Solved Laptop connects wirelessly but can't browse the Web (moved)

Frank D · 2010/03/19

[Resolved] Laptop connects wirelessly but can't browse the Web (moved)

The title pretty much says it all. The problem started a couple of days ago. We've checked for malware using AVG9, Malwarebytes AntiMalware, and Super Anti-Spyware, but everything comes up clean.

It's my friend's laptop, a Dell Inspiron 1520, purchased new at the end of 2007. He's got a Linksys N Model WRT 300N v1 router and his ISP is Comcast. He's using Windows XP with Firefox 3.5.8 and Internet Explorer 8. Both browsers show exactly the same problem: webpages start to load, the status bar says it's loading or transferring data or some other loading-type statement, but everything hangs, the window remains white, the little circle thing keeps spinning, and no webpage appears.

He can only get his e-mail by repeatedly trying and occasionally it works just long enough to download some of it. Strangely enough, we can connect with each other's PCs with no problem using TeamViewer. He just can't surf or see webpages, not even Microsoft, and can't get Windows updates.

I haven't seen any mention of this problem on this BBS, but on the web there are quite a few hits. Here is a partial list of the "fixes" (from other BBSs) we've tried, but none of them has had any effect on the problem.

http://en.kioskea.net/forum/affich-1...t-the-internet
In IE, go to TOOLS > INTERNET OPTIONS > CONNECTIONS > LAN SETTINGS. Make sure that NOTHING is checked. if it is, uncheck it. Click OK, restart IE. You should be fine now.

In FF, go to TOOLS > ADVANCED > NETWORK > CONNECTION > SETTINGS. Make sure that you have DIRECT CONNECTION TO INTERNET selected. If anything else is in there, check off the first option as I suggested and erase anything else.

======================================

http://en.kioskea.net/forum/affich-1...t-can-t-browse
Remove the following files if present:

* C:\Windows\SYSTEM32\DRIVERS\spcflt.sys
* C:\Windows\SYSTEM32\DRIVERS\spcstb.sys
* C:\Program Files\Common Files\aol\1127593350\ee\services\ver2_0_10_16\serv iceManifest.xml

Reboot, and afterwards the computer will work fine.

=====================================

http://en.kioskea.net/forum/affich-1...t-can-t-browse

Re: Im connected, but cant view websites

Post by Doctor Inferno on Sun 12 Jul 2009, 4:17 am
Hello,

Open CMD, Reset WINSOCK entries to installation defaults by typing: netsh winsock reset catalog

Reset TCP/IP stack to installation defaults by typing: netsh int ip reset reset.log

Restart your PC.

If it doesn't work, download Winsock XP Fix from here, save it to your Desktop.
http://www.snapfiles.com/get/winsockxpfix.html

Double click on the exe on your Desktop.
Press the "Fix" button, then restart again.

====================================

http://en.kioskea.net/forum/affich-1...t-can-t-browse

Re: Im connected, but cant view websites

Post by FawltyTowers on Sat 09 Jan 2010, 4:25 pm
I had the same problem after eliminating a virus with MalwareBytes (which worked well by the way). I was able to get my mail through Outlook and could even access one site that is linked for regular uploads and downloads to our computer. After trying some of the suggestions I finally went into "Internet Options" under Tools and under "Advanced Settings" selected "Reset" for Resetting Internet Explorer Options. This worked for me.

===================================

http://en.kioskea.net/forum/affich-1...t-can-t-browse

Post by NuclearBacon on Tue 19 Jan 2010, 8:46 pm
Hello! This is my first post, but i have over 15 years owning my own computer business. i had a customer with the exact same symptoms. got all the malware off, spyware, and viruses off... still no IE 8 connectivity. I went into the tools --> options, then selected the "connections" tab. Then i selected the LAN settings button at the bottom.

This was the problem! the virus had selected this computer to use this connection as a proxy server! unchecked the proxy, and IE came back to life.

===================================

http://en.kioskea.net/forum/affich-1...t-can-t-browse
DChristman Dec 10, 2009 6:46pm GMT
Hey guys,

I had a drive by virus this morning. One of those Security Program Virus'. I started computer in safe mode and ran malware bytes and removed it. When I logged back on normally, MSN would work and email would work, but no IE8, Safari, or Firefox would work. I ran the norton unistall utility because I had at one time had it installed, but that didn't work. I tried the winsock thing, that didn't work. I uninstalled AVG, that didn't work either. I searched for all the files you guys were talking about, but I didn't have any of those. The last thing I did was the following:

Go to Internet Explorer

Tools

Internet Options

Advanced Tab

Reset Internet Explorer to Default.

Once I did this, everything worked like a charm.

Hope this helps someone.

Dchristman

=============================

http://en.kioskea.net/forum/affich-1...-browse?page=5
go into "internet options "
then to "Connections" tab
"Lan Settings "
then all you do is unclick the proxy server dialog box

or

1. Login as Administrator
2. from the dos command line
ipconfig /flushdns
gpupdate /force
3. restore IE / FF to default state

================================

http://en.kioskea.net/forum/affich-1...-browse?page=4
mr.calm June 1, 2009
try this one;

follow the steps:

1. start
2. run
3. type gpedit.msc
4. administrative templates
5. system
6. double click Internet Communication
7. then in the right side right click the Turn off "Publish the web" task for files and sub folders
8. then Properties if it is enable make it not configure ....

==================================

http://en.kioskea.net/forum/affich-1...-browse?page=4
support Jul 9, 2009 1:04am BST
1. Login as Administrator
2. from the dos command line
ipconfig /flushdns
gpupdate /force
3. restore IE / FF to default state

===================================

http://en.kioskea.net/forum/affich-2...t-can-t-browse
- click "Device Manager" button
- click "+" to left of "network adapters "
- doubleclick "(your wireless adapter) .... "
- click "Advanced" tab
- select "Power Save Mode "
- select "off "
- select "OK "

====================================

Shut down Zone Alarm

=====================================

Shut down AVG 9

====================================

Reboot into Safe Mode with Networking (note: found that wireless networking apparently won't work in Safe Mode)

====================================

I'd appreciate any help. Thanks.

Frank D

Note: I moved this topic from the General Internet forum, where I originally posted it, to the Malware and Virus Removalforum at the suggestion of TonyT, and since then it has been moved to this forum

broni · 2010/03/19

Im connected, but cant view websites
Click to expand...

1. Click Start>Run (Start> "Start search" in Vista).

2. Type in (or copy and paste):

cmd /c ping google.com>%temp%\$.$&notepad %temp%\$.$

and press Enter.

3. Notepad will open.

4. Copy all text in Notepad ([Ctrl-A], then [Ctrl-C]), and then post it (paste = [Ctrl-V]) in your next reply.

================================================================

Did you try wired connection?

Did you try to bypass router by going straight to the modem?

Any other computers connected to the same router?

Frank D · 2010/03/20

"broni said: ↑

1. Click Start>Run (Start> "Start search" in Vista).

2. Type in (or copy and paste):

cmd /c ping google.com>%temp%\$.$&notepad %temp%\$.$

and press Enter.

3. Notepad will open.

4. Copy all text in Notepad ([Ctrl-A], then [Ctrl-C]), and then post it (paste = [Ctrl-V]) in your next reply.

================================================================

Did you try wired connection?

Did you try to bypass router by going straight to the modem?

Any other computers connected to the same router?
Click to expand...

I appreciate your help, Broni.

Here is the information you asked for:
==========================================
Pinging google.com [66.249.90.104] with 32 bytes of data:
Reply from 66.249.90.104: bytes=32 time=27ms TTL=51
Reply from 66.249.90.104: bytes=32 time=15ms TTL=51
Reply from 66.249.90.104: bytes=32 time=13ms TTL=51
Reply from 66.249.90.104: bytes=32 time=14ms TTL=51

Ping statistics for 66.249.90.104:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 13ms, Maximum = 27ms, Average = 17ms
==========================================

We tried both the wired connection and bypassing the router. The results were identical to what we've been having -- no webpages (i.e., Google or Microsoft) could be loaded. We still got the constant "loading. . . " message no matter what.

Yes, he has a desktop machine on the same router which can surf the web, using both IE8 and Firefox 3.5.8, with no problems whatsoever.

Here's more information that we just learned from my friend's wife that may help you zero in on this problem's source.

The day before this happened, the laptop in question was taken to another city (by my friend's wife) during which time a USB drive was used by friends (they all belong to a sewing club) to install an update to a regular, commercial sewing machine/pattern software that had already been installed on this machine well before the problem began. A number of other ladies present at this session also had laptops, and all their machines had the same update made to them via the same USB drive.

We can now see the possibility that the USB drive may have been infected with malware and may have passed that infection on to this laptop, and possibly the others.

I'll await your advice. Thank you.

Frank D

broni · 2010/03/20

Your connection is perfectly fine:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Click to expand...

so don't play with any settings anymore.
You may be up to something:

We can now see the possibility that the USB drive may have been infected with malware
Click to expand...

First, check, if browsers are as useless in Safe Mode with Networking.

Frank D · 2010/03/20

"broni said: ↑

Your connection is perfectly fine:
so don't play with any settings anymore.

You may be up to something:

First, check, if browsers are as useless in Safe Mode with Networking.
Click to expand...

OK, no more adjusting settings.

Yes, that news about the USB drive and the update was an eye-opener.

We already tried Safe Mode with Networking. We carefully chose that entry from the boot list, but once in Safe Mode, we found that networking was not available.

Frank

broni · 2010/03/20

Using working computer, download Combofix listed below.
Rename combofix.exe to broni.exe.
Using USB stick, move the file to sick computer and run it.

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" .

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Frank D · 2010/03/20

Broni,

Just to let you know, right now it's Saturday evening, but my friend won't be available again until tomorrow about the same time. So you won't be hearing of the results of this operation until late Sunday earliest, or sometime Monday. He and his wife are obviously anxious to solve this problem and I'm looking forward to running this combofix with him ASAP. Thank you very much for your help!

Frank

broni · 2010/03/20

Not a problem. I'll be around

Frank D · 2010/03/21

Broni,

Here is the link to the file that was generated by running broni.exe (combofix.exe) on my friend's laptop.
https://rcpt.yousendit.com/839841071/b3200f145c294fbcb04a7bb386d1e981

Please let me know ASAP if the link and the file are good.

The file that was generated did not have an extension, and was named "broni ", where you said it would be titled "combofix.txt" so I'm confused as to whether this is the right "stuff. "

Frank

broni · 2010/03/21

The file is not good.
Please, retry.
If no text file produced, let me know.

Frank D · 2010/03/21

"broni said: ↑

The file is not good.
Please, retry.
If no text file produced, let me know.
Click to expand...

Broni,

We followed all of the instructions above to the letter and waited a good half hour for the test to complete, but the expected txt file did not appear. How long should it take for this test to be completed - 20 minutes, an hour, 2 hours? Could we have a ballpark figure so we know we're not just spinning our wheels? Thank you.

Frank

broni · 2010/03/21

Let's try something else...

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
When it is done, a log file should be created on your C: drive called TDSSKiller.txt please copy and paste the contents of that file here.

Frank D · 2010/03/21

Broni, here's the contents of the TDSSKiller.txt file:

16:11:32:953 0444 TDSS rootkit removing tool 2.2.8 Mar 10 2010 15:53:20
16:11:32:953 0444 ================================================================================
16:11:32:953 0444 SystemInfo:

16:11:32:953 0444 OS Version: 5.1.2600 ServicePack: 3.0
16:11:32:953 0444 Product type: Workstation
16:11:32:953 0444 ComputerName: LEANN-LAPTOP
16:11:32:953 0444 UserName: LeAnn Keller
16:11:32:953 0444 Windows directory: C:\WINDOWS
16:11:32:953 0444 Processor architecture: Intel x86
16:11:32:953 0444 Number of processors: 2
16:11:32:953 0444 Page size: 0x1000
16:11:32:968 0444 Boot type: Normal boot
16:11:32:968 0444 ================================================================================
16:11:32:968 0444 UnloadDriverW: NtUnloadDriver error 2
16:11:32:968 0444 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
16:11:32:984 0444 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
16:11:32:984 0444 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
16:11:32:984 0444 wfopen_ex: Trying to KLMD file open
16:11:32:984 0444 wfopen_ex: File opened ok (Flags 2)
16:11:32:984 0444 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
16:11:32:984 0444 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
16:11:32:984 0444 wfopen_ex: Trying to KLMD file open
16:11:32:984 0444 wfopen_ex: File opened ok (Flags 2)
16:11:32:984 0444 Initialize success
16:11:32:984 0444
16:11:32:984 0444 Scanning Services ...
16:11:33:328 0444 GetAdvancedServicesInfo: Raw services enum returned 386 services
16:11:33:328 0444
16:11:33:328 0444 Scanning Kernel memory ...
16:11:33:328 0444 Devices to scan: 5
16:11:33:328 0444
16:11:33:328 0444 Driver Name: Disk
16:11:33:328 0444 IRP_MJ_CREATE : BA0EEBB0
16:11:33:328 0444 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
16:11:33:328 0444 IRP_MJ_CLOSE : BA0EEBB0
16:11:33:328 0444 IRP_MJ_READ : BA0E8D1F
16:11:33:328 0444 IRP_MJ_WRITE : BA0E8D1F
16:11:33:328 0444 IRP_MJ_QUERY_INFORMATION : 804F4562
16:11:33:328 0444 IRP_MJ_SET_INFORMATION : 804F4562
16:11:33:328 0444 IRP_MJ_QUERY_EA : 804F4562
16:11:33:328 0444 IRP_MJ_SET_EA : 804F4562
16:11:33:328 0444 IRP_MJ_FLUSH_BUFFERS : BA0E92E2
16:11:33:328 0444 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
16:11:33:328 0444 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
16:11:33:328 0444 IRP_MJ_DIRECTORY_CONTROL : 804F4562
16:11:33:328 0444 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
16:11:33:328 0444 IRP_MJ_DEVICE_CONTROL : BA0E93BB
16:11:33:328 0444 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28
16:11:33:328 0444 IRP_MJ_SHUTDOWN : BA0E92E2
16:11:33:328 0444 IRP_MJ_LOCK_CONTROL : 804F4562
16:11:33:328 0444 IRP_MJ_CLEANUP : 804F4562
16:11:33:328 0444 IRP_MJ_CREATE_MAILSLOT : 804F4562
16:11:33:328 0444 IRP_MJ_QUERY_SECURITY : 804F4562
16:11:33:328 0444 IRP_MJ_SET_SECURITY : 804F4562
16:11:33:328 0444 IRP_MJ_POWER : BA0EAC82
16:11:33:328 0444 IRP_MJ_SYSTEM_CONTROL : BA0EF99E
16:11:33:328 0444 IRP_MJ_DEVICE_CHANGE : 804F4562
16:11:33:328 0444 IRP_MJ_QUERY_QUOTA : 804F4562
16:11:33:328 0444 IRP_MJ_SET_QUOTA : 804F4562
16:11:33:343 0444 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
16:11:33:343 0444
16:11:33:343 0444 Driver Name: Disk
16:11:33:343 0444 IRP_MJ_CREATE : BA0EEBB0
16:11:33:343 0444 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
16:11:33:343 0444 IRP_MJ_CLOSE : BA0EEBB0
16:11:33:343 0444 IRP_MJ_READ : BA0E8D1F
16:11:33:343 0444 IRP_MJ_WRITE : BA0E8D1F
16:11:33:343 0444 IRP_MJ_QUERY_INFORMATION : 804F4562
16:11:33:343 0444 IRP_MJ_SET_INFORMATION : 804F4562
16:11:33:343 0444 IRP_MJ_QUERY_EA : 804F4562
16:11:33:343 0444 IRP_MJ_SET_EA : 804F4562
16:11:33:343 0444 IRP_MJ_FLUSH_BUFFERS : BA0E92E2
16:11:33:343 0444 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
16:11:33:343 0444 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
16:11:33:343 0444 IRP_MJ_DIRECTORY_CONTROL : 804F4562
16:11:33:343 0444 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
16:11:33:343 0444 IRP_MJ_DEVICE_CONTROL : BA0E93BB
16:11:33:343 0444 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28
16:11:33:343 0444 IRP_MJ_SHUTDOWN : BA0E92E2
16:11:33:343 0444 IRP_MJ_LOCK_CONTROL : 804F4562
16:11:33:343 0444 IRP_MJ_CLEANUP : 804F4562
16:11:33:343 0444 IRP_MJ_CREATE_MAILSLOT : 804F4562
16:11:33:343 0444 IRP_MJ_QUERY_SECURITY : 804F4562
16:11:33:343 0444 IRP_MJ_SET_SECURITY : 804F4562
16:11:33:343 0444 IRP_MJ_POWER : BA0EAC82
16:11:33:343 0444 IRP_MJ_SYSTEM_CONTROL : BA0EF99E
16:11:33:343 0444 IRP_MJ_DEVICE_CHANGE : 804F4562
16:11:33:343 0444 IRP_MJ_QUERY_QUOTA : 804F4562
16:11:33:343 0444 IRP_MJ_SET_QUOTA : 804F4562
16:11:33:343 0444 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
16:11:33:343 0444
16:11:33:343 0444 Driver Name: Disk
16:11:33:343 0444 IRP_MJ_CREATE : BA0EEBB0
16:11:33:343 0444 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
16:11:33:343 0444 IRP_MJ_CLOSE : BA0EEBB0
16:11:33:343 0444 IRP_MJ_READ : BA0E8D1F
16:11:33:343 0444 IRP_MJ_WRITE : BA0E8D1F
16:11:33:343 0444 IRP_MJ_QUERY_INFORMATION : 804F4562
16:11:33:343 0444 IRP_MJ_SET_INFORMATION : 804F4562
16:11:33:343 0444 IRP_MJ_QUERY_EA : 804F4562
16:11:33:343 0444 IRP_MJ_SET_EA : 804F4562
16:11:33:343 0444 IRP_MJ_FLUSH_BUFFERS : BA0E92E2
16:11:33:343 0444 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
16:11:33:343 0444 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
16:11:33:343 0444 IRP_MJ_DIRECTORY_CONTROL : 804F4562
16:11:33:343 0444 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
16:11:33:343 0444 IRP_MJ_DEVICE_CONTROL : BA0E93BB
16:11:33:343 0444 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28
16:11:33:343 0444 IRP_MJ_SHUTDOWN : BA0E92E2
16:11:33:343 0444 IRP_MJ_LOCK_CONTROL : 804F4562
16:11:33:343 0444 IRP_MJ_CLEANUP : 804F4562
16:11:33:343 0444 IRP_MJ_CREATE_MAILSLOT : 804F4562
16:11:33:343 0444 IRP_MJ_QUERY_SECURITY : 804F4562
16:11:33:343 0444 IRP_MJ_SET_SECURITY : 804F4562
16:11:33:343 0444 IRP_MJ_POWER : BA0EAC82
16:11:33:343 0444 IRP_MJ_SYSTEM_CONTROL : BA0EF99E
16:11:33:343 0444 IRP_MJ_DEVICE_CHANGE : 804F4562
16:11:33:343 0444 IRP_MJ_QUERY_QUOTA : 804F4562
16:11:33:343 0444 IRP_MJ_SET_QUOTA : 804F4562
16:11:33:343 0444 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
16:11:33:343 0444
16:11:33:343 0444 Driver Name: Disk
16:11:33:343 0444 IRP_MJ_CREATE : BA0EEBB0
16:11:33:343 0444 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
16:11:33:343 0444 IRP_MJ_CLOSE : BA0EEBB0
16:11:33:343 0444 IRP_MJ_READ : BA0E8D1F
16:11:33:343 0444 IRP_MJ_WRITE : BA0E8D1F
16:11:33:343 0444 IRP_MJ_QUERY_INFORMATION : 804F4562
16:11:33:343 0444 IRP_MJ_SET_INFORMATION : 804F4562
16:11:33:343 0444 IRP_MJ_QUERY_EA : 804F4562
16:11:33:343 0444 IRP_MJ_SET_EA : 804F4562
16:11:33:343 0444 IRP_MJ_FLUSH_BUFFERS : BA0E92E2
16:11:33:343 0444 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
16:11:33:343 0444 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
16:11:33:343 0444 IRP_MJ_DIRECTORY_CONTROL : 804F4562
16:11:33:343 0444 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
16:11:33:343 0444 IRP_MJ_DEVICE_CONTROL : BA0E93BB
16:11:33:343 0444 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28
16:11:33:343 0444 IRP_MJ_SHUTDOWN : BA0E92E2
16:11:33:343 0444 IRP_MJ_LOCK_CONTROL : 804F4562
16:11:33:343 0444 IRP_MJ_CLEANUP : 804F4562
16:11:33:343 0444 IRP_MJ_CREATE_MAILSLOT : 804F4562
16:11:33:343 0444 IRP_MJ_QUERY_SECURITY : 804F4562
16:11:33:343 0444 IRP_MJ_SET_SECURITY : 804F4562
16:11:33:343 0444 IRP_MJ_POWER : BA0EAC82
16:11:33:343 0444 IRP_MJ_SYSTEM_CONTROL : BA0EF99E
16:11:33:343 0444 IRP_MJ_DEVICE_CHANGE : 804F4562
16:11:33:343 0444 IRP_MJ_QUERY_QUOTA : 804F4562
16:11:33:343 0444 IRP_MJ_SET_QUOTA : 804F4562
16:11:33:343 0444 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
16:11:33:343 0444
16:11:33:343 0444 Driver Name: atapi
16:11:33:343 0444 IRP_MJ_CREATE : B9F156F2
16:11:33:343 0444 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
16:11:33:343 0444 IRP_MJ_CLOSE : B9F156F2
16:11:33:343 0444 IRP_MJ_READ : 804F4562
16:11:33:343 0444 IRP_MJ_WRITE : 804F4562
16:11:33:343 0444 IRP_MJ_QUERY_INFORMATION : 804F4562
16:11:33:343 0444 IRP_MJ_SET_INFORMATION : 804F4562
16:11:33:343 0444 IRP_MJ_QUERY_EA : 804F4562
16:11:33:343 0444 IRP_MJ_SET_EA : 804F4562
16:11:33:343 0444 IRP_MJ_FLUSH_BUFFERS : 804F4562
16:11:33:343 0444 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
16:11:33:343 0444 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
16:11:33:343 0444 IRP_MJ_DIRECTORY_CONTROL : 804F4562
16:11:33:343 0444 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
16:11:33:343 0444 IRP_MJ_DEVICE_CONTROL : B9F15712
16:11:33:343 0444 IRP_MJ_INTERNAL_DEVICE_CONTROL : B9F11852
16:11:33:343 0444 IRP_MJ_SHUTDOWN : 804F4562
16:11:33:343 0444 IRP_MJ_LOCK_CONTROL : 804F4562
16:11:33:343 0444 IRP_MJ_CLEANUP : 804F4562
16:11:33:343 0444 IRP_MJ_CREATE_MAILSLOT : 804F4562
16:11:33:343 0444 IRP_MJ_QUERY_SECURITY : 804F4562
16:11:33:343 0444 IRP_MJ_SET_SECURITY : 804F4562
16:11:33:343 0444 IRP_MJ_POWER : B9F1573C
16:11:33:343 0444 IRP_MJ_SYSTEM_CONTROL : B9F1C336
16:11:33:343 0444 IRP_MJ_DEVICE_CHANGE : 804F4562
16:11:33:343 0444 IRP_MJ_QUERY_QUOTA : 804F4562
16:11:33:343 0444 IRP_MJ_SET_QUOTA : 804F4562
16:11:33:359 0444 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
16:11:33:359 0444
16:11:33:359 0444 Completed
16:11:33:359 0444
16:11:33:359 0444 Results:
16:11:33:359 0444 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
16:11:33:359 0444 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
16:11:33:359 0444 File objects infected / cured / cured on reboot: 0 / 0 / 0
16:11:33:359 0444
16:11:33:359 0444 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
16:11:33:359 0444 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
16:11:33:359 0444 KLMD(ARK) unloaded successfully

I hope this does the trick.

Frank

broni · 2010/03/21

OK.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following.

Now download and run exeHelper.

* Please download exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Attach the log.txt file to your next message.[/LIST]

Note: If the window shows a message that says "Error deleting file ", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Try to run broni.exe again.

Frank D · 2010/03/21

Broni, I ran into some problems. I successfully ran the rkill.com program and here is the log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as LeAnn Keller on 03/21/2010 at 16:43:38.

Processes terminated by Rkill or while it was running:

C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Documents and Settings\LeAnn Keller\Desktop\rkill.exe

Rkill completed on 03/21/2010 at 16:43:44.

However, when trying to download the exeHelper file, it set off my AV alarm and it wouldn't let me complete the download, so I can't run it and I can't now turn off the AV alarm!!! Please advise me what to do next.

Frank

broni · 2010/03/21

Disable AVG for the moment.

Frank D · 2010/03/21

OK, here is the contents of the exeHelperlog.txt file:

exeHelper by Raktor
Build 20091220
Run at 17:15:21 on 03/21/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

I'll now try to re-run the broni.exe program, crossing my fingers.

Frank

Frank D · 2010/03/21

Broni, we re-ran the broni.exe program. It asked to update itself to a newer version, which we allowed, and it then re-ran itself and produced the same "broni" folder in the C:\ directory, except it went from 8,139 KB to 8,141 KB. Please advise what to do next. Thanks.

Frank

broni · 2010/03/21

Did Combofix restart computer? If not, do it manually.
See, if you can find combofix.txt file in root C:\ drive.

Frank D · 2010/03/21

No, Combofix did not restart the computer. We did it manually. There is no file named combofix.txt in the C:\ directory. We appear to be at the end of this line. Is there anything else we can do?

Frank

Log in or Sign up

Solved Laptop connects wirelessly but can't browse the Web (moved)

Frank D Inactive Thread Starter

broni Moderator Malware Analyst

Frank D Inactive Thread Starter

broni Moderator Malware Analyst

Frank D Inactive Thread Starter

broni Moderator Malware Analyst

Frank D Inactive Thread Starter

broni Moderator Malware Analyst

Frank D Inactive Thread Starter

broni Moderator Malware Analyst

Frank D Inactive Thread Starter

broni Moderator Malware Analyst

Frank D Inactive Thread Starter

broni Moderator Malware Analyst

Frank D Inactive Thread Starter

broni Moderator Malware Analyst

Frank D Inactive Thread Starter

Frank D Inactive Thread Starter

broni Moderator Malware Analyst

Frank D Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Laptop connects wirelessly but can't browse the Web (moved)

Frank D Inactive Thread Starter

broni Moderator Malware Analyst

Frank D Inactive Thread Starter

broni Moderator Malware Analyst

Frank D Inactive Thread Starter

broni Moderator Malware Analyst

Frank D Inactive Thread Starter

broni Moderator Malware Analyst

Frank D Inactive Thread Starter

broni Moderator Malware Analyst

Frank D Inactive Thread Starter

broni Moderator Malware Analyst

Frank D Inactive Thread Starter

broni Moderator Malware Analyst

Frank D Inactive Thread Starter

broni Moderator Malware Analyst

Frank D Inactive Thread Starter

Frank D Inactive Thread Starter

broni Moderator Malware Analyst

Frank D Inactive Thread Starter

Share This Page

Useful Searches