Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DHCP, TCP/IP and Security Alert errors after virus infection


  • Please log in to reply
44 replies to this topic

#1 mutex7

mutex7

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 22 March 2012 - 11:49 AM

I have been told in the Bleeping Computer Security forum that I am now malware free.
http://www.bleepingcomputer.com/forums/topic446618.html

Here are the problems I am still having in Event Viewer:

1. Error: The IP address lease 192.168.1.2 for the Network Card with network address 000CF183A78B has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

2. The sporadic Warning: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

3. The occasional warning: MrxSmb: The redirector failed to determine the connection type.) I also had an informational item that used to pop up from time to time that might be involved..."The browser has forced an election on network \Device\NetBT_Tcpip_{11C9F84F-98AA-44FA-8925-FD94F886A831} because a master browser was stopped."

At one point, when I reset TCP/IP and Winsock or flushed the dns or when the network card driver was reinstalled the DHCP error would go away for one reboot but then came back on the next reboot. Now, the error doesn't show up in Event Viewer on reboots...only when I shut down everything and turn it back on. I have updated the network card driver but I haven't removed and reinstalled TCP/IP yet...which I guess might be something to try.

None of these problems keeps me from connecting to the Internet or other networked computers.

I also get sporadic Security Alert popups in Internet Explorer (sometimes several in succession) which say: "You are about to view pages over a secure connection" even when I'm NOT going to a secure (https) site. In fact I occasionally get these popups on the Bleeping Computer site.

4. When I right-click on my hard drives in My Computer it takes a good 10 seconds for the context menu to appear the first time I try it. If I do it again right away it pops up immediately like it always did previously. After I close the My Computer window and then go back in the slow context menu problem returns. Desktop icons also take longer to refresh than they used to and in fact any folder that has a lot of icons is slow to display them the first time. Even sub menus show up slowly sometimes.

Does anyone have any suggestions about how to proceed with any of these issues?

Thanks in advance for any ideas or suggestions.

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:32 PM

Posted 22 March 2012 - 11:59 AM

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#3 mutex7

mutex7
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 22 March 2012 - 12:08 PM

One other thing i forgot to mention is that when I download a file it downloads fine until the very end when it takes 3 or 4 seconds before it finishes and shows up on the Desktop.

Anyway, here is the Farbar log:

Farbar Service Scanner Version: 01-03-2012
Ran by David Gondek (administrator) on 22-03-2012 at 12:06:16
Running from "C:\Documents and Settings\David Gondek\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) RFCOMM(12) Tcpip(4)
0x0C0000000500000001000000020000000300000004000000060000000700000008000000090000000A0000000B0000000C000000
IpSec Tag value is correct.

**** End of log ****

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:32 PM

Posted 22 March 2012 - 02:08 PM

Everything is good, so lets move on to the next phase of assistance:

Please follow the below:

netsh winsock reset catalog

This command resets the Winsock catalog to the default configuration. This can be useful if a malformed LSP is installed that results in loss of network connectivity. While use of this command can restore network connectivity, it should be used with care because any previously-installed LSPs will need to be re-installed.

To perform the command you bring up an elevated command prompt by going to Start > Programs > Accessories > and right click on Command Prompt and select run as administrator.

The command is: "netsh winsock reset catalog"

#5 mutex7

mutex7
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 22 March 2012 - 03:27 PM

As I said in my earlier posts, I reset Winsock and TCP/IP and updated my network card driver (as well as ran FSS for that matter) before I came to the Bleeping Computer site. On your instructions, I reset the Winsock again though with no improvement. The DHCP error in Event Viewer only comes back now when I shutdown my computer, modem and router and restart them (which I do every night). If I just reboot the computer (or even if I shut it down but don't turn off the modem and router) the error doesn't show up. The other problems I indicated are always there though, no matter what I do. Any ideas about how to proceed?

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:32 PM

Posted 22 March 2012 - 03:36 PM

Dont reset your modem or router keep them on at all times.


You could be missing vital updates from your ISP for your modem.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

#7 mutex7

mutex7
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 22 March 2012 - 03:38 PM

One more thing...I bought a new router to see if that could be causing the DHCP problem but it didn't make a difference.

#8 mutex7

mutex7
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 22 March 2012 - 03:45 PM

Both my modem and router have the latest firmware. I have to shut off the router and modem every night so that isn't an option. They have been working fine for years (without Event Viewer errors) even though I have been shutting them down every night all along.

Here is the Mini Toolbox result file:

MiniToolBox by Farbar Version: 18-01-2012
Ran by David Gondek (administrator) on 22-03-2012 at 15:41:42
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Bluetooth PAN Network Adapter = Local Area Connection 2 (Disconnected)
Intel® PRO/100 VE Network Connection = Local Area Connection 4 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 4"

set address name="Local Area Connection 4" source=dhcp
set dns name="Local Area Connection 4" source=dhcp register=PRIMARY
set wins name="Local Area Connection 4" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : softmart

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 4:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-0C-F1-83-A7-8B

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Thursday, March 22, 2012 2:33:54 PM

Lease Expires . . . . . . . . . . : Friday, March 23, 2012 2:33:54 PM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.225.9, 74.125.225.14, 74.125.225.0, 74.125.225.1
74.125.225.2, 74.125.225.3, 74.125.225.4, 74.125.225.5, 74.125.225.6
74.125.225.7, 74.125.225.8



Pinging google.com [74.125.225.14] with 32 bytes of data:



Reply from 74.125.225.14: bytes=32 time=45ms TTL=53

Reply from 74.125.225.14: bytes=32 time=43ms TTL=53



Ping statistics for 74.125.225.14:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 43ms, Maximum = 45ms, Average = 44ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=61ms TTL=51

Reply from 209.191.122.70: bytes=32 time=61ms TTL=50



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 61ms, Maximum = 61ms, Average = 61ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 0c f1 83 a7 8b ...... Intel® PRO/100 VE Network Connection
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 20
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 20
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 20
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/20/2012 11:32:50 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/17/2012 05:32:00 PM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 1.60.0.61, faulting module version.dll, version 5.1.2600.5512, fault address 0x00001d22.
Processing media-specific event for [mbam.exe!ws!]

Error: (03/07/2012 01:08:36 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/06/2012 07:29:20 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/02/2012 05:36:32 PM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 1.60.0.61, faulting module version.dll, version 5.1.2600.5512, fault address 0x00001ddc.
Processing media-specific event for [mbam.exe!ws!]

Error: (02/29/2012 00:00:10 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module speckie32.dll, version 1.8.0.0, fault address 0x0000fa0f.
Processing media-specific event for [iexplore.exe!ws!]

Error: (02/24/2012 06:43:33 PM) (Source: Application Hang) (User: )
Description: Hanging application wpwin10.exe, version 10.0.0.663, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/23/2012 03:34:15 PM) (Source: Application Hang) (User: )
Description: Hanging application wpwin10.exe, version 10.0.0.663, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/19/2012 02:16:27 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/18/2012 01:29:11 PM) (Source: Application Hang) (User: )
Description: Hanging application amcap.exe, version 9.1.2.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (03/22/2012 02:33:52 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 000CF183A78B has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/22/2012 09:54:54 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 000CF183A78B has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/21/2012 10:33:07 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 000CF183A78B has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/21/2012 09:24:53 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 000CF183A78B has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/20/2012 03:24:13 PM) (Source: Service Control Manager) (User: )
Description: The SLPMONX service has reported an invalid current state 0.

Error: (03/20/2012 01:36:10 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort2

Error: (03/20/2012 01:34:32 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort2

Error: (03/20/2012 11:57:24 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 000CF183A78B has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/20/2012 11:32:50 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.121.1834.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (03/20/2012 11:27:33 AM) (Source: PlugPlayManager) (User: )
Description: The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system without first being prepared for removal.


Microsoft Office Sessions:
=========================
Error: (03/20/2012 11:32:50 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (03/17/2012 05:32:00 PM) (Source: Application Error)(User: )
Description: mbam.exe1.60.0.61version.dll5.1.2600.551200001d22

Error: (03/07/2012 01:08:36 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/06/2012 07:29:20 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/02/2012 05:36:32 PM) (Source: Application Error)(User: )
Description: mbam.exe1.60.0.61version.dll5.1.2600.551200001ddc

Error: (02/29/2012 00:00:10 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702speckie32.dll1.8.0.00000fa0f

Error: (02/24/2012 06:43:33 PM) (Source: Application Hang)(User: )
Description: wpwin10.exe10.0.0.663hungapp0.0.0.000000000

Error: (02/23/2012 03:34:15 PM) (Source: Application Hang)(User: )
Description: wpwin10.exe10.0.0.663hungapp0.0.0.000000000

Error: (02/19/2012 02:16:27 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (02/18/2012 01:29:11 PM) (Source: Application Hang)(User: )
Description: amcap.exe9.1.2.0hungapp0.0.0.000000000


=========================== Installed Programs ============================

2Conv.com - Media Converter 1.35 (Version: 1.35)
3D Windows XP Screen Saver
ABBYY FineReader OCR Engine for Microtek
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Active Disk
Adobe AIR (Version: 3.1.0.4880)
Adobe Digital Editions
Adobe Flash Player 11 ActiveX (Version: 11.1.102.62)
Adobe Photoshop Elements (Version: 1.0)
Adobe SVG Viewer (Version: 1.0)
Amazon Kindle For PC
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ArcSoft PhotoImpression
ArcSoft VideoImpression 1.6
Audacity 1.2.6
AudibleManager (Version: 2089882838.2089882900.2090328352.2089882858)
BCM V.92 56K Modem
BlueSoleil
Bonjour (Version: 3.0.0.10)
Calculator Powertoy for Windows XP (Version: 1.00.0001)
CCleaner (Version: 3.16)
CIF USB Camera (2110A)
CmdHere Powertoy For Windows XP (Version: 1.00.0001)
Compatibility Pack for the 2007 Office system (Version: 12.0.6021.5000)
Cutting Shop V3 (Version: 3.0)
Dell ResourceCD
eReg (Version: 1.20.138.34)
ERUNT 1.1j
ESET Online Scanner v3
FileZilla Client 3.5.3 (Version: 3.5.3)
FileZilla Server (Version: beta 0.9.39)
FlipShare (Version: 5.12.3.0)
FLV Player 1.3.2
Fritz10 (Version: 10)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
HiJackThis (Version: 1.0.0)
Image Resizer for Windows (Version: 3.0.4319.33193)
Image Resizer Powertoy for Windows XP (Version: 1.00.0001)
ImgBurn (Version: 2.5.0.0)
Intel® Network Connections 16.8.46.0 (Version: 16.8.46.0)
Intel® PRO Network Connections Drivers
IomegaWare 4.0.2
iTunes (Version: 10.5.3.3)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
K-Lite Codec Pack 4.9.5 (Standard) (Version: 4.9.5)
Karen's Calculator (Version: 1.1.0.3)
LAME v3.98.2 for Audacity
Lernout & Hauspie TruVoice American English TTS Engine
Logitech SetPoint 6.32 (Version: 6.32.20)
Macromedia FreeHand 9 (Version: 9)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework SDK (English)
Microsoft .NET Framework SDK (English) (Version: 1.0.3705)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Calculator Plus (Version: 1.0.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft FrontPage 2002 (Version: 10.0.2627.01)
Microsoft Image Composer 1.5
Microsoft IntelliPoint 5.3 (Version: 5.30.606.0)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Mathematics (Version: 4.0)
Microsoft Network Monitor 3.4 (Version: 3.4.2350.0)
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (Version: 3.4.2350.0)
Microsoft Office Basic Edition 2003 (Version: 11.0.5614.0)
Microsoft Office PowerPoint Viewer 2003 (Version: 11.0.5614.0)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB925673) (Version: 6.00.3888.0)
NeoDownloader Lite 2.8.1
NOOK for PC (Version: 2.5.1.237)
NOOKstudy (Version: 1.1.0.3132)
NVIDIA Windows 2000/XP Display Drivers
OBEX Commander 2.0.2.0408
OKI Color Swatch Utility (Version: 2.15.0000)
Paint Shop Pro 7 (Version: 7.0.2.0000)
Paint.NET v3.5.10 (Version: 3.60.0)
Pandora (Version: 2.0.5)
PartyPokerNet (Version: 131)
PowerDVD (Version: 7.0)
Read in Microsoft Reader Add-in for Microsoft Word (Version: 1.1.3.1206)
Roxio DLA (Version: 5.2.0)
Roxio RecordNow Audio (Version: 2.0.4)
Roxio RecordNow Copy (Version: 2.0.4)
Roxio RecordNow Data (Version: 2.0.4)
ScanWizard 5
SCRABBLE (Version: 1.0.1.3)
Skype™ 4.2 (Version: 4.2.169)
Smart Label Printer
Sonic Update Manager (Version: 3.0.0)
Sound Blaster Live!
SoundMAX (Version: 5.12.01.3650)
Speckie (32 bit) (Version: 1.8.0)
Spybot - Search & Destroy (Version: 1.6.2)
Unlocker 1.8.5 (Version: 1.8.5)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
USB RF Video Device (Version: 5.8.50109.100)
USB Tablet Manager
Web Database Development Step by Step .NET Edition (Version: 1.0.0)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
WordPerfect Office 2002 OEM (Version: 10)
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 1023 MB
Available physical RAM: 665.99 MB
Total Pagefile: 2463.72 MB
Available Pagefile: 2247.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.98 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:148.54 GB) (Free:115.15 GB) NTFS
5 Drive f: () (Fixed) (Total:63.83 GB) (Free:30.34 GB) NTFS
6 Drive g: (DISE_BACKUP) (Fixed) (Total:4 GB) (Free:3.21 GB) FAT32
7 Drive h: () (Fixed) (Total:43.95 GB) (Free:40.32 GB) NTFS
8 Drive i: () (Network) (Total:148.54 GB) (Free:115.15 GB) NTFS

========================= Users: ========================================

User accounts for \\SOFTMART

Administrator ASPNET David Gondek
Guest HelpAssistant IUSR_SOFTMART
IWAM_SOFTMART SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#9 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:32 PM

Posted 22 March 2012 - 03:55 PM

I see you have ccleaner installed, do you just use it to clean temp files?

#10 mutex7

mutex7
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 22 March 2012 - 04:01 PM

I HATE Crap Cleaner. The previous volunteer (Gringo) on the Bleeping Computer Security forum had me run it with settings he gave me. I had all of these problems before running it though. I intend to uninstall it as soon as I resolve this issue.

#11 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:32 PM

Posted 25 March 2012 - 12:40 AM

I still think your issues pertain to the fact you shutdown all your networking equipment, if you have an always on connection then you should leave it constantly plugged in and connected.

I see no reasoning to shut off your entire network. Can you shed some light on why you do this, and provide information on where you got that advice?

I leave my network connection up all the time at home, and only reboot my router every 4 to 6 months to clear it out.

#12 mutex7

mutex7
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 25 March 2012 - 10:21 AM

The problem with that theory is that none of the other computers connected to this router is experiencing any of these issues. In addition, this computer didn't have any of these problems prior to the virus infection. Finally, all of the issues I noted in my initial post (except the DHCP error message) don't go away no matter how long I go without shutting anything down.

#13 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:32 PM

Posted 26 March 2012 - 01:51 AM

Please perform the following, so that we can get the exact specs of your computer. This will better assist us in helping you more.

Publish a Snapshot using Speccy

The below is for those who cannot get online

Please take caution when attaching a text file to your post if you cannot copy/paste the link to your post, you will need to edit it to make sure that your Windows Key is not present.

#14 mutex7

mutex7
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 26 March 2012 - 12:30 PM

Hi Madman. I've attached the Speccy results file. I don't know if I've mentioned this before but when I download a file like Speccy it downloads fine until it is 99% done. Then it takes 5 or 6 seconds before the file is actually saved to my Desktop. It is like there is some kind of delayed reaction. Other than this delayed reaction with the hard drive context menu, Desktop icons on boot up (and when they are refreshed after closing a window) and sometimes with sub menus in the Start menu everything on my computer is working well and feels very responsive. The main reason I am worried about all of this is that there might be some remnant of the virus I had that would allow for a reinfection at some point. I don't know enough about Windows networking components to say but it's almost like there is some sort of hook in my network card driver or perhaps the netbios or tcp/ip software. I guess one of the reasons I think this is because after I installed the Microsoft Netmon software (to try and track network activity) the hard drive context menu delay went away until I rebooted. I think this was the case when I updated the network card driver too. Anyway, let me know if you have any ideas. I might end up reformatting and doing a clean install at some point but for now it is still an interesting (albeit frustrating) puzzle.

Attached Files


Edited by mutex7, 26 March 2012 - 12:33 PM.


#15 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:32 PM

Posted 26 March 2012 - 01:36 PM

Would this machine be part of a domain, and acting as a web / email server? If it is not part of a domain and not being used for a server, then I would remove IIS and SMTPD. You do not need those services running.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users