... haaalp!
Posted on 12/23/2011 11:13:55 AM PST by GeronL
... haaalp!
not physical...all settings and data
combofix destroyed the virus and some other stuff too. ugh
I don’t know if I trust Combofix right now.
That is a tiny hole!
I guess I’ll look into those driver thingies, but I think the virus messed with the Network Map/Network Drive for some reason.
One thing people forget to do after getting their machine back to normal is to clean out their system restore and create a new restore point. Some junk can still be hiding in there. I do it occasionally a part of my system maintenance after running all clean up utilities. Makes my drive run a little faster.
For XP;
http://support.microsoft.com/kb/310405
Win 7, Vista
http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/
Turn restore off, exit process then go back in and turn on. Go into system restore through all programs and create a new restore point. Do not restart before doing this.
I think Combofix now does that for us. Still, I need to repair the damage that was left behind.
At first the icon says its working but if I tell it to find a connection it then says it can't. Actually it finds it and tries but it can't get beyond "Acquiring" it.
The expunged virus seems to have done some damage to the Network Map thingy. Whatever that is.
I have no idea what this means, is this something the virus did?
Meanwhile if I use the "diagnose" thing on the browser it tells me this computer is part of a domain. What the heck does that mean? How do I change that?
http://microsoft.mailarchive.ca/internetexplorer.general/2009-12/0206.html
These address a very similar problem
Were you able to download the link to the EeePC manual I gave you in #71? It tells you how to set up a new wireless connection. You might also try disconnecting from the networked drive.
Other than that, I have no idea. I have a EeePC that I’ve been using for quite a while, but it has Xandros Linux on it. It the past when I’ve had problems, I just F9 it when it starts up and do a fresh install. The only problem with that is I loose my bookmarks,and any previous updates or personal files that are not backed up.
This is not just a wireless problem, I also tried a wired connection and it didn’t work either. Something is fouled up somewhere.
Here is the Compufix log....
do you see anything that might explain the network drive/ network map problem?
...........................
ComboFix 11-12-23.01 - ambperez1 12/23/2011 17:40:54.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1590 [GMT -6:00]
Running from: c:\documents and settings\ambperez1\Desktop\ComboFix.exe
AV: Panda Security for Desktops *Enabled/Updated* {208F4477-D1F0-411A-8D21-0367EC0D3D43}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\Printkey2000.exe
c:\documents and settings\All Users\UNWISE.EXE
c:\documents and settings\ambperez1\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\windows\$NtUninstallKB31836$
c:\windows\$NtUninstallKB31836$\1425161117
c:\windows\$NtUninstallKB31836$\2774063364\@
c:\windows\$NtUninstallKB31836$\2774063364\bckfg.tmp
c:\windows\$NtUninstallKB31836$\2774063364\cfg.ini
c:\windows\$NtUninstallKB31836$\2774063364\Desktop.ini
c:\windows\$NtUninstallKB31836$\2774063364\keywords
c:\windows\$NtUninstallKB31836$\2774063364\kwrd.dll
c:\windows\$NtUninstallKB31836$\2774063364\L\ckquoncx
c:\windows\$NtUninstallKB31836$\2774063364\lsflt7.ver
c:\windows\$NtUninstallKB31836$\2774063364\U\00000001.@
c:\windows\$NtUninstallKB31836$\2774063364\U\00000002.@
c:\windows\$NtUninstallKB31836$\2774063364\U\00000004.@
c:\windows\$NtUninstallKB31836$\2774063364\U\80000000.@
c:\windows\$NtUninstallKB31836$\2774063364\U\80000004.@
c:\windows\$NtUninstallKB31836$\2774063364\U\80000032.@
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\oobe\isperror
c:\windows\system32\oobe\isperror\ispcnerr.htm
c:\windows\system32\oobe\isperror\ispdtone.htm
c:\windows\system32\oobe\isperror\isphdshk.htm
c:\windows\system32\oobe\isperror\ispins.htm
c:\windows\system32\oobe\isperror\ispnoanw.htm
c:\windows\system32\oobe\isperror\isppberr.htm
c:\windows\system32\oobe\isperror\ispphbsy.htm
c:\windows\system32\oobe\isperror\ispsbusy.htm
c:\windows\system32\PowerToyReadme.htm
.
.
((((((((((((((((((((((((( Files Created from 2011-11-23 to 2011-12-23 )))))))))))))))))))))))))))))))
.
.
2011-12-23 19:42 . 2011-12-23 19:42 ———— d-——w- c:\documents and settings\ambperez1\Application Data\Malwarebytes
2011-12-23 19:41 . 2011-12-23 19:41 ———— d-——w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-23 19:41 . 2011-08-31 23:00 22216 ——a-w- c:\windows\system32\drivers\mbam.sys
2011-12-23 19:41 . 2011-12-23 19:41 ———— d-——w- c:\program files\Malwarebytes’ Anti-Malware
2011-12-23 19:28 . 2011-12-23 19:28 1297 ——a-w- c:\windows\WinXP_EXE_Fix.reg
2011-12-23 18:01 . 2011-12-23 23:56 58288 ——a-w- c:\windows\system32\rpcnet.dll
2011-12-23 04:39 . 2011-12-23 04:39 ———— d-sh—w- c:\documents and settings\NetworkService\IETldCache
2011-12-20 01:44 . 2011-12-20 01:44 159744 ——a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-12-20 01:44 . 2011-12-20 01:44 159744 ——a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-12-20 01:44 . 2011-12-20 01:44 159744 ——a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-12-20 01:44 . 2011-12-20 01:44 159744 ——a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-12-20 01:44 . 2011-12-20 01:44 159744 ——a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-12-20 01:44 . 2011-12-20 01:44 159744 ——a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-12-20 01:44 . 2011-12-20 01:44 159744 ——a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-12-20 01:43 . 2011-12-20 01:44 ———— d-——w- c:\program files\QuickTime
2011-12-20 01:39 . 2011-12-20 01:39 ———— d-——w- c:\program files\Apple Software Update
2011-12-20 01:39 . 2011-12-20 01:39 ———— d-——w- c:\documents and settings\ambperez1\Local Settings\Application Data\Apple
2011-12-18 21:05 . 2011-12-18 21:05 ———— d-——w- c:\program files\HP
2011-12-18 21:05 . 2011-12-18 21:05 ———— d-——w- c:\documents and settings\ambperez1\Local Settings\Application Data\HP
2011-12-11 20:31 . 2011-12-16 02:47 ———— d-——w- c:\documents and settings\ambperez1\Local Settings\Application Data\WMTools Downloaded Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-23 23:56 . 2011-05-23 14:14 17408 ——a-w- c:\windows\system32\rpcnetp.exe
2011-12-21 17:50 . 2011-03-30 14:52 2401 ——a-w- c:\windows\system32\drivers\AlKernel.sys
2011-11-23 13:25 . 2004-08-04 12:00 1859584 ——a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2004-08-04 12:00 916992 ——a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 12:00 43520 ——a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 12:00 1469440 ———w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 12:00 385024 ——a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-04 12:00 1288704 ——a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 12:00 33280 ——a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-04 12:00 2148864 ——a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ——a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 20:29 . 2011-10-24 20:29 94208 ——a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ——a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13 . 2004-08-04 12:00 186880 ——a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2011-03-25 18:19 692736 ——a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-04 12:00 599040 ——a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 00:59 611328 ——a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2004-08-04 12:00 220160 ——a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2004-08-04 12:00 20480 ——a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“QuickTime Task”=”c:\program files\QuickTime\QTTask.exe” [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Panda Controller Client”=”c:\program files\Panda Software\AVTC\PSCtrlC.exe” [2010-07-16 152896]
“SoundMAXPnP”=”c:\program files\Analog Devices\Core\smax4pnp.exe” [2011-05-11 1404928]
“SunJavaUpdateSched”=”c:\program files\Common Files\Java\Java Update\jusched.exe” [2010-10-29 249064]
“iTunesHelper”=”c:\program files\iTunes\iTunesHelper.exe” [2011-03-07 421160]
“Synchronization Manager”=”c:\windows\system32\mobsync.exe” [2008-04-14 143360]
“SigmatelSysTrayApp”=”c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe” [2011-06-13 405504]
“IgfxTray”=”c:\windows\system32\igfxtray.exe” [2011-06-13 141848]
“HotKeysCmds”=”c:\windows\system32\hkcmd.exe” [2011-06-13 166424]
“Persistence”=”c:\windows\system32\igfxpers.exe” [2011-06-13 137752]
“RTHDCPL”=”RTHDCPL.EXE” [2011-06-13 18665472]
“SynTPEnh”=”c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2011-06-13 1557800]
“Adobe ARM”=”c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2011-06-06 937920]
“Microsoft Default Manager”=”c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe” [2010-05-10 439568]
“APSDaemon”=”c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe” [2011-09-27 59240]
“QuickTime Task”=”c:\program files\QuickTime\QTTask.exe” [2011-10-24 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=”c:\windows\system32\ctfmon.exe” [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
“NoWelcomeScreen”= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1473211531-2078425850-619646970-203363\Scripts\Logon\0\0]
“Script”=InternetExplorerLocalSites.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@=”Service”
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=”Driver”
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
“FirewallOverride”=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
“DisableNotifications”= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“c:\program files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe”= c:\program files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Program Files\\Rosetta Stone\\Rosetta Stone Network Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe”=
“c:\\Program Files\\Rosetta Stone\\Rosetta Stone Network Version 3\\RosettaStoneNetworkVersion3.exe”=
“c:\\Program Files\\Java\\j2re1.4.1_03\\bin\\javaw.exe”=
“c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe”=
.
R0 atiide;ATI SATA Controller IDE mode;c:\windows\system32\drivers\atiide.sys [3/30/2011 12:07 PM 3456]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [3/25/2011 12:56 PM 37448]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [3/25/2011 12:57 PM 59080]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [3/25/2011 12:56 PM 163848]
R2 PskSvc;Panda Kernel Service;c:\program files\Panda Software\AVTC\psksvc.exe [3/25/2011 12:57 PM 27968]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [3/30/2011 11:50 AM 1334240]
S0 nupfqyaa;nupfqyaa;c:\windows\system32\drivers\jibrge.sys —> c:\windows\system32\drivers\jibrge.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2011 10:54 AM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/30/2011 12:21 PM 1684736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2011 10:54 AM 136176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
-— Other Services/Drivers In Memory -—
.
*Deregistered* - amd_ahci
.
Contents of the ‘Scheduled Tasks’ folder
.
2011-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-19 16:54]
.
2011-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-19 16:54]
.
.
-——— Supplementary Scan -———
.
uStart Page = hxxp://www.irvingisd.net
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:1105/Intro/init.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-HDMI - c:\windows\system32\igxpun.exe
AddRemove-TI-83 Plus Flash Debugger - c:\docume~1\ALLUSE~1\UNWISE.EXE
AddRemove-UIU - c:\program files\UIU\uninstallnet.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-23 17:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
-—————————— DLLs Loaded Under Running Processes -——————————
.
- - - - - - - > ‘explorer.exe’(724)
c:\windows\system32\WININET.dll
c:\program files\Panda Software\AVTC\PavOEPl.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
———————————— Other Running Processes ————————————
.
c:\program files\Panda Software\AVTC\PavSrvX86.exe
c:\program files\Panda Software\AVTC\AVENGINE.EXE
c:\program files\Altiris\AClient\AClient.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Panda Software\AVTC\PsCtrlS.exe
c:\program files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
c:\program files\Panda Software\Panda Administrator 3\Pav_Agent\pagentwd.exe
c:\program files\Common Files\Panda Software\PavShld\pavprsrv.exe
c:\program files\Panda Software\AVTC\PSKMsSvc.exe
c:\program files\Panda Software\AVTC\PsImSvc.exe
c:\windows\system32\rpcnet.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Panda Software\Panda Administrator 3\BoxInfo\boxinfo.exe
.
**************************************************************************
.
Completion time: 2011-12-23 18:01:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-24 00:01
.
Pre-Run: 139,088,076,800 bytes free
Post-Run: 140,841,926,656 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=”Microsoft Windows Recovery Console” /cmdcons
UnsupportedDebug=”do not select this” /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional” /noexecute=optin /fastdetect
.
- - End Of File - - DE2E3E74616CE1554AFD3C913D6C4AD1
Am certain someone will spot the broken strand causing nonconnectivity.In one wifi glitch we installed a hard line but apparently your virus and various tools have disrupted something.
Here is a site--which may be in the 92 posts I've read--which offers various tools and advice, all seeming useful:
Removal instructions for ping.exe
This is posted by a guy with 55,000 posts on these tech matters. Wouldn't we all like to talk to somebody like this.
I'll poke around.
Just remember: Never give up. Never surrender.
I could never figure out how to manage windows....properly.
It did nothing like the mainframe OS that I worked so much with.
My computer became infected with the Vista Security 2012 virus so I used rkill to stop it then wiped it with MBAM. After restarting my computer I was unable to access the internet. I noticed that I had ping.exe so I ran ComboFix to remove it, however I still cannot access the internet. My computer will connect to the local network but not the internet. Link to previous post as requested. http://www.bleepingcomputer.com/forums/topic434356.html
I’m wondering if the virus/malware might have messed-up your Panda Security somehow. If I recall, Panda has a unique way of filtering/scanning internet traffic through your computer. Is there some way you could reinstall Panda? Malwarebytes might be interfering as well.
You could also try disabling the Panda firewall and just use the Windows firewall - then see if you can connect. (Also make sure you don’t have BOTH the Windows and Panda firewall running at the same time.)
This is one of those problems I’ve solved several times, but it took so long I forgot how I did it. I forgot to tell you to first go to the device manager and make sure the virus didn’t disable any network adapters.
Glad it worked - when Malware Bytes (run in safe mode) catches anything it should be run another 3 times to pick up stragglers... there’s some nasty stuff out there...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.