Jump to content

planthead

Honorary Members
  • Posts

    36
  • Joined

  • Last visited

Everything posted by planthead

  1. I should be good from this point, so you can go ahead and close the topic. Thanks again for all your help!
  2. Hey Elise, thanks for all of your help. I guess that rather than to proceed any farther with this, as long as you think the computer is free of the virus I'll back up the important data and wipe the drive. I've been thinking about upgrading from XP to Windows 7 anyway, and now is starting to seem like the right time. You helped a lot though with getting some control of the machine back and allowing the data to be saved without worry of contaminating other machines so thanks so much. If you think that this is not a good idea for any reason, please let me know. Thanks again!
  3. Windows IP Configuration Host Name . . . . . . . . . . . . : Sybil Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Peer-Peer IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller Physical Address. . . . . . . . . : 00-15-C5-C3-1E-62 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 0.0.0.0 Subnet Mask . . . . . . . . . . . : 0.0.0.0 Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 255.255.255.255 Ethernet adapter Wireless Network Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection Physical Address. . . . . . . . . : 00-18-DE-98-58-52 Ethernet adapter Bluetooth Network Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) Physical Address. . . . . . . . . : 00-16-41-B0-D8-5D Ethernet adapter Wireless Network Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection Physical Address. . . . . . . . . : 00-18-DE-98-58-52 Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller Physical Address. . . . . . . . . : 00-15-C5-C3-1E-62 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 0.0.0.0 Subnet Mask . . . . . . . . . . . : 0.0.0.0 Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 255.255.255.255 Ethernet adapter PdaNet Broadband Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : PdaNet Broadband Adapter Physical Address. . . . . . . . . : 00-26-37-BD-39-42 Server: UnKnown Address: 127.0.0.1 Server: UnKnown Address: 127.0.0.1 Ping request could not find host google.com. Please check the name and try again. Ping request could not find host yahoo.com. Please check the name and try again. =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 15 c5 c3 1e 62 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport 0x3 ...00 18 de 98 58 52 ...... Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport 0x10006 ...00 16 41 b0 d8 5d ...... Bluetooth Device (Personal Area Network) 0x10007 ...00 18 de 98 58 52 ...... Intel® PRO/Wireless 3945ABG Network Connection 0x10008 ...00 15 c5 c3 1e 62 ...... Broadcom NetXtreme 57xx Gigabit Controller 0x30004 ...00 26 37 bd 39 42 ...... PdaNet Broadband Adapter =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 255.255.255.255 255.255.255.255 255.255.255.255 30004 1 255.255.255.255 255.255.255.255 255.255.255.255 3 1 255.255.255.255 255.255.255.255 255.255.255.255 10007 1 255.255.255.255 255.255.255.255 255.255.255.255 2 1 255.255.255.255 255.255.255.255 255.255.255.255 10008 1 255.255.255.255 255.255.255.255 255.255.255.255 10006 1 =========================================================================== Persistent Routes: None
  4. OTL logfile created on: 10/12/2010 2:10:02 PM - Run 3 OTL by OldTimer - Version 3.2.14.1 Folder = F:\virus logs Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,022.00 Mb Total Physical Memory | 445.00 Mb Available Physical Memory | 44.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free Paging file location(s): c:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.46 Gb Total Space | 54.74 Gb Free Space | 73.51% Space Free | Partition Type: NTFS Drive D: | 85.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded Drive F: | 1.96 Gb Total Space | 0.31 Gb Free Space | 15.95% Space Free | Partition Type: FAT G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SYBIL Current User Name: Sybil Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Driver Services (All) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PalmUSBD.sys -- (PalmUSBD) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\drivers\klmdb.sys -- (klmdb) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Sybil\LOCALS~1\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk) DRV - [2010/10/11 10:36:16 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2010/10/08 01:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101008.004\navex15.sys -- (NAVEX15) DRV - [2010/10/08 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2010/10/08 01:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101008.004\naveng.sys -- (NAVENG) DRV - [2010/09/02 17:49:06 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth) DRV - [2010/02/26 22:23:54 | 000,116,784 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0401000.020\Ironx86.SYS -- (SymIRON) DRV - [2010/02/26 22:23:21 | 000,325,680 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0401000.020\SRTSP.SYS -- (SRTSP) DRV - [2010/02/26 22:23:21 | 000,043,696 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0401000.020\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2010/02/25 19:22:57 | 000,501,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0401000.020\ccHPx86.sys -- (ccHP) DRV - [2010/02/10 21:55:33 | 000,536,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100211.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2010/02/03 21:40:52 | 000,362,032 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0401000.020\SYMTDI.SYS -- (SYMTDI) DRV - [2010/02/03 21:40:50 | 000,172,592 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0401000.020\SYMEFA.SYS -- (SymEFA) DRV - [2010/02/03 21:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0401000.020\SYMDS.SYS -- (SymDS) DRV - [2010/02/03 21:40:07 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20091105.001\IDSxpx86.sys -- (IDSxpx86) DRV - [2009/05/18 17:17:00 | 000,026,600 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2008/05/20 18:33:50 | 000,022,784 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb) DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008/03/27 16:27:46 | 000,503,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000) DRV - [2007/06/25 18:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2006/12/04 03:29:44 | 000,021,275 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x) DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB) DRV - [2006/09/28 19:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\WudfPf.sys -- (WudfPf) DRV - [2006/06/13 13:22:58 | 000,111,232 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd) DRV - [2006/06/09 23:40:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2006/05/29 15:11:20 | 000,060,672 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid) DRV - [2006/04/12 20:04:39 | 000,049,664 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412) DRV - [2006/04/12 20:04:39 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12) DRV - [2006/04/12 20:04:39 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12) DRV - [2006/03/24 18:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2006/01/19 10:14:00 | 003,595,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2006/01/10 13:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2005/12/28 15:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2005/12/09 17:35:00 | 000,018,816 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pbadrv.sys -- (PBADRV) DRV - [2005/12/05 01:55:30 | 001,428,096 | ---- | M] (Intel
  5. Tried connecting via PDAnet again, same outcome...
  6. Hey Elise, no worries. I have done as you asked. What were your thoughts about deleting the files Norton found?
  7. Manually stooped just now, by hitting the X. It said the program had stopped responding.
  8. It's taking a really long time...it says processing registry data and the hour glass is showing, but its been at least 10 minutes
  9. Do you think it's O.K. to manually delete those two system volume information\_restore .sys files so that Norton stops picking them up as threats?
  10. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\\"ImagePath"|"\\SystemRoot\\System32\\drivers\\afd.sys" /E : value set successfully! OTL by OldTimer - Version 3.2.14.1 log created on 10112010_161803 The only connection of the internet I can check right now is the PDAnet connection. The same thing is still happening, I select connect to internet and nothing happens. It does not say it can't connect or give an error, I just does nothing. Where I'm at now there is no other wired or wireless connection to try. The PDAnet is working just fine on the other computer...
  11. OTL logfile created on: 10/11/2010 3:46:17 PM - Run 2 OTL by OldTimer - Version 3.2.14.1 Folder = F:\virus logs Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,022.00 Mb Total Physical Memory | 488.00 Mb Available Physical Memory | 48.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free Paging file location(s): c:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.46 Gb Total Space | 54.82 Gb Free Space | 73.63% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 1.96 Gb Total Space | 0.31 Gb Free Space | 15.99% Space Free | Partition Type: FAT G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SYBIL Current User Name: Sybil Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Custom Scans ========== < MD5 for: AFD.SYS > [2008/08/14 06:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys [2004/08/04 07:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\i386\afd.sys [2004/08/04 07:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys [2004/08/04 06:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\system32\dllcache\afd.sys [2004/08/04 06:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\system32\drivers\afd.sys [2008/06/20 07:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys [2008/06/20 06:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys [2008/06/20 07:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys < hklm\system\currentcontrolset\services\afd > "DisplayName" = AFD "Description" = AFD Networking Support Environment "Group" = TDI "ImagePath" = system32\drivers\tsk72D.tmp -- File not found "Start" = 1 "Type" = 1 "ErrorControl" = 1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd\Parameters] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd\Security] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd\Enum] < End of report >
  12. Sorry, I see that now. Retyping the command properly returned the same warning minus the command not found line
  13. Returned the following error: WARNING: Could not obtain host information from machine: [sYBIL]. Some commands may not be available. Class not registered. The following command was not found: int reset resetlog.txt
  14. The attempt at starting the DCHP returned a system error 1068 The dependency service or group failed to start.
  15. I will try that, but first, the most recent Norton scan following a complete removal with the Norton tool (performed 2x as per directions from the Norton people), and reinstall/update found the virus again in two C:system volume information\_restore...sys files. Any thoughts?
  16. Also, the virus seemed to have changed permissions as I took a look at startup programs (in msconfig) and noticed that there were a couple HP Printer related items, I attempted to uncheck them and it was stating that I needed to be logged on as admin (did not used to be this way).
  17. Yes, when opening msconfig the services tab does have the services (the hide box was not checked), the DHCP Client box was checked, and the status is listed as stopped.
  18. I do see what you mean by looking at my other computer, so that's seems strange...
  19. No, when highlighting it, clicking on it, etc. there is nothing. Also I have removed the files that MBAM found , uninstalled Norton with the removal tool, reinstalled Norton and updated with the intelligent updater, and am now running a full scan.
  20. Hi Elise, sorry for taking so long to respond. When opening the services window, the only thing that shows up is Services (Local) in the left hand column, and nothing in the right. There doesn't appear to be anything to expand or turn on or off.
  21. With the wireless it just keeps says something like trying to establish an IP address, with the wired (through the phone via PDAnet) when telling it to connect it doesn't do anything at all, and doesn't give an error message.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.