Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No internet connection after Trojan.Dropper?


  • Please log in to reply
13 replies to this topic

#1 ArtVandalay7

ArtVandalay7

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 02 April 2012 - 10:10 AM

Hello--having problems connecting to the internet after removal of the Trojan.Dropper virus? (see previous thread below). Can someone help me with this please? Thanks!

http://www.bleepingcomputer.com/forums/topic447602.html

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:45 PM

Posted 02 April 2012 - 10:48 AM

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#3 ArtVandalay7

ArtVandalay7
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 02 April 2012 - 01:56 PM

Hi, I had done this in the previous forum; I'm attaching the log result. thanks.

Farbar Service Scanner Version: 01-03-2012
Ran by cdavis65 (administrator) on 29-03-2012 at 10:48:36
Running from "C:\Documents and Settings\cdavis65\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
The start type of IpSec service is OK.
The ImagePath of IpSec service is OK.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-04 08:00] - [2008-04-14 00:49] - 0075264 ____A () 9701A1D6C7F67FD5EF59E32BD28F54D3

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll
[2004-08-04 08:00] - [2008-04-14 05:41] - 0246272 ____A (Microsoft Corporation) 19A799805B24990867B00C120D300C3A

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) mfetdi2k(9) mfetdik(9) NEOFLTR_700_17925(9) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000009000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:45 PM

Posted 02 April 2012 - 02:07 PM

Lets look for some files:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :filefind
    ipsec.sys
    es.dll
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#5 ArtVandalay7

ArtVandalay7
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 02 April 2012 - 02:18 PM

ok, here is systemlook output file:

SystemLook 30.07.11 by jpshortstuff
Log created at 15:16 on 02/04/2012 by cdavis65
(Limited User)

========== filefind ==========

Searching for "ipsec.sys"
C:\ipsec.sys --a---- 75264 bytes [22:49 01/04/2012] [04:49 14/04/2008] 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys --a--c- 74752 bytes [13:15 30/08/2010] [12:00 04/08/2004] 64537AA5C003A6AFEEE1DF819062D0D1
C:\WINDOWS\ServicePackFiles\i386\ipsec.sys --a---- 75264 bytes [13:16 30/08/2010] [04:49 14/04/2008] 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\system32\dllcache\ipsec.sys --a--c- 75264 bytes [12:00 04/08/2004] [04:49 14/04/2008] 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\system32\drivers\ipsec.sys --a---- 75264 bytes [12:00 04/08/2004] [04:49 14/04/2008] 23C74D75E36E7158768DD63D92789A91

Searching for "es.dll"
C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\es.dll --a---- 243200 bytes [18:11 20/01/2010] [04:20 26/07/2005] 95F5FEA4C6DE2C3F28784D0DCC8F0DD3
C:\WINDOWS\$NtServicePackUninstall$\es.dll --a--c- 243200 bytes [13:15 30/08/2010] [04:39 26/07/2005] 34BBD9ACC1538818F2C878898C64E793
C:\WINDOWS\$NtUninstallKB902400$\es.dll --a--c- 243200 bytes [18:11 20/01/2010] [12:00 04/08/2004] ACD36A2DD7D1E9D8A060AA651DC07E63
C:\WINDOWS\ServicePackFiles\i386\es.dll --a---- 246272 bytes [13:16 30/08/2010] [09:41 14/04/2008] 19A799805B24990867B00C120D300C3A
C:\WINDOWS\system32\es.dll --a---- 246272 bytes [12:00 04/08/2004] [09:41 14/04/2008] 19A799805B24990867B00C120D300C3A

-= EOF =-

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:45 PM

Posted 02 April 2012 - 02:24 PM

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List Winsock Entries
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Edited by cryptodan, 02 April 2012 - 02:24 PM.


#7 ArtVandalay7

ArtVandalay7
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 02 April 2012 - 02:40 PM

ok, here it is...

MiniToolBox by Farbar Version: 18-01-2012
Ran by cdavis65 (administrator) on 02-04-2012 at 15:37:35
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.autoconfig_url", "http://synapse.carolinas.org/_config/config7.ins"
"network.proxy.no_proxies_on", "localhost,127.0.0.1"
"network.proxy.type", 2

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Broadcom 43224AG 802.11a/b/g/draft-n Wi-Fi Adapter = Wireless Network Connection 2 (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : PC-643471

Primary Dns Suffix . . . . . . . : Carolinas.org

Node Type . . . . . . . . . . . . : Peer-Peer

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection 2:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom 43224AG 802.11a/b/g/draft-n Wi-Fi Adapter

Physical Address. . . . . . . . . : AC-81-12-3E-4B-73

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Autoconfiguration IP Address. . . : 169.254.105.227

Subnet Mask . . . . . . . . . . . : 255.255.0.0

Default Gateway . . . . . . . . . :



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller

Physical Address. . . . . . . . . : 64-31-50-80-D1-3F

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging ų˜ with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for :

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...ac 81 12 3e 4b 73 ...... Broadcom 43224AG 802.11a/b/g/draft-n Wi-Fi Adapter - Packet Scheduler Miniport
0x3 ...64 31 50 80 d1 3f ...... Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 169.254.105.227 169.254.105.227 25
169.254.105.227 255.255.255.255 127.0.0.1 127.0.0.1 25
169.254.255.255 255.255.255.255 169.254.105.227 169.254.105.227 25
224.0.0.0 240.0.0.0 169.254.105.227 169.254.105.227 25
255.255.255.255 255.255.255.255 169.254.105.227 3 1
255.255.255.255 255.255.255.255 169.254.105.227 169.254.105.227 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 02 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/02/2012 03:25:15 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (04/02/2012 03:15:15 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (04/02/2012 03:15:14 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (04/02/2012 03:15:14 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (04/02/2012 03:14:27 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10091)

Error: (04/02/2012 11:00:14 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (04/02/2012 03:00:14 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (04/01/2012 07:11:23 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (04/01/2012 07:01:19 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (04/01/2012 07:01:18 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.


System errors:
=============
Error: (04/02/2012 08:59:22 AM) (Source: Service Control Manager) (User: )
Description: The USB3 Service service terminated with the following error:
%%126

Error: (04/02/2012 08:59:12 AM) (Source: Service Control Manager) (User: )
Description: The USB3 Service service terminated with the following error:
%%126

Error: (04/02/2012 08:59:02 AM) (Source: Service Control Manager) (User: )
Description: The USB3 Service service terminated with the following error:
%%126

Error: (04/02/2012 08:58:52 AM) (Source: Service Control Manager) (User: )
Description: The USB3 Service service terminated with the following error:
%%126

Error: (04/02/2012 08:58:42 AM) (Source: Service Control Manager) (User: )
Description: The USB3 Service service terminated with the following error:
%%126

Error: (04/02/2012 08:58:32 AM) (Source: Service Control Manager) (User: )
Description: The USB3 Service service terminated with the following error:
%%126

Error: (04/02/2012 08:58:22 AM) (Source: Service Control Manager) (User: )
Description: The USB3 Service service terminated with the following error:
%%126

Error: (04/02/2012 08:58:12 AM) (Source: Service Control Manager) (User: )
Description: The USB3 Service service terminated with the following error:
%%126

Error: (04/02/2012 08:58:02 AM) (Source: Service Control Manager) (User: )
Description: The USB3 Service service terminated with the following error:
%%126

Error: (04/02/2012 08:57:52 AM) (Source: Service Control Manager) (User: )
Description: The USB3 Service service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (04/02/2012 03:25:15 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80080005beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (04/02/2012 03:15:15 PM) (Source: AutoEnrollment)(User: )
Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (04/02/2012 03:15:14 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: The specified domain either does not exist or could not be contacted.

Error: (04/02/2012 03:15:14 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: The specified domain either does not exist or could not be contacted.

Error: (04/02/2012 03:14:27 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10091)

Error: (04/02/2012 11:00:14 AM) (Source: AutoEnrollment)(User: )
Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (04/02/2012 03:00:14 AM) (Source: AutoEnrollment)(User: )
Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (04/01/2012 07:11:23 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80080005beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (04/01/2012 07:01:19 PM) (Source: AutoEnrollment)(User: )
Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (04/01/2012 07:01:18 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: The specified domain either does not exist or could not be contacted.


=========================== Installed Programs ============================

µTorrent (Version: 2.2.1)
2011 PREP SA on CD-ROM
7-Zip 9.22beta
Adobe Flash Player 10 ActiveX (Version: 10.1.85.3)
Adobe Flash Player 10 Plugin (Version: 10.3.183.7)
Adobe Reader 9.3.2 (Version: 9.3.2)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Agere Systems HDA Modem
AMD Driver Support for HP 3D DriverGuard (Version: 5.1.0000.0066)
AMD Processor Driver (Version: 1.3.2.0069)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.769.0)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.350.6)
Catalyst Control Center InstallProxy (Version: 2010.0427.1029.16946)
CCleaner (Version: 3.16)
Citrix XenApp Web Plugin (Version: 11.0.0.5357)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Dragon NaturallySpeaking 10 (Version: 10.50.650)
Ekahau Client
Embedded Security for HP ProtectTools Driver (Version: 5.5.100)
Exact Audio Copy 1.0beta3 (Version: 1.0beta3)
FlashFXP v4.0 (Version: 4.0.0.1548)
foobar2000 v1.1.7 (Version: 1.1.7)
HealthStation V3.0 Windows XP Pro SP3 9/2010
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HP 3D DriveGuard (Version: 1.10.7.1)
HP Integrated Module with Bluetooth wireless technology (Version: 5.5.0.6801)
HP Quick Launch Buttons (Version: 6.50.9.1)
HP Webcam Driver (Version: 5.8.50012.1)
IBM Tivoli Remote Control - Target (Version: 5.1.0.0136)
IDT Audio (Version: 1.0.6275.0)
ImgBurn (Version: 2.5.5.0)
iTunes (Version: 10.6.0.40)
Java™ 6 Update 25 (Version: 6.0.250)
Juniper Networks Secure Application Manager (Version: 7.0.0.17925)
Juniper Networks Setup Client (Version: 2.2.5.9755)
Lexmark 3400 Series
Lexmark Toolbar
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Marvell Miniport Driver (Version: 11.23.5.1)
McAfee Agent (Version: 4.0.0.1494)
McAfee AntiSpyware Enterprise Module (Version: 8.7.0.129)
McAfee VirusScan Enterprise (Version: 8.7.00051)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Baseline Security Analyzer 2.1 (Version: 2.1.0000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
Mp3tag v2.49b (Version: v2.49b)
QLBCASL (Version: 6.40.17.2)
QuickTime (Version: 7.71.80.42)
RICOH Media Driver (Version: 2.12.00.05)
Synaptics Pointing Device Driver (Version: 14.0.1.3)
Universal Document Converter (Demo) (Version: 5.2)
Update for Windows XP (KB951072) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking (Version: 10.20.200)
WebFldrs XP (Version: 9.50.7523)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
Xvid Video Codec (Version: 1.3.2)

========================= Memory info: ===================================

Percentage of memory in use: 20%
Total physical RAM: 2806.36 MB
Available physical RAM: 2231.43 MB
Total Pagefile: 5453.69 MB
Available Pagefile: 5013.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1976.78 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:149.05 GB) (Free:25.8 GB) NTFS
2 Drive d: (2011 PREP SA) (CDROM) (Total:0.29 GB) (Free:0 GB) CDFS
3 Drive e: () (Removable) (Total:0.97 GB) (Free:0.8 GB) FAT

========================= Users: ========================================

User accounts for \\PC-643471

Administrator Guest HelpAssistant
SUPPORT_388945a0 Template tmersrvd

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:45 PM

Posted 02 April 2012 - 02:49 PM

Is this machine part of a domain?

#9 ArtVandalay7

ArtVandalay7
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 02 April 2012 - 03:57 PM

it's a laptop issued through work currently used at home on a home network.

#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:45 PM

Posted 02 April 2012 - 09:15 PM

I would recommend talking to your work's IT Department to assist you.

#11 ArtVandalay7

ArtVandalay7
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 02 April 2012 - 11:45 PM

why?...I'm not using it at work and the internet connection seems to have been screwed up after MSE found and deleted the trojan.dropper virus. I would like to restore it if possible.

#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:45 PM

Posted 03 April 2012 - 01:43 AM

This is a work issued lap top being used outside the Domain your works IT Department should be involved with granting you access, because it is looking for the domain controller.

#13 ArtVandalay7

ArtVandalay7
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 03 April 2012 - 07:31 PM

But the internet worked fine for months outside of the domain...I feel like the virus probably screwed it up...

#14 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:45 PM

Posted 04 April 2012 - 05:10 AM

I still feel you should take this up with the IT Department.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users