network connection still broken after SAS Repair

Network connection is still broken after running SAS.

I'm fixing a computer for a friend and following the READ & RUN ME FIRST step-by-step on a Dell Dimension 4300 , Windows 2000 SP4. His harddrive showed UNKNOWN in the bios setup and would not start. I connected his drive as an external drive to my computer, and was able to see all his files. While clicking into some of his Documents & Settings local folders, MY antivirus warned of a TROJAN found. Moved the drive back to his computer. Removed his RAM battery for several minutes, started it up (let chkdsk run, set time and date in bios, etc) and able to get his computer back to showing the desktop. Decided his problem was not hardware, but a malware problem; so came to your site (it's been a GREAT help in the past).

Had no trouble with HOUSE CLEANING & SETUP (installed current Sun Java, NAV had no quarantined items, ran and installed CCleaner). ENABLED VIEWING HIDDEN FILES... All tools were downloaded onto my computer and moved to his computer via CD. Installed, updated, changed settings, and ran SUPERAntiSpyware with no problems (it detected a few items). I followed the steps to quarantine and remove, then answered YES to reboot.

Found network connection was broken and followed those steps, using the REPAIRS tab, and answered YES to reboot again. The connection is still broken.

NOTE: it took a little while to figure out I had to use the REPAIRS button within SAS, but not too long.

I restarted once again, watching... during startup, the NIC card light flashes once, very briefly, and that's it.

Attached is the SASlog.txt from SuperAntiSpyware.

Jeanne

 

I do recall during the SAS scan that NAV (norton antivirus) did popup two warnings about the TROJAN. Usually I turn off NAV when doing such things, and usually in SAFE MODE. But that was not in the cleaning steps.

Any harm/benefit to run SAS again with NAV turned off? Or in SAFE MODE?

I didn't want to try other things without hearing from you.

Thanks for help (looks like lots of people are needing it too).

 

Thanks. I didn't do anything with MSCONFIG because it didn't apply to Win2000. I skipped the Spybot install per your list of what to finish installing and running. So, I finished installing and running the remaining tools.

Malwarebytes found and cleaned three:
Trojan.Agent
Rogue.XPertAntivirus
Hijack.Startmenu

ComboFix ran and completed.

MGTools ran giving one error box not listed:
ProcessDll.exe - unable to locate DLL
The dynamic link lib mscoree.dll could not be found in the specified path
C:\MGTool;,;C:\WINNT\System32..... C:\WINACS;.... F:
(some are a couple other of my network drives and folders)

Rebooted.

Still do not have network connection to the internet.

Previously attached the SASlog; so now attached:

Malware log
Combofix log
MGLogs.zip

Thanks for looking at this to help me.
Jeanne

 

The DNS server was already set to automatic. But I did notice my network icon said "network cable unplugged". So just for grins, I tried a different CAT5 and all is now working! Go figure; I KNOW the first cable WAS working (just bad timing).

Thank you again! Your group has helped me save quite a few of my friends (from themselves).

Jeanne