Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Services disabled, no internet


  • This topic is locked This topic is locked
9 replies to this topic

#1 7hillsjfh

7hillsjfh

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 26 April 2016 - 07:34 PM

The infected PC is a new, refurbished PC that I set up with a single user, copied documents, pictures, etc from the hard drive of the old PC, installed some software, installed M/S critical updates, and set up the email account (Windows Live Mail). All seemed well until a couple of days later when I booted the PC (with the new kb and mouse that had come with the PC) and it went crazy. The cursor jumped around the desktop icons very rapidly; I couldn't control it or stop it until, grasping at straws, I swapped the mouse and it settled down. But the damage had been done. The PC is a Core 2 Duo with 8GB Ram and Windows 7 Pro 64 bit. I have no idea where the virus came from (it may have been on the drive when the PC arrived, or it may have gotten in during my updating or software installs -- but I doubt that). Another PC in my network is unaffected. I apologize for doing some virus scanning and cleaning before making this post, but I didn't know any better then. ADWCleaner and MalwareBytes found nothing (that surprised me) but Combofix found a bunch. I hope you can help me. Please call me John.  Thanks,



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:08 AM

Posted 27 April 2016 - 07:12 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

p.s.
Use a good computer download the file to a CD or Flash driver and copy the files to the desktop of the compromised computer.

Please post the logs.

#3 7hillsjfh

7hillsjfh
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 27 April 2016 - 08:18 AM

Nasdaq, Ran scanner with no problems. Output attached.
John

Attached Files

  • Attached File  FRST.txt   69.12KB   1 downloads


#4 7hillsjfh

7hillsjfh
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 27 April 2016 - 08:29 AM


ok

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:08 AM

Posted 27 April 2016 - 01:11 PM



Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-415100046-3347018085-1164703065-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S2 DGPNPSEV; E:\#Setup\DriverGenius2012\DgService.exe [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
cmd: netsh winsock reset catalog

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • List last 10 Event Viewer log
  • List IP Configuration
  • List Winsock Entries
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Let me know if the problem persists.

#6 7hillsjfh

7hillsjfh
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 27 April 2016 - 02:56 PM

Still no internet access (using IE ver 11).

John

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:27-04-2016
Ran by Eula (2016-04-27 15:10:28) Run:1
Running from C:\Users\Eula\Desktop\64 Bit
Loaded Profiles: Eula (Available Profiles: Eula)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <=======
ATTENTION
HKU\S-1-5-21-415100046-3347018085-1164703065-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S2 DGPNPSEV; E:\#Setup\DriverGenius2012\DgService.exe [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
cmd: netsh winsock reset catalog

*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
ATTENTION => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-415100046-3347018085-1164703065-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
DGPNPSEV => service removed successfully
catchme => service removed successfully

=========  ipconfig /flushdns =========

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.

========= End of CMD: =========

=========  IPCONFIG /release =========

Windows IP Configuration

An error occurred while releasing interface Local Area Connection 3 : The RPC server is unavailable.

========= End of CMD: =========

=========  IPCONFIG /renew =========

Windows IP Configuration

An error occurred while renewing interface Local Area Connection 3 : The RPC server is unavailable.
 

========= End of CMD: =========

=========  netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

EmptyTemp: => 11.2 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 15:10:29 ====

 

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Eula (administrator) on 27-04-2016 at 15:35:08
Running from "C:\Users\Eula\Desktop\64 Bit\Mini ToolBox"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Model: HP Compaq 8000 Elite SFF PC Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.

========================= IP Configuration: ================================

Intel® 82567LM-3 Gigabit Network Connection = Local Area Connection 3 (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Eula-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 3:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® 82567LM-3 Gigabit Network Connection
   Physical Address. . . . . . . . . : 00-23-24-31-FF-69
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:ce:c200:32a0:789d:a3d3:4ca5:4aed(Preferred)
   Temporary IPv6 Address. . . . . . : 2601:ce:c200:32a0:609d:652b:5160:3712(Preferred)
   Link-local IPv6 Address . . . . . : fe80::789d:a3d3:4ca5:4aed%13(Preferred)
   Autoconfiguration IPv4 Address. . : 169.254.74.237(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : fe80::c627:95ff:fecd:5fc%13
   DNS Servers . . . . . . . . . . . : 75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{899CCB8F-1A90-453B-9E17-267517D8F1E1}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  75.75.75.75

Ping request could not find host google.com. Please check the name and try again.
Server:  UnKnown
Address:  75.75.75.75

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...00 23 24 31 ff 69 ......Intel® 82567LM-3 Gigabit Network Connection
  1...........................Software Loopback Interface 1
 22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link    169.254.74.237    266
   169.254.74.237  255.255.255.255         On-link    169.254.74.237    266
  169.254.255.255  255.255.255.255         On-link    169.254.74.237    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    169.254.74.237    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    169.254.74.237    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13    266 ::/0                     fe80::c627:95ff:fecd:5fc
  1    306 ::1/128                  On-link
 13    266 2601:ce:c200:32a0::/60   fe80::c627:95ff:fecd:5fc
 13     18 2601:ce:c200:32a0::/64   On-link
 13    266 2601:ce:c200:32a0:609d:652b:5160:3712/128
                                    On-link
 13    266 2601:ce:c200:32a0:789d:a3d3:4ca5:4aed/128
                                    On-link
 13    266 fe80::/64                On-link
 13    266 fe80::789d:a3d3:4ca5:4aed/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/27/2016 03:13:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2016 03:12:04 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.

Operation:
   Subscribing Writer

Context:
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {ba890718-6c3c-4b14-87c7-195e8fb3a8df}

Error: (04/27/2016 03:12:04 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]

Operation:
   Subscribing Writer

Context:
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {ba890718-6c3c-4b14-87c7-195e8fb3a8df}

Error: (04/27/2016 03:10:28 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.

Operation:
   Subscribing Writer

Context:
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {0173e440-98a4-453b-a49e-0db301547aa9}

Error: (04/27/2016 03:10:28 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]

Operation:
   Subscribing Writer

Context:
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {0173e440-98a4-453b-a49e-0db301547aa9}

Error: (04/27/2016 03:10:28 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.

Operation:
   Subscribing Writer

Context:
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {9b833dc3-f309-426a-8532-9fca45abb6d0}

Error: (04/27/2016 03:10:28 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]

Operation:
   Subscribing Writer

Context:
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {9b833dc3-f309-426a-8532-9fca45abb6d0}

Error: (04/27/2016 03:10:28 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Error: An error 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
 was encountered while trying to initialize the Registry Writer.  This may cause
future shadow-copy creations to fail.

Error: (04/27/2016 03:10:28 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.

Operation:
   Subscribing Writer

Context:
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {e0602adf-d32f-4d9d-adac-8651d414e7b2}

Error: (04/27/2016 03:10:28 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]

Operation:
   Subscribing Writer

Context:
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {e0602adf-d32f-4d9d-adac-8651d414e7b2}

System errors:
=============
Error: (04/27/2016 03:28:09 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%1058

Error: (04/27/2016 03:28:07 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%1058

Error: (04/27/2016 03:28:05 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%1058

Error: (04/27/2016 03:28:02 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%1058

Error: (04/27/2016 03:28:00 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%1058

Error: (04/27/2016 03:27:58 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%1058

Error: (04/27/2016 03:27:55 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%1058

Error: (04/27/2016 03:27:53 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%1058

Error: (04/27/2016 03:27:51 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%1058

Error: (04/27/2016 03:27:48 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%1058

Microsoft Office Sessions:
=========================
Error: (04/27/2016 03:13:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2016 03:12:04 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Operation:
   Subscribing Writer

Context:
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {ba890718-6c3c-4b14-87c7-195e8fb3a8df}

Error: (04/27/2016 03:12:04 PM) (Source: VSS)(User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Operation:
   Subscribing Writer

Context:
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {ba890718-6c3c-4b14-87c7-195e8fb3a8df}

Error: (04/27/2016 03:10:28 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Operation:
   Subscribing Writer

Context:
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {0173e440-98a4-453b-a49e-0db301547aa9}

Error: (04/27/2016 03:10:28 PM) (Source: VSS)(User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Operation:
   Subscribing Writer

Context:
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {0173e440-98a4-453b-a49e-0db301547aa9}

Error: (04/27/2016 03:10:28 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Operation:
   Subscribing Writer

Context:
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {9b833dc3-f309-426a-8532-9fca45abb6d0}

Error: (04/27/2016 03:10:28 PM) (Source: VSS)(User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Operation:
   Subscribing Writer

Context:
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {9b833dc3-f309-426a-8532-9fca45abb6d0}

Error: (04/27/2016 03:10:28 PM) (Source: VSS)(User: )
Description: 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.

Error: (04/27/2016 03:10:28 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Operation:
   Subscribing Writer

Context:
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {e0602adf-d32f-4d9d-adac-8651d414e7b2}

Error: (04/27/2016 03:10:28 PM) (Source: VSS)(User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Operation:
   Subscribing Writer

Context:
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {e0602adf-d32f-4d9d-adac-8651d414e7b2}

CodeIntegrity Errors:
===================================
  Date: 2016-04-26 10:49:13.274
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-26 10:49:13.243
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

**** End of log ****



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:08 AM

Posted 28 April 2016 - 06:43 AM

An error occurred while renewing interface Local Area Connection 3 : The RPC server is unavailable.

A number of fixes re recommended on this page.
http://www.compuchenna.co.uk/the-rpc-server-is-unavailable/

Look at your settings and see what you can reset to default.

Have a look at his video also it may help.

---

If no luck I suggest you start a new topic in the Networking forum. This is not my forte.
http://www.bleepingcomputer.com/forums/f/21/networking/

Post the Minitool box log in your new topic. This should expedite that matter.

#8 7hillsjfh

7hillsjfh
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 28 April 2016 - 08:00 AM

Nasdaq, The video fixed it! Everything seems to be working right. If any problems show up, I will re-post. Thanks for your help.

 

John



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:08 AM

Posted 28 April 2016 - 08:44 AM

Glad we could help.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:08 AM

Posted 04 May 2016 - 06:58 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users