Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FBI Moneypack Virus Corrupted Computer [Solved]


  • This topic is locked This topic is locked

#16
beerman

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Sorry, in the 6 attempts I made to send the logs I included my explanation. Forgot this morning. :rolleyes:

Anyway, I cannot get to the internet on that computer. When I try to enable the NIC it says "Windows is not able to enable the device".

Hope that helps.
  • 0

Advertisements


#17
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
I am glad it is so informative. Posted Image

Let me get one more scan to see if we can root this out.


Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
  • 0

#18
beerman

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Thanks. Hopefully this will help. I even changed the ethernet cord and still cannot enable the NIC. I did not have the wireless radio turned on when I ran the scan. I can get to the internet with wireless.



MiniToolBox by Farbar Version:21-04-2013
Ran by gwasson (administrator) on 17-05-2013 at 14:30:23
Running from "C:\Documents and Settings\gwasson\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================



# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : 64FW3G1

Primary Dns Suffix . . . . . . . : Dayton.Local

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Dell Wireless 1395 WLAN Mini-Card

Physical Address. . . . . . . . . : 00-16-44-BC-EB-42

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 44 bc eb 42 ...... Dell Wireless 1395 WLAN Mini-Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 2 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/17/2013 02:23:39 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (05/16/2013 05:22:02 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (05/16/2013 05:21:43 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (05/16/2013 05:21:41 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (05/16/2013 11:18:38 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (05/16/2013 11:17:02 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (05/16/2013 11:16:59 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (05/13/2013 10:32:44 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (05/13/2013 10:31:58 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (05/13/2013 10:28:56 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.


System errors:
=============
Error: (05/17/2013 02:23:35 PM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain DAYTON due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (05/16/2013 05:21:41 PM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain DAYTON due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (05/16/2013 03:16:56 PM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain DAYTON due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (05/16/2013 11:18:33 AM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (05/16/2013 11:16:56 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain DAYTON due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (05/13/2013 10:39:50 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/13/2013 10:33:36 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
APPDRV
eeCtrl
Fips
intelppm
SPBBCDrv
SRTSP
SRTSPX
SYMTDI
Tosrfcom

Error: (05/13/2013 10:33:05 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/13/2013 10:31:58 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain DAYTON due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (05/13/2013 10:14:21 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain DAYTON due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.


Microsoft Office Sessions:
=========================
Error: (12/07/2012 10:03:39 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.

Error: (12/06/2012 10:02:37 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 35 seconds with 0 seconds of active time. This session ended with a crash.

Error: (12/09/2011 09:47:06 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 108 seconds with 60 seconds of active time. This session ended with a crash.

Error: (04/20/2011 10:54:39 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 182942 seconds with 10860 seconds of active time. This session ended with a crash.

Error: (01/04/2011 11:22:55 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1513 seconds with 1080 seconds of active time. This session ended with a crash.

Error: (12/20/2010 00:56:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 192 seconds with 60 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Adobe Acrobat 8 Standard (Version: 8.1.6)
Adobe Acrobat 8.1.6 - CPSID_49167
Adobe Acrobat 8.1.6 Standard (Version: 8.1.6)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.268)
April Space Management Beer Database and Images Update (Version: 1.2)
AT&T Connect Participant Application v9.0.82 (Version: 9.0.82)
AuthenTec Fingerprint Sensor Minimum Install (Version: 7.8.1.0)
Beer Database (Version: 1.2.1)
biolsp patch (Version: 01.00.02.0005)
Bluetooth Stack for Windows by Toshiba (Version: v4.41.02(D))
Broadcom ASF Management Applications (Version: 10.13.02)
Broadcom Gigabit Integrated Controller (Version: 10.15.08)
Broadcom Management Programs (Version: 10.15.01)
Browser Address Error Redirector (Version: 1.00.0000)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)
CDDRV_Installer (Version: 1.00.0000)
Cisco WebEx Meetings
Conexant HDA D330 MDC V.92 Modem
Dell Drivers MSI (Version: 01.00.00.0010)
Dell Embassy Trust Suite by Wave Systems (Version: 02.01.00.026)
Dell Touchpad (Version: Version 7.1.101.6)
Digital Line Detect (Version: 1.21)
Document Manager Lite (Version: 06.06.00.066)
DW WLAN Card Utility (Version: 5.60.18.9)
EMBASSY Security Center (Version: 03.06.00.031)
EMBASSY Security Setup (Version: 03.06.00.027)
EMBASSY Trust Suite by Wave Systems (Version: 02.01.01.25)
ESC Home Page Plugin (Version: 03.01.00.018)
evolve Assistant - Toolbar 14 SP10 (14.10.99.4) RC (Version: 14.10.99.4)
Gemalto (Version: 01.00.00.0010)
GemSafe Standard Edition 5.1 (Version: 5.10.000.007)
Google Chrome (Version: 26.0.1410.64)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
Intel® Graphics Media Accelerator Driver
IntelliSonic Speech Enhancement (Version: 2.1.37)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
January 2011 Space Management Beer Database and Images Update (Version: 1.11.01)
January 2011 Update 2 Space Management Beer Database and Images Update (Version: 1.11.01)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
JDA Intactix Samples (Version: 7.5.0.0000)
JDA PDF Writer (Version: 7.7.0.0002)
JDA Space Automation (Version: 7.7.0.0012)
JDA Space Planning (Version: 7.7.2.0003)
JNLP
Juniper Networks Host Checker (Version: 7.1.12.21827)
Juniper Networks, Inc. Setup Client (Version: 7.1.10.21853)
KhalSetup (Version: 3.22.50)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.96)
May Space Management Beer Database and Images Update (Version: 1.10.5)
MFCLOC (Version: 1.00.0000)
Micro Vane Workstation 5.4 (Version: 5.04.0000)
Micro Vane Workstation 5.5 (Version: 5.05.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.187)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Small Business 2007 (Version: 12.0.6612.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Modem Diagnostic Tool (Version: 1.0.20.0)
MSN
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
NetWaiting (Version: 2.5.44)
NTRU TCG Software Stack (Version: 2.1.25)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PowerDVD (Version: 7.0)
Preboot Manager (Version: 2.0.1.2)
Private Information Manager (Version: 06.01.00.023)
QuickSet (Version: 8.3.17)
RealNetworks - Microsoft Visual C++ 2005 Runtime (Version: 8.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator BDAV Plugin (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator DE (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Drag-to-Disc (Version: 9.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio Update Manager (Version: 3.0.0)
SearchAssist
Secure Update (Version: 05.04.00.010)
Security Wizards (Version: 01.04.00.014)
SetPoint (Version: 3.22)
SigmaTel Audio (Version: 5.10.5210.0)
Sonic Activation Module (Version: 1.0)
Space Management April 2011 Release (Version: 1.4.11)
Space Management Images (Version: 1.1.13)
Space Planning Configuration Files (Version: 1.1.10)
Symantec Endpoint Protection (Version: 11.0.6005.562)
Trusted Drive Manager (Version: 2.1.1.2)
tsp patch (Version: 01.00.00.0000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB975364) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
upekmsi (Version: 02.00.03.0000)
Wave Infrastructure Installer (Version: 05.00.01.0050)
Wave Support Software (Version: 05.07.00.026)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Devices: ================================

Name: Broadcom NetXtreme 57xx Gigabit Controller
Description: Broadcom NetXtreme 57xx Gigabit Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: b57w2k
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 32%
Total physical RAM: 2037.89 MB
Available physical RAM: 1377.3 MB
Total Pagefile: 3930.61 MB
Available Pagefile: 3473.19 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.78 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:111.7 GB) (Free:54.96 GB) NTFS
3 Drive e: (PKBACK# 001) (Removable) (Total:0.24 GB) (Free:0.04 GB) FAT

========================= Users: ========================================

User accounts for \\64FW3G1

Administrator Gregg Wasson Guest
HelpAssistant SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found


**** End of log ****


Thanks.
  • 0

#19
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
This is really interesting. It just says the device is disabled. Duh. Posted Image

Let's try this. Find the correct drivers for your ethernet device, following the instructions here, and then download them to your computer.

Now, find the ethernet device in device manager, right click on it, and select uninstall. Restart your computer and install the drivers again and see what happens.

If you need help or more details let me know.
  • 0

#20
beerman

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Never had to reinstall the driver. Uninstalled the NIC and then rebooted and it was working fine.
  • 0

#21
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Great. Let's sweep for any leftovers and then we can clean up. Any other apparent problems? Also, is this computer on a corporate network, because it seems to be wanting to "call home"?


Step 1: Run SecurityCheck

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2: Run MBAM.

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3: Run online scan.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Things I need in your next reply:
  • SecurityCheck log
  • MBAM log
  • ESET log
  • Any outstanding problems?

  • 0

#22
beerman

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Well, this is interesting. The computer is just sitting here finally connected to the internet and a Symantec notification just popped up. Security risk W32.Cridex was found in the FRST quarantine. Very nice. Looks like you got that one.
  • 0

#23
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Yes, we'll get rid of all that when we clean up after you finish the above steps.
  • 0

#24
beerman

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Seems to be running pretty well, although ESET found some things:

Results of screen317's Security Check version 0.99.63
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Symantec Endpoint Protection
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java™ 6 Update 29
Java version out of Date!
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.17.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
gwasson :: 64FW3G1 [administrator]

5/17/2013 3:04:46 PM
mbam-log-2013-05-17 (15-04-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 312443
Time elapsed: 15 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=443ed5bba8bacf488474174301588805
# engine=13855
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-05-17 09:28:49
# local_time=2013-05-17 05:28:49 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=100899
# found=3
# cleaned=0
# scan_time=7291
sh=2D6C24702A783B58258D647A62D3E2AEE62A200B ft=0 fh=0000000000000000 vn="Win32/OpenCandy application" ac=I fn="C:\Documents and Settings\gwasson\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-us.cab"
sh=FD506659481BC7B01349A2A0E5D21D940C1AAEBC ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.OFD trojan" ac=I fn="C:\Documents and Settings\gwasson\Application Data\Sun\Java\Deployment\cache\6.0\12\6dcb854c-1f879f0c"
sh=B89909720AE75A842436263FC1F1F9032053C586 ft=1 fh=17963c97f4dec8b3 vn="a variant of Win32/Kryptik.BASU trojan" ac=I fn="C:\FRST\Quarantine\i.ini"


Thanks!
  • 0

#25
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Those detections aren't too nasty. One looks like just an unwanted program bundled with Real player and the other is a java exploit. We'll take care of these last few things with this fix. If your happy after this, then we'll update and clean up our tools and quarantine.


Please be aware that this fix will delete your temporary files. If the virus has "hidden" any of your files, please do not run the fix, but stop and let me know.

Start OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Commands
    [createrestorepoint]
    
    :Files
    C:\Documents and Settings\gwasson\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-us.cab
    
    :Commands
    [emptytemp]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Post the log it produces in your next reply. The log should be saved in C:\_OTL\MovedFiles and should be named with numbers describing the date and time it was run.

  • 0

Advertisements


#26
beerman

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Ran the fix and got a blue screen stop error (error code 1000007e). When I restarted the log was not in the OTL directory but the removed directories were there.
  • 0

#27
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Did you opt-in to the free trial of the real-time protection for MBAM when you installed it? If so, that could have caused the blue screen. If you did do that, could you please temporarily disable the protection and run the fix again, just to make sure.

Let me know.
  • 0

#28
beerman

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
I did not do the free trial. Ran the fix again and OTL seems to be hung up on "Killing processes. DO NOT INTERRUPT . . ." Been in this state for about 15 minutes.
  • 0

#29
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
On some computers, OTL hangs emptying the temp files. Try the fix like this:


:Commands
[createrestorepoint]

:Files
C:\Documents and Settings\gwasson\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-us.cab

:Commands
[emptyflash]
[emptyjava]


Then see if you can empty temp files using TFC. I have a feeling we will need to find another way to clear your temp files as this will probably hang as well.


Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

  • 0

#30
beerman

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Worked that time. I did not run TFC. Do you want me to do that anyway?

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
File\Folder C:\Documents and Settings\gwasson\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-us.cab not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: Administrator.DAYTON

User: All Users

User: Default User

User: Gregg Wasson

User: gwasson
->Flash cache emptied: 506 bytes

User: LocalService

User: NetworkService

User: nmengos

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: Administrator.DAYTON

User: All Users

User: Default User

User: Gregg Wasson
->Java cache emptied: 0 bytes

User: gwasson
->Java cache emptied: 1633247 bytes

User: LocalService

User: NetworkService

User: nmengos

Total Java Files Cleaned = 2.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05202013_124047


Thanks.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP