleaner, under the Windows tab check Internet Explorer, Windows Explorer, and System. Then click Run Cleaner. Browse to the C:\WINDOWS\Prefecth folder and delete all the files inside it(not the Prefecth folder itself). Empty your Recycle Bin.
Reboot windows normally, do a Spybot scan and let me know if it finds anything.
As for the Ports being open...
TCP Port 135 = Microsoft Remote Procedure Call (RPC) service
TCP Port 139 = Netbios Session Service is used for resource sharing on Windows 9x, ME and NT. This is the port that is used to connect file shares for example.
TCP Port 445 = The SMB (Server Message Block) protocol is used among other things for file sharing in Windows NT / 2000. In Windows NT it ran on top of NBT (NetBIOS over TCP/IP), which used the famous ports 137, 138 (UDP) and 139 (TCP). In Windows 2000, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NBT. For this they use TCP port 445.
TCP Port 1025 = Microsoft Remote Procedure Call (RPC) service.
TCP Port 1033 = local netinfo port(this post can also at times be use by the NetSpy Trojan but I didn't see it in your log)
TCP Port 5000 = Windows Universal plug and play service (UPNP).
TCP Port 9150 = ? I, unfortunately wasn't able to find much about the designation of this port so I'm not sure why it is open.
UDP Port 123 = Network Time Protocol
UDP Ports 137 & 138 = NetBIOS over TCP/IP
UDP Port 445 = Related to the TCP Port 445 entry
UDP Port 500 = Internet Security Association and Key Management Protocol (ISAKMP)
UDP Port 1027 = could possibly be services.exe on this port(servcies.exe is dynamically assigned a port at startup, these are ususally UDP 1024-1035).
UDP Port 1039 = unassigned a common function as of yet
UDP Port 1900 = ssdppsrv - This component provides the Simple Service Discovery Protocol sevice used in WinMe for for Universal Plug and Play. It also provides General Event Notification Architecture (GENA) service.
UDP Port 10714 = unassigned as well
As for your Norton problem... see if this page helps you any. Has a tool called SymNRT that can be used to uninstall Norton products if Add/Remove Programs wont work. Note that this is only for Norton products labelled 2004/2005. If you are using a Norton product labelled 2003 or earlier go here.
Also, could you download and run these tools please: Stinger, FixWelch, and FixBlast.
Let me know how things are going after you run the tools.
Edited by 'KotaGuy, 09 April 2005 - 10:18 AM.
Ad-Aware|Spybot S & D|SpywareBlaster|SpywareGuard|IE-SPYAD
Instructions for Spybot & Ad-Aware|Uderstanding Spyware|How did I get infected?
#12
Posted 09 April 2005 - 12:58 PM
#13
Posted 09 April 2005 - 02:24 PM
Edited by uneekname, 09 April 2005 - 02:35 PM.
#14
Posted 09 April 2005 - 03:44 PM
#15
Posted 09 April 2005 - 05:45 PM
Edited by 'KotaGuy, 09 April 2005 - 05:45 PM.
Ad-Aware|Spybot S & D|SpywareBlaster|SpywareGuard|IE-SPYAD
Instructions for Spybot & Ad-Aware|Uderstanding Spyware|How did I get infected?
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users