Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware and AV Won't Complete Freeze Computer


  • Please log in to reply
16 replies to this topic

#1 TheMaxT

TheMaxT

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 27 January 2012 - 09:34 PM

Hi everybody, I'm new to the forum bit, so bear with me I will catch on fast.

I'm running Windows 7 64bit on my Dell 1720 laptop. I have been having an issue(several months now), with McAfee, and Malwarebytes never completing a full scan, and freezing the computer. Recently I have not been able to complete a sfc /scannow either. I thought I might be a hardware issue, but some recent diagnostics say its not. I was able to isolate, and remove a Trojan.Dropper... but this has not resolved the issue.

Any help you could suggest, would be greatly appreciated

TheMaxT

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:06 PM

Posted 27 January 2012 - 09:46 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 TheMaxT

TheMaxT
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 28 January 2012 - 07:34 AM

Ran this, this morning

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
McAfee Internet Security
McAfee Online Backup
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 30
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
McAfee Online Backup MOBKbackup.exe
``````````End of Log````````````

Farbar Service Scanner Version: 18-01-2012 01
Ran by SDBrennan (administrator) on 28-01-2012 at 08:07:08
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

MiniToolBox by Farbar Version: 18-01-2012
Ran by SDBrennan (administrator) on 28-01-2012 at 08:12:01
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================





















127.0.0.1 localhost

========================= IP Configuration: ================================

Dell Wireless 1390 WLAN Mini-Card = Wireless Network Connection (Connected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : SDBrennan-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1390 WLAN Mini-Card
Physical Address. . . . . . . . . : 00-1D-D9-6B-B6-5D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::79b9:aee8:4a08:e2c8%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, January 28, 2012 7:04:12 AM
Lease Expires . . . . . . . . . . : Saturday, January 28, 2012 10:04:11 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 218111449
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-E3-26-5A-00-1C-23-A2-95-64
DNS Servers . . . . . . . . . . . : 24.226.1.93
24.226.10.193
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-1C-23-A2-95-64
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{3F2CE08D-AADF-4D11-982C-CE8DBEB345F0}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:877:657b:bc3e:b030(Preferred)
Link-local IPv6 Address . . . . . : fe80::877:657b:bc3e:b030%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{FBD8F346-AB63-4506-88DE-D3C083C3A3D3}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: ns3.cgocable.net
Address: 24.226.1.93

Name: google.com
Addresses: 74.125.226.16
74.125.226.17
74.125.226.18
74.125.226.19
74.125.226.20


Pinging google.com [74.125.226.20] with 32 bytes of data:
Reply from 74.125.226.20: bytes=32 time=2914ms TTL=58
Reply from 74.125.226.20: bytes=32 time=21ms TTL=58

Ping statistics for 74.125.226.20:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 21ms, Maximum = 2914ms, Average = 1467ms
Server: ns3.cgocable.net
Address: 24.226.1.93

Name: yahoo.com
Addresses: 209.191.122.70
72.30.2.43
98.137.149.56
98.139.180.149


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=286ms TTL=47
Reply from 98.137.149.56: bytes=32 time=134ms TTL=47

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 134ms, Maximum = 286ms, Average = 210ms
Server: ns3.cgocable.net
Address: 24.226.1.93

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=8ms TTL=128
Reply from 127.0.0.1: bytes=32 time=4ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 4ms, Maximum = 8ms, Average = 6ms
===========================================================================
Interface List
11...00 1d d9 6b b6 5d ......Dell Wireless 1390 WLAN Mini-Card
10...00 1c 23 a2 95 64 ......Broadcom 440x 10/100 Integrated Controller
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.101 281
192.168.1.101 255.255.255.255 On-link 192.168.1.101 281
192.168.1.255 255.255.255.255 On-link 192.168.1.101 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.101 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.101 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:4137:9e76:877:657b:bc3e:b030/128
On-link
11 281 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::877:657b:bc3e:b030/128
On-link
11 281 fe80::79b9:aee8:4a08:e2c8/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/28/2012 07:06:55 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {d6e7557a-8b03-462d-a658-9648aca17ac8}

Error: (01/27/2012 08:31:14 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {a202ba40-ee80-472d-8f86-7b1d2daba677}

Error: (01/27/2012 05:04:35 PM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 16.0.912.77 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e4c

Start Time: 01ccdd3f2f1cadb3

Termination Time: 14

Application Path: C:\Users\SDBrennan\AppData\Local\Google\Chrome\Application\chrome.exe

Report Id: e1b97848-4932-11e1-86d7-001c23a29564

Error: (01/27/2012 05:01:08 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {80c1dfda-6e6d-40fa-b26f-592b4d6fd3fb}

Error: (01/27/2012 04:23:07 PM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 16.0.912.77 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e4c

Start Time: 01ccdd38fe133e55

Termination Time: 21

Application Path: C:\Users\SDBrennan\AppData\Local\Google\Chrome\Application\chrome.exe

Report Id: 0d4a281c-492d-11e1-aff9-001c23a29564

Error: (01/27/2012 03:45:22 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {7d1935ce-a95d-44c8-9d50-d4eef46f3021}

Error: (01/27/2012 10:48:48 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {77f6833b-d8ae-4cd5-8ab4-ea8edd3bb51f}

Error: (01/27/2012 10:21:14 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {62862f55-4b86-4073-8593-e8596385562b}

Error: (01/27/2012 08:02:55 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {8d9c9eb7-0364-4d06-bc51-9be0dffe5fb6}

Error: (01/26/2012 05:43:21 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {0b3abf41-eca7-48d8-8c52-de4ac74d0dce}


System errors:
=============
Error: (01/28/2012 07:04:42 AM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (01/28/2012 07:04:42 AM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (01/28/2012 07:04:42 AM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (01/28/2012 07:04:41 AM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (01/28/2012 07:04:41 AM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (01/28/2012 07:04:41 AM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (01/28/2012 07:04:32 AM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:
%%1058

Error: (01/28/2012 07:04:32 AM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (01/28/2012 07:04:32 AM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (01/28/2012 07:04:32 AM) (Source: PNRPSvc) (User: )
Description: 0x80630801


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

4660_4680_Help (Version: 1.00.0000)
64 Bit HP CIO Components Installer (Version: 6.2.2)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Reader 9 (Version: 9.0.0)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 140.0.000.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 140.0.213.000)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 140.0.213.000)
DocMgr (Version: 140.0.65.000)
DocProc (Version: 140.0.100.000)
Fax (Version: 140.0.213.000)
FrostWire 4.21.8 (Version: 4.21.8.0)
Google Chrome (Version: 16.0.912.77)
Google Earth (Version: 6.1.0.5001)
Google SketchUp 8 (Version: 3.0.11752)
Google Update Helper (Version: 1.3.21.79)
GPBaseService2 (Version: 140.0.212.000)
HiJackThis (Version: 1.0.0)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP OfficeJet J4600 All-In-One Series (Version: 14.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (Version: 5.002.006.003)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 140.0.213.000)
HPSSupply (Version: 140.0.212.000)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
J4680 (Version: 140.0.000.000)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Laptop Integrated Webcam Driver (1.04.01.1011)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
MarketResearch (Version: 140.0.214.000)
McAfee Internet Security (Version: 11.0.654)
McAfee Online Backup (Version: 1.16.4.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 3.0.40818.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network64 (Version: 140.0.215.000)
OCR Software by I.R.I.S. 14.0 (Version: 14.0)
ProductContext (Version: 140.0.000.000)
RICOH R5C83x/84x Media Driver Ver.3.53.02 (Version: 3.53.02)
Scan (Version: 140.0.167.000)
Shop for HP Supplies (Version: 14.0)
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.5 (Version: 5.5.124)
SmartWebPrinting (Version: 140.0.213.000)
SolutionCenter (Version: 140.0.214.000)
Status (Version: 140.0.256.000)
Toolbox (Version: 140.0.428.000)
TrayApp (Version: 140.0.213.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
WebReg (Version: 140.0.213.017)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)

========================= Memory info: ===================================

Percentage of memory in use: 47%
Total physical RAM: 2038.19 MB
Available physical RAM: 1072.45 MB
Total Pagefile: 4076.38 MB
Available Pagefile: 2510.25 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.23 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:149.05 GB) (Free:120.12 GB) NTFS

========================= Users: ========================================

User accounts for \\SDBRENNAN-PC

Administrator Guest SDBrennan


**** End of log ****

TheMaxT

Edited by TheMaxT, 28 January 2012 - 08:17 AM.


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:06 PM

Posted 28 January 2012 - 11:33 AM

Go on.....

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 TheMaxT

TheMaxT
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 28 January 2012 - 12:23 PM

Hi Broni

Thanks for looking at everything so far

Not sure what else you want, I have Malwarebytes already,and updated several times, and it freezes too. I have a copy of the CBS Log, would that be helpful?

TheMaxT

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:06 PM

Posted 28 January 2012 - 12:27 PM

aswMBR log?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 TheMaxT

TheMaxT
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 28 January 2012 - 01:48 PM

Here's that log too


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-28 13:27:25
-----------------------------
13:27:25.841 OS Version: Windows x64 6.1.7601 Service Pack 1
13:27:25.841 Number of processors: 2 586 0xF0D
13:27:25.841 ComputerName: SDBRENNAN-PC UserName: SDBrennan
13:27:28.711 Initialize success
13:29:00.343 AVAST engine defs: 12012800
13:29:11.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
13:29:11.894 Disk 0 Vendor: SAMSUNG_HM160HI HH100-08 Size: 152627MB BusType: 11
13:29:11.916 Disk 0 MBR read successfully
13:29:11.920 Disk 0 MBR scan
13:29:11.930 Disk 0 Windows 7 default MBR code
13:29:11.940 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 2048
13:29:11.952 Service scanning
13:29:27.832 Modules scanning
13:29:27.842 Disk 0 trace - called modules:
13:29:27.873 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
13:29:27.884 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800258d060]
13:29:27.896 3 CLASSPNP.SYS[fffff8800185a43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0xfffffa8002291060]
13:29:28.878 AVAST engine scan C:\Windows
13:29:32.971 AVAST engine scan C:\Windows\system32
13:35:50.150 AVAST engine scan C:\Windows\system32\drivers
13:36:10.040 AVAST engine scan C:\Users\SDBrennan
13:41:09.730 AVAST engine scan C:\ProgramData
13:42:15.520 Scan finished successfully
13:46:07.313 Disk 0 MBR has been saved successfully to "C:\Users\SDBrennan\Downloads\MBR.dat"
13:46:07.329 The log file has been saved successfully to "C:\Users\SDBrennan\Downloads\aswMBR.txt"
13:47:15.189 Disk 0 MBR has been saved successfully to "C:\Users\SDBrennan\Documents\Confidential\MBR.dat"
13:47:15.220 The log file has been saved successfully to "C:\Users\SDBrennan\Documents\Confidential\aswMBR.txt"

TheMaxT

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:06 PM

Posted 28 January 2012 - 02:22 PM

I don't see much so far.....

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/


  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • Super should automatically the program definitions. If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
  • Close SUPERAntiSpyware.
Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

  • Open SUPERAntiSpyware.
  • Click on "Preferences" button.
  • Click the "Scanning Control" tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
  • Click the "Home" button to leave the control center screen.
  • Back on the main screen checkmark "Complete scan" and click "Scan your computer".
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Post SUPERAntiSpyware log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 TheMaxT

TheMaxT
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 28 January 2012 - 06:57 PM

Hey Broni,

Done, Here are the results
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/28/2012 at 03:56 PM

Application Version : 5.0.1142

Core Rules Database Version : 8178
Trace Rules Database Version: 5990

Scan type : Complete Scan
Total Scan Time : 00:58:27

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 341
Memory threats detected : 0
Registry items scanned : 44841
Registry threats detected : 0
File items scanned : 117879
File threats detected : 0

This reinforces the scan done yesterday,(using superantispyware), after which the Trojan.Dropper was found, and removed

TheMaxT

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:06 PM

Posted 28 January 2012 - 07:45 PM

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 TheMaxT

TheMaxT
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 29 January 2012 - 06:38 PM

Hey Broni,

This is what I got from GMER


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-29 18:29:05
Windows 6.1.7601 Service Pack 1
Running: pdo07zxb.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\MOBKFilter@LogFile \??\C:\Program Files (x86)\McAfee Online Backup\Data\filter_raw.log.1

---- EOF - GMER 1.0.15 ----


TheMaxT

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:06 PM

Posted 29 January 2012 - 07:57 PM

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

======================================================================

Please download and run ListParts by Farbar (for 32-bit system)

Please download and run ListParts64 by Farbar (for 64-bit system)

Click on Scan button.

Scan result will open in Notepad.
Post it in your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 TheMaxT

TheMaxT
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 29 January 2012 - 10:43 PM

Hey Broni


Bootkit Remover
© 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Service Pack 1 (build 7601), 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...


TheMaxT

#14 TheMaxT

TheMaxT
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 29 January 2012 - 10:47 PM

ListParts by Farbar
Ran by SDBrennan on 29-01-2012 at 22:43:56
Windows 7 (X64)
Running From: C:\Users\SDBrennan\Downloads
************************************************************

========================= Memory info ======================

Percentage of memory in use: 45%
Total physical RAM: 2038.19 MB
Available physical RAM: 1107.12 MB
Total Pagefile: 4076.38 MB
Available Pagefile: 2477.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:149.05 GB) (Free:121.35 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]



****** End Of Log ******

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:06 PM

Posted 29 January 2012 - 10:52 PM

I don't see anything malicious there.

I suggest you reinstall both troublesome programs.

As for MBAM....
1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility.
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here.

As for McAfee, uninstall it using this utility: http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html
Install fresh copy.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users