lost my home network connection to my laptop

Hello -The wonderful GeekPolice in the Virus/Malware forums helped me remove some nasty stuff from my home computer in Nov09.
Ever since then, i haven't been able to see the home computer (XP Pro) from my laptop (Windows7). This makes printing and accessing files impossible. I made due for a while with sneaker net/flash drive. But i'd really like to get it back working right. I've tried to share the E drive on the home desktop computer, but i get a message about the server service not working.

Any suggestions?

Thanks much in advance.
b

There are network settings in Windows 7, specifically inclined toward security.

So, they are set at default not to show a home network.

1. Kindly, right click on the network icon in the System tray, and click Open Network and Sharing Center.
   
   
2. On the left side of the screen, click Change advanced sharing settings.
   
   
3. Drop down the Home or Work profile tab.
   
   
4. Make sure the following options are set:
   
   • Turn on File and Printer sharing.
     
   • Turn on Network Discovery.
     
   • Allow Windows to manage homegroup connections (recommended).

Then, click Save Changes and Exit that window.

=====

Does this help?

Hello -
sadly, no. those were already the settings.
thanks for your assistance.
b

Let's see what's bugging it up...

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.
Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.



Set it to Maximum



IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

I will do this when I return home tonight.
just to be sure, i'm doing this on the home (XP) desktop computer and not on the Windows 7 laptop - which finds my office network just fine-
right?

have i said thanks enough??
buff

Actually, it should be done on Windows 7, if possible.

I am thinking that the Windows7 end of the equation works correctly -
since when I"m at work and connect to the work network, i can see all other computers and printers.

When I"m at home I use a wireless connection to my router/modem.
Until the big malware mess on the home XP, I had a lovely connection to the E drive on my home computer *and* the printer from my laptop. To remove the malware, the instruction basically included stripping lots of things away.
So that's why I tried to RE-SHARE my home E drive and printer. When I did the share function on the XP I got the message about the Server Service problem.
All this is why I think the problem is associated with the XP and not with the W7 machine.

thanks
b

Ok. Go ahead and test the XP computer, and let's see what happens.

http://www.getsysteminfo.com/read.php?file=1625531439c5476833b500fa9ced9d1b

I hope I did this right.
it seemed that I had a choice of either Maximum or Uncheck Scan Ports, but when i chose one it reversed the other.
let me know if I need to run it again.
thanks
b

Please delete the following file:

=> C:\Program Files\WS_FTP Pro\nsftpch.dll

==

Please download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
  
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
  
• Click OK.
  
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

OK, C:\Program Files\WS_FTP Pro\nsftpch.dll is deleted. (had to do it in safe mode)

heres' the text from Gmer. thanks again.
b

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-05 20:36:57
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Buff\LOCALS~1\Temp\pgtdypog.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7425E52]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF7406CDE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF7406ED0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7426640]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF74268F4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7424B44]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7426D60]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF7426112]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF7406984]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\System32\ANVMINI.DLL entry point in "init" section [0xBFDAE300]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[1272] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DE0001
.text C:\WINDOWS\system32\WTablet\TabUserW.exe[1700] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008D0001
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2560] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B40001
.text C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 006D0001
.text C:\WINDOWS\System32\svchost.exe[3132] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00840001
.text ...

---- Devices - GMER 1.0.15 ----

Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

No Problems Found.

Left column (Keep)
mswsock.dll (Tcpip)
winrnr.dll (NTDS)
nwprovau.dll (NWLink IPX/SPX/NetBIOS
rsvpsp.dll (Protocol handler)

Please perform a scan with Kaspersky Online Virus Scanner.
alternate link for scan

• Before starting your scan, disable antivirus or antispyware software.
  
• Read the "Advantages - Requirements and Limitations" then press the ACCEPT... button.
  
• You will be prompted to install an application from Kaspersky. Click the Run button. It will start downloading and installing the scanner and virus definitions.
  
• When the downloads have finished, you should see 'Database is updated. Ready to scan'. Click on the SETTINGS... button.
  
• Make sure these boxes are checked. By default, they should be. If not, please check them and click on the SAVE... button afterwards:
  
  
  
  • Detect malicious programs of the following categories:
    Viruses, Worms, Trojan Horses, Rootkits
    Spyware, Adware, Dialers and other potentially dangerous programs
    
  • Scan compound files (doesn't apply to the File scan area):
    Archives
    Mail databases:
    
  
  
• Click on My Computer under the Scan section. OK any warnings from your protection programs.
  
• The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  
• Once the scan is complete (the 'status' will show complete), click on View Scan Report and any infected objects will be shown.
  
• Click on Save Report As... and change the Files of type to Text file (.txt)
  
• Name the file KAVScan_ddmmyy (day, month, year) before clicking on the Save button and save it to your Desktop.
  
• Copy and paste the contents of that file in your next reply.
  

*Note: This scan will not remove any detected file threats but it will show where they are located so they can be cleaned with other tools. Some online scanners will detect existing anti-virus software and they may interfere or stop the scan. If that occurs, disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, January 7, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, January 07, 2010 15:43:06
Records in database: 3330048
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 72308
Threats found: 2
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 01:44:56


File name / Threat / Threats count
C:\Documents and Settings\Buff\Local Settings\Application Data\Identities\{16867FF0-C1DE-41D7-9E00-46CDD7E0045E}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Trojan-Spy.HTML.Wamufraud.bo 1
C:\WINDOWS\system32\drivers\etc\hosts.20041112-192250.backup Infected: Trojan.Win32.Qhost 1
C:\WINDOWS\system32\drivers\etc\hosts.20050424-194528.backup Infected: Trojan.Win32.Qhost 1
C:\WINDOWS\system32\drivers\etc\hosts.bak Infected: Trojan.Win32.Qhost 1

Selected area has been scanned.

Please copy and paste the following (from the codebox) in to Notepad:

Then, click File > Save as
In the File name: delete.bat
Save as type: All Files
Save to the Desktop.

Exit Notepad, then double-click on delete.bat. It will finish quickly. Post the log from it, if it has anything.
==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

DragonMaster Jay's deletion log
C:\WINDOWS\system32\drivers\etc\hosts.20050424-194528.backup
C:\WINDOWS\system32\drivers\etc\hosts.bak

***************
Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Antivirus out of date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Spyware Doctor 7.0
HijackThis 2.0.2
ESPN Java Check
Java(TM) 6 Update 17
Adobe Flash Player 10
Adobe Reader 7.0.9
Adobe Reader 7.0.5 Language Support
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

at what point should I be trying to share my computer drive/printer again?

thanks so much for your continued help
buff

Are you able to access the network again and see the home network from Windows 7?

Sometimes, if you have a new computer, and are using a new network adapter, some information cannot be read from an older network adapter. This is what I suspect is the case.

From my XP, When I go to the Properties of my Data (E:) drive,
Sharing tab,
and try to share the folder on the network,
I get the following error window:
An Error occurred while trying to share Data (e). The server service is not started. The shared resource was not created at this time.

but when I click ok, the little image of permission folders fly.

And When I am at my laptop and I look for other computers to add to my network, it says that nȯne are found.

You have a router, right?

Does it have a firewall?

Yes, a linksys WRT54G
The firewall settings haven't changed.
but I could see the XP from my laptop preivously. It wasn't until I cleaned up a malware issue that i lost the network.
At that point, the laptop was still in Vista - but since i was waiting for my upgrade disc to arrive, i decided to wait and see if the network was repaired when I installed 7.

Please disable Firewall once, and see what happens. If no change, then re-enable the Firewall for the router.

Let me know what happens.

same thing.
(i didn't restart the computer or anything... because it said the settings were saved.)
Firewall is re-enabled.

Alright. Let's reset security settings and see what happens:

Please navigate to this webpage: http://support.microsoft.com/kb/313222 and see the section "Fix it for me" and click the Microsoft Fix-It button. This will download a fix utility to repair the security settings on your computer, due to damages of malware or other harmful system changes. Install the file after download.

Thanks. I'll have to do this when i get home.... so it will take a while to reply.

No worries.

Well, now I'm really confused.
I ran the program and it tells me it's fixed.

but when I right click on my E drive in My Computer and try to share the drive in File Sharing and Security, all options are greyed out and i can't check the box.

and, when I got to My Network Places, and try to View Workgroup Computers, nothing happens except the thunking sound that indicates something doesn't work. Not even a box to tell me what won't.

The Windows firewall settings (controlled by Group Policy) are on - which is recommended.

What's next, oh, wise one?

1. Change the workgroup on computers so they are in the same workgroup.
Right click on My Computer (Computer in 7), go to computer name tab and then change. Change the workgroup name to anything you want. The default for xp home is MSHOME, and the default for xp pro is WORKGROUP, for example. Repeat the same procedure for the other computer.

For Windows 7, when you are in Properties, you will see the following "Computer name, domain, and workgroup settings" -- then click the Change Settings link under that header. It will ask for permission (if UAC is on), then popup with the options. When you are on the screen, look for "To rename this computer, or change its domain for workgroup, click Change." So, click on the Change button and it should allow you to change it from there.

2. Get whatever files you want to share and put them in a folder. Right click on the folder and click properties. Then click on the sharing tab and check the check boxes that say : share this folder on the network and allow users to change files, or something like that.

3. On any computer click on My Network Places and you should be able to see the folder you shared.

===

If that does not work, then follow the steps in the following articles:

XP file sharing: http://support.microsoft.com/default.aspx?scid=kb;en-us;304040

7 file sharing: http://windows.microsoft.com/en-US/windows7/Share-files-with-someone
http://windows.microsoft.com/en-US/windows7/Switching-between-your-home-and-workplace-networks


==

Does this help?

I think it got it!
I can see the computer and print from the printer at home.
now i just have to hope i haven't kluged all my office network settings.

thanks so very very much.

Good.