HP Compaq Mini 110 netbook doesn't work

pastywhitegurl · August 16, 2012, 03:24:42 AM

I'm hoping that you guys are willing to take on a reclamation project. My friend sent her HP Compaq Mini 110 home with me to see if it could be helped. I told her I had every confidence in you guys and that you had helped me wonderfully with my computer problems for a long time.

Apparently this little netbook got a virus, and someone tried to fix it for her. That person deleted most everything on it in an attempt to clean it up.

Here's what I know about it:

It does open and Windows XP home does boot up. I can navigate around via Windows Explorer. It has IE6 installed. There are only 3 programs listed in the add/remove programs list:
Atherros Communications Inc. (R) AR81 Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
Broadcom 802.11 Wireless LAN Adapter

In trying to connect to our home wireless signal, signing in with our password does not work, but it says it is connected via Broadcom 802.11 b/g WLAN, and it reports the device is working properly. Some extra info: The connection needs WPA-Personal as a security type, Encryption type is TKIP and the network security key is 10 characters in length. We are on a Time Warner cable wireless network.

However, even with a signal rated as "good", there is no connection when I open the browser.

I did run the two scans suggested by downloading them to a thumb drive and running it from that on the netbook. I don't know how to safely get that information to post here though. Maybe thats where I need to start. I ran the Micosoft Fixit program that disables autorun on my own machine, but I don't know if I need to somehow scan the thumbdrive before plugging it back into my computer again.

I will just retype the Security Check scan report for now.

Results of screen317's Security cHECK VERSION 0.99.43
Windows XP Service Pack 1x86
Out of date service pack!
Internet Explorer 6 Out of date!
'''''''''''Antivirus/Firewall Check:'''''''[/u]
Windows security center service is not running! this report may not be accurate![/u]
''''''Antimalware/other utilities check: ''''''[/u]
''''''Process Check: objlist.exe by Laurent''''''[/u]
''''''System Health Check'''''[/u]
Total Fragmentation on Drive C: 2%
''''''End of Log'''''[/u]

Is someone able and willing to help me get this connected and working again?

Corrine · August 16, 2012, 03:06:09 PM

Since you have autorun disabled on your computer, it will be fine to transfer the files. That said, it sounds as though who ever "helped" made quite a mess of things "deleting most everything". Any chance there is a system restore point or does the owner have the install disks? A reinstall would likely be the best move, particularly with no service packs installed. However, if you want to post the logs, I can take a look.

pastywhitegurl · August 16, 2012, 03:49:51 PM

thanks Corrine!

I asked about disks, but none are available. There are no restore points except for yesterday when I opened the machine for the first time.

I'm willing to dowload and install whatever is necessary to get it current again. But is that something that can be obtained with the documentation on the netbook? There is a label on the back of the netbook that has the UPC bar code from Microsoft and contains the product key.

It is titled:
Windows XP Home Edition ULCPC HP

And on the right side it says:
Proof of license
Certificate of Authenticity
Microsoft

There is also a sticker that identifies the netbook as:
product: Compaq Mini 110
This also has a bar code and two other numbers:
s/n: and p/n:
Model# CQ Mini110C-1001NR
X12-51823

If you need the numbers, I can PM them to you, but I'm thinking thats not something that should be posted publicly.

The scan results:

Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 1 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Security Center service is not running! This report may not be accurate!
`````````Anti-malware/Other Utilities Check:`````````[/u]
````````Process Check: objlist.exe by Laurent````````[/u]
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 2%
````````````````````End of Log``````````````````````[/u]

-------------------------------------------------------------------------------------

.
DDS (Ver_2011-08-26.01) - FAT32x86
Internet Explorer: 6.0.2800.1106
Run by Owner at 17:43:31 on 2012-08-15
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.1015.835 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
.
============== Pseudo HJT Report ===============
.
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
.
============= SERVICES / DRIVERS ===============
.
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-31 39424]
.
=============== Created Last 30 ================
.
2012-08-15 18:13:31   12160   ----a-w-   c:\windows\system32\drivers\mouhid.sys
2012-08-15 18:13:31   12160   ----a-w-   c:\windows\system32\dllcache\mouhid.sys
2012-08-15 18:13:30   9600   ----a-w-   c:\windows\system32\drivers\hidusb.sys
2012-08-15 18:13:30   9600   ----a-w-   c:\windows\system32\dllcache\hidusb.sys
.
==================== Find3M ====================
.
.
============= FINISH: 17:43:47.60 ===============

Edit by Corrine to add Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 3/20/2012 6:09:43 PM
System Uptime: 8/15/2012 12:45:05 PM (5 hours ago)
.
Motherboard: Hewlett-Packard | | 308F
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU 1 | 1596/133mhz
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU 1 | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (FAT32) - 15 GiB total, 11.998 GiB free.
D: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_8086&DEV_27AE&SUBSYS_308F103C&REV_03\3&11583659&0&10
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_8086&DEV_27AE&SUBSYS_308F103C&REV_03\3&11583659&0&10
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller
Device ID: PCI\VEN_8086&DEV_27A6&SUBSYS_308F103C&REV_03\3&11583659&0&11
Manufacturer:
Name: Video Controller
PNP Device ID: PCI\VEN_8086&DEV_27A6&SUBSYS_308F103C&REV_03\3&11583659&0&11
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Device
Device ID: PCI\VEN_8086&DEV_27D8&SUBSYS_308F103C&REV_02\3&11583659&0&D8
Manufacturer:
Name: PCI Device
PNP Device ID: PCI\VEN_8086&DEV_27D8&SUBSYS_308F103C&REV_02\3&11583659&0&D8
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Webcam-101
Device ID: USB\VID_10F1&PID_1A0F\5&237DF86&0&4
Manufacturer:
Name: Webcam-101
PNP Device ID: USB\VID_10F1&PID_1A0F\5&237DF86&0&4
Service:
.
==== System Restore Points ===================
.
RP5: 8/15/2012 3:12:20 PM - System Checkpoint
.
==== Installed Programs ======================
.
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
Broadcom 802.11 Wireless LAN Adapter
WebFldrs XP
.
==== Event Viewer Messages From Past Week ========
.
8/15/2012 11:19:11 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/15/2012 10:49:11 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/15/2012 10:34:06 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================

pastywhitegurl · August 16, 2012, 04:23:39 PM

A bit more info on the inability to connect to the network:

Error message:
Wireless Network Connection
Windows was unable to find a certificate to log you on to the network (name of our network here)

however, when I click the icon it gives the status as "connected".

Corrine · August 16, 2012, 05:58:35 PM

No, please don't post the other numbers.

For the certificate error, do the following:

Go to Start > Programs > Accessories > Communications > Network Connections
Right-click Connection and select Properties
Click the Authentication tab
Disable / uncheck the option IEEE 802.1x authentication for this network.

Now, try to connect to your Wireless network. (Note: you may need to restart the computer.)

It certainly appears strange that the log shows system as: "Install Date: 3/20/2012 6:09:43 PM". Are you certain that your friend didn't reinstall the OS in March? Although svchost.exe is legitimate, it runs from System32, not as shown in the log. Rather strange.

With the March date, if the Recovery Console has been installed, we can see if ComboFix can locate and restore any missing critical files. If it hasn't been installed yet, I understand that the KB Article with the download link is currently being worked on. I do not have an indication of when it will be completed.

Please follow these instructions carefully.

Download ComboFix from the following location: Link 1

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.

Now, please run ComboFix:

Note: If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
Double-click ComboFix.exe on your desktop and follow the prompts.
As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click "Yes" to continue scanning for malware.

When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.

pastywhitegurl · August 16, 2012, 07:09:15 PM

My friend said her son tried something on the netbook recently but gave up. That may have been the installation in March. But I have no details other than that.

First, apologies that I attached the zip file instead of posting contents of the attach file. *lame smilie here*

Second, I was able to disable the authentication setting for the network, all though I found it in a different place than specified. I then logged on with our network password. It again says we have a connection, but IE won't connnect to the internet, and ComboFix also was unable to connect. The difference from before is that it is listing the local networks in the hover tip.

Wireless network connection (lists name of one of them)
Speed 36 mbps
Signal Strength: Low

Is alternately connecting to several different wireless networks along with our own.

[No recovery console installed.
Could not connect to the internet]

Avira is blocking the running of autorun.INF on the USB drive that I'm using to transfer files. I see ComboFix found an infection. That autorun file is now on the USB drive. Should I do something about that? I'm hoping I'm still safe.

It looks like my husband tried to connect us by installing a network bridge of some sort. I reran the initial 2 scans. I'll attach them so that you can check them if you like.
----------------------------------------------------------
ComboFix log:
-------------------------------------------------------

ComboFix 12-08-15.01 - Owner 08/16/2012 14:42:44.1.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.1015.790 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\qmgr.dll . . . is infected!!
.
c:\windows\system32\drivers\intelppm.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-15 18:13 . 2001-08-17 17:48   12160   ----a-w-   c:\windows\system32\drivers\mouhid.sys
2012-08-15 18:13 . 2001-08-17 17:48   12160   ----a-w-   c:\windows\system32\dllcache\mouhid.sys
2012-08-15 18:13 . 2001-08-17 18:02   9600   ----a-w-   c:\windows\system32\drivers\hidusb.sys
2012-08-15 18:13 . 2001-08-17 18:02   9600   ----a-w-   c:\windows\system32\dllcache\hidusb.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/31/2009 12:11 PM 39424]
.
.
------- Supplementary Scan -------
.
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-16 14:45
Windows 5.1.2600 Service Pack 1 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(780)
c:\windows\System32\ODBC32.dll
.
- - - - - - - > 'lsass.exe'(836)
c:\windows\System32\dssenh.dll
.
Completion time: 2012-08-16 14:47:44
ComboFix-quarantined-files.txt 2012-08-16 18:47
.
Pre-Run: 12,807,413,760 bytes free
Post-Run: 12,781,084,672 bytes free
.
- - End Of File - - BEEB4339ED3E3D44D387C99FCA0185BF

Corrine · August 16, 2012, 07:48:00 PM

autorun.INF is a text file that provides the launch instructions to the device and is supposed to be there.

What is attached in newscans.txt?

I'm not even sure if the recovery console would help but without it or installation media, there is no source to replace the infected BITS service or install the missing files. You can see for yourself by looking at the logs that someone has done a massacre job to that machine.

Your friend can follow the links in How to replace Microsoft software or hardware, order service packs, and replace product manuals to find out if the vendor has replacement software available.

I'm sorry, there really isn't anything I can see to do to help any further.

pastywhitegurl · August 16, 2012, 08:00:47 PM

I wondered about the autorun file on the USB stick because it wasn't there when I first started using the drive. It just suddenly appeared.

:( wow. I know my friend wont' pursue it, so I'll give it a try. Thanks for giving it a look. If I come up with anything from the links, I'll post in this topic again. Is there any way I can install a recovery console without the internet connection?

The attached file has the rescan reports for DDS and Security Check.

winchester73 · August 16, 2012, 08:11:17 PM

I'll post the attachment here ...

Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 1 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Security Center service is not running! This report may not be accurate!
`````````Anti-malware/Other Utilities Check:`````````[/u]
````````Process Check: objlist.exe by Laurent````````[/u]
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 2%
````````````````````End of Log``````````````````````[/u]

.
DDS (Ver_2011-08-26.01) - FAT32x86
Internet Explorer: 6.0.2800.1106
Run by Owner at 14:36:27 on 2012-08-16
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.1015.847 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
.
============== Pseudo HJT Report ===============
.
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
.
============= SERVICES / DRIVERS ===============
.
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-31 39424]
.
=============== Created Last 30 ================
.
2012-08-16 03:11:13   --------   d-sh--w-   C:\Recycled
2012-08-15 18:13:31   12160   ----a-w-   c:\windows\system32\drivers\mouhid.sys
2012-08-15 18:13:31   12160   ----a-w-   c:\windows\system32\dllcache\mouhid.sys
2012-08-15 18:13:30   9600   ----a-w-   c:\windows\system32\drivers\hidusb.sys
2012-08-15 18:13:30   9600   ----a-w-   c:\windows\system32\dllcache\hidusb.sys
.
==================== Find3M ====================
.
.
============= FINISH: 14:36:43.90 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 3/20/2012 6:09:43 PM
System Uptime: 8/16/2012 10:32:29 AM (4 hours ago)
.
Motherboard: Hewlett-Packard | | 308F
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU 1 | 1596/133mhz
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU 1 | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (FAT32) - 15 GiB total, 11.959 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_8086&DEV_27AE&SUBSYS_308F103C&REV_03\3&11583659&0&10
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_8086&DEV_27AE&SUBSYS_308F103C&REV_03\3&11583659&0&10
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller
Device ID: PCI\VEN_8086&DEV_27A6&SUBSYS_308F103C&REV_03\3&11583659&0&11
Manufacturer:
Name: Video Controller
PNP Device ID: PCI\VEN_8086&DEV_27A6&SUBSYS_308F103C&REV_03\3&11583659&0&11
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Device
Device ID: PCI\VEN_8086&DEV_27D8&SUBSYS_308F103C&REV_02\3&11583659&0&D8
Manufacturer:
Name: PCI Device
PNP Device ID: PCI\VEN_8086&DEV_27D8&SUBSYS_308F103C&REV_02\3&11583659&0&D8
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Webcam-101
Device ID: USB\VID_10F1&PID_1A0F\5&237DF86&0&4
Manufacturer:
Name: Webcam-101
PNP Device ID: USB\VID_10F1&PID_1A0F\5&237DF86&0&4
Service:
.
==== System Restore Points ===================
.
RP5: 8/15/2012 3:12:20 PM - System Checkpoint
.
==== Installed Programs ======================
.
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
Broadcom 802.11 Wireless LAN Adapter
WebFldrs XP
.
==== Event Viewer Messages From Past Week ========
.
8/16/2012 3:25:46 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 480 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/15/2012 4:32:19 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 240 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/15/2012 2:32:18 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/15/2012 11:19:11 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/15/2012 10:49:11 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/15/2012 10:34:06 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================

winchester73 · August 16, 2012, 08:12:28 PM

What happens if you hard wire connect this machine to the router, rather than trying the wireless connection?

pastywhitegurl · August 16, 2012, 08:29:10 PM

I'll have to see if my husband can do that. I know nothing about routers and wires and such. I'll post back after I check with him on it.

winchester73 · August 16, 2012, 09:42:11 PM

It's a simple matter of taking an ethernet cable, plugging one end into the computer, the other into the back of the router :D

Given that this XP machine has IE 6 installed, I suspect it is EXTREMELY un-patched with Microsoft security updates.

pastywhitegurl · August 16, 2012, 10:06:09 PM

Simple? you presume that I can both find the router and then tell an ethernet cable from a non-ethernet cable. :look:

And I bet you are right. Should we get this going again, I anticipate many hours of update downloading and installing windows updates.

I have a very strong signal now. I suspect the connection issue has something to do with the set up of it. Not sure how to learn that...maybe I'll try to find a manual for it online and start there.

winchester73 · August 16, 2012, 11:48:56 PM

Personal opinion ... see if the hard wire connection works. That is much faster than wireless anyhow, so you can update things much much quicker. Then you can set to work troubleshooting the wireless connection.

I'd also run MalwareBytes AntiMalware and see what it finds ...

pastywhitegurl · August 17, 2012, 03:51:33 PM

you were right, winchester :cheers2:

I am connected via IE 6 but everytime I try to type an address in the bar, IE6 encounters an error and closes. But it reports to the mother ship just fine now.

I reran ComboFix, but even though it can access the internet now, it was unable to download the Recovery Console. It did however, replace the infected .dll file that was found in the first running.

I ran a MalwareBytes quick scan and it showed nothing. Should I try to update IE6 or try to update Windows?

ComboFix 12-08-17.02 - Owner 08/17/2012 11:34:33.2.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.1015.689 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\qmgr.dll was found and disinfected
Restored copy from - c:\windows\erdnt\cache\qmgr.dll
.
c:\windows\system32\drivers\intelppm.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
.
.
2012-08-17 15:30 . 2012-08-17 15:30   --------   d-s---w-   c:\documents and settings\Owner\UserData
2012-08-15 18:13 . 2001-08-17 17:48   12160   ----a-w-   c:\windows\system32\drivers\mouhid.sys
2012-08-15 18:13 . 2001-08-17 17:48   12160   ----a-w-   c:\windows\system32\dllcache\mouhid.sys
2012-08-15 18:13 . 2001-08-17 18:02   9600   ----a-w-   c:\windows\system32\drivers\hidusb.sys
2012-08-15 18:13 . 2001-08-17 18:02   9600   ----a-w-   c:\windows\system32\dllcache\hidusb.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-16_18.45.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-21 03:09 . 2012-08-17 15:37   32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-21 03:09 . 2012-08-16 18:32   32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-21 03:09 . 2012-08-17 15:37   16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2012-03-21 03:09 . 2012-08-16 18:32   16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-03-21 03:09 . 2012-08-17 15:37   16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2012-03-21 03:09 . 2012-08-16 18:32   16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/31/2009 12:11 PM 39424]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALG
*NewlyCreated* - IPNAT
*NewlyCreated* - WS2IFSL
.
.
------- Supplementary Scan -------
.
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61 209.18.47.62
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-17 11:38
Windows 5.1.2600 Service Pack 1 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\windows\System32\ODBC32.dll
.
- - - - - - - > 'lsass.exe'(868)
c:\windows\System32\dssenh.dll
.
------------------------ Other Running Processes ------------------------
.
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-08-17 11:39:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-17 15:39
ComboFix2.txt 2012-08-16 18:47
.
Pre-Run: 12,755,927,040 bytes free
Post-Run: 12,750,217,216 bytes free
.
- - End Of File - - 87F0A2FFE75117F6E4F32817BBCA1D34

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.17.06

Windows XP Service Pack 1 x86 FAT32
Internet Explorer 6.0.2800.1106
Owner :: SAE [administrator]

8/17/2012 11:48:51 AM
mbam-log-2012-08-17 (11-48-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 166574
Time elapsed: 1 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)