BleepingComputer.com: Stop 0x0000007B Possible MBR Virus

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

Stop 0x0000007B Possible MBR Virus Hard Drive is Randomly Accessed after Stop Error

#16 User is offline   m0le 

  • I know the drill!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 29,103
  • Joined: 24-July 08
  • Gender:Male
  • Location:London, UK

Posted 03 July 2011 - 06:31 PM

I have plenty of ideas but what you describe may well be a hard drive telling you something.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size.
  • List Minidump Files.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
If I have helped you fix your PC then please donate. Thanks

Posted Image
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#17 User is offline   KMMillerJD 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 21
  • Joined: 25-March 10

Posted 04 July 2011 - 10:37 AM

OK, thanks. Here it is:


MiniToolBox by Farbar
Ran by KMMiller (administrator) on 04-07-2011 at 11:31:35
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************


================= Flush DNS: ==============================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


================= End of Flush DNS ========================================

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================

"Reset IE Proxy Settings": Proxy Settings were reset.

=============== Hosts content: ============================================

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

=============== End of Hosts ==============================================

================= IP Configuration: =======================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : KMMillerJD

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-25-64-44-D6-7B



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Dell Wireless 1510 Wireless-N WLAN Mini-Card

Physical Address. . . . . . . . . : 00-26-5E-1B-51-94

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.104

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 167.206.251.130

167.206.251.129

Lease Obtained. . . . . . . . . . : Monday, July 04, 2011 11:20:35 AM

Lease Expires . . . . . . . . . . : Tuesday, July 05, 2011 11:20:35 AM



Ethernet adapter Local Area Connection 2:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Bluetooth LAN Access Server Driver

Physical Address. . . . . . . . . : 00-25-56-D6-E3-D2

Server: vdns2.srv.whplny.cv.net
Address: 167.206.251.130

Name: google.com
Addresses: 74.125.226.113, 74.125.226.115, 74.125.226.116, 74.125.226.114
74.125.226.112



Pinging google.com [74.125.226.115] with 32 bytes of data:



Reply from 74.125.226.115: bytes=32 time=13ms TTL=55

Reply from 74.125.226.115: bytes=32 time=11ms TTL=55



Ping statistics for 74.125.226.115:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 11ms, Maximum = 13ms, Average = 12ms

Server: vdns2.srv.whplny.cv.net
Address: 167.206.251.130

Name: yahoo.com
Addresses: 67.195.160.76, 69.147.125.65, 72.30.2.43, 98.137.149.56
209.191.122.70



Pinging yahoo.com [69.147.125.65] with 32 bytes of data:



Reply from 69.147.125.65: bytes=32 time=20ms TTL=54

Reply from 69.147.125.65: bytes=32 time=20ms TTL=54



Ping statistics for 69.147.125.65:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 20ms, Maximum = 20ms, Average = 20ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 25 64 44 d6 7b ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
0x3 ...00 26 5e 1b 51 94 ...... Dell Wireless 1510 Wireless-N WLAN Mini-Card - Packet Scheduler Miniport
0x20005 ...00 25 56 d6 e3 d2 ...... Bluetooth LAN Access Server Driver - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.104 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.104 192.168.1.104 20
192.168.1.0 255.255.255.0 192.168.1.104 192.168.1.104 25
192.168.1.104 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.104 192.168.1.104 25
224.0.0.0 240.0.0.0 192.168.1.104 192.168.1.104 25
255.255.255.255 255.255.255.255 192.168.1.104 192.168.1.104 1
255.255.255.255 255.255.255.255 192.168.1.104 2 1
255.255.255.255 255.255.255.255 192.168.1.104 20005 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

================= End of IP Configuration =================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/30/2011 09:27:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 42434469

Error: (06/30/2011 09:27:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 42434469

Error: (06/30/2011 09:27:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/30/2011 09:27:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 42418844

Error: (06/30/2011 09:27:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 42418844

Error: (06/30/2011 09:27:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/29/2011 06:55:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6484

Error: (06/29/2011 06:55:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6484

Error: (06/29/2011 06:55:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/29/2011 06:55:27 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4375


System errors:
=============
Error: (07/03/2011 07:37:51 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.

Error: (07/03/2011 07:36:19 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AvgLdx86
AvgMfx86
AvgTdiX

Error: (07/03/2011 07:35:18 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (07/03/2011 07:35:18 PM) (Source: Service Control Manager) (User: )
Description: The AVG Free8 WatchDog service failed to start due to the following error:
%%3

Error: (07/03/2011 07:35:18 PM) (Source: Service Control Manager) (User: )
Description: The BrPar service depends on the Parallel arbitrator group and no member of this group started.

Error: (07/03/2011 02:09:11 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AvgLdx86
AvgMfx86
AvgTdiX

Error: (07/03/2011 02:08:39 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (07/03/2011 02:08:39 PM) (Source: Service Control Manager) (User: )
Description: The AVG Free8 WatchDog service failed to start due to the following error:
%%3

Error: (07/03/2011 02:08:39 PM) (Source: Service Control Manager) (User: )
Description: The BrPar service depends on the Parallel arbitrator group and no member of this group started.

Error: (07/01/2011 09:39:25 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AvgLdx86
AvgMfx86
AvgTdiX


Microsoft Office Sessions:
=========================
Error: (06/30/2011 09:27:20 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 42434469

Error: (06/30/2011 09:27:20 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 42434469

Error: (06/30/2011 09:27:20 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/30/2011 09:27:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 42418844

Error: (06/30/2011 09:27:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 42418844

Error: (06/30/2011 09:27:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/29/2011 06:55:29 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6484

Error: (06/29/2011 06:55:29 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6484

Error: (06/29/2011 06:55:29 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/29/2011 06:55:27 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4375


========================= End of Event log errors =========================

========================= Memory info: ====================================

Percentage of memory in use: 33%
Total physical RAM: 3539.09 MB
Available physical RAM: 2366.64 MB
Total Pagefile: 5418.25 MB
Available Pagefile: 4253.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1991.68 MB

======================= Partitions: =======================================

1 Drive c: (OS) (Fixed) (Total:148.97 GB) (Free:26.58 GB) NTFS

================= Users: ==================================================

User accounts for \\KMMILLERJD

-------------------------------------------------------------------------------
Administrator Guest HelpAssistant
KMMiller Nicky SUPPORT_388945a0
The command completed successfully.

================= End of Users ============================================

=========================== Minidump Files ====================

C:\WINDOWS\Minidump\Mini011811-01.dmp
C:\WINDOWS\Minidump\Mini013011-01.dmp
C:\WINDOWS\Minidump\Mini020211-01.dmp
C:\WINDOWS\Minidump\Mini020311-01.dmp
C:\WINDOWS\Minidump\Mini020611-01.dmp
C:\WINDOWS\Minidump\Mini032911-01.dmp
C:\WINDOWS\Minidump\Mini093010-01.dmp

=========================== End oF Minidump Files =============

#18 User is offline   m0le 

  • I know the drill!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 29,103
  • Joined: 24-July 08
  • Gender:Male
  • Location:London, UK

Posted 04 July 2011 - 06:43 PM

Please do the following

We need to run a system file check.

Go to the Run box on the Start Menu and type in:

sfc /scannow

Press Enter

More info on this process can be found here.

Please post back to let me know if that went okay.



Then

We are going to run chkdsk which will verify and repair the file system

Step One: Click Start, select Run

Step Two: In the box, type cmd

Step Three: Click Ok

Step Four: Run the chkdsk utility by typing in the following command:

chkdsk c: /f /r

NOTE: The /f command automatically fixes any errors encountered, the /r command locates bad sectors and recovers readable information.

Step Five: A reboot is normally required for the chkdsk program to lock the disk and run correctly (this is typical on machines that have only one volume), so simply restart the computer and chkdsk will run automatically. When it's finished, (This process can take quite a while depending on the size of your disk, etc.), it will boot back to normal Windows.

On Rebooting the PC you will see the disk being checked.

This process will take, on average, about an hour.
If I have helped you fix your PC then please donate. Thanks

Posted Image
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#19 User is offline   KMMillerJD 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 21
  • Joined: 25-March 10

Posted 05 July 2011 - 03:13 AM

sfc and chkdsk both ran successfully. The HDD light still blinks once about every second.

#20 User is offline   m0le 

  • I know the drill!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 29,103
  • Joined: 24-July 08
  • Gender:Male
  • Location:London, UK

Posted 05 July 2011 - 05:52 PM

Then we are moving from malware to hardware. It may be that your hard drive is the problem and I suggest you now post a topic in the XP forum

I will hold this topic open though the system is clean. If you need to contact me after that then PM me.
If I have helped you fix your PC then please donate. Thanks

Posted Image
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#21 User is offline   m0le 

  • I know the drill!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 29,103
  • Joined: 24-July 08
  • Gender:Male
  • Location:London, UK

Posted 10 July 2011 - 04:58 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
If I have helped you fix your PC then please donate. Thanks

Posted Image
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users