Jump to content

Recommended Posts

Hi There

I have a rootkit infection on my PC, I was running instructions as described by another user and have just run combofix, but before i could post the results a moderator shut down the topic

This PC is used on a work network and the advice was to get someone in to resolve, but I really would like it if someone could help me complete the repair on this one, then I could try and see if the others are infected too and resolve those as well after

I would really appreciate your help on this please

Attached is the combofix log

log.txt

Link to post
Share on other sites

Hi thanks for the response, here is the Malwarebytes scan log

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6501

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

03/05/2011 22:28:15

mbam-log-2011-05-03 (22-28-15).txt

Scan type: Quick scan

Objects scanned: 137445

Time elapsed: 3 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

ComboFix 11-05-02.04 - NC6400 03/05/2011 17:59:54.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.713 [GMT 1:00]

Running from: c:\documents and settings\NC6400\My Documents\Downloads\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\NC6400\Application Data\Local

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\(10).ddr

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\(11).ddr

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\(12).ddr

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\(2).ddr

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\(3).ddr

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\(4).ddr

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\(5).ddr

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\(6).ddr

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\(7)(2).ddr

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\(7).ddr

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\(8).ddr

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\(9).ddr

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\.ddr

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\0.ddi

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\1.ddi

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\10.ddi

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\11.ddi

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\12.ddi

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\2.ddi

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\3.ddi

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\4.ddi

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\5.ddi

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\6.ddi

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\7.ddi

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\8.ddi

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\9.ddi

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\Inception_Trailer_592.divx(2).ddr

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\settings.ddi

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3)

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3).ddp

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4)

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4)(2).ddp

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4).ddp

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(5)

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(5).ddp

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(6)

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(6).ddp

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(7).ddp

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp

c:\documents and settings\NC6400\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx

.

Infected copy of c:\windows\system32\drivers\rdpcdd.sys was found and disinfected

Restored copy from - Kitty had a snack :P

.

((((((((((((((((((((((((( Files Created from 2011-04-03 to 2011-05-03 )))))))))))))))))))))))))))))))

.

.

2011-05-03 16:38 . 2011-05-03 16:38 -------- d-----w- C:\32788R22FWJFW

2011-05-03 11:34 . 2011-05-03 11:34 -------- d-----r- c:\documents and settings\NC6400\Application Data\Brother

2011-05-03 11:14 . 2011-05-03 11:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother

2011-05-03 10:21 . 2011-05-03 11:13 -------- d-----w- c:\windows\LastGood.Tmp

2011-05-03 00:28 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-03 00:28 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-01 14:44 . 2011-05-01 14:44 -------- d-----w- c:\documents and settings\NC6400\Application Data\Malwarebytes

2011-05-01 14:43 . 2011-05-01 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-05-01 14:43 . 2011-05-03 00:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-01 01:09 . 2011-05-01 01:09 -------- d-----w- c:\program files\Microsoft Silverlight

2011-04-30 22:03 . 2011-04-30 22:03 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-04-30 21:58 . 2011-05-03 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2011-04-30 21:30 . 2011-05-03 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-04-30 20:07 . 2011-04-30 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-04-30 20:07 . 2011-04-30 20:14 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-04-28 09:10 . 2011-04-28 09:10 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE

2011-04-28 09:10 . 2011-04-28 09:10 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2011-04-27 22:25 . 2011-03-02 10:43 175616 ----a-w- c:\windows\system32\unrar.dll

2011-04-27 22:25 . 2011-04-27 22:26 -------- d-----w- c:\program files\K-Lite Codec Pack

2011-04-27 22:19 . 2011-04-27 22:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2011-04-27 00:21 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2011-04-26 18:10 . 2011-04-26 18:10 -------- d-----w- c:\program files\Windows Media Connect 2

2011-04-26 17:55 . 2011-04-26 17:56 -------- d-----w- C:\ddd4197888f00ec9cf22c3306555

2011-04-26 17:55 . 2011-04-26 17:56 -------- d-----w- c:\windows\system32\drivers\UMDF

2011-04-26 17:55 . 2011-04-26 17:55 -------- d-----w- c:\windows\system32\LogFiles

2011-04-26 17:54 . 2011-04-26 17:55 -------- d-----w- C:\bc34a4aa80d80fae8f395e8419

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-07 05:33 . 2010-11-05 02:16 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2006-02-28 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2006-02-28 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 13:18 . 2006-02-28 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2006-02-28 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:32 . 2010-11-05 03:05 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2006-02-28 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:53 . 2006-02-28 12:00 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2006-02-28 12:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 13:33 . 2006-02-28 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-01-16 717696]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-16 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-16 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-16 137752]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-06 872448]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 88203]

"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]

"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\NC6400\Start Menu\Programs\Startup\

Microsoft SharePoint Workspace.lnk - c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-1-22 30963576]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-28 581693]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]

2006-03-03 22:08 434176 ----a-w- c:\windows\system32\IfxWlxEN.dll

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Documents and Settings\\NC6400\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

.

R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [30/11/2005 00:56 36768]

R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [05/12/2006 00:13 292384]

R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [06/11/2010 01:00 97280]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21/10/2005 19:19 36352]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31/01/2011 20:10 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31/01/2011 20:10 136176]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [22/01/2010 02:51 30963576]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [10/01/2010 05:37 4640000]

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 19:10]

.

2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 19:10]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-03 18:07

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????W??????(?@???????@

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,46,c9,90,9e,22,68,ca,4e,ad,da,53,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,46,c9,90,9e,22,68,ca,4e,ad,da,53,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(912)

c:\windows\system32\IfxWlxEN.dll

.

Completion time: 2011-05-03 18:09:29

ComboFix-quarantined-files.txt 2011-05-03 17:09

.

Pre-Run: 5,237,420,032 bytes free

Post-Run: 7,595,761,664 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 0D2AE4E5BF4B32F4202D97129797B35F

Link to post
Share on other sites

Lets uninstall CF first.

c:\documents and settings\NC6400\My Documents\Downloads\ComboFix.exe

You need to move combofix to your desktop.

Let me know when you have that completed

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Link to post
Share on other sites

Ok I have run that and just tried to open my facebook page and it has sent the following message (my browser is google chrome)

This web page is not available

The server at www.facebook.com can't be found because the DNS lookup failed. DNS is the web service that translates a website's name to its Internet address. This error is most often caused by having no connection to the Internet or a misconfigured network. It can also be caused by an unresponsive DNS server or a firewall preventing Google Chrome from accessing the network.

Here are some suggestions:

Reload this web page later.

Check your Internet connection. Reboot any routers, modems or other network devices that you may be using.

Check your DNS settings. Contact your network administrator if you're not sure what this means.

Try disabling DNS prefetching by following these steps: Go to Spanner menu > Options > Under the Bonnet and deselect "Use DNS pre-fetching to improve page load performance".

Try adding Google Chrome as a permitted programme in your firewall or antivirus software's settings. If it is already a permitted programme, try deleting it from the list of permitted programmes and adding it again.

If you use a proxy server, check your proxy settings or check with your network administrator to make sure that the proxy server is working.

If you don't believe that you should be using a proxy server, try the following steps: Go to Spanner menu > Options > Under the Hood > Change proxy settings > LAN Settings and deselect "Use a proxy server for your LAN".

Error 105 (net::ERR_NAME_NOT_RESOLVED): Unable to resolve the server's DNS address.

Link to post
Share on other sites

Do you have DNS automatic?

Do you use a Proxy?

TRy this:

check some settings on your system:

  1. Enter your Control Panel and double-click on Network Connections
  2. Then right click on your Default Connection
    • Usually Local Area Connection for Cable and DSL, or AOL Connection.

[*]Right click on Properties

[*]Double-Click on the Internet Protocol (TCP/IP) item

[*]Select the radio dial that says Obtain DNS Servers Automatically

[*]Press OK twice to get out of the properties screen

Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:

IPCONFIG /release

IPCONFIG /renew

Type Exit

Restart the computer.

Link to post
Share on other sites

Do you have DNS automatic? Not sure

Do you use a Proxy? Not sure

This laptop is used at home on a wireless network

I ran the instruction as per your last post facebook now running ok

when I restart the computer the automatic wireless network does not connect unless i repair the network then it fires up

Link to post
Share on other sites

it is the same pc, it is my laptop, i am only using it as the server pc for our small/home network at work whilst my usual computer is being replaced (harddrive & motherboard fault), but as I had a problem I brought it home this evening to try to resolve the problems before i go back into work tomorrow!!!

I think my description of server is probably inaccurate, essentially it is the fileserver on a home network used as a small work network (we dont have enough pc's to run a dedicated server) so all of my colleagues pcs wont work if this one isnt working (as this pc is my backup plan in the event that my usual desktop ever goes wrong!!!)

It should only be the fileserver for a couple more days and my new pc will be back in business. Whilst I am talking about this, I paid for a subscription for full malwarebytes on my normal work PC, My normal hardware guys have pretty much told me that the motherboard & PC has fried (we had a power spike which jumped our surge protection) So I will need a new pc, will i be able to transfer the package over to my new pc as i only paid for it a few months ago???

Also as soon as it was installed it appeared to be bringing up threats almost every minute (even if I wasnt browsing the net) almost to the point that I thought it was not far from a false positive!!!!

Link to post
Share on other sites

will i be able to transfer the package over to my new pc as i only paid for it a few months ago???
Yes if you have the registration information, etc Key Code

OK.

Are you letting Windows control the adaptor?

You could also try uninstalling the wireless adaptor, restart and let windows reinstall it.

Link to post
Share on other sites

sorry for delay in writing back, the laptop has crashed twice, upon restarting the pc it black screened, i removed the battery and left off for 15 minutes it rebooted, then crashed, fingers crossed this time it will stay on without crashing

This has not happened prior to today, any ideas what could be causing this problem

Incidentally upon restart, the message after the initial BIOS screen (which auto clears after 2 seconds that only came after installing combofix) still occurs

That link you sent does not work (Content not found); I assume that windows controls the wireless as i have no knowledge of it working any differently

Oh yes and by the way, thanks for all our help so far it is much appreciated

Link to post
Share on other sites

This has not happened prior to today, any ideas what could be causing this problem
Well it did have a nasty RootKit infection.
Incidentally upon restart, the message after the initial BIOS screen (which auto clears after 2 seconds that only came after installing combofix) still occurs
That's the Recovery Console if you ever need it.
That link you sent does not work (Content not found); I assume that windows controls the wireless as i have no knowledge of it working any differently
I've seen Dell laptops try to use Dell software to manage it.

You could try this for the wireless

To open Device Manager, click Start, and then click Control Panel. Click Performance and Maintenance, and then click System. On the Hardware tab, click Device Manager.

Under Network Adaptors or Wireless Adaptors, right click on it and select uninstall.

Reboot and let windows re-install it.

Link to post
Share on other sites

I've just decided that i think the battery may be a bit dodgy, hence the shutdowns!!! so I will order a new one tomorrow

The wireless thing seems to have resolved itself now, so I will leave it for the time being

If I have any further problems I will come back to you tomorrow as its bed time now!!! Thanks for all your help

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.