[RKinner]

I've talked to the Combofix designer and he told me that even tho it didn't look like it Combofix had removed the infected files and that they would be listed in that file I had you copy and paste. And of course they are. (The file that Avast found was one of the ones that Combofix had removed).

As for your wireless, 3 of the files that are needed for the wireless were infected and removed so we need to download some new software for the wireless.

2006-04-14 15:44:58 . 2006-04-14 15:44:58 544,768 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Intel\Wireless\Bin\S24EvMon.exe.vir
2006-04-14 15:43:02 . 2006-04-14 15:43:02 114,753 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Intel\Wireless\Bin\EvtEng.exe.vir
2006-04-14 15:42:26 . 2006-04-14 15:42:26 221,184 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Intel\Wireless\Bin\RegSrvc.exe.vir

You can download Intel® PROSet/Wireless software from your PC maker's website or directly from Intel:

http://www.intel.com...b/cs-008168.htm

If you tell me your PC's make and model I can look it up for you.

Ron

[Advertisements]

I just tried connecting to the internet with an Ethernet cable, but my computer cannot find the network address or renew my IP address.

[happy01]

I just tried connecting to the internet with an Ethernet cable, but my computer cannot find the network address or renew my IP address.

[happy01]

I have an IBM Thinkpad T43 Type 2668 E16.

Let me know if you need anything else.

[RKinner]

I just read where disabling Bonjour will cause your DNS to stop working (and it was broken by the virus) so let's uninstall it first. Then copy the following:

:OTL
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found

:Commands
[Reboot]

Now run OTL and paste the above into the Custom Scan/Fixes box and hit RUN FIX.

Just to make sure:

Start, Run, cmd, OK then type with an Enter after each line:

netsh  winsock  reset catalog

netsh  int ip reset reset.log

Reboot.

Combofix is saying you may still have the Trend firewall. IF so please uninstall it. (Could just be something left in the WMI database)

Then install the following:
from Lenovo
http://support.lenov...s/default.page?
(you will need to tell it which laptop you have to get to the right page.)

Apparently you have to install these in this order:

Power Manager
( Windows XP )

http://download.leno...es/8ru710ww.exe
INSTALLATION INSTRUCTIONS

Manual Install

This section assumes to use Internet Explorer and Windows Explorer.

Downloading file
1. Click once on the underlined file name. Once this is done, some pop-up
windows will appear.
2. Follow the instructions on the screen.
3. In the window to choose Run or Save, click Save.
4. Choose the folder you would like to download the file to and click Save.
A different window will appear and the download will begin and complete.
Once the download has completed, there may or may not be a message stating
that the download completed successfully.

Extracting file
5. Make sure to be logged on with an administrator account.
6. Locate the folder where the file was downloaded.
7. Locate the file that was downloaded and double-click it.
8. Follow the instructions on the screen.
9. In the Select Destination Location window, click Next. If you would like to
select a different folder, click Browse.
10. In the Ready to Install window, click Install. All the necessary files will
be extracted to the folder selected in the step 9.

Installing files
11. Make sure the checkbox next to "Install ..... now" is checked and click
Finish.
12. Follow the instructions on the screen to complete installation and restart
the computer.

Finally delete the file saved in the step 4.


Unattended Install

This is for system administrators' use only.

1. Refer to the Manual Install section, and download and extract the file.
2. In the step 11 of the Installing files section, uncheck the checkbox next
to "Install ..... now", and then click Finish to cancel installation.
3. At the command line, execute setup.exe with the /s option.
Example: [Path where the files were extracted]\setup /s

*********************************************************************

ThinkVantage Access Connection
( Windows XP )
http://download.leno...es/83cx54ww.exe

NOTES


- Access Connections requires Microsoft .NET Framework 3.0 or later. Start this
installation after the .NET Framework installation. The .NET Framework can be
obtained from the following web site.
http://msdn.microsof...rk/default.aspx


- Before installing ThinkVantage Access Connections, it is required to install
the following software.

[For ThinkPad SL300,SL400,SL400c,SL500,SL500c]
- Microsoft .NET Framework 3.0 or later
- ThinkPad Power Management Driver for SL Series for Windows 7/Vista/XP
version 1.44 or higher
- Hotkey Features Integration for Windows 7/Vista/XP/2000
version 3.02.0000 or higher
- ATK Hotkey Driver for Windows Vista/XP
version 0.00.04.0 or higher.

[For the other ThinkPad models]
- Microsoft .NET Framework 3.0 or later
- ThinkPad Power Management Driver for Windows 98 SE/Me/2000/XP/Vista/7
version 1.60 or higher
- Hotkey Features Integration for Windows 7/Vista/XP/2000
version 3.02.0000 or higher.
or
ThinkPad Hotkey Features for Windows 98/98 SE/Me/NT 4.0/2000/XP
version 1.24.0603 or higher
Note: Refer to each Hotkey package for which version to use.


***********************************************
Intel® PRO/Wireless 2200BG, 2915ABG Network Connection Software
( Windows 2000,Windows XP )

http://download.leno...es/1ywc54ww.exe

Installation Instructions
-------------------------
NOTES:
- Software Installer provides the install wizard
for this package.
- ThinkVantage Access Connections ver 3.71 or higher needs
to be installed to configure this device.
- Hotkey Features for Windows 2000/XP Version 1.11.0402 or
needs to be installed.


INSTALL:
1. Start Windows 2000/XP and logon with administrative privileges.
2. Extract this package onto the hard drive.
3. Open an Explorer and locate the directory where the files were
extracted.
4. Double-click ACSETUP file.
5. Follow the instructions.
6. Restart the computer.


Attention!
----------
If you use ThinkVantage Access Connections, Intel PROSet/Wireless component
needs to be installed as pre-selected during the above procedure.

***********************************************************************

Before upgrading Broadcom Advanced Control Suite 2 (BACS2), you have
to uninstall the current BACS2 that is installed on your ThinkPad.

1. Execute Setup.exe in the "BACS" folder
2. Click Next.
3. Click Yes.
4. Click Next.
5. Click OK.


Broadcom NetXtreme/NetLink Fast/Gigabit Ethernet Software
( Windows NT,Windows 2000,Windows XP )


http://download.leno...es/7ora09ww.exe

***********************************

This one was damaged by the virus:

ThinkVantage Rescue and Recovery v3.01.0037
( ,,Windows 2000,Windows XP )

http://download.leno...zis3037us00.exe

Installing the package
======================
1. Click Start, select Find or Search, then click Files and folders.
2. Type z096zis3037us00.exe in the search field, then click Find Now.
This will locate the file you just downloaded.
3. Double-click the z096zis3037us00.exe icon. The necessary files will
be extracted to the C:\SWTOOLS\APPS\RnR30 directory and the
installation should start automatically.
4. Follow the onscreen instructions to complete the installation.

*************************

While at the Lenovo Site get:
Audio Driver
( Windows 2000,Windows XP )
http://download.leno...es/1ya210ww.exe

Upgrading or reinstall:
Note: Remove any previously installed driver using the uninstall step
in the next section.

1. Start Windows and log on with the user ID authorized as
an administrator for Windows 2000/XP.
2. Extract this package onto the hard drive.
3. Click Start, then click Run.
4. Type C:\DRIVERS\WIN\AUDIO\SETUP.EXE in the Open box and click OK.
5. If the dialog box appears, select Reinstall or Update and then
click Next.
6. Click Finish to reboot the system and complete the installation.

*****************************************************************

Also damaged and will need to be uninstalled (and redownloaded and reinstalled if you need them)
iPod
Bonjour
Apple\Mobile Device Support


Ron

[happy01]

I'm really having difficulties with these installs. The netframework link you provided does not work. Sends me to a page where server isn't found. "Problem loading page" I tried downloading it from Cnet, but can't seem to get it to install. Other programs won't install as well. Some are trying to install on the F: drive. I will keep trying, and let you know how it goes. But do send me another link to the Net Framework 3.0 download.

Thanks

[happy01]

Well now i can't get to my new user I created called "Happy" with Admin privileges. I was trying to install under that user.

[RKinner]

I'm not sure what is going on. What exactly keeps you from getting to your new login? Does it not appear as a choice or does it not like your password or does it just not come up?



The link to net 3.0 was from Lenovo's instructions. You may not even need it. Check and see if you have .net 3.5 already or .net 4.0
I would think either would be good enough. http://www.ghacks.ne...amework-issues/

You should move the programs to the desktop of the sick PC. If you try to run them from your usb drive they get confused.

[happy01]

I put everything on the desktop right away before installing. I got the happy user to work again. I do have net framework 3.5, tried unstalling and reinstalling, but can't get it to reinstall. Just had to do a system restore to get net framework back. I also have net framework 2.0 and 2.0 SP1. I installed the other Lenovo's software packages. Still can't get on the net. Not with an ethernet cable or wirelessly. Will try and start over from scratch with the above Levono software. I also cannot find the current current BACS2 to delete before trying to re-install it. Let me try again.

[happy01]

Everything seems installed. the boradcom contro suite shows a red X over the net extreme gigabite ethernet. So I plug in my ethernet cable, and the X goes away, b it still can't acquire network address. Wireless is the same thing.

[happy01]

The rescue and recovery package won't fully install. It keeps getting an error

[RKinner]

Plug up the cable.

Start, Run, cmd , OK.

ipconfig  /all  >>  \junk.txt
net start  >>  \junk.txt
ipconfig /release  >>  \junk.txt
ipconfig /renew  >>  \junk.txt  
nslookup  att.com  >>  \junk.txt
notepad  \junk.txt

Can you save junk.txt to your usb drive and then open it on the good pc and copy and paste into a reply?

[happy01]

Here is the information.

I am going home where I only have wirelss with a different log in. Will check in later.

Thank you.

Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.

D:\Documents and Settings\Happy>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : ibm-t43v062
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-11-25-17-D6-48
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 0.0.0.0

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® PRO/Wireless 2200BG Network
Connection
Physical Address. . . . . . . . . : 00-12-F0-B5-7F-4A
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 0.0.0.0

D:\Documents and Settings\Happy>net start
These Windows services are started:

Ac Profile Manager Service
Access Connections Main Service
Ati HotKey Poller
avast! Antivirus
COM+ Event System
CryptSvc
DCOM Server Process Launcher
Distributed Link Tracking Client
DNS Client
Error Reporting Service
Event Log
Fast User Switching Compatibility
Help and Support
IIS Admin
Lenovo Doze Mode Service
Network Connections
Plug and Play
Print Spooler
Protected Storage
Remote Procedure Call (RPC)
Remote Registry
Secondary Logon
Security Accounts Manager
Security Center
Server
Shell Hardware Detection
System Event Notification
System Restore Service
Task Scheduler
Terminal Services
Themes
TSS Core Service
WebClient
Windows Audio
Windows Image Acquisition (WIA)
Windows Management Instrumentation
Windows Presentation Foundation Font Cache 3.0.0.0
Windows Time
Wireless Zero Configuration
Workstation

The command completed successfully.


D:\Documents and Settings\Happy>ipconfig /release

Windows IP Configuration

IP Address for adapter Local Area Connection has already been released.
IP Address for adapter Wireless Network Connection has already been released.

D:\Documents and Settings\Happy>ipconfig /renew

Windows IP Configuration

An error occurred while renewing interface Local Area Connection : The RPC serve
r is unavailable.

An error occurred while renewing interface Wireless Network Connection : The RPC
server is unavailable.


D:\Documents and Settings\Happy>nslookup att.com
*** Default servers are not available
Server: UnKnown
Address: (null)

*** UnKnown can't find att.com: No response from server

D:\Documents and Settings\Happy>notepad \junk.txt

D:\Documents and Settings\Happy>

[RKinner]

I think I see the problem. Start, Run, services.msc , OK then find the DHCP Client service and right click and select Properties. Change the Startup Type: to Automatic and APPLY then try and START the service. Does it start or do you get an error message?

Ron

[happy01]

The Startup Type is already Automatic

[happy01]

The service status is Stopped, I hit start and it says could not start the DHCP Client service on Local Computer. Error 1075: The dependency service does not exist or has been marked for deletion