Windows Resource Protetion Issue

Firstly, This post is likely to be very long but the more description the easier the help might be.... I have had it bad for the last few days, sorting out problem after problem. It started Saturday when my computer went to hell. I dont know what was happening at the time but i got the usual signs of it right away - complaints that the computer stopped working, everything was slowing down until the inevitble happened and the computer couldn't take it any more; blue screen. I was freaking out cause ive solved small problems before but seemed really out of my league for bluescreen. I thought i'll just boot up in safe and system restore (its helped in the past, maybe it would now) but when i tried to, it said system restore had been disabled. I couldnt enable it for a long time.

I rebooted and tried the repair the computer option of F8 but itdidnt do the usual "take me to a menu with system restore etc options" thing but instead started a dummy log in thing where all it shows it a guest login and nothing no matter what would let it log in. So i abandoned that route and using my phones internet tried looking for some advice.

To cut a long story short, i eventually got malwarebytes downloaded as i kinda knew it would at least put a halt to the bluescreen fiasco for long enough to try fixing the rest. It forunately worked. I had a bunch of viruses that it contained and removed. I ran a check with my panda antivirus 2011 software and it found a few bits, but nothing much. I kept getting these hacking tool alerts with the title Exploit/iframe and the file extentions were always the same. I then finished it off by downloading MSE and that too found a bunch of things the other two didnt. There is one thing that keeps on cropping up now and that is Trojan DOS/Shetwirl A. Even after its removal, MSE detects it again and again.

Internet Explorer was messing up and not letting me on. I had recently downloaded the IE9 release thingy to see what it was like but now it seems to be one of the only things that keeps messing up now. I keep opening it up and it either closes right away, stays loading on a dull cloudy screen or works perfectly fine. But it is never working fine at first. It always goes through the other two. When i click IE to open it, the process might start, but a window doesnt pop up. Its only after a bunch of clicks that one opens but by then i have 5 or 6 iexplorer.exe running that i have to end them (and sometimes the only way it will open is if i close the other processes down. Also while looking for things on google, i get redirected to other sites when i click the link

The other things i keep/kept on getting were error messages - one which i havent had in a day or two now which was "trDrWeb has stopped working... blah blah" i think that got fixed when i downloaded the MSE. The other which still happens is "Host Process for Windows Services Stopped Working and was Closed". This is where i come up empty. All the pages i have looked at go well over my head and half the time i click back to hopefully find something else. I eventually saw a post around saying that for the above, try an sfc scan. So i did... it did its scan, and said "windows Resource Protection found corrupt files but was unable to fix some of them"... I did a search on that and got sent to anoter post on this site;

http://www.vistax64.com/general-dis...d-corrupt-files-but-unable-fix-some-them.html

I Checked my log, ctrl+f to find words like corrupted, cannot... and found a whole bunch... but I dont know what the heck im looking at, and more importantly how im going to fix it. I would be greatful if you can help me out.
 

My Computer

on a related or perhaps unrelated note, i tried to upload the log file as an attachment and it wouldnt allow me to. I could copy an paste the log if that would be best, please let me know if that is required.
 

My Computer

I have managed to copy part of the log, the bottom half of the log which is part of todays scan. The first half which is yesterdays scan seems to not want to be posted. i cant figure out why.

oh its called scotts story cause i just overwrite the first thing i found and didnt change the name
 

Attachments

  • scott story.txt
    392.3 KB · Views: 147

My Computer

kesume

Vista Guru

My Computer

System One

  • Name
    Keith
    Manufacturer/Model
    Hewlett-Packard SR5019UK
    CPU
    AMD Athlon 64 processor 3800 + 2.40GHz
    Motherboard
    M2N68-LA (Narra)
    Memory
    2.50GB
    Graphics Card(s)
    nVidia GeForce
    Sound Card
    Realtec ALC888 Audio
    Monitor(s) Displays
    17" LCD Monitor
    Hard Drives
    160 Gb Usable Hard Drive
    Occupation
    Retired Prof. of Landscape Design (Japan)
    Other Info
    HP G56 Laptop Win 7 64bit. 4Gb Ram DDR2's. Hitachi 450Gb Hard Drive. Pentium(R) Duel-Core CPU.
    Country Flag
    uk
    State/Region Flag
    uk yorkshire

americancritic

Vista Guru
Gold Member
Hello and welcome to the forum.

Blue screen might be BSOD so i will send this to someone who knows about it but in the meantime if you can get into your system you should do the following.

Run a full AV...
Run a full scan with malwarebytes...

You said you tried to do a restore and you should try this..

Start Orb
All Programs
Click accessories
Right click on the command prompt
Click run as administrator when the command box opens type this...

sfc /scannow notice there is a space between the sfc and the forward slash when do upload the report.

Tom
 

My Computer

System One

  • Name
    Tom Adams
    Manufacturer/Model
    a6530f Desktop
    CPU
    HP-PAVILION
    Motherboard
    M2N68-LA (Narra3)
    Memory
    8 Gigs of Ram/DDR2 PC2-6400 MB/sec
    Graphics Card(s)
    NVIDIA GeForce 6150SE nForce 430
    Sound Card
    Intergrated Realtex ALC888S Audio
    Monitor(s) Displays
    LG W40 series widescreen
    Screen Resolution
    1600 X 900
    Hard Drives
    1 640 GB Sata transfer rating: 3.0 Gb/sec speed: 7200 RPM
    PSU
    300W
    Case
    Mid-Size ATX
    Mouse
    Microsoft Wireless Mouse 5000
    Keyboard
    HP Multimedia Keyboard
    Occupation
    Retired P.I.
    Other Info
    Processor: AMD Phenom X3 8450 Operating speed: Up to 2.1 GHz, Number of cores: 3, Socket: AM2+, Bus speed: 3600 MHz HT3 (clocked down to 2000 MHz)

    Modem: 56K WinModem/

    Supermulti: 16X DVD(+/-)R/RW 12X Ram (+/-)R DL Lightscribe SATA Drive

    Menory Card Reader: 15-in-1 Multimedia Card Reader

    Media Drive
    Country Flag
    usa
    State/Region Flag
    us arizona

richc46

Vista Guru
Gold Member

My Computer

System One

  • Name
    Richard
    Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Mouse
    Dell USB 4 button optical
    Keyboard
    Dell USB
    Other Info
    DSL provided by ATT
    Country Flag
    usa
    State/Region Flag
    us connecticut
Thank you for the responses guys. @kesume - i hadnt come across that perticular page, just a few other pages that said about it being "severe" but not an update for MSE like that. So with hopes it shall be removed with next scan.

@Americancritic - Will do another full check in morning but last full check this morning with both were clear. I did try to do a restore and was successful after my first malwarebytes clean. I cleaned and restored to 5 days prior to issues, redownloaded malwarebytes and did the scan again. Also i alread did the sfc scan - i mentioned that in my initial post and include the bulk of a secondary scan from today in the third post as an attachment (scotts story.txt)[some reason it wouldnt let me upload the original, a copy of the original, or the first half of the original, but that attachment shows most of the "cannot repairs and corrupted"]

@richc46 - should i still do this report for BSOD even tho it has not occured for a couple of days?
 

My Computer

richc46

Vista Guru
Gold Member
Thank you for the responses guys. @kesume - i hadnt come across that perticular page, just a few other pages that said about it being "severe" but not an update for MSE like that. So with hopes it shall be removed with next scan.

@Americancritic - Will do another full check in morning but last full check this morning with both were clear. I did try to do a restore and was successful after my first malwarebytes clean. I cleaned and restored to 5 days prior to issues, redownloaded malwarebytes and did the scan again. Also i alread did the sfc scan - i mentioned that in my initial post and include the bulk of a secondary scan from today in the third post as an attachment (scotts story.txt)[some reason it wouldnt let me upload the original, a copy of the original, or the first half of the original, but that attachment shows most of the "cannot repairs and corrupted"]

@richc46 - should i still do this report for BSOD even tho it has not occured for a couple of days?

Yes
If you had one and it is not corrected, you will get many more in the future. If there was just one, however, that is not enough to really diagnose. Usually several are needed.
 

My Computer

System One

  • Name
    Richard
    Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Mouse
    Dell USB 4 button optical
    Keyboard
    Dell USB
    Other Info
    DSL provided by ATT
    Country Flag
    usa
    State/Region Flag
    us connecticut

richc46

Vista Guru
Gold Member
That would be good. Send them all to me.
 

My Computer

System One

  • Name
    Richard
    Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Mouse
    Dell USB 4 button optical
    Keyboard
    Dell USB
    Other Info
    DSL provided by ATT
    Country Flag
    usa
    State/Region Flag
    us connecticut
That would be good. Send them all to me.
I will continue this tomorrow - near 3am GMT means im not fully aware and ready to handle following instructions. Frustration is kicking in from trying to make an update to MSE (its claiming to be unable to update due to internet connectivity... ill have a look at it tomorrow) So just follow the link and do what the instructions say?

Thanks for the help, slightly releived that i will get assistence, and appologies beforehand if i get things wrong [main reason i had to ask in first place was it started to become too complicated for my lacking knowledge in the field]
 

My Computer

Jacee

Security
Vista Guru
Hi HopelessITGuy, Let's clear your DNS cashe and restore MS's Hosts file:

Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0


Save as flush.bat to your desktop. Right click to run the batch file as Administrator. Your computer will reboot itself.

Next, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Now see if you can run updates for MSE. If not, please let me know. There are other applications we can run to see what the problem is. :)
 

My Computer

System One

  • Manufacturer/Model
    Bruce ... somewhere in his 40's
    CPU
    Intel(R) Core(TM)2 Quad CPU
    Motherboard
    INTEL/D975XBX2
    Memory
    4 GB
    Graphics Card(s)
    ATI Radeon HD 2600 Pro
    Monitor(s) Displays
    Samsung SyncMaster 914v
    Screen Resolution
    1280 x 1024
    Hard Drives
    2/500GB each ... ST3500630AS ATA Device.
    One is not connected
    PSU
    Rocketfish 700 W
    Case
    G.Skill Gigabyte Chassis
    Mouse
    Microsoft PS/2 Mouse
    Keyboard
    Standard PS/2 Keyboard
    Internet Speed
    DSL
    Other Info
    ATI HDMI Audio
    Country Flag
    usa
    State/Region Flag
    us washington

richc46

Vista Guru
Gold Member
Dont worry about your computer knowledge or the time that you will send the report. I will answer the report when I see it, it will be here.
Almost all that come here lacke computer knowledge. I will give you all the time and help that you need.

We will give Jacee priority. Lets get rid of the bad guys first.
 

My Computer

System One

  • Name
    Richard
    Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Mouse
    Dell USB 4 button optical
    Keyboard
    Dell USB
    Other Info
    DSL provided by ATT
    Country Flag
    usa
    State/Region Flag
    us connecticut

Jacee

Security
Vista Guru
Oooo, dang ... Trojan DOS/Shetwirl A ---> this is quite likely "Bootkit Whistler" :(
 

My Computer

System One

  • Manufacturer/Model
    Bruce ... somewhere in his 40's
    CPU
    Intel(R) Core(TM)2 Quad CPU
    Motherboard
    INTEL/D975XBX2
    Memory
    4 GB
    Graphics Card(s)
    ATI Radeon HD 2600 Pro
    Monitor(s) Displays
    Samsung SyncMaster 914v
    Screen Resolution
    1280 x 1024
    Hard Drives
    2/500GB each ... ST3500630AS ATA Device.
    One is not connected
    PSU
    Rocketfish 700 W
    Case
    G.Skill Gigabyte Chassis
    Mouse
    Microsoft PS/2 Mouse
    Keyboard
    Standard PS/2 Keyboard
    Internet Speed
    DSL
    Other Info
    ATI HDMI Audio
    Country Flag
    usa
    State/Region Flag
    us washington
Oooo, dang ... Trojan DOS/Shetwirl A ---> this is quite likely "Bootkit Whistler" :(

Im sure thats nothig good and means alot more to you than it does to me... but this is the one thing that keeps getting detected by MSE, "removed by mse" only to be found again... lathe rinse repeat every time i log on, everytime i run the scan.

I did what you asked, copied and pasted, ran in admin, downloaded from the link, let it run, it rebooted and still MSE is unable to update. It gets half way and pops up with the error message saying it cant complete.

@Richc46 - Should i hold off on following the BSOD instructions for now then?


On a completely unrelated note it must have done something as my mouse no longer doubleclicks with a single click; enabling me to highlight things a lot easier.
 

My Computer

richc46

Vista Guru
Gold Member
We can work on the BSOD as soon as Jacee says that she is done. I would, however use the computer and see if there are other BSODs. Sometimes virus etc can be the cause.
 

My Computer

System One

  • Name
    Richard
    Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Mouse
    Dell USB 4 button optical
    Keyboard
    Dell USB
    Other Info
    DSL provided by ATT
    Country Flag
    usa
    State/Region Flag
    us connecticut
I have been running my computer constantly for the last couple of days without BSOD occuring, for multiple hours from morning til night. I have managed to get it to a semi usable state; it will work and do things i ask it to, but occasionally it becomes stubborn and then requires a restart. e.g the bar at the bottom and the desktop icons vanish after a long "freeze state" and i dont know how to get them back so i ctrl+alt+del to select "restart" because there is no start orb to select. Or everything has froze up so i restart...

Another thing i dont think i have mentioned but might be of use to someone - When i turn on the computer, after the windows logo first appears, there is a "long" (bout 15-20 seconds) wait that has a spinning circle icon with the words "please wait" or something like that before the login option pops up. And occasionally when i have put in the login password and hit enter there is no "ba-bing" sound and the screen is just completely black with the arrow cursor in the middle, as if nothing has loaded up. This again normally leads me to just ctrl+alt+del to select restart option
 

My Computer

Update - MSE detected Trojan: Win32/Bamital [did google search, and cannot find this on its own, it presents Bamital.X, Bamital.A, but not just Bamital]

Currently running full panda AV scan and this is when MSE detected it
 

My Computer

Jacee

Security
Vista Guru
Download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.
  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
After rebooting ensure your Security applications have been re-enabled.
 

My Computer

System One

  • Manufacturer/Model
    Bruce ... somewhere in his 40's
    CPU
    Intel(R) Core(TM)2 Quad CPU
    Motherboard
    INTEL/D975XBX2
    Memory
    4 GB
    Graphics Card(s)
    ATI Radeon HD 2600 Pro
    Monitor(s) Displays
    Samsung SyncMaster 914v
    Screen Resolution
    1280 x 1024
    Hard Drives
    2/500GB each ... ST3500630AS ATA Device.
    One is not connected
    PSU
    Rocketfish 700 W
    Case
    G.Skill Gigabyte Chassis
    Mouse
    Microsoft PS/2 Mouse
    Keyboard
    Standard PS/2 Keyboard
    Internet Speed
    DSL
    Other Info
    ATI HDMI Audio
    Country Flag
    usa
    State/Region Flag
    us washington
I downloaded combofix and if anything this has made my computer worse. First time trying to run it it said file had been corrupted and to redownload. This prompted a blackscreen reboot without me touching anything asking how I wNter to start the computer. I retried after I logged back in and after a few seconds of running it bsod. That's the first time in 2 days. When trying to redraft nothing would come up twice. No windows stuff just pure black screen.

(this is typed from my phone)
 

My Computer

Top