Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible Malware attack on XP sp3 pc

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Possible Malware attack on XP sp3 pc

Unread postby Garry Selman » August 21st, 2011, 3:40 pm

Hi again :)

From what I can make out, the link to instructions for the Recovery Console, end up with the user making a bootable CD that will boot into Recovery Console upon a re-start, and does not actually install Recovery Console on the system drive. This bootable CD I have made, but have not used it yet as I don't know what to do yet in Recovery Console once I get there.

MS Security Essentials installed, but still was not able to turn on the Windows firewall "for some unknown error".
It tried to update but failed, so I tried bypassed this and let it continue scanning, but it said the program requires up to date definitions and I would need to install the latest before scanning the computer. All options to continue with scanning were greyed out.

Garry.
Garry Selman
Active Member
 
Posts: 13
Joined: October 24th, 2007, 6:07 pm
Advertisement
Register to Remove

Re: Possible Malware attack on XP sp3 pc

Unread postby askey127 » August 21st, 2011, 5:34 pm

Garry,
Good you have a boot CD for Recovery Console.
If you need it, your helper can instruct how to use it.
-----------------------------------------------
Please download MiniToolBox and run it.
You will probably need to download it to a flash on another machine.
It will probably run from the flash.
Check ONLY the following in the list:
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List IP configuration
  • List last 10 Event Viewer Errors
Click GO and post the result (Result.txt).

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Possible Malware attack on XP sp3 pc

Unread postby Garry Selman » August 21st, 2011, 5:41 pm

Ok, thanks :)
I've been downloading everything so far onto a flash stick from my laptop, then swapping results and logs back and forth.

Garry.




MiniToolBox by Farbar
Ran by Garry (administrator) on 21-08-2011 at 22:39:23
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Bluetooth Network Connection"

set address name="Bluetooth Network Connection" source=dhcp
set dns name="Bluetooth Network Connection" source=dhcp register=PRIMARY
set wins name="Bluetooth Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : muma-amd

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Bluetooth Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #5

Physical Address. . . . . . . . . : 00-15-83-15-A3-10

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 15 83 15 a3 10 ...... Bluetooth Device (Personal Area Network) #5
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 10003 1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/21/2011 09:10:04 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (08/21/2011 08:39:03 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (08/21/2011 08:36:45 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80080005updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (08/21/2011 08:36:37 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (08/21/2011 08:33:02 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (08/21/2011 08:31:41 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe2.1.1116.00x800703ebmorrobootstraper__cinstallflow__internalrun - getenablefirewallactionmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL

Error: (08/21/2011 08:31:00 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (08/21/2011 05:06:26 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (08/20/2011 05:02:30 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (08/17/2011 02:50:35 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)


System errors:
=============
Error: (08/21/2011 09:35:04 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/21/2011 09:35:04 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/21/2011 09:35:04 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/21/2011 09:35:04 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/21/2011 09:35:04 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/21/2011 09:10:04 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/21/2011 09:10:04 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (08/21/2011 09:09:34 PM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%2147952450

Error: (08/21/2011 09:09:34 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (08/21/2011 09:09:04 PM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%2147952450


Microsoft Office Sessions:
=========================
Error: (08/21/2011 09:10:04 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80080005beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (08/21/2011 08:39:03 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80080005beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (08/21/2011 08:36:45 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80080005updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (08/21/2011 08:36:37 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80080005beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (08/21/2011 08:33:02 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80080005beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (08/21/2011 08:31:41 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientsetup.exe2.1.1116.00x800703ebmorrobootstraper__cinstallflow__internalrun - getenablefirewallactionmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL

Error: (08/21/2011 08:31:00 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80070003moaccachereset3.0.8402.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (08/21/2011 05:06:26 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (08/20/2011 05:02:30 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (08/17/2011 02:50:35 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)


**** End of log ****
Garry Selman
Active Member
 
Posts: 13
Joined: October 24th, 2007, 6:07 pm

Re: Possible Malware attack on XP sp3 pc

Unread postby askey127 » August 21st, 2011, 5:56 pm

Garry Selman,
That is behaving like a bad LAN card, but it doesn't seem likely, unless the socket is defective.

I don't know of any other diagnostics to run from here, and I don't see any clear signs of malware.
The "System Cleaner(s)" could always botch the registry (it has happened).

Do you have any early System Restore points you would be willing to go back to?
That would tend to pinpoint a bad hardware issue if it still couldn't connect.
An infected system that connected properly to the Internet would be easier to fix.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Possible Malware attack on XP sp3 pc

Unread postby askey127 » August 25th, 2011, 6:52 am

Due to Lack of Response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 136 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware