Wireless disabled due to Virus

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: Wireless disabled due to Virus

Post by dhiobst on Thu Jun 11, 2009 10:05 pm

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@DACL=(02 0000)
@="Wireless"
"ProcessGroupPolicy"="ProcessWIRELESSPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@DACL=(02 0000)
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=expand:"fdeploy.dll"
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@DACL=(02 0000)
@="QoS Packet Scheduler"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@DACL=(02 0000)
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"
"NoSlowLink"=dword:00000001
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3051"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3014"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@DACL=(02 0000)
@="IP Security"
"ProcessGroupPolicy"="ProcessIPSECPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!saswinlogon]
@DACL=(02 0000)
"DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.dll"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
@DACL=(02 0000)
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
@DACL=(02 0000)
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
@DACL=(02 0000)
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=expand:"sclgntfy.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
@DACL=(02 0000)
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\HPQ\shared\HPQTOA~1.EXE
.
**************************************************************************
.
Completion time: 2009-06-11 17:59 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-11 21:59
ComboFix2.txt 2009-06-11 19:49

Pre-Run: 32,167,411,712 bytes free
Post-Run: 32,143,208,448 bytes free

579 --- E O F --- 2009-06-04 13:06

dhiobst
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2009-06-08
OS : xp

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by Belahzur on Thu Jun 11, 2009 10:11 pm

Hello.
Can you get online now? that patched file is replaced now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by dhiobst on Fri Jun 12, 2009 2:08 pm

no network connections are found, my wileless network card is still showing code 39 error.

dhiobst
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2009-06-08
OS : xp

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by Belahzur on Fri Jun 12, 2009 2:14 pm

Okay, re-run the SystemLook script we did, I want to see if there is any changes, I think something has interfered.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by dhiobst on Fri Jun 12, 2009 7:57 pm

SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 15:55 on 12/06/2009 by david (Administrator - Elevation successful)

========== filefind ==========

Searching for "ws2_32.dll"
C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2_32.dll ------ 82432 bytes [17:55 21/09/2008] [00:12 14/04/2008] 2CCC474EB85CEAA3E1FA1726580A3E5A
C:\WINDOWS\system32\dllcache\ws2_32.dll --a--- 82944 bytes [22:27 02/06/2009] [07:00 10/08/2004] 2ED0B7F12A60F90092081C50FA0EC2B2
C:\WINDOWS\system32\ws2_32.dll --a--- 82944 bytes [15:00 10/08/2004] [07:00 10/08/2004] 2ED0B7F12A60F90092081C50FA0EC2B2

-=End Of File=-

dhiobst
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2009-06-08
OS : xp

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by Belahzur on Fri Jun 12, 2009 8:06 pm

Hello.
I suspect something got in the way here, Windows File Protection (WFP) most likely.

We may need to do this manually. We'll try the CFScript one more time. Run Combofix normally again, no script this time.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by dhiobst on Fri Jun 12, 2009 8:51 pm

ComboFix 09-06-07.05 - david 06/12/2009 16:42.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.615 [GMT -4:00]
Running from: G:\ComboFix1.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-05-12 to 2009-06-12 )))))))))))))))))))))))))))))))
.

2009-06-11 19:42 . 2004-08-10 15:00 39424 ----a-w- c:\windows\system32\grpconv.exe
2009-06-11 19:42 . 2004-08-10 15:00 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe
2009-06-10 16:25 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-10 16:25 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-10 16:25 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-10 16:25 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-10 16:25 . 2009-06-10 16:25 -------- d-----w- c:\program files\Avira
2009-06-10 16:25 . 2009-06-10 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-09 17:19 . 2009-06-09 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-09 17:19 . 2009-06-09 17:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-09 17:19 . 2009-06-09 17:19 -------- d-----w- c:\documents and settings\david\Application Data\Sonic
2009-06-09 17:19 . 2009-06-09 17:19 -------- d-----w- c:\documents and settings\david\Application Data\PC Tools
2009-06-09 17:18 . 2009-06-09 17:18 -------- d-----w- c:\program files\Common Files\BitDefender
2009-06-09 17:18 . 2009-06-09 17:18 -------- d-----w- C:\4304f949750ce894fde4cc20
2009-06-08 17:11 . 2004-08-10 15:00 4096 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
2009-06-08 13:46 . 2009-06-08 13:46 -------- d-----w- c:\documents and settings\david\Application Data\Malwarebytes
2009-06-08 13:46 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-08 13:46 . 2009-06-08 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-08 13:46 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-08 13:46 . 2009-06-09 17:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-08 12:53 . 2009-06-12 19:48 117760 ----a-w- c:\documents and settings\david\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-08 12:52 . 2009-06-09 17:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-08 12:52 . 2009-06-08 12:52 -------- d-----w- c:\documents and settings\david\Application Data\SUPERAntiSpyware.com
2009-06-08 12:51 . 2009-06-08 12:51 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-06-05 13:43 . 2009-06-05 13:43 -------- d-----w- c:\documents and settings\david\Application Data\MSNInstaller
2009-06-05 00:21 . 2009-06-05 00:21 -------- d-----w- c:\documents and settings\david\Application Data\Leadertech
2009-06-04 23:31 . 2008-06-11 01:22 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys
2009-06-04 23:31 . 2008-06-02 19:19 29576 ----a-w- c:\windows\system32\drivers\kcom.sys
2009-06-04 23:31 . 2008-06-02 19:19 42376 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2009-06-04 23:31 . 2008-06-02 19:19 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys
2009-06-04 23:30 . 2009-06-09 17:19 -------- d-----w- c:\program files\Spyware Doctor
2009-06-04 14:01 . 2004-05-11 13:56 423784 ----a-w- c:\windows\system32\XceedBkp.dll
2009-06-04 14:01 . 2003-11-19 17:59 512688 ----a-w- c:\windows\system32\XceedCry.dll
2009-06-04 14:01 . 2000-07-15 09:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-06-03 14:03 . 2009-06-09 17:18 -------- d-----w- C:\AV-CLS
2009-06-03 13:45 . 2009-06-12 19:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-03 13:22 . 2009-06-03 13:22 -------- d-----w- c:\program files\Enigma Software Group
2009-06-02 22:27 . 2004-08-10 07:00 82944 ----a-w- c:\windows\system32\dllcache\ws2_32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-11 19:37 . 2006-08-29 08:20 -------- d-----w- c:\documents and settings\david\Application Data\U3
2009-06-10 15:56 . 2006-04-13 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-09 17:18 . 2006-09-23 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-06-09 17:18 . 2006-09-23 02:08 -------- d-----w- c:\program files\NVIDIA Corporation
2009-06-09 17:18 . 2006-09-20 02:40 -------- d-----w- c:\documents and settings\david\Application Data\Aim
2009-06-09 17:18 . 2006-09-20 02:38 -------- d-----w- c:\program files\AIM
2009-06-09 17:18 . 2006-10-28 02:45 -------- d-----w- c:\program files\DivX
2009-06-09 17:18 . 2007-08-15 03:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-04 18:53 . 2006-04-13 13:56 110416 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-04 15:35 . 2006-04-13 13:44 -------- d-----w- c:\program files\Quickensetup
2009-06-04 15:35 . 2006-04-13 13:17 -------- d-----w- c:\program files\Microsoft Works
2009-06-04 14:29 . 2008-11-04 16:19 -------- d-----w- c:\documents and settings\david\Application Data\GetRightToGo
2009-06-04 13:48 . 2006-04-13 12:47 -------- d-----w- c:\program files\HPQ
2009-06-04 11:42 . 2007-08-15 03:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-02 21:52 . 2006-10-27 02:30 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-31 01:41 . 2008-09-29 01:16 -------- d-----w- c:\documents and settings\amanda\Application Data\U3
2006-10-28 03:10 . 2006-10-28 03:10 56 --sh--r- c:\windows\system32\260588ACD5.sys
2006-10-28 03:10 . 2006-10-28 03:10 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-10 15:00 . 2004-08-10 07:00 82944 c:\windows\system32\ws2_32.dll
- 2004-08-10 15:00 . 2004-08-10 15:00 82944 c:\windows\system32\ws2_32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-04 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-03-14 257088]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-07-16 1166216]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-04 68856]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/10/2009 12:25 PM 108289]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2/10/2007 6:29 AM 29178224]
R2 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/4/2009 7:30 PM 356920]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 5:06 AM 231424]
R3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.

dhiobst
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2009-06-08
OS : xp

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by dhiobst on Fri Jun 12, 2009 8:51 pm

------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = yahoo.com/
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-12 16:44
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????h????????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@DACL=(02 0000)
@="Wireless"
"ProcessGroupPolicy"="ProcessWIRELESSPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@DACL=(02 0000)
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=expand:"fdeploy.dll"
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@DACL=(02 0000)
@="QoS Packet Scheduler"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@DACL=(02 0000)
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"
"NoSlowLink"=dword:00000001
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3051"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3014"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@DACL=(02 0000)
@="IP Security"
"ProcessGroupPolicy"="ProcessIPSECPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!saswinlogon]
@DACL=(02 0000)
"DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.dll"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000

dhiobst
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2009-06-08
OS : xp

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by dhiobst on Fri Jun 12, 2009 8:52 pm

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
@DACL=(02 0000)
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
@DACL=(02 0000)
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
@DACL=(02 0000)
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=expand:"sclgntfy.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
@DACL=(02 0000)
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
Completion time: 2009-06-12 16:46
ComboFix-quarantined-files.txt 2009-06-12 20:46
ComboFix2.txt 2009-06-11 21:59
ComboFix3.txt 2009-06-11 19:49

Pre-Run: 32,169,111,552 bytes free
Post-Run: 32,145,948,672 bytes free

397 --- E O F --- 2009-06-04 13:06

dhiobst
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2009-06-08
OS : xp

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by dhiobst on Fri Jun 12, 2009 8:54 pm

I was not able to install the recovery consule doe to not having internet access, would this make a difference? Is there a way to install it into another computer, then download it? Thanks Again

dhiobst
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2009-06-08
OS : xp

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by Belahzur on Fri Jun 12, 2009 9:05 pm

Looks like were gonna have to do this manually.


  1. Open My Computer.
  2. Go to Tools > Folder Options.
  3. Select the View tab.
  4. Scroll down to Hidden files and folders.
  5. Select Show hidden files and folders.
  6. Uncheck (untick) Hide extensions of known file types.
  7. Uncheck (untick) Hide protected operating system files (Recommended).
  8. Uncheck (untick) Hide extensions for known file types
  9. Click Yes when prompted.
  10. Click OK.
  11. Close My Computer.


Now locate the following file in bold:
C:\WINDOWS\system32\dllcache\ws2_32.dll

Right click it, select RENAME. Now add a .old extension onto the end, so it's now called ws2_32.dll.old

Make sure you rename the one in dllcache before continuing, otherwise the WFP will interfere again.

Now do the same for this file in bold:
C:\WINDOWS\system32\ws2_32.dll

Does a new ws2_32.dll appear next to it?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by dhiobst on Fri Jun 12, 2009 10:03 pm

hidden files and folders
6.Uncheck (untick) Hide extensions of known file types.
7.Uncheck (untick) Hide protected operating system files (Recommended).
8.Uncheck (untick) Hide extensions for known file types
where successfully unchecked, just want to point out that 6. and 8. where the same command.

After renaming file: C:\WINDOWS\system32\ws2_32.dll to C:\WINDOWS\system32\ws2_32.dll.old Then performing a new search in folders/files results shows both files present. Both files were still created on 8/10/2004 at 3:00am. the original displays file type: Application extension while the C:\WINDOWS\system32\ws2_32.dll.old file type is Old File. i also renamed C:\WINDOWS\system32\ws2_32.dll.old in dllcache

dhiobst
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2009-06-08
OS : xp

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by Belahzur on Fri Jun 12, 2009 10:11 pm

Hello.
When you renamed the ws2_32.dll in system32, I take your post as another copy appeared right next to it?

If so, what file size does the new copy show? 82944? or 82432?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by dhiobst on Fri Jun 12, 2009 10:38 pm

when i changed file names a new copy did not post. I had to search files and folders for original it is size 82,944

dhiobst
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2009-06-08
OS : xp

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by Belahzur on Fri Jun 12, 2009 10:41 pm

Okay, you'll need to get a clean copy yourself.

Locate this file in bold:
C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2_32.dll

When you find it, right click, select COPY (DO NOT Cut it).
Then go back to the system32 folder, and paste it in there.

So now in the system32 folder, there should be a ws2_32.dll and ws2_32.dll.old.

Now re-run a search for the same file again using SystemLook. It should find the clean copy back in system32, and the infected .old copy in system32.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by dhiobst on Sat Jun 13, 2009 12:24 am

I am attempting to past the file into system32 folder however, it comes up with an error saying "ws2_32: It is being used by another person or program. What program might be blocking the transfer? Can I disable the program? Thanks

dhiobst
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2009-06-08
OS : xp

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by Belahzur on Sat Jun 13, 2009 12:25 am

Try doing it in safe mode. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by dhiobst on Sat Jun 13, 2009 12:46 am

failed. still the same response, would it make a difference if i have two user accounts on the computer?

dhiobst
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2009-06-08
OS : xp

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by dhiobst on Sat Jun 13, 2009 1:21 am

kind of ran into another problem, i disabled all processes and programs in safe mode, thinking that it would work then, well now in safe mode the only screen that displays is cmd.exe

dhiobst
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2009-06-08
OS : xp

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by Belahzur on Sat Jun 13, 2009 1:26 pm

What exactly did you disable? you've probably caused even more damage now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by dhiobst on Sat Jun 13, 2009 2:20 pm

ok, i have restored the computer to normal operation. is there certain programs that i can disable in safe mode to stop ws2_32.dll from running, while i transfer the file?

dhiobst
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2009-06-08
OS : xp

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by Belahzur on Sat Jun 13, 2009 2:23 pm

I have a new plan.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
c:\windows\system32\dllcache\ws2_32.dll

FCOPY::
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2_32.dll | c:\windows\system32\ws2_32.dll
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2_32.dll | c:\windows\system32\dllcache\ws2_32.dll

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by dhiobst on Sat Jun 13, 2009 2:57 pm

ComboFix 09-06-11.05 - david 06/13/2009 10:39.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.490 [GMT -4:00]
Running from: G:\ComboFix.exe
Command switches used :: G:\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\system32\dllcache\ws2_32.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\dllcache\ws2_32.dll

.
--------------- FCopy ---------------

c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2_32.dll --> c:\windows\system32\ws2_32.dll
c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2_32.dll --> c:\windows\system32\dllcache\ws2_32.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-06-11 19:42 . 2004-08-10 15:00 39424 ----a-w- c:\windows\system32\grpconv.exe
2009-06-11 19:42 . 2004-08-10 15:00 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe
2009-06-10 16:25 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-10 16:25 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-10 16:25 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-10 16:25 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-10 16:25 . 2009-06-10 16:25 -------- d-----w- c:\program files\Avira
2009-06-10 16:25 . 2009-06-10 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-09 17:19 . 2009-06-09 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-09 17:19 . 2009-06-09 17:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-09 17:19 . 2009-06-09 17:19 -------- d-----w- c:\documents and settings\david\Application Data\Sonic
2009-06-09 17:19 . 2009-06-09 17:19 -------- d-----w- c:\documents and settings\david\Application Data\PC Tools
2009-06-09 17:18 . 2009-06-09 17:18 -------- d-----w- c:\program files\Common Files\BitDefender
2009-06-09 17:18 . 2009-06-09 17:18 -------- d-----w- C:\4304f949750ce894fde4cc20
2009-06-08 17:11 . 2004-08-10 15:00 4096 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
2009-06-08 13:46 . 2009-06-08 13:46 -------- d-----w- c:\documents and settings\david\Application Data\Malwarebytes
2009-06-08 13:46 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-08 13:46 . 2009-06-08 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-08 13:46 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-08 13:46 . 2009-06-09 17:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-08 12:53 . 2009-06-13 14:44 117760 ----a-w- c:\documents and settings\david\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-08 12:52 . 2009-06-09 17:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-08 12:52 . 2009-06-08 12:52 -------- d-----w- c:\documents and settings\david\Application Data\SUPERAntiSpyware.com
2009-06-08 12:51 . 2009-06-08 12:51 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-06-05 13:43 . 2009-06-05 13:43 -------- d-----w- c:\documents and settings\david\Application Data\MSNInstaller
2009-06-05 00:21 . 2009-06-05 00:21 -------- d-----w- c:\documents and settings\david\Application Data\Leadertech
2009-06-04 23:31 . 2008-06-11 01:22 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys
2009-06-04 23:31 . 2008-06-02 19:19 29576 ----a-w- c:\windows\system32\drivers\kcom.sys
2009-06-04 23:31 . 2008-06-02 19:19 42376 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2009-06-04 23:31 . 2008-06-02 19:19 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys
2009-06-04 23:30 . 2009-06-09 17:19 -------- d-----w- c:\program files\Spyware Doctor
2009-06-04 14:01 . 2004-05-11 13:56 423784 ----a-w- c:\windows\system32\XceedBkp.dll
2009-06-04 14:01 . 2003-11-19 17:59 512688 ----a-w- c:\windows\system32\XceedCry.dll
2009-06-04 14:01 . 2000-07-15 09:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-06-03 14:03 . 2009-06-09 17:18 -------- d-----w- C:\AV-CLS
2009-06-03 13:45 . 2009-06-13 14:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-03 13:22 . 2009-06-03 13:22 -------- d-----w- c:\program files\Enigma Software Group

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-11 19:37 . 2006-08-29 08:20 -------- d-----w- c:\documents and settings\david\Application Data\U3
2009-06-10 15:56 . 2006-04-13 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-09 17:18 . 2006-09-23 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-06-09 17:18 . 2006-09-23 02:08 -------- d-----w- c:\program files\NVIDIA Corporation
2009-06-09 17:18 . 2006-09-20 02:40 -------- d-----w- c:\documents and settings\david\Application Data\Aim
2009-06-09 17:18 . 2006-09-20 02:38 -------- d-----w- c:\program files\AIM
2009-06-09 17:18 . 2006-10-28 02:45 -------- d-----w- c:\program files\DivX
2009-06-09 17:18 . 2007-08-15 03:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-04 18:53 . 2006-04-13 13:56 110416 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-04 15:35 . 2006-04-13 13:44 -------- d-----w- c:\program files\Quickensetup
2009-06-04 15:35 . 2006-04-13 13:17 -------- d-----w- c:\program files\Microsoft Works
2009-06-04 14:29 . 2008-11-04 16:19 -------- d-----w- c:\documents and settings\david\Application Data\GetRightToGo
2009-06-04 13:48 . 2006-04-13 12:47 -------- d-----w- c:\program files\HPQ
2009-06-04 11:42 . 2007-08-15 03:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-02 21:52 . 2006-10-27 02:30 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-31 01:41 . 2008-09-29 01:16 -------- d-----w- c:\documents and settings\amanda\Application Data\U3
2006-10-28 03:10 . 2006-10-28 03:10 56 --sh--r- c:\windows\system32\260588ACD5.sys
2006-10-28 03:10 . 2006-10-28 03:10 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-04 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-03-14 257088]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-07-16 1166216]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-04 68856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/10/2009 12:25 PM 108289]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2/10/2007 6:29 AM 29178224]
R2 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/4/2009 7:30 PM 356920]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 5:06 AM 231424]
R3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_06\bin\jusched.exe
HKLM-Run-QPService - c:\program files\HP\QuickPlay\QPService.exe
HKLM-Run-eabconfg.cpl - c:\program files\HPQ\Quick Launch Buttons\EabServr.exe
HKLM-Run-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = yahoo.com/
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-13 10:44
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????L????|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

dhiobst
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2009-06-08
OS : xp

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by dhiobst on Sat Jun 13, 2009 2:57 pm

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@DACL=(02 0000)
@="Wireless"
"ProcessGroupPolicy"="ProcessWIRELESSPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@DACL=(02 0000)
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=expand:"fdeploy.dll"
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@DACL=(02 0000)
@="QoS Packet Scheduler"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@DACL=(02 0000)
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"
"NoSlowLink"=dword:00000001
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3051"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3014"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@DACL=(02 0000)
@="IP Security"
"ProcessGroupPolicy"="ProcessIPSECPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!saswinlogon]
@DACL=(02 0000)
"DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.dll"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
@DACL=(02 0000)
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
@DACL=(02 0000)
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
@DACL=(02 0000)
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=expand:"sclgntfy.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
@DACL=(02 0000)
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\dllhost.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\HPQ\shared\HPQTOA~1.EXE
.
**************************************************************************
.
Completion time: 2009-06-13 10:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-13 14:47
ComboFix2.txt 2009-06-12 20:46
ComboFix3.txt 2009-06-11 21:59
ComboFix4.txt 2009-06-11 19:49

Pre-Run: 36,355,858,432 bytes free
Post-Run: 36,334,059,520 bytes free

430 --- E O F --- 2009-06-04 13:06

dhiobst
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2009-06-08
OS : xp

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by Belahzur on Sat Jun 13, 2009 3:54 pm

Okay, re-run the SystemLook script, the dllcache copy of it is gone, but then replaced again.
Lets see if that helped any.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by dhiobst on Sat Jun 13, 2009 7:51 pm

SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 15:50 on 13/06/2009 by david (Administrator - Elevation successful)

========== filefind ==========

Searching for "ws2_32.dll"
C:\Documents and Settings\david\Desktop\ws2_32.dll --a--- 82432 bytes [00:10 13/06/2009] [00:12 14/04/2008] 2CCC474EB85CEAA3E1FA1726580A3E5A
C:\Qoobox\Quarantine\C\WINDOWS\system32\dllcache\ws2_32.dll --a--- 82432 bytes [00:05 13/06/2009] [00:12 14/04/2008] 2CCC474EB85CEAA3E1FA1726580A3E5A
C:\Qoobox\Quarantine\C\WINDOWS\system32\ws2_32.dll --a--- 82432 bytes [00:05 13/06/2009] [00:12 14/04/2008] 2CCC474EB85CEAA3E1FA1726580A3E5A
C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2_32.dll ------ 82432 bytes [17:55 21/09/2008] [00:12 14/04/2008] 2CCC474EB85CEAA3E1FA1726580A3E5A
C:\WINDOWS\system32\ws2_32.dll --a--- 82944 bytes [15:00 10/08/2004] [07:00 10/08/2004] 2ED0B7F12A60F90092081C50FA0EC2B2

-=End Of File=-

dhiobst
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2009-06-08
OS : xp

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by Belahzur on Sat Jun 13, 2009 7:52 pm

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.

The log will be quite big, so I need you to upload it to rapidshare.com please.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by dhiobst on Sun Jun 14, 2009 2:11 am

[You must be registered and logged in to see this link.]
MD5: 42356A9CF49AD7FDA68128ECC9082CDE

dhiobst
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2009-06-08
OS : xp

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by Belahzur on Sun Jun 14, 2009 6:20 pm

Submit a file for analysis.

  1. Please visit this website: [You must be registered and logged in to see this link.]
  2. Press the "Browse" button and locate the following file in bold:
    C:\WINDOWS\system32\ws2_32.dll
  3. Press the "Submit File button to submit the file for analysis.
  4. Allow it to be scanned, it could take a few minutes depending on server load.
  5. Copy and paste the result back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by dhiobst on Sun Jun 14, 2009 10:11 pm

Hi,
Is there any scan tool that i can download, i do not have internet access to use an online scan tool?

dhiobst
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2009-06-08
OS : xp

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by Belahzur on Sun Jun 14, 2009 10:24 pm

Can you zip a copy of the file and transfer it to another machine with working internet? then unzip it and run the online scan?

Could also try Winsock XP Fix, download and run:
[You must be registered and logged in to see this link.]

Press fix, then reboot.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by dhiobst on Mon Jun 15, 2009 1:53 pm

Jotti's Malware Scanner found no infections.
Winsock XP Fix did not fix the problem. However,

Back to Performing a a new ws2_32.dll manually i had some success. I am able to move the clean file to system32 successfully in safe mode.


SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 09:48 on 15/06/2009 by david (Administrator - Elevation successful)

========== filefind ==========

Searching for "ws2_32.dll"
C:\I386\SYSTEM32\ws2_32.dll --a--- 82432 bytes [05:09 15/06/2009] [00:12 14/04/2008] 2CCC474EB85CEAA3E1FA1726580A3E5A
C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2_32.dll ------ 82432 bytes [17:55 21/09/2008] [00:12 14/04/2008] 2CCC474EB85CEAA3E1FA1726580A3E5A
C:\WINDOWS\system32\ws2_32.dll --a--- 82432 bytes [13:22 15/06/2009] [00:12 14/04/2008] 2CCC474EB85CEAA3E1FA1726580A3E5A

-=End Of File=-

dhiobst
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2009-06-08
OS : xp

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by Belahzur on Mon Jun 15, 2009 2:01 pm

Hooray! Well done. The patched file is gone, and there's another backup appeared.
Did you run Winsock XP Fix AFTER replacing the bad file? or BEFORE?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by dhiobst on Mon Jun 15, 2009 2:35 pm

thank you. Ran Winsock XP Fix Before fixing file. Should I run it again?

dhiobst
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2009-06-08
OS : xp

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by dhiobst on Mon Jun 15, 2009 2:36 pm

Could never have done it without your help.

dhiobst
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2009-06-08
OS : xp

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by Belahzur on Mon Jun 15, 2009 2:46 pm

Yes, because the new file is replaced, so the Winsock will need fixing again.
Run it again, then reboot to make sure it's done it's job.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by dhiobst on Mon Jun 15, 2009 4:28 pm

Tried Winsock again but did not give me internet access all network drives still show code 39

dhiobst
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2009-06-08
OS : xp

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by Belahzur on Mon Jun 15, 2009 4:52 pm

Okay, I may need to pass this onto Doc and he'll help you troubleshoot it.
Is it wireless problems?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by dhiobst on Mon Jun 15, 2009 6:00 pm

Yes, i can not access the internet through landline or wireless.
Thank you so much for all your help. It is greatly appreciated!

dhiobst
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2009-06-08
OS : xp

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by dhiobst on Tue Jun 16, 2009 11:07 pm

Hello,
Any New Ideas?

dhiobst
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2009-06-08
OS : xp

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by Belahzur on Wed Jun 17, 2009 2:23 pm

Nope, I'll ask Doc now though.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by dhiobst on Sun Jun 21, 2009 9:26 pm

Hello Doc
Do you have any ideas troubleshooting this?

dhiobst
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2009-06-08
OS : xp

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by Doctor Inferno on Mon Jun 22, 2009 3:08 pm

Hello,

Nothing I can think of. Can you try resetting your router or modem and see if it works?


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Status :
Online
Offline

Posts : 12017
Joined : 2007-12-26
Gender : Male
OS : Windows 7 Home Premium and Ultimate X64

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by dhiobst on Tue Jun 23, 2009 2:11 pm

I have tried that and had no luck. The network card is still showing code error 39.

dhiobst
Novice
Novice

Status :
Online
Offline

Posts : 40
Joined : 2009-06-08
OS : xp

View user profile

Back to top Go down

Re: Wireless disabled due to Virus

Post by Origin on Tue Jun 23, 2009 5:22 pm

Have you updated to the latest drivers?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum