Jump to content

Since last malwarebytes update, Frequently PC does not boot correctly. desktop with no task bar or icons


BusyMike

Recommended Posts

Within the last few weeks I had a malwarebytes update notification and updated the software.

The first reboot after the update I encountered a very strange startup.

I use the PRO version of malwarebytes.

Malwarebytes completed updating the software, the PC rebooted,

I saw my background picture and nothing else.

No task bar, no Icons nothing. I was looking at my background image only, nothing else on screen.

I was able to launch task manager with ctrl-alt-del and noticed very little activity and about 28 processes.

I recogonized most of the processes and did not see anything unusual.

I was hoping MBAM was doing some scan or something.

After about 30 mins I used task manager to shutdown the PC and tried to boot again.

Again it produced the same result. I used task manager to disable malwarebytes and task manager stopped responding.

I booted to safe mode and removed MBAM and it appeared to work normally after that.

I reinstalled MBAM and had the same issue after reboot. The task manager stopped responding after I disabled MBAM so I hit the reset button on my tower in frustration and tried again, this time it appeared to boot normally.

Since that time (a week or two) I have had trouble with cold boots. Same issue as described which miraculously seems to resolve itself by hitting the reset button on a failed boot.

Once my PC is started it runs all day until I close it at night, some days I encounter this issue and others it works fine.

Since then I gave me PC the bi-annual cleaning and cleaned all the fans and dust from the case and heat sinks.

The freeze on boot still happens, not every boot but it occurs frequently enough to be annoying.

I followed the instructions to clean out MBAM and reinstall. I also produced the DDS and attach text files if required. If this is not an infection, I am thinking it may be a hardware issue, but it's odd that it would suddenly appear after a reboot where I updated MBAM.

Here's the DDS file.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2

Run by Michael at 10:10:09 on 2012-09-21

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1433 [GMT -4:00]

.

AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\PROGRA~1\Pidgin\pidgin.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\KeePass Password Safe 2\KeePass.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File

uRun: [Google Update] "c:\documents and settings\michael\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"

uRun: [1&1 EasyLogin] c:\program files\1&1\1&1 easylogin\EasyLogin.exe

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [soundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [EPSON Stylus Photo R200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\michael\startm~1\programs\startup\shortc~1.lnk - c:\documents and settings\michael\desktop\BM tasks.txt

StartupFolder: c:\docume~1\michael\startm~1\programs\startup\shortc~3.lnk - c:\documents and settings\michael\desktop\daily todo list.rtf

StartupFolder: c:\docume~1\michael\startm~1\programs\startup\shortc~2.lnk - c:\documents and settings\michael\desktop\Task list 2012.txt

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342029691406

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{D7D45C36-A19A-40C6-B842-099FB5DA9956} : DhcpNameServer = 192.168.2.1

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-12-21 94872]

R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2011-9-11 8576]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-21 399432]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-21 676936]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-21 22856]

R3 QCAbsee;Logitech QuickCam Web (0801);c:\windows\system32\drivers\OVCA.sys [2011-8-29 25088]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-10 136176]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\tomtomhomeservice.exe --> c:\program files\tomtom home 2\TomTomHOMEService.exe [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-10 136176]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\androidusb.sys --> c:\windows\system32\drivers\ANDROIDUSB.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-09-21 14:02:33 -------- d-----w- c:\documents and settings\michael\application data\Malwarebytes

2012-09-21 14:02:18 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-09-21 14:02:17 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-21 14:02:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-09-08 20:32:34 21840 ----atw- c:\windows\system32\SIntfNT.dll

2012-09-08 20:32:34 17212 ----atw- c:\windows\system32\SIntf32.dll

2012-09-08 20:32:34 12067 ----atw- c:\windows\system32\SIntf16.dll

2012-09-08 20:14:50 -------- d-----w- c:\program files\Sierra On-Line

2012-09-08 20:14:50 -------- d-----w- C:\Impressions Games

2012-09-08 19:33:14 304128 ----a-w- c:\windows\IsUninst.exe

2012-09-08 19:32:59 -------- d-----w- c:\documents and settings\michael\WINDOWS

2012-09-07 01:40:48 -------- d-----w- c:\documents and settings\michael\application data\Bitcoin

2012-09-05 15:44:01 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

==================== Find3M ====================

.

2012-09-05 15:43:51 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-09-05 15:43:50 821736 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-09-05 15:43:50 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49:32 43520 ------w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec

2012-06-25 20:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll

.

============= FINISH: 10:10:37.00 ===============

Here's the Attach file

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 8/29/2011 10:39:30 PM

System Uptime: 9/21/2012 10:00:08 AM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | M2N-E

Processor: AMD Athlon 64 X2 Dual Core Processor 4600+ | Socket AM2 | 2411/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 466 GiB total, 317.193 GiB free.

D: is CDROM ()

E: is Removable

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Multimedia Video Controller

Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_00031002&REV_11\4&2BE4B97F&0&4030

Manufacturer:

Name: Multimedia Video Controller

PNP Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_00031002&REV_11\4&2BE4B97F&0&4030

Service:

.

Class GUID:

Description: Multimedia Controller

Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_00031002&REV_11\4&2BE4B97F&0&4130

Manufacturer:

Name: Multimedia Controller

PNP Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_00031002&REV_11\4&2BE4B97F&0&4130

Service:

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

µTorrent

1&1 EasyLogin

Adobe AIR

Adobe Anchor Service CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe CSI CS4

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Dreamweaver CS4

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash Player 11 ActiveX

Adobe Media Player

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Reader X (10.1.4)

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe XMP Panels CS4

ArcSoft Print Creations

ArcSoft Print Creations - Album Page

ArcSoft Print Creations - Funhouse

ArcSoft Print Creations - Greeting Card

ArcSoft Print Creations - Photo Book

ArcSoft Print Creations - Photo Calendar

ArcSoft Print Creations - Scrapbook

ArcSoft Print Creations - Slimline Card

AviSynth 2.5

CCScore

Connect

DivX Setup

DVD Decrypter (Remove Only)

Epson Print CD

EPSON Printer Software

ESET NOD32 Antivirus

ESSBrwr

ESSCDBK

ESScore

ESSgui

ESSini

ESSPCD

ESSPDock

ESSTOOLS

essvatgt

ffdshow [rev 3154] [2009-12-09]

Google Chrome

Google Earth Plug-in

Google Talk Plugin

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB932716-v2)

Hotfix for Windows XP (KB945060-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

HTC BMP USB Driver

IrfanView (remove only)

Java 7 Update 7

Java Auto Updater

Java 6 Update 30

KeePass Password Safe 2.16

Kodak EasyShare software

kuler

Living Cookbook 2011

LOTRO Plugin Compendium

Malwarebytes Anti-Malware version 1.65.0.1400

Media Player Classic - Home Cinema v1.5.2.3456

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB973685)

netbrdg

NetObjects Fusion 1&1 Edition

NVIDIA Display Control Panel

NVIDIA Drivers

NVIDIA ForceWare Network Access Manager

NVIDIA nView Desktop Manager

NVIDIA PhysX

OfotoXMI

OpenOffice.org 3.4

Photoshop Camera Raw

Pidgin

PS3 Media Server

PuTTY version 0.62

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

SFR

SHASTA

skin0001

SKINXSDK

SoundMAX

staticcr

Stronghold Crusader Extreme

Suite Shared Configuration CS4

The Lord of the Rings Online™ v03.05.01.8027

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VC 9.0 Runtime

VC80CRTRedist - 8.0.50727.6195

VirtualCloneDrive

VLC media player 0.9.8a

VPRINTOL

WD Align - Powered by Acronis

WebFldrs XP

WinAce Archiver

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Management Framework Core

Windows Media Format 11 runtime

WinRAR 4.20 (32-bit)

WIRELESS

XChat 2 (remove only)

Xiph.Org Open Codecs 0.85.17777

Zeus

.

==== Event Viewer Messages From Past Week ========

.

9/21/2012 9:28:54 AM, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.(note I disabled it in task manager when the PC was not responding.)

9/21/2012 9:28:50 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).

9/16/2012 12:31:57 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

9/16/2012 12:31:57 PM, error: Service Control Manager [7000] - The TomTomHOMEService service failed to start due to the following error: The system cannot find the file specified.

9/14/2012 9:49:04 PM, error: Service Control Manager [7031] - The Internet Pass-Through Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

9/14/2012 9:48:58 PM, error: Service Control Manager [7031] - The Internet Pass-Through Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

9/14/2012 9:45:14 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).

9/14/2012 9:45:10 PM, error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).

9/14/2012 9:44:34 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

According to my AntiVirus log I have encountered HTML/ScrInject.B.Gen virus a few times, the last time being 8/7/2012 but my antivirus terminated the connection and quarantined it successfully every time.

Any assistance would be greatly appreciated.

Link to post
Share on other sites

Welcome to the forum.

Before we proceed further, please uninstall or disable uTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against the forums policy concerning P2P programs:

http://forums.malwar...showtopic=97700

Please also uninstall Java™ 6 Update 30

----------------------------------------

Then........

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

I would first like to thank you for taking the time to assist me.

I hope I can fix this quickly with your help.

I removed uTorrent, although I only use it when I need to get updated Linux Distros.

I also removed Java 6 update 30 per your request.

Please note in the info regarding my HDD setup, I have one partition on one drive readable by windows and a second partition not readable by windows because I use it exclusively for Linux, the second drive is only used for Linux or other non windows OS's and is therefor not readable by windows OS.

The 3 docs that start up are docs I created with notepad and wordpad respectively and use daily.

Here are the logs from rogue killer

RogueKiller V8.0.5 [09/23/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Michael [Admin rights]

Mode : Scan -- Date : 09/23/2012 19:35:57

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[sTARTUP][sUSP PATH] Shortcut to BM tasks.lnk @Michael : C:\Documents and Settings\Michael\Desktop\BM tasks.txt -> FOUND

[sTARTUP][sUSP PATH] Shortcut to daily todo list.lnk @Michael : C:\Documents and Settings\Michael\Desktop\daily todo list.rtf -> FOUND

[sTARTUP][sUSP PATH] Shortcut to Task list 2012.lnk @Michael : C:\Documents and Settings\Michael\Desktop\Task list 2012.txt -> FOUND

[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EURS-630AB1 +++++

--- User ---

[MBR] 5bfb95bee96a499f185d66e6885f7c1a

[bSP] f30f45b106d42470509f9d9bc04bbce9 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476930 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive1: WDC WD10EURS-630AB1 +++++

--- User ---

[MBR] 71b12d8e891a0434aafc2467cc0b92e0

[bSP] 18881592a24c4ef802a9219a89760b6c : MBR Code unknown

Partition table:

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

OK, not much showing but lets run some scans.....

Please read the directions carefully so you don't end up deleting something that is good!!

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

no I'm not. I am directly connected.

I should note I had an opportunity to run a full scan with MBAM and noticed the following.

Malwarebytes Anti-Malware (PRO) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.22.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Michael :: DESKTOP [administrator]

Protection: Enabled

9/22/2012 1:40:00 PM

mbam-log-2012-09-22 (13-40-00).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 189520

Time elapsed: 5 minute(s), 22 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 2

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Documents and Settings\Michael\Local Settings\Temp\VidSaver15_20120508.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.

Not quite a virus but at least a potentially unwanted program.

I believe it may have been downloaded by a careless user.

I haven't had the reboot issue in a couple of days, since it's intermittent, I am not sure if the issue is resolved. Perhaps it was that PUP.

Then again I always use chrome, not internet explorer, not sure if that makes a difference.

What do you think, This is the first time I've booted 2 days in a row without issue.

Link to post
Share on other sites

OK, see how it is.

If you still have problems......we'll run ComboFix:

~~~~~~~~~~~~~~~~~~~~~~

Please back up the registry first:

http://www.geekstogo...ry-using-erunt/

and....

Please create a new system restore point also.

If after running ComboFix you can't connect to the internet, please navigate to

the C:\WINDOWS\ERDNT folder and run ERDNT.exe to restore the registry. Reboot and see how it is.

If that doesn't work....use that system restore point and that will correct the problem.

~~~~~~~~~~~~~~~~~~~~~~~~

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Can you tell me what caused the issue?

I really can pin point one thing > all we can do is make sure the computer is free of malware.

Please run one more scan.......

Please download AdwCleaner from here and save it on your Desktop.

  1. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

MrC

Link to post
Share on other sites

I removed 2 session ID's for security reasons but left everything else intact

I should also note I never use internet explorer, are those things conduit and such necessary?

No, but if we run AdwCleaner again to delete all the items found it will also delete the "2 session ID's for security reasons" items you removed from the log.

What would you like to do?

~~~~~~~~~~~~~~~~~~~~~~~~~~

If you want to delete..........

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

MrC

Link to post
Share on other sites

Well I followed your directions. From your description I was hoping to be able to approve each removal so I could save my chrome sessions but it deleted everything in the log and it's extremely clean.

Too bad it doesn't discriminate. Now I have to set up my launch pages again,

I also noticed the following dialog box appeared when I launched chrome.

google Chrome

Your preference file is corrupt or invalid

Google chrome is unable to recover your settings.

I didn't expect that.... so now I have to reget my extensions and choose a background yada yada yada.

No big deal but it'll take me a few hours to recover everything I need.

I lost all apps and extensions and settings, at least I still have my bookmarks and that's the most important.

I hope my nod32 still has hooks into my browser to keep me protected.

Anything else you wanna try? I am a little concerned about that 3 Gigs that was deleted in combofix. I hope it wasn't something I misplaced.

Link to post
Share on other sites

it was in the combofix file... look in the last section, DLLs Loaded Under Running Processes

Pre-Run: 340,525,539,328 bytes free

Post-Run: 343,826,546,688 bytes free

That was what I was talking about. I have the restore point at least... but was wondering if you think that could be an issue that should concern me.

BTW the issue still seems to occur, except now it appears to recover faster.

Now, I only have to wait under 2 minutes on my background screen before it begins to show the task bars and icons.

At least thats how long it took today when booting.

Link to post
Share on other sites

ComboFix only deleted these files and it also cleaned out temp files.

There's no problem.

c:\documents and settings\Michael\WINDOWS

c:\windows\system32\_000012_.tmp.dll

c:\windows\system32\_000013_.tmp.dll

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\regtlib.exe

~~~~~~~~~~~~~~~~~~~~~~~~~

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassoci...T-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

good to know....

As for the logs... any other ideas?

it still appears to hang on the background screen, although not for as long as originally.

And as I said in my first post it started when I updated malwarebytes and the system rebooted.

I am tempted to do a few tests and remove malwarebytes to see if my system boots normally again

Link to post
Share on other sites

Give it a try..............

If you have the pro version of MB....make sure you have your license key

-----------------------

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

image514.png

Go to your control panels add/remove programs and uninstall MalwareBytes Anti-Malware > reboot

Download and run this cleaner:

mbam-clean.exe

Reboot <---very important

Now download and see if you can install the latest version of MB from here: (disable any malware/anti-virus programs running first)

http://www.malwareby...am-download.php

Let me know, MrC

Link to post
Share on other sites

I gotta admit I am quite fluent in the operations of the PC.

I did not think I had any infection, but thought it was strange this issue began when I updated MB

And yes, I purchased MB a long time ago and made sure all my friends invested in it too. I think it's a worthwhile investment.

I will test it out tonight by removing MB and seeing what happens after a reboot,

But I am a little skeptical since it appears to be a bit intermittent. I'll give you more information when I'm finished testing.

Link to post
Share on other sites

OK so here was the BIG test.

I launched today and waited on the background for around 45 seconds before my taskbar launched.

I uninstalled malwarebytes, shutdown the PC and booted PC. once I entered my password, it immediately showed my background, taskbar and icons and completed the loading of my few apps quickly.

I then downloaded the latest Malwarebytes, installed it and updated it, made sure I was registered since I paid for the pro version.

Then I powered off the PC and waited a few moments and booted the PC as usual.

Once I entered my password to log in, it took almost 30 seconds before showing me the background screen, then it took another minute before it showed me the taskbar and icons. so it added 1 minute and 30 seconds to my log in.

I still believe as I did originally, malwarebytes has a problem on windows XP with my configuration.

If I didn't need windows I would never use it again, problem solved, but thats not the case, so any other ideas?

Link to post
Share on other sites

OK completed the same test and got almost the same results.

uninstalled malwarebytes and ran the mbam clean, rebooted as required, it booted quickly.

I powered off and waited a few moments and did a cold boot. Same results as above, entered my password and saw the taskbar and icons immediately. very fast load, the machine was ready to use in less than 30 seconds.

tested again with same results.

Installed MBAM pro per instructions, entered my registration info and made sure it was updated.

Powered off then waited a few moments and powered on.

This time when I entered my password it again took 30 seconds to load my preferences then show me the background screen with no icons or taskbar.

I waited another minute and it still didn't load the taskbar so I ctrl-alt-del and showed processes.

I included the screenshot of the processes below.

it took a total of 2 minutes and 11 seconds before I was able to see my icons and taskbar.

After another reboot it took 1 minute 34 seconds after entering my password before the taskbar appeared.

So it didn't solve the problem, but the problem is definately linked to Malwarebytes.

Thanks again for all your help, Any other ideas?

Should I notify the mbam team of this issue?

Busy Mike

post-118387-0-79260100-1349400977.jpg

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.