Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Boot up past Welcome Screen


  • Please log in to reply
11 replies to this topic

#1 2ndpage

2ndpage

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 27 October 2009 - 10:34 AM

My niece recently handed me her laptop. It will boot up past the welcome screen. She is running Windows XP Pro w/Service pack 3. Also had Avast AV loaded
Now have very limited access in Safe Mode
Of course the original disks are MIA.
Is there any way to get her back up to working order?
This is what was done so far:

She had installed AntiVirus Pro 2010 when this started and got this result:

Wormagentpsh.dll Worm.Win32.Doomjuice.b
Trojandigest.dll Trojan.VBS.KillOS.a
Trojandigest.dll Trojan.VBS.KillOS.a
Spyware fxsocm.dll Trojan-PSW.Win32.QQRob.10
Rogue ils.dll Lemena.3544
Trojan lsasrv.dll Trojan.Win32
Worm mssap.dll Worm.Win32.Doomjuice.b
Rogue netcfgx.dll Virus.DOS.Digger.1000
Adware powercfg.exe Virus.DOS.Accept.3619
Adware safrslv.dll Virus.DOS.Put.1939
Spyware spra0410.dll Trojan-PSW.Win32.Fantast.30
Spyware spra0410.dll Trojan-PSW.Win32.Fantast.30a
Spyware kernel32.dll Trojan-PSW.Win32.Lmir.gen
Backdoor fontsub.dll Backdoor.Win32.Agobot.a
Backdoor KBDHE.DLL Backdoor.WinCE.Brador.a
Dialer sqlqp20.dll Exploit.HTML.Ascii.f
Adware AVR09.exe Virus.DOS.Squatter.9742
Trojan deskadp.dll Trojan.BAT.FormatC.z
Adware dsdmoprp.dll Virus.Linux.Gildo
Trojan find.exe Trojan.BAT.MkDirs.z
Trojan iprtprio.dll Trojan.MSWord.Thief
Worm kbdlt.dll Net-Worm.Win32.CodeRed.a
Adware linkinfo.dll Virus.DOS.Am.743
Trojan msorc32r.dll Trojan.Win32.KillAV.gj
Adware ntdos.sys Virus.Boot.ABCD.a
Worm osk.exe Worm.Win32.Fujack.a
Dialer rcp.exe Exploit.Perl.Small.a
Worm services.exe Net-Worm.Win32.CodeGreen.a
Rogue TPSAddin.dll Virus.DOS.Mono.1063
Adware winnls.dll Virus.DOS.Jeff.812

I tried to Run avast! Virus Cleaner Tool - version 1.0.211 Unicode
With this result:
Creating log file: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aswclnr.log

10/27/2009, 10:21:36 AM
Memory scanning started...
No virus body found in memory.
Memory scanning finished (1.3s).
----------
Files scanning started...
C:\WINDOWS\system32\eventlog.dll... file could not be scanned!
No virus body found.
Files scanning finished (59546 files, 0 infected, 815.4s).
Drives scanned: C:

When trying to Access System Restore -
“System Restore has been turned off by group policy. Contact your domain Administrator.”
When trying to install SuperAnti Spyware I get:
“The system administrator has set policies to prevent this installation”

BC AdBot (Login to Remove)

 


#2 2ndpage

2ndpage
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 28 October 2009 - 09:16 PM

In yesterdays post I wrote I was having problems with infections and was only able to work in safe mode.
Today I have been able to start up normally and have reinstalled and ran Avast AV, Malwarebytes AM and Super AntiSpyware. My system seems to be clean but am now getting this: Win32 is infected by HTML script-inf and Malob-T(Cryp).
Also I cannot connect wirelessly and System restore tab is still missing.
When trying to Access System Restore -
“System Restore has been turned off by group policy. Contact your domain Administrator.”
Please can someone give me some input on what to do next??
Adding Root Repeal Log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/28 22:34
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: Aavmker4.SYS
Image Path: C:\WINDOWS\System32\Drivers\Aavmker4.SYS
Address: 0xA6422000 Size: 19520 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7381000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: ACPIEC.sys
Image Path: ACPIEC.sys
Address: 0xF78CC000 Size: 11648 File Visible: - Signed: -
Status: -

Name: AegisP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Address: 0xA5A3D000 Size: 19296 File Visible: - Signed: -
Status: -

Name: Afc.sys
Image Path: C:\WINDOWS\system32\drivers\Afc.sys
Address: 0xF77C8000 Size: 32768 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA6533000 Size: 138496 File Visible: - Signed: -
Status: -

Name: AGRSM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AGRSM.sys
Address: 0xA7685000 Size: 1161888 File Visible: - Signed: -
Status: -

Name: ArcSoftVirtualCapture.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ArcSoftVirtualCapture.sys
Address: 0xF70D3000 Size: 15616 File Visible: - Signed: -
Status: -

Name: aswFsBlk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
Address: 0xA803C000 Size: 32768 File Visible: - Signed: -
Status: -

Name: aswMon2.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswMon2.SYS
Address: 0x9E780000 Size: 87424 File Visible: - Signed: -
Status: -

Name: aswRdr.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswRdr.SYS
Address: 0x9E4F9000 Size: 15136 File Visible: - Signed: -
Status: -

Name: aswSP.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswSP.SYS
Address: 0xA5652000 Size: 135168 File Visible: - Signed: -
Status: -

Name: aswTdi.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswTdi.SYS
Address: 0xA7F7C000 Size: 42592 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF7313000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7B30000 Size: 3072 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xF78C8000 Size: 16384 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7A4E000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF78C0000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0x9F67B000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF76B0000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF74F0000 Size: 53248 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Address: 0xF70DF000 Size: 13952 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xF78C4000 Size: 10240 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF74E0000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF732B000 Size: 153344 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF79B4000 Size: 5888 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF7630000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0x9E7E2000 Size: 819200 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0x9F653000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xA54F4000 Size: 4096 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0x9E8AA000 Size: 143744 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xA660D000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF722B000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7A4C000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF7351000 Size: 125056 File Visible: - Signed: -
Status: -

Name: FwLnk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\FwLnk.sys
Address: 0xF79EC000 Size: 5888 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xF76D0000 Size: 40960 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF550D000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0x9DED3000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF7690000 Size: 52480 File Visible: - Signed: -
Status: -

Name: iaStor.sys
Image Path: iaStor.sys
Address: 0xF724B000 Size: 819200 File Visible: - Signed: -
Status: -

Name: igxpdv32.DLL
Image Path: C:\WINDOWS\System32\igxpdv32.DLL
Address: 0xBF04E000 Size: 1720320 File Visible: - Signed: -
Status: -

Name: igxpdx32.DLL
Image Path: C:\WINDOWS\System32\igxpdx32.DLL
Address: 0xBF1F2000 Size: 2732032 File Visible: - Signed: -
Status: -

Name: igxpgd32.dll
Image Path: C:\WINDOWS\System32\igxpgd32.dll
Address: 0xBF024000 Size: 172032 File Visible: - Signed: -
Status: -

Name: igxpmp32.sys
Image Path: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
Address: 0xF556D000 Size: 5761760 File Visible: - Signed: -
Status: -

Name: igxprd32.dll
Image Path: C:\WINDOWS\System32\igxprd32.dll
Address: 0xBF012000 Size: 73728 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF76A0000 Size: 42112 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF7680000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA6645000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA66C4000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF74B0000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF77B8000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF79B0000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0x9D13D000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF5278000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7214000 Size: 92928 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7A50000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF7770000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF77C0000 Size: 23040 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF74C0000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0x9E68B000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA5713000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xA8064000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF7720000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF6AFC000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF7140000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF715A000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF70CF000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xF7998000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF5261000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF7520000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xA72B7000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA661D000 Size: 162816 File Visible: - Signed: -
Status: -

Name: netdevio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netdevio.sys
Address: 0xF79A4000 Size: 12032 File Visible: - Signed: -
Status: -

Name: NETw4x32.sys
Image Path: C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
Address: 0xF52D1000 Size: 2236032 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xA805C000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7187000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7AAD000 Size: 2944 File Visible: - Signed: -
Status: -

Name: OPRGHDLR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Address: 0xF7A79000 Size: 4096 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF7738000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF7370000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7A78000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF7730000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xA81D8000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF5250000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF77D8000 Size: 17792 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xA99F5000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF76F0000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF7700000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF7710000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF77E0000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA5783000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7A52000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF5220000 Size: 196224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF76C0000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9E3D1000 Size: 49152 File Visible: No Signed: -
Status: -

Name: Rtenicxp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
Address: 0xF54F3000 Size: 105856 File Visible: - Signed: -
Status: -

Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xA81FC000 Size: 4894720 File Visible: - Signed: -
Status: -

Name: RTSTOR.SYS
Image Path: C:\WINDOWS\system32\drivers\RTSTOR.SYS
Address: 0xA7257000 Size: 46976 File Visible: - Signed: -
Status: -

Name: s24trans.sys
Image Path: C:\WINDOWS\system32\DRIVERS\s24trans.sys
Address: 0xF7110000 Size: 12288 File Visible: - Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xA8034000 Size: 24576 File Visible: - Signed: -
Status: -

Name: SASENUM.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Address: 0xF7870000 Size: 20480 File Visible: - Signed: -
Status: -

Name: SASKUTIL.sys
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Address: 0xA62A8000 Size: 151552 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0x9E591000 Size: 333952 File Visible: - Signed: -
Status: -

Name: STREAM.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\STREAM.SYS
Address: 0xF76E0000 Size: 53248 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF79F4000 Size: 4352 File Visible: - Signed: -
Status: -

Name: SynTP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\SynTP.sys
Address: 0xF529B000 Size: 220032 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xF7580000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA666B000 Size: 361600 File Visible: - Signed: -
Status: -

Name: tdcmdpst.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
Address: 0xF70DB000 Size: 16128 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF77D0000 Size: 20480 File Visible: - Signed: -
Status: -

Name: tdudf.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tdudf.sys
Address: 0x9E7C8000 Size: 105856 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF7510000 Size: 40704 File Visible: - Signed: -
Status: -

Name: trudf.sys
Image Path: C:\WINDOWS\system32\DRIVERS\trudf.sys
Address: 0x9E796000 Size: 134016 File Visible: - Signed: -
Status: -

Name: Udfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Udfs.SYS
Address: 0x9E7B7000 Size: 66048 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF51C2000 Size: 384768 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF79EE000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF77B0000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF75A0000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF5535000 Size: 147456 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0x9F1E5000 Size: 26368 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF77A8000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7880000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF5559000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF74D0000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xA72C7000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0x9F19D000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0x9E20C000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF79B2000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Edited by 2ndpage, 29 October 2009 - 08:13 AM.


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:58 PM

Posted 29 October 2009 - 02:04 PM

Hello 2ndpage,I have merged these 2 together. it will be less confusing than working in 2 topics.

Please post the MBAM log.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Next run ATF and SAS:
Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 2ndpage

2ndpage
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 29 October 2009 - 03:42 PM

Thanks for your reply. I was beginning to feel dejected.
I am posting the MBAM log and when I finish ATF and SUPER AS I will get back to you
Thanks again and let me know if I need to do anything else.

Malwarebytes' Anti-Malware 1.41

Database version: 2775
Windows 5.1.2600 Service Pack 3

10/27/2009 7:59:09 PM
mbam-log-2009-10-27 (19-58-32).txt

Scan type: Full Scan (C:\|)
Objects scanned: 160710
Time elapsed: 56 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 10
Registry Values Infected: 9
Registry Data Items Infected: 14
Folders Infected: 3
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\tibukiji.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{5c7dce3c-5aa7-4022-aba6-ccad41153887} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b7aaeb1-9f3d-4491-9c06-c7165ca8d058} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ViRsLab (Rogue.AVLab) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\RelatedPageInstall (Adware.Mirar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sigereget (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{5c7dce3c-5aa7-4022-aba6-ccad41153887} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\logeruseb (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> No action taken.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\tibukiji.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\tibukiji.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\55509630 (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Amy Ragozzino\Application Data\gadcom (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Amy Ragozzino\Application Data\GetModule (Trojan.Agent) -> No action taken.

Files Infected:
c:\WINDOWS\system32\tibukiji.dll (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\All Users\Application Data\55509630\55509630.bat (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Amy Ragozzino\Application Data\GetModule\dicik.gz (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Amy Ragozzino\Application Data\GetModule\kwdik.gz (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Amy Ragozzino\Application Data\GetModule\ofadik.gz (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\AVR09.exe (Rogue.AdvancedVirusRemover) -> No action taken.
C:\WINDOWS\system32\memezori.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\winhelper.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\f49f4daa.dat (Worm.Koobface) -> No action taken.
C:\WINDOWS\win32k.sys (Trojan.Dropper) -> No action taken.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:58 PM

Posted 29 October 2009 - 04:05 PM

Hello it was important that you rebooted after that scan if not please do so.

It also needs an update. I will be out for a while there's a game at Yankee stadium i have tickets for. But i'll be back.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 2ndpage

2ndpage
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 29 October 2009 - 04:08 PM

Yes I have rebooted - will update though and scan again
Thanks again.
Enjoy the game
I hope they win tonight!!

#7 2ndpage

2ndpage
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 30 October 2009 - 06:10 AM

OK I updated MBAM here is the log:

Malwarebytes' Anti-Malware 1.41
Database version: 3057
Windows 5.1.2600 Service Pack 3

10/29/2009 7:09:45 PM
mbam-log-2009-10-29 (19-09-45).txt

Scan type: Quick Scan
Objects scanned: 109908
Time elapsed: 5 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Login Software 2009 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Yjafosi8kdf98winmdkmnkmfnwe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Amy Ragozzino\Application Data\6545776568 (Rogue.SecurityTool) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Amy Ragozzino\Application Data\6545776568\6545776568.bat (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amy Ragozzino\Application Data\6545776568\6545776568.cfg (Rogue.SecurityTool) -> Quarantined and deleted successfully.

Ran ATF Then ran SAS as in Safe Mode under Amy and Administrator Here are those logs:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/29/2009 at 05:22 PM

Application Version : 4.29.1004

Core Rules Database Version : 4210
Trace Rules Database Version: 2117

Scan type : Complete Scan
Total Scan Time : 00:29:01

Memory items scanned : 231
Memory threats detected : 0
Registry items scanned : 5886
Registry threats detected : 1
File items scanned : 53346
File threats detected : 0

Trojan.Unknown Origin
HKU\S-1-5-21-2855890649-3362735986-3061225356-1005\Software\Microsoft\Windows\CurrentVersion\Run#mserv [ C:\Documents and Settings\Amy Ragozzino\Application Data\svcst.exe ]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/29/2009 at 07:49 PM

Application Version : 4.29.1004

Core Rules Database Version : 4211
Trace Rules Database Version: 2118

Scan type : Quick Scan
Total Scan Time : 00:06:55

Memory items scanned : 280
Memory threats detected : 0
Registry items scanned : 465
Registry threats detected : 1
File items scanned : 6597
File threats detected : 0

Rogue.XP AntiSpyware 2009
HKU\S-1-5-21-2855890649-3362735986-3061225356-500\Control Panel\don't load#wscui.cpl [ No ]

Getting same response when trying to access System Restore and still can’t use wireless connection. Also when try to use the window help and support the content section is blank. There are probably other things missing that I have not come across yet. Are they lost forever?
Ran Avast, SAS and MBAM again just to be sure and nothing came up.
Off to work now will check back later.
You picked a great game to go to. Hope you enjoyed it!

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:58 PM

Posted 30 October 2009 - 03:15 PM

Hello, yes it was great. Thanks! Stayed out too late too so now I 'm a late start today.
let's try this first
See if this fixes your Net issues .

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.

I hope that worked and we can download,
Next we'll run RKil to se if there is still a kill process hiding and stopping the restore.

Please download Rkill by Grinler and save it to your desktop.Link 2
Link 3
Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 2ndpage

2ndpage
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 30 October 2009 - 07:11 PM

Hi back again
Tried to reset to no avail - still can't connect wirelessly
When I reboot message balloon reads - wireless networks detected- to see a list click here. When I open the wireless network connection- none were found in range
Also downloaded and ran rkill - but not able to run system restore getting same message

#10 2ndpage

2ndpage
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 01 November 2009 - 01:37 PM

Hi
I was wondering if you had any new ideas on how to fix my problem.
If not I will just give the laptop back and have her deal with it. She can still connect to the internet just cant use her wireless. Unless you think there may be another problem down the road by not fixing it now.
Please let me know.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:58 PM

Posted 01 November 2009 - 07:38 PM

Hello. Please install a new RKill and rerun mbam.

3 Methods of repairing connectivity
METHOD 1

LSP-Fix
Repairs Winsock 2 settings, caused by buggy or improperly-removed Internet software, that result in loss of Internet access
LSP-Fix Home Page
Using LSP-Fix to remove Spyware & Hijackers

METHOD 2

WinSock XP Fix 1.2
It can often cure the problem of lost connections after the removal of Adware components or improper uninstall of firewall applications or other tools that modify the XP network and Winsock settings.
If you encounter connection problems after removing network related software, Adware or after registry clean-up; and all other ways fail, then give WinSock XP Fix a try.
Download WinSock XP Fix 1.2

METHOD 3

Microsoft KB article to reset TCP/IP
One of the components of the Internet connection on your computer is a built-in set of instructions called TCP/IP. TCP/IP can sometimes become corrupted. If you cannot connect to the Internet and you have tried all other methods to resolve the problem, TCP/IP might be causing it.
Because TCP/IP is a core component of Windows, you cannot remove it. However, you can reset TCP/IP to its original state by using the NetShell utility (netsh)
How to reset Internet Protocol (TCP/IP) in Windows XP
+++++++++++++++++++++++++++
Internet connection problems
For Windows 2K/XP
Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.

For Windows 98/ME
Click on Start, then Settings, and then click on Control Panel to open the Control Panel. Then double-click on the Network icon. You will then be presented with a list of entries. Scroll down until you see TCP/IP -> yournetworkcard and double-click on that entry. This will open the TCP/IP properties window.
Click once on the DNS Configuration tab, and <manually insert further instructions>

++
Try this--open control, internet options, connections tab, lan settings, uncheck the box next to "use proxy...."
&&&&&&&&&&
Most Internet connectivity problems arise out of corrupt Winsock settings due to the installation of a networking software or Malware infestation. If your ISP provider insists that your connection is coming through, the problem must be at your end.

Log on as an administrator, go Start > Run and type: "cmd". In the window that appears type: "netsh winsock reset". When the program is finished, you will receive the message: "Successfully reset the Winsock Catalog. You must restart the machine in order to complete the reset." Close the command box and reboot your computer.

Go Start > Run > type: "cmd" In the window that appears type: "ipconfig /flushdns". Close the command box.

Go Start > Control Panel > Network Connections. Right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties. Double-click on the Internet Protocol (TCP/IP) item. Select the radio button that says "Obtain DNS servers automatically". Reboot. Warning: Some Internet Service Providers need specific DNS settings. You need to make sure that you know if such DNS settings are required before you make this change.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 2ndpage

2ndpage
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 04 November 2009 - 10:47 AM

Tried everything Still getting the same results. All the settings seem to be fine. It just won't connect. I know the signal is ok - I have 2 other laptops running wireless. Do you have any other ideas for me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users