Jump to content

Infected Laptop


Recommended Posts

Hi,

I have a laptop that will not connect to the internet, I get an invalid ip configuration error.

below is the dds log

DDS (Ver_10-10-21.02) - NTFSx86

Run by Kimbo at 14:31:13.29 on 27/10/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.1789.1141 [GMT 1:00]

============== Running Processes ===============

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe

C:\windows\system32\AUDIODG.EXE

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\atieclxx.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\windows\system32\WLANExt.exe

C:\windows\system32\conhost.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\rundll32.exe

C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe

C:\Program Files\LSI SoftModem\agrsmsvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\windows\Explorer.EXE

C:\Program Files\PDF Complete\pdfsvc.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

C:\Users\Kimbo\Documents\problem fix\dds.scr

C:\windows\system32\conhost.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=92&bd=all&pf=cmnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=92&bd=all&pf=cmnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=92&bd=all&pf=cmnb

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe

mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\ajn1.exe" /runcleanupscript

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-2 165584]

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-10 214024]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe [2010-1-26 81920]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-4 176128]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-2 17744]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-4-2 50768]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-27 40384]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2009-9-10 635416]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-27 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-27 40384]

R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-9-10 228408]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-20 313856]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-29 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-1-26 29472]

S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2009-9-10 79816]

S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2009-9-10 35272]

S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2009-9-10 34248]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-13 1120752]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-22 1343400]

=============== Created Last 30 ================

2010-10-27 07:43:34 -------- d-----w- c:\program files\Trend Micro

2010-10-26 07:50:58 -------- d-----w- c:\users\kimbo\appdata\roaming\Malwarebytes

2010-10-25 20:39:11 -------- d-----w- c:\users\kimbo\appdata\local\Hewlett-Packard_Company

2010-10-25 19:07:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-25 19:07:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-25 19:07:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-25 19:07:20 -------- d-----w- c:\progra~2\Malwarebytes

2010-10-25 17:59:42 3181568 ----a-w- c:\windows\system32\mf.dll

2010-10-25 17:59:42 196608 ----a-w- c:\windows\system32\mfreadwrite.dll

2010-10-25 17:59:41 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL

2010-10-22 19:30:44 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{76278784-86ce-46bf-9806-ba089ecd0fff}\mpengine.dll

2010-10-14 18:11:48 109056 ----a-w- c:\windows\system32\t2embed.dll

2010-10-14 18:11:47 224256 ----a-w- c:\windows\system32\schannel.dll

2010-10-14 18:11:44 530432 ----a-w- c:\windows\system32\comctl32.dll

2010-10-14 18:11:42 954752 ----a-w- c:\windows\system32\mfc40.dll

2010-10-14 18:11:42 954288 ----a-w- c:\windows\system32\mfc40u.dll

2010-10-14 18:11:25 164864 ----a-w- c:\program files\windows media player\wmplayer.exe

2010-10-14 18:11:24 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2010-10-14 18:10:36 2327552 ----a-w- c:\windows\system32\win32k.sys

2010-10-14 18:10:32 310784 ----a-w- c:\windows\system32\drivers\srv.sys

2010-10-14 18:10:32 308736 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-10-14 18:10:32 168448 ----a-w- c:\windows\system32\srvsvc.dll

2010-10-14 18:10:32 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-10-14 18:10:27 738816 ----a-w- c:\windows\system32\wmpmde.dll

2010-10-14 18:10:25 363520 ----a-w- c:\windows\system32\StructuredQuery.dll

2010-09-29 19:52:54 190976 ----a-w- c:\windows\system32\drivers\ks.sys

2010-09-29 19:52:54 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys

2010-09-29 14:45:01 2048 ----a-w- c:\windows\system32\tzres.dll

2010-09-29 14:44:57 13312 ----a-w- c:\program files\internet explorer\iecompat.dll

==================== Find3M ====================

2010-10-19 10:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec

2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr

2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe

============= FINISH: 14:33:27.47 ===============

I have also attached the additional logs

Any help to get this laptop working again would be greatly appreciated, thanks.

Attach.zip

mbam_log_2010_10_26__09_38_42_.txt

mbam_log_2010_10_27__10_11_16_.txt

Link to post
Share on other sites

  • Replies 69
  • Created
  • Last Reply

Top Posters In This Topic

post-32477-1261866970.gif

Please don't attach the scans / logs, use "copy/paste".

Run a new MBAM scan and post the results

Hi, sorry for not doing it the right way, below is a new scan, I should just mention that to get malwarebytes to run I had to rename the exe, anyway here is the log. Thanks

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4938

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

29/10/2010 16:36:51

mbam-log-2010-10-29 (16-36-51).txt

Scan type: Full scan (C:\|E:\|)

Objects scanned: 286510

Time elapsed: 43 minute(s), 18 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Open Internet Explorer. Click on tools, then Internet Options. Then click on the Connect tab.

Then press the Lan Settings button and uncheck the Use a proxy server checkbox. Then press OK until you are out of the options screen.

=========================================================

Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:

IPCONFIG /release

IPCONFIG /flushdns

IPCONFIG /renew

IPCONFIG /registerdns

netsh winsock reset catalog

netsh int ipv4 reset reset.log

netsh int ipv6 reset reset.log

Type Exit

============================================================================

check some settings on your system:

  1. Enter your Control Panel and double-click on Network Connections
  2. Then right click on your Default Connection
    • Usually Local Area Connection for Cable and DSL, or AOL Connection.

[*]Left click on Properties

[*]Double-Click on the Internet Protocol (TCP/IP) item

[*]Select the radio dial that says Obtain DNS Servers Automatically

[*]Press OK twice to get out of the properties screen

Link to post
Share on other sites

Open Internet Explorer. Click on tools, then Internet Options. Then click on the Connect tab.

Then press the Lan Settings button and uncheck the Use a proxy server checkbox. Then press OK until you are out of the options screen.

=========================================================

Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:

IPCONFIG /release

IPCONFIG /flushdns

IPCONFIG /renew

IPCONFIG /registerdns

netsh winsock reset catalog

netsh int ipv4 reset reset.log

netsh int ipv6 reset reset.log

Type Exit

============================================================================

check some settings on your system:

  1. Enter your Control Panel and double-click on Network Connections
  2. Then right click on your Default Connection
    • Usually Local Area Connection for Cable and DSL, or AOL Connection.

[*]Left click on Properties

[*]Double-Click on the Internet Protocol (TCP/IP) item

[*]Select the radio dial that says Obtain DNS Servers Automatically

[*]Press OK twice to get out of the properties screen

Below is a log of what happened, I ran cmd as an administrator, as when I did not there was a message telling me the admin priv was needed.

Microsoft Windows [Version 6.1.7600]

Copyright © 2009 Microsoft Corporation. All rights reserved.

C:\windows\system32>ipconfig/release

Windows IP Configuration

An error occurred while releasing interface Wireless Network Connection : An add

ress has not yet been associated with the network endpoint.

No operation can be performed on Local Area Connection while it has its media di

sconnected.

C:\windows\system32>ipconfig/flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\windows\system32>ipconfig/renew

Windows IP Configuration

An error occurred while renewing interface Wireless Network Connection : The req

uested service provider could not be loaded or initialized.

No operation can be performed on Local Area Connection while it has its media di

sconnected.

C:\windows\system32>ipconfig/registerdns

Windows IP Configuration

Registration of the DNS resource records for all adapters of this computer has b

een initiated. Any errors will be reported in the Event Viewer in 15 minutes.

C:\windows\system32>netsh winsock reset catalog

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

C:\windows\system32>netsh int ipv4 reset reset.log

Reseting Global, OK!

Reseting Interface, OK!

Restart the computer to complete this action.

C:\windows\system32>netsh int ipv6 reset reset.log

There's no user specified settings to be reset.

C:\windows\system32>

When I went into the control panel I could not find exactly what you described, this is what I did.

1. Selected Network and Internet

2. Selected Network and Sharing Center

3. Selected Change adapter settings

4 Right click on Local Area Connection, then left click properties, there was an option for Internet protocol version 6 (TCP/IPv6), this was already set to obtain an ipv6 address automatically and to obtain DNS server address automatically.

For Internet Protocol Version 4 (TCP/IPv4) Obtain IP address automatically was already selected and Obtain DNS server address automatically was also already selected.

Came out but still not able to connect to internet so rebooted and still could not connect to internet. my wireless connection is still showing as Unidentified network.

Link to post
Share on other sites

Launch Notepad (Start>All Programs>Accessories), and copy/paste all the Quoted REGEDIT below to it. Don't forget to include REGEDIT4.

Save in: Desktop

File Name: fixme.reg

Save as Type: All files

Click: Save

REGEDIT4

[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock]

[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2]

On the desktop, doubleclick fix.reg and allow it to run. Let it merge

After the reboot, we will reinstall TCP/IP

  • Go to Start the Settings and choose Network Connections
  • Right click on your normal connection icon, and choose Properties
  • Click the Install button
  • Choose Protocol then click Add
  • Click Have disk
  • In the drop down box, type in: C:\WINDOWS\INF and click OK
  • In the next dialog, click Internet Protocol (TCP/IP) then click OK
  • Click Close to leave the properties box

After that, Reboot your computer and see if you have regained your connection.

Link to post
Share on other sites

Launch Notepad (Start>All Programs>Accessories), and copy/paste all the Quoted REGEDIT below to it. Don't forget to include REGEDIT4.

Save in: Desktop

File Name: fixme.reg

Save as Type: All files

Click: Save

On the desktop, doubleclick fix.reg and allow it to run. Let it merge

After the reboot, we will reinstall TCP/IP

  • Go to Start the Settings and choose Network Connections
  • Right click on your normal connection icon, and choose Properties
  • Click the Install button
  • Choose Protocol then click Add
  • Click Have disk
  • In the drop down box, type in: C:\WINDOWS\INF and click OK
  • In the next dialog, click Internet Protocol (TCP/IP) then click OK
  • Click Close to leave the properties box

After that, Reboot your computer and see if you have regained your connection.

I created the reg file and merged it without any problems. I could not install tcp/IP as it was not on the list of protocols available. My wife has a laptop running vista which is working okay and that has the same protocols listed as the nonworking laptop. Anyway I then rebooted and got the following error message from Avast -

Avast will not be able to protect mail/news (error 10044)

Please check that the avast! (AvastSvc.exe) is not blocked by your personal firewall.

The laptop is still not able to connect to the internet.

Link to post
Share on other sites

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Beings the pc won't stay connected to the net, you'll need to download the tools to a USB device like a flash / thumb drive.

Also if you have Vista

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

I'm going to have you download Combofix to the USB device, after the download, plug the device into the non working pc and run it from the device.

Download ComboFix from one of these locations to the USB device.

Link 1

Link 2 If using this link, Right Click and select Save As.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.

Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part .

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Beings the pc won't stay connected to the net, you'll need to download the tools to a USB device like a flash / thumb drive.

Also if you have Vista

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

I'm going to have you download Combofix to the USB device, after the download, plug the device into the non working pc and run it from the device.

Download ComboFix from one of these locations to the USB device.

Link 1

Link 2 If using this link, Right Click and select Save As.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.

Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part .

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

I downloaded combofix to a usb drive, disabled avast the connected the usb drive, right click on Combofix and then selected run as administrator. I then get a User Account control dialog box - Do you want to allow the following program from an unknown publisher to make changes to this computer? Program Name Combofix.exe I click on yes but nothing happens, the program does not appear to run.

Link to post
Share on other sites

I have had another go and this time I made sure the wireless was turned on, there is a small button that turns blue when wireless is on, it shows as connected to an unidentified network with No Internet Access. One odd thing is that if I run the HP Wireless Assistant it stated that "This device has been disabled by the wireless button. To enable this device press on wireless button. But I have pressed the wireless button which shows as blue, when it is turned off it goes red. Another odd thing is that if I open the windows task manager it shows that the computer is using about 50% cpu and that there are 50 processes running but only 16 processes are show in the window and none of them are using any cpu. If I then press the wireless button to turn wireless off the cpu usage drops down to 0%, process reduce to 49.

Anyway I have attempted to run combofix again with wireless on and still the same resuly, it does not run. I did not turn off the windows firewall do I need to do this?

Link to post
Share on other sites

it shows as connected to an unidentified network with No Internet Access.
First you need to setup your wireless again. Either your wireless router isn't working or you need to reset it. Go back through the steps installing your wireless network.

I think your wireless is seeing someone's wireless that is protected.

Link to post
Share on other sites

It is trying to connect to the right network, I have two other computers that are able to connect without any problems. If I click on the icon it shows two wireless networks, it is connected to my router but at the top of the window it displays Unidentified Network - No Internet Access. I do not think that it is the router as it is working fine with two other computers.

Link to post
Share on other sites

I had a look at your suggestion, it says to look for the string "##Id_String2.6844F930_1628_4223_B5CC_5BB94B87 9762 ##" in Services, which is for the service "Bonjour DNS Responder Service". I looked in services and there is no service with that name. I cannot work out how to search for the string, there is no search box. Also I ran ipconfig to see what the current setting were. For Autoconfigured IPv4 address it has the value 169.254.160.113, I do not know where it is getting this from. It is nothing like the ip address for the computer I am using which is connected to the router that the problem computer is not able to connect to.

Link to post
Share on other sites

Right Click on My Computer select Properties select Hardware select Device Manager

Go into Device manager and under your network devices uninstall both your wired and wireless cards.

Reboot and let windows reinstall them. You might need the drivers for them but they should already be located in your computer.

Link to post
Share on other sites

In the first link it suggests searching for the following string "##Id_String2.6844F930_1628_4223_B5CC_5BB94B87 9762 ##" in services, looking for a service called Bonjour DNS Responder Service. I cannot see a service with that name, also I cannot work out how to search for the string as there is no search box. I ran ipconfig to see what the current setting are. The Autoconfigured IPv4 address is 169.254.160.113, this is nothing like the ip address on the two working computers that can connect to my router.

I tried the ip reset in the second link but this has not worked.

Link to post
Share on other sites

Right Click on My Computer select Properties select Hardware select Device Manager

Go into Device manager and under your network devices uninstall both your wired and wireless cards.

Reboot and let windows reinstall them. You might need the drivers for them but they should already be located in your computer.

The IP addresses will be different on every connection.

The SubNet and Default Gateway should be the same on all on your network

Link to post
Share on other sites

Please ignote my last reply I thought that it had not posted.

Anyway, I uninstalled the drivers for both the wireless adapter and the ethernet adapter, on the confirm screen there was an option "Delete the driver software for this device" I did not select this, should I have. After unistalling both adapters I rebooted, still not working.

Did get 5 error messages "Your internet security settings prevented one or more files from being opened" - c:\windows\system32\dinotify.exe

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.