Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After System Check Virus Can't Access Shared Files/Printers on Infecte


  • Please log in to reply
12 replies to this topic

#1 Paul2.0

Paul2.0

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 15 April 2012 - 03:09 PM

Hi,

On March 28 I was infected by the System Check virus. With the help of Gringo in the malware removal forum my computer is now clean.

Prior to the System Check infection, all the computers on my network used to be able to access the shared files/printers on the infected computer. After the infection, the other computers could no longer access the files/printers on the infected computer. Right now, the other computers cannot even "see" the infected computer and cannot print to the shared printer. Gringo suggested that someone in the Networking forum might be able to help me restore access.

When I look at the event log of one of these "other" computers I see some potentially relevant entries:

Error 4/14/2012 10:05:38 AM Server 2505 None The server could not bind to the transport \Device\NetBT_Tcpip_{A5B38AB3-755B-4FB2-B9BA-148EBFE29CCA} because another computer on the network has the same name. The server could not start.

Error 4/14/2012 7:34:36 PM bowser 8003 None The master browser has received a server announcement from the computer CNA0187798A that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A5B38AB3-755B-4FB2-B9BA-148EBFE29CCA}. The master browser is stopping or an election is being forced.

I includes the event logs for both this "other" computer and the infected (CNA0187798A) computer below in case they are relevant.

Any help would be much appreciated.

Regards,
Paul

----------------------------------------------------------------------------------------------------------------------------------
Here's the Administrative event log on the "other" computer that cannot access the files/printers of the infected (CNA0187798A) computer:

Level Date and Time Source Event ID Task Category
Error 4/14/2012 7:34:36 PM bowser 8003 None The master browser has received a server announcement from the computer CNA0187798A that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A5B38AB3-755B-4FB2-B9BA-148EBFE29CCA}. The master browser is stopping or an election is being forced.
Error 4/14/2012 3:29:56 PM Microsoft-Windows-PrintService 372 Printing a document "The document Flash, owned by Rachel, failed to print on printer HP OfficeJet G85. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 81180. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\RACHEL-PC. Win32 error code returned by the print processor: 53. The network path was not found.
"
Error 4/14/2012 3:29:46 PM Microsoft-Windows-PrintService 372 Printing a document "The document https://mail.google.com/mail/?ui=2&view=bsp&ver=ohhl4rw8mbn4, owned by Rachel, failed to print on printer HP OfficeJet G85. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 720896. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\RACHEL-PC. Win32 error code returned by the print processor: 53. The network path was not found.
"
Error 4/14/2012 1:40:02 PM Microsoft-Windows-PrintService 372 Printing a document "The document https://mail.google.com/mail/?ui=2&view=bsp&ver=ohhl4rw8mbn4, owned by Rachel, failed to print on printer HP OfficeJet G85. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 720896. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\RACHEL-PC. Win32 error code returned by the print processor: 53. The network path was not found.
"
Error 4/14/2012 1:15:27 PM Microsoft-Windows-PrintService 808 Initializing The print spooler failed to load a plug-in module C:\Windows\system32\spool\DRIVERS\x64\3\UNIDRVUI.DLL, error code 0xc1. See the event user data for context information.
Error 4/14/2012 1:15:27 PM Microsoft-Windows-PrintService 808 Initializing The print spooler failed to load a plug-in module C:\Windows\system32\spool\DRIVERS\x64\3\UNIDRVUI.DLL, error code 0xc1. See the event user data for context information.
Error 4/14/2012 1:15:07 PM Microsoft-Windows-PrintService 372 Printing a document "The document Microsoft Word - Confirmation&Payment2012, owned by Rachel, failed to print on printer HP OfficeJet G85. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 327680. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\RACHEL-PC. Win32 error code returned by the print processor: 53. The network path was not found.
"
Error 4/14/2012 1:14:23 PM Microsoft-Windows-PrintService 808 Initializing The print spooler failed to load a plug-in module C:\Windows\system32\spool\DRIVERS\x64\3\UNIDRVUI.DLL, error code 0xc1. See the event user data for context information.
Error 4/14/2012 1:14:23 PM Microsoft-Windows-PrintService 808 Initializing The print spooler failed to load a plug-in module C:\Windows\system32\spool\DRIVERS\x64\3\UNIDRVUI.DLL, error code 0xc1. See the event user data for context information.
Error 4/14/2012 1:14:16 PM Microsoft-Windows-PrintService 808 Initializing The print spooler failed to load a plug-in module C:\Windows\system32\spool\DRIVERS\x64\3\UNIDRVUI.DLL, error code 0xc1. See the event user data for context information.
Error 4/14/2012 1:14:16 PM Microsoft-Windows-PrintService 808 Initializing The print spooler failed to load a plug-in module C:\Windows\system32\spool\DRIVERS\x64\3\UNIDRVUI.DLL, error code 0xc1. See the event user data for context information.
Error 4/14/2012 10:05:38 AM Server 2505 None The server could not bind to the transport \Device\NetBT_Tcpip_{A5B38AB3-755B-4FB2-B9BA-148EBFE29CCA} because another computer on the network has the same name. The server could not start.
Error 4/14/2012 1:25:21 AM SideBySide 80 None "Activation context generation failed for ""C:\Program Files (x86)\Cozi Express\CoziExpress.exe"".Error in manifest or policy file """" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest."

----------------------------------------------------------------------------------------------------------------------------------
Here's the Administrative event log on the infected (CNA0187798A) computer:

Level Date and Time Source Event ID Task Category
Error 4/14/2012 8:58:37 PM Service Control Manager 7011 None A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
Error 4/14/2012 8:58:15 PM Microsoft-Windows-Kernel-EventTracing 2 Session "Session ""Homegroup Log"" failed to start with the following error: 0xC0000035"
Warning 4/14/2012 7:44:43 PM .NET Runtime Optimization Service 1130 None .NET Runtime Optimization Service (4.0.30319.261) - Version or flavor did not match with repository: Microsoft.VisualBasic.Compatibility.Data
Error 4/14/2012 7:37:38 PM Microsoft-Windows-Dhcp-Client 1001 Address Configuration State Event Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0x9439E5589FE9. The following error occurred: 0x79. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Error 4/14/2012 7:37:13 PM Microsoft-Windows-WMI 10 None "Event filter with query ""SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA ""Win32_Processor"" AND TargetInstance.LoadPercentage > 99"" could not be reactivated in namespace ""//./root/CIMV2"" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected."
Error 4/14/2012 7:35:36 PM NetBT 4311 None "Initialization failed because the driver device could not be created. Use the string ""9439E5589FE9"" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. "
Error 4/14/2012 7:35:36 PM NetBT 4311 None "Initialization failed because the driver device could not be created. Use the string ""9439E5589FE9"" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. "
Warning 4/14/2012 7:34:51 PM Microsoft-Windows-WLAN-AutoConfig 4001 None "WLAN AutoConfig service has successfully stopped.
"
Warning 4/14/2012 7:34:51 PM Microsoft-Windows-WLAN-AutoConfig 10002 None "WLAN Extensibility Module has stopped.

Module Path: C:\Windows\System32\bcmihvsrv64.dll
"
Error 4/14/2012 7:34:37 PM Microsoft-Windows-DistributedCOM 10010 None The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
Error 4/14/2012 11:39:48 AM Microsoft-Windows-PrintService 372 Printing a document "The document Study Plan.xls, owned by a0187798, failed to print on printer HP OfficeJet G85. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes printed: 49008. Total number of pages in the document: 6. Number of pages printed: 2. Client computer: \\CNA0187798A. Win32 error code returned by the print processor: 2147500037. Unspecified error
"
Error 4/14/2012 1:31:46 AM SideBySide 80 None "Activation context generation failed for ""c:\Program Files (x86)\Cozi Express\CoziExpress.exe"".Error in manifest or policy file """" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest."
Warning 4/14/2012 12:36:01 AM Microsoft-Windows-Bits-Client 16393 None BITS has encountered an error communicating with an Internet Gateway Device. Please check that the device is functioning properly. BITS will not attempt to use this device until the next system reboot. Error code: 0x80040500.
Warning 4/14/2012 12:35:19 AM Microsoft-Windows-Bits-Client 16393 None BITS has encountered an error communicating with an Internet Gateway Device. Please check that the device is functioning properly. BITS will not attempt to use this device until the next system reboot. Error code: 0x80040500.
Error 4/14/2012 12:21:05 AM Microsoft-Windows-Dhcp-Client 1001 Address Configuration State Event Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0x9439E5589FE9. The following error occurred: 0x79. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Error 4/14/2012 12:20:43 AM Microsoft-Windows-WMI 10 None "Event filter with query ""SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA ""Win32_Processor"" AND TargetInstance.LoadPercentage > 99"" could not be reactivated in namespace ""//./root/CIMV2"" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected."
Warning 4/14/2012 12:20:25 AM Microsoft-Windows-Bits-Client 16393 None BITS has encountered an error communicating with an Internet Gateway Device. Please check that the device is functioning properly. BITS will not attempt to use this device until the next system reboot. Error code: 0x80040500.
Error 4/14/2012 12:20:14 AM Microsoft-Windows-Kernel-EventTracing 2 Session "Session ""Homegroup Log"" failed to start with the following error: 0xC0000035"
Warning 4/14/2012 12:20:04 AM Microsoft-Windows-Kernel-EventTracing 4 Logging "The maximum file size for session ""ReadyBoot"" has been reached. As a result, events might be lost (not logged) to file ""C:\Windows\Prefetch\ReadyBoot\ReadyBoot.etl"". The maximum files size is currently set to 20971520 bytes."
Error 4/14/2012 12:19:50 AM Service Control Manager 7011 None A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
Warning 4/14/2012 12:19:05 AM Microsoft-Windows-Dhcp-Client 1003 Address Configuration State Event Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0x180373D21DAC. The following error occurred: 0x490. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Error 4/14/2012 12:19:05 AM Microsoft-Windows-Dhcp-Client 50034 Address Configuration State Event An error has occurred in initializing the adapter 11. Error Code is 0x490
Error 4/14/2012 12:19:03 AM Service Control Manager 7023 None "The Windows Defender service terminated with the following error:
The specified module could not be found."
Error 4/14/2012 12:19:01 AM NetBT 4311 None "Initialization failed because the driver device could not be created. Use the string ""9439E5589FE9"" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. "
Error 4/14/2012 12:19:01 AM NetBT 4311 None "Initialization failed because the driver device could not be created. Use the string ""9439E5589FE9"" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. "
Warning 4/14/2012 12:18:21 AM Microsoft-Windows-WLAN-AutoConfig 4001 None "WLAN AutoConfig service has successfully stopped.
"
Warning 4/14/2012 12:18:21 AM Microsoft-Windows-WLAN-AutoConfig 10002 None "WLAN Extensibility Module has stopped.

Module Path: C:\Windows\System32\bcmihvsrv64.dll
"
Error 4/14/2012 12:18:17 AM Microsoft-Windows-DistributedCOM 10010 None The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
Error 4/14/2012 12:18:16 AM Service Control Manager 7030 None The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error 4/14/2012 12:16:40 AM Service Control Manager 7030 None The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error 4/14/2012 12:13:06 AM Windows Backup 4104 None The backup was not successful. The error is: Windows Backup encountered an error when accessing the remote shared folder. (0x81000039).

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 35,748 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:44 AM

Posted 15 April 2012 - 04:21 PM

Same computer?
http://www.bleepingcomputer.com/forums/topic449893.html/page__p__2663307__fromsearch__1#entry2663307

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif




#3 Paul2.0

Paul2.0
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 15 April 2012 - 04:38 PM

Yes, it's the same computer. I hope it was clear from my post that Gringo asked me to post this new topic in the Networking forum since he said the malware problem is taken care of and the networking problem should be handled as a separate issue.

I hope I didn't do something wrong.

Regards,
Paul

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 35,748 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:44 AM

Posted 15 April 2012 - 05:02 PM

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif




#5 Paul2.0

Paul2.0
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 15 April 2012 - 07:30 PM

Hi,

Thanks for taking the time to help!

I ran FSS and the log is below. I wanted to mention that I'm using Windows 7 (64b) and am running Bitdefender Internet Security 2012.


-------------------------------------------------------------------------------------
Here is the Farbar log:

Farbar Service Scanner Version: 01-03-2012
Ran by a0187798 (administrator) on 15-04-2012 at 19:27:51
Running from "C:\Users\a0187798\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Yahoo IP returend error: Yahoo IP is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 35,748 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:44 AM

Posted 15 April 2012 - 08:53 PM

I was hoping to see some issues through the above log but unfortunately there are none.
Hopefully someone else will come up with some other ideas.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif




#7 Sneakycyber

Sneakycyber

    IT Support Specialist


  • BC Advisor
  • 5,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:03:44 AM

Posted 20 April 2012 - 10:06 PM

What operating systems are the other computer using? Also please run the Minitoolbox found in this thread and post the results here.

a%2B_ce_forum.jpg

Chad Mockensturm

Systems Admininistrator  Windows Server 2008R2, Windows Server 2012 
Cisco Certified Home and Small Business Networking Support


#8 Paul2.0

Paul2.0
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 22 April 2012 - 05:24 PM

Hi,

Thanks for helping! The "other" computer that I posted the log from was a Windows 7 Dell laptop. I also
tried accessing the "problem" computer from another Windows 7 Dell laptop and could not. I also tried
accessing it from a Windows XP computer and could not. Let me emphasize again that prior to my System Check
infection in March I was able to access the computer and its printer from _all_ of these other computers.

I tried to "ping" the problem computer from one of the laptops two nights ago and the ping failed just like
browsing in Windows Explorer or trying to send a document to the shared printer fail. I have included the
log you requested below.

Regards,
Paul


MiniToolBox by Farbar Version: 18-01-2012
Ran by a0187798 (administrator) on 22-04-2012 at 17:18:13
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Cisco Systems VPN Adapter for 64-bit Windows = Local Area Connection 2 (Disconnected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Connected)
DW1501 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global taskoffload=disabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : CNA0187798A
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ent.ti.com
itg.ti.com
corp.ti.com
sc.ti.com
dal.design.ti.com
am.dhcp.ti.com

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : DW1501 Wireless-N WLAN Half-Mini Card
Physical Address. . . . . . . . . : 94-39-E5-58-9F-E9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 18-03-73-D2-1D-AC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::905c:8862:dfa6:9272%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, April 16, 2012 11:07:52 PM
Lease Expires . . . . . . . . . . : Monday, April 23, 2012 11:07:51 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 236454771
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-18-39-A7-18-03-73-D2-1D-AC
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2cb9:1b99:b855:481d(Preferred)
Link-local IPv6 Address . . . . . : fe80::2cb9:1b99:b855:481d%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{4FCC3EA7-151D-42F5-93F6-2DD9B97A0C73}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.227.103
74.125.227.96
74.125.227.98
74.125.227.101
74.125.227.102
74.125.227.97
74.125.227.110
74.125.227.104
74.125.227.99
74.125.227.100
74.125.227.105


Pinging google.com [74.125.227.129] with 32 bytes of data:
Reply from 74.125.227.129: bytes=32 time=7ms TTL=252
Reply from 74.125.227.129: bytes=32 time=8ms TTL=251

Ping statistics for 74.125.227.129:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 7ms, Maximum = 8ms, Average = 7ms
Server: myrouter.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=145ms TTL=249
Reply from 72.30.38.140: bytes=32 time=64ms TTL=249

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 64ms, Maximum = 145ms, Average = 104ms
Server: myrouter.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...94 39 e5 58 9f e9 ......DW1501 Wireless-N WLAN Half-Mini Card
11...18 03 73 d2 1d ac ......Broadcom NetLink ™ Gigabit Ethernet
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.103 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.103 276
192.168.1.103 255.255.255.255 On-link 192.168.1.103 276
192.168.1.255 255.255.255.255 On-link 192.168.1.103 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.103 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.103 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
15 58 ::/0 On-link
1 306 ::1/128 On-link
15 58 2001::/32 On-link
15 306 2001:0:4137:9e76:2cb9:1b99:b855:481d/128
On-link
11 276 fe80::/64 On-link
15 306 fe80::/64 On-link
15 306 fe80::2cb9:1b99:b855:481d/128
On-link
11 276 fe80::905c:8862:dfa6:9272/128
On-link
1 306 ff00::/8 On-link
15 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/22/2012 00:00:45 AM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location \\MYBOOKWORLD\Public\CNA0187798A_Backup\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (04/21/2012 00:00:43 AM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location \\MYBOOKWORLD\Public\CNA0187798A_Backup\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (04/20/2012 00:00:43 AM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location \\MYBOOKWORLD\Public\CNA0187798A_Backup\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (04/19/2012 00:30:16 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/19/2012 00:00:43 AM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location \\MYBOOKWORLD\Public\CNA0187798A_Backup\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (04/18/2012 00:30:16 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/18/2012 00:00:44 AM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location \\MYBOOKWORLD\Public\CNA0187798A_Backup\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (04/17/2012 00:31:25 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/17/2012 00:00:49 AM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location \\MYBOOKWORLD\Public\CNA0187798A_Backup\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (04/16/2012 03:49:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/20/2012 05:52:24 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (04/16/2012 03:52:13 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (04/16/2012 03:48:19 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (04/16/2012 03:48:14 PM) (Source: NetBT) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "9439E5589FE9" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (04/16/2012 03:48:14 PM) (Source: NetBT) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "9439E5589FE9" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (04/16/2012 03:47:29 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/15/2012 02:00:02 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (04/15/2012 01:56:47 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (04/15/2012 01:55:57 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/15/2012 01:54:40 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.


Microsoft Office Sessions:
=========================

========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 16366.45 MB
Available physical RAM: 11612.5 MB
Total Pagefile: 32731.08 MB
Available Pagefile: 28064.15 MB
Total Virtual: 4095.88 MB
Available Virtual: 3957.88 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:1846.73 GB) (Free:1753.64 GB) NTFS

========================= Users: ========================================

User accounts for \\CNA0187798A

a0187798 Administrator Guest


**** End of log ****

#9 Sneakycyber

Sneakycyber

    IT Support Specialist


  • BC Advisor
  • 5,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:03:44 AM

Posted 22 April 2012 - 08:38 PM

From the troublesome computer Please Follow this Guide from Microsoft. 1/4 of the way down the page click Fix It button

Note
If you are not on the computer that has the problem [or the computer does not have access to the internet], you can save the automatic fix to a flash drive or to a CD, and then you can run it on the computer that has the problem.

This will Reset ALL of the TCP/IP settings that were changed by the infection. In the event you are unable to run the Fix It program from Microsoft Follow these instructions to manually reset the TCP/IP protocol


Use a manual method to reset TCP/IP
Follow these steps to use the reset command to reset TCP/IP manually:
  • To open a command prompt, click Start and then click Run. Type cmd and press enter
  • At the command prompt, copy and paste (or type) the following command and then press ENTER: netsh int ip reset c:\resetlog.txt
  • Reboot the computer.
When you run the reset command, it rewrites two registry keys that are used by TCP/IP. This has the same result as removing and reinstalling the protocol. The reset command rewrites the following two registry keys:SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ SYSTEM\CurrentControlSet\Services\DHCP\Parameters\ To run the manual command successfully, you must specify a file name for the log, in which the actions that netsh takes will be recorded. When you run the manual command, TCP/IP is reset and the actions that were taken are recorded in the log file, known as resetlog.txt in this article.

Credit:
Microsoft

Edited by Sneakycyber, 22 April 2012 - 08:39 PM.

a%2B_ce_forum.jpg

Chad Mockensturm

Systems Admininistrator  Windows Server 2008R2, Windows Server 2012 
Cisco Certified Home and Small Business Networking Support


#10 Paul2.0

Paul2.0
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 22 April 2012 - 11:12 PM

I manually reset the TCP/IP with:
netsh int ip reset c:\resetlog.txt
run as Administrator.

It seemed to run and requested that I reboot.

I rebooted and still was unable to ping, print, or browse the computer from one of my other machines.

One strange thing was that when I look in c: for resetlog.txt there is nothing there. I searched the c drive for the file and found nothing. I tried running the command twice and the second time the same thing happened. There was no log file. Maybe this is normal, but I thought I'd mention it.

Any other thoughts?

Regards,
Paul

#11 Sneakycyber

Sneakycyber

    IT Support Specialist


  • BC Advisor
  • 5,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:03:44 AM

Posted 26 April 2012 - 09:43 PM

It's not normal. To run the manual command successfully, you must specify a file name for the log, in which the actions that netsh takes will be recorded. When you run the manual command, TCP/IP is reset and the actions that were taken are recorded in the log file, known as resetlog.txt in this article.

The first example, c:\resetlog.txt, creates a path where the log will reside. The second example, resetlog.txt, creates the log file in the current directory. In either case, if the specified log file already exists, the new log

Edited by Sneakycyber, 26 April 2012 - 09:46 PM.

a%2B_ce_forum.jpg

Chad Mockensturm

Systems Admininistrator  Windows Server 2008R2, Windows Server 2012 
Cisco Certified Home and Small Business Networking Support


#12 Paul2.0

Paul2.0
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 10 May 2012 - 08:38 PM

Hi,

The problem is resolved. During the process of removing the System Check virus and the subsequent clean-up, I was asked to disable my Anti-Virus/Firewall (Bitdefender) a couple of times. It turns out that when I re-enabled Bitdefender again, it did not bring the Bitdefender settings back to there original state. Specifically, on the "Network details" menu, the "Network type" got changed from "Home/Office" to "Public" and the "Stealth Mode" setting got changed from "Remote" to "On". Having "Stealth Mode" set to "On" was hiding the computer from the rest of my network. When I changed "Network type" back to "Home/Office" and "Stealth Mode" back to "Remote" it fixed my networking problems and other machines could ping the computer and share its files and printer.

Thanks to those who tried to help!

Paul

#13 Sneakycyber

Sneakycyber

    IT Support Specialist


  • BC Advisor
  • 5,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:03:44 AM

Posted 15 May 2012 - 02:02 PM

Sorry for the late response. Thanks for posting the solution, Glad its back working again :thumbup2:

a%2B_ce_forum.jpg

Chad Mockensturm

Systems Admininistrator  Windows Server 2008R2, Windows Server 2012 
Cisco Certified Home and Small Business Networking Support





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users