Help
This topic is locked
MiniToolBox by Farbar
Ran by Owner (administrator) on 02-01-2012 at 12:32:16
Microsoft Windows XP Home Edition (X86)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Microsoft Loopback Adapter = Local Area Connection 4 (Connected)
# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip
# Interface IP Configuration for "Local Area Connection 4"
set address name="Local Area Connection 4" source=dhcp
set dns name="Local Area Connection 4" source=dhcp register=PRIMARY
set wins name="Local Area Connection 4" source=dhcp
popd
# End of interface IP configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : ieisha
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection 4:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Loopback Adapter
Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Autoconfiguration IP Address. . . : 169.254.25.129
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
Server: UnKnown
Address: 127.0.0.1
Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1
Ping request could not find host yahoo.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1
Ping request could not find host bleepingcomputer.com. Please check the name and try again.
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...02 00 4c 4f 4f 50 ...... Microsoft Loopback Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 169.254.25.129 169.254.25.129 30
169.254.25.129 255.255.255.255 127.0.0.1 127.0.0.1 30
169.254.255.255 255.255.255.255 169.254.25.129 169.254.25.129 30
224.0.0.0 240.0.0.0 169.254.25.129 169.254.25.129 30
255.255.255.255 255.255.255.255 169.254.25.129 169.254.25.129 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\System32\mswsock.dll [228352] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [14848] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [228352] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [133632] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [228352] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [228352] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [228352] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [228352] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [228352] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [228352] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [228352] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [228352] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [228352] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [228352] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [228352] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [228352] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [228352] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [228352] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [228352] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [228352] (Microsoft Corporation)
**** End of log ****
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient. DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Backdoor Tidserv.!nf manual removal I need help in removing a virus
Back to top
#62
- Bleepin Gringo
-
- Group: Malware Response Team
- Posts: 85,538
- Joined: 03-July 08
- Gender:Male
- Location:Puerto rico
Posted 03 January 2012 - 12:39 PM
Download Windows Repair (all in one) from this site
Install the program then run
Go to step 2 and allow it to run Disc check
Once that is done then go to step 3 and allow it to run SFC
On the start repairs tab select advanced mode and click start
Select the items below (remove the ticks from the rest ) and tick restart system when finished
Reset Registry permisions
reset File permisions
repair WMI
repair windows firewall
repair internet explorer
remove policies set by infection
repair winsock & DNS cache
remove temp files
repair proxy settings
repair windows update
Install the program then run
Go to step 2 and allow it to run Disc check
Once that is done then go to step 3 and allow it to run SFC
On the start repairs tab select advanced mode and click start
Select the items below (remove the ticks from the rest ) and tick restart system when finished
Reset Registry permisions
reset File permisions
repair WMI
repair windows firewall
repair internet explorer
remove policies set by infection
repair winsock & DNS cache
remove temp files
repair proxy settings
repair windows update
I will be online from 5-31 to 6-4 in a very limited amount
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->
<-- Don't worry every little bit helps.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->
<-- Don't worry every little bit helps.
#63
- Member
-
- Group: Members
- Posts: 42
- Joined: 08-December 11
Posted 03 January 2012 - 02:10 PM
i downloaded the file, saved it to the flash drive. i tried to install/run it on the sick computer received the following message: the procedure entry point decode pointer could not be located in the dynamic link library KERNEL32.dll
#64
- Bleepin Gringo
-
- Group: Malware Response Team
- Posts: 85,538
- Joined: 03-July 08
- Gender:Male
- Location:Puerto rico
Posted 03 January 2012 - 02:31 PM
I will be online from 5-31 to 6-4 in a very limited amount
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->
<-- Don't worry every little bit helps.
#65
- Member
-
- Group: Members
- Posts: 42
- Joined: 08-December 11
Posted 03 January 2012 - 02:42 PM
Follow the instructions provided on the next page correct? No download is available to download correct?
#66
- Bleepin Gringo
-
- Group: Malware Response Team
- Posts: 85,538
- Joined: 03-July 08
- Gender:Male
- Location:Puerto rico
Posted 03 January 2012 - 02:45 PM
nothing to download - only follow instructions - read completely first
gringo
gringo
I will be online from 5-31 to 6-4 in a very limited amount
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->
<-- Don't worry every little bit helps.
#67
- Member
-
- Group: Members
- Posts: 42
- Joined: 08-December 11
Posted 03 January 2012 - 02:46 PM
ok will do.
#68
- Bleepin Gringo
-
- Group: Malware Response Team
- Posts: 85,538
- Joined: 03-July 08
- Gender:Male
- Location:Puerto rico
Posted 03 January 2012 - 02:49 PM
I will be online from 5-31 to 6-4 in a very limited amount
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->
<-- Don't worry every little bit helps.
#69
- Member
-
- Group: Members
- Posts: 42
- Joined: 08-December 11
Posted 04 January 2012 - 02:15 PM
I have succesfully ran sfc scan now and have made the recommended changes. What should I do now?
#70
- Bleepin Gringo
-
- Group: Malware Response Team
- Posts: 85,538
- Joined: 03-July 08
- Gender:Male
- Location:Puerto rico
Posted 04 January 2012 - 03:36 PM
Hello
check for internet and if nothing then try this again after all the changes we have done
Make sure, your settings are correct.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol version 4 (TCP/IPv4), make sure it is checked, and then click Properties
6. Make sure Obtain an IP Address Automatically and Obtain DNS server address Automatically are checked.
7. Click on "Advanced" button and make sure "IP Settings" tab looks like this:
Make sure "DNS" tab looks like this:
Make sure "WINS" tab looks like this:
8. Still in Control Panel double click on "Internet options" then "Connections" tab then "LAN Settings" button. Make sure "Automatically detect settings" is checked.
If you made any changes OK your way out.
Restart computer.
------------------------------------------------
If that doesn't work...
Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.
------------------------------------------
If that doesn't work, bypass router, and connect computer straight to the modem.
---------------------------------------------
If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).
In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"
Restart computer.
-------------------------------------------------------
If that doesn't work...
Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).
At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.
Restart computer.
----------------------------------------
If that doesn't work...
Download, install, and run WinSockFix: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml (doesn't work in Vista and 7)
Restart computer, and check again.
-------------------------------------------------------------
If that doesn't work...
Download Dial-A-Fix (DAF) (doesn't work in Vista and 7):
http://wiki.lunarsoft.net/wiki/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles
Have XP CD available in case DAF needs a file. Likely not!
Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!
When the entire page is finished click the HammerHead at bottom to go to the second DAF page.
Here, one at a time, do the below:
Reinstall BITS
Reinstall Windows Firewall
Repair Permissions
Reset networking
Watch for any File not found or other errors and make note as this may lead to the fix!
Restart computer.
check for internet and if nothing then try this again after all the changes we have done
Make sure, your settings are correct.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol version 4 (TCP/IPv4), make sure it is checked, and then click Properties
6. Make sure Obtain an IP Address Automatically and Obtain DNS server address Automatically are checked.
7. Click on "Advanced" button and make sure "IP Settings" tab looks like this:
Make sure "DNS" tab looks like this:
Make sure "WINS" tab looks like this:
8. Still in Control Panel double click on "Internet options" then "Connections" tab then "LAN Settings" button. Make sure "Automatically detect settings" is checked.
If you made any changes OK your way out.
Restart computer.
------------------------------------------------
If that doesn't work...
Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.
------------------------------------------
If that doesn't work, bypass router, and connect computer straight to the modem.
---------------------------------------------
If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).
In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"
Restart computer.
-------------------------------------------------------
If that doesn't work...
Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).
At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.
Restart computer.
----------------------------------------
If that doesn't work...
Download, install, and run WinSockFix: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml (doesn't work in Vista and 7)
Restart computer, and check again.
-------------------------------------------------------------
If that doesn't work...
Download Dial-A-Fix (DAF) (doesn't work in Vista and 7):
http://wiki.lunarsoft.net/wiki/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles
Have XP CD available in case DAF needs a file. Likely not!
Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!
When the entire page is finished click the HammerHead at bottom to go to the second DAF page.
Here, one at a time, do the below:
Reinstall BITS
Reinstall Windows Firewall
Repair Permissions
Reset networking
Watch for any File not found or other errors and make note as this may lead to the fix!
Restart computer.
I will be online from 5-31 to 6-4 in a very limited amount
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->
<-- Don't worry every little bit helps.
#71
- Bleepin Gringo
-
- Group: Malware Response Team
- Posts: 85,538
- Joined: 03-July 08
- Gender:Male
- Location:Puerto rico
Posted 07 January 2012 - 12:02 AM
Hello
48 Hour bump
It has been more than 48 hours since my last post.
Gringo
48 Hour bump
It has been more than 48 hours since my last post.
- do you still need help with this?
- do you need more time?
- are you having problems following my instructions?
- if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I will be online from 5-31 to 6-4 in a very limited amount
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->
<-- Don't worry every little bit helps.
#72
- Member
-
- Group: Members
- Posts: 42
- Joined: 08-December 11
Posted 07 January 2012 - 03:53 PM
Please close this case as it is bigger than what I thought. I have tried all of your steps and the problem still exists. I have taken the computer to a professional in hopes of rectifying this problem.
Thank you for all of your help and assistance.
Thank you for all of your help and assistance.
#73
- Bleepin Gringo
-
- Group: Malware Response Team
- Posts: 85,538
- Joined: 03-July 08
- Gender:Male
- Location:Puerto rico
Posted 07 January 2012 - 06:14 PM
Thanks for letting me know and i hope you have backed up what you want to keep
gringo
gringo
I will be online from 5-31 to 6-4 in a very limited amount
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->
<-- Don't worry every little bit helps.
#74
- Bleepin Gringo
-
- Group: Malware Response Team
- Posts: 85,538
- Joined: 03-July 08
- Gender:Male
- Location:Puerto rico
Posted 10 January 2012 - 12:25 AM
It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I will be online from 5-31 to 6-4 in a very limited amount
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->
<-- Don't worry every little bit helps.
