Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Generic28.anic/Remove ZeroAccess rootkit


  • This topic is locked This topic is locked
55 replies to this topic

#31 Farbar

Farbar

    Just Curious


  • Security Developer
  • 20,814 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:08 PM

Posted 25 June 2013 - 03:47 PM

It looks good and you are good to go. :thumbup2:

 

  1. Please delete FRST tool as we don't need it any more. Also go to C:\FRST and delete the entire FRST folder.
     
  2. You may delete any tool or log we used from your computer.
     
  3. Remove the old restore points and create a new restore point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Setting a new restore point AFTER cleaning your system will enable your computer to "roll-back" to a clean working state if needed. :
    • Go to Start => Right-click "Computer" and select "Properties".
    • In the left pane select "System Protection".
    • Press "Configure".
    • Select "Delete". Then press "Continue" close and "OK".
    • Select your drive (drive C) and press "Create".
      Fill in a name for the restore point and press "Create".
      After finished press "Close".

      Have a nice time. :)


BC AdBot (Login to Remove)

 


#32 deaftunes

deaftunes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 26 June 2013 - 08:21 AM

Thank you for the help in removing the virus!

 

Although I think I am still having issues.  When following the steps above, nothing opens when I select Properties.  Same issues occur with the items I have listed in the previous post.  Are these permanent damages from the virus?  How do I go about getting them back functioning properly?



#33 Farbar

Farbar

    Just Curious


  • Security Developer
  • 20,814 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:08 PM

Posted 26 June 2013 - 08:38 AM

I'm sorry I misunderstood you.

 

Of the tasks I can do, everything runs fine.  I was completely unaware of a problem until I tried to insert a start-up disk for a new printer and it said could not open files.  After a little more investigation I found I could not access tabs such as my Network and Sharing Center, HomeGroup, Component Services, Computer Management, Event Viewer, Performance Moniter, Services, Task Scheduler, Windows Firewall with Advanced Security, System, Action Center, Windows Update, Power Options, Backup and Restore, etc...

Please tell me if you have all the issues you are mentioning.



#34 deaftunes

deaftunes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 26 June 2013 - 09:17 AM

All of the above tabs still do not open.  For those in the Administrative Tools tab, I get an error from the Microsoft Management Console stating,

                       "MMC cannot open the file C:\Windows|system32\compmgmt.msc (This is the example when trying to open Computer Management).  This may be because the file does not exist, is not an MMC console, or was created by a later version of MMC.  This may also be because you do not have suffiecent access rights to the file."

 

Under System and Security, I do not get any errors, but the following tabs do not open; Action Center, Windows Firewall, System, Windows Update, Power Options, Backup and Restore.

 

Under Network and Internet, I do not get any errors, but the following tabs do not open; Network and Sharing Center, HomeGroup

 

Under Hardware and Sound, I do not get any errors, but the following tabs do not open; AutoPlay, Power Options, Display

 

Under Programs, I do not get any errors, but the following tabs do not open; Default Programs

 

Under User Accounts and Family Safety, I do not get any errors, but the following tabs do not open; User Accounts, Parental Controls, Windows CardSpace, Credential Manager

 

Under Appearance and Personalization, I do not get any errors, but the following tabs do not open; Personalization, Display, Ease of Access Center



#35 Farbar

Farbar

    Just Curious


  • Security Developer
  • 20,814 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:08 PM

Posted 26 June 2013 - 09:25 AM

Let's firs try this.

 

Please download the fixlist.txt to your desktop, run FRST, click Fix and post the result.

Attached Files


Edited by Farbar, 26 June 2013 - 09:58 AM.


#36 deaftunes

deaftunes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 26 June 2013 - 10:53 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-06-2013 02
Ran by CBK BLM at 2013-06-26 10:53:29 Run:4
Running from C:\Users\CBK BLM\Desktop
Boot Mode: Normal
==============================================


=========  Net stop vss =========

The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.


========= End of CMD: =========


=========  regsvr32 /s vssui.dll =========


========= End of CMD: =========


=========  regsvr32 /s MSXML.dll =========


========= End of CMD: =========


=========  regsvr32 /s msxml3.dll =========


========= End of CMD: =========


=========  regsvr32 /s msxml4.dll =========


========= End of CMD: =========


=========  Net start vss =========

The Volume Shadow Copy service is starting.
The Volume Shadow Copy service was started successfully.


========= End of CMD: =========


==== End of Fixlog ====



#37 Farbar

Farbar

    Just Curious


  • Security Developer
  • 20,814 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:08 PM

Posted 26 June 2013 - 11:20 AM

All of the above tabs still do not open.  For those in the Administrative Tools tab, I get an error from the Microsoft Management Console stating,

                       "MMC cannot open the file C:\Windows|system32\compmgmt.msc (This is the example when trying to open Computer Management).  This may be because the file does not exist, is not an MMC console, or was created by a later version of MMC.  This may also be because you do not have suffiecent access rights to the file."

 

Under System and Security, I do not get any errors, but the following tabs do not open; Action Center, Windows Firewall, System, Windows Update, Power Options, Backup and Restore.

 

Under Network and Internet, I do not get any errors, but the following tabs do not open; Network and Sharing Center, HomeGroup

 

Under Hardware and Sound, I do not get any errors, but the following tabs do not open; AutoPlay, Power Options, Display

 

Under Programs, I do not get any errors, but the following tabs do not open; Default Programs

 

Under User Accounts and Family Safety, I do not get any errors, but the following tabs do not open; User Accounts, Parental Controls, Windows CardSpace, Credential Manager

 

Under Appearance and Personalization, I do not get any errors, but the following tabs do not open; Personalization, Display, Ease of Access Center

 

Please now check the issues once more and tell me if anything is changed and any issues is remaining.



#38 deaftunes

deaftunes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 26 June 2013 - 11:58 AM

All issues still remain



#39 Farbar

Farbar

    Just Curious


  • Security Developer
  • 20,814 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:08 PM

Posted 26 June 2013 - 12:18 PM

The issue is deeper. We need some logs.

 

  1. Please run FRST.
    Type the following in the edit box after "Search:".

    msxml3.dll

    Click Search File(s) button and post the log it makes (Search.txt) to your reply.
     
  2. Please download MiniRegTool64.zip and unzip it.
    • Run the tool.
    • Copy and paste the following into the edit box:

      HKEY_CLASSES_ROOT\CLSID\{2933BF90-7B36-11D2-B20E-00C04F983E60}
      HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}

       
    • Check Export keys radio button.
    • Press Go button and post the result.
  3. Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
    • List last 10 Event Viewer log
    • List Devices (only check the box and let the default radio button as it is).
    Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.


#40 deaftunes

deaftunes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 26 June 2013 - 12:26 PM

Farbar Recovery Scan Tool (x64) Version: 25-06-2013 02
Ran by CBK BLM at 2013-06-26 12:25:07
Running from C:\Users\CBK BLM\Desktop
Boot Mode: Normal

================== Search: "msxml3.dll" ===================

C:\Windows\winsxs\wow64_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7601.22012_none_f1706a66faf6064b\msxml3.dll
[2012-07-11 09:02] - [2012-06-05 23:25] - 1236480 ____A (Microsoft Corporation) BC3A3A19D2F0232E03C2F9AB71637628

C:\Windows\winsxs\wow64_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7601.17857_none_f0c0b73be1f421b6\msxml3.dll
[2012-07-11 09:02] - [2012-06-06 00:05] - 1236992 ____A (Microsoft Corporation) 1CDEA9188899E76D4FFD54C9D512CCDB

C:\Windows\winsxs\wow64_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.21227_none_ef843ee6fdd33503\msxml3.dll
[2012-07-11 09:02] - [2012-06-05 23:43] - 1236992 ____A (Microsoft Corporation) 381665A6296ADF6939938DA22A112061

C:\Windows\winsxs\wow64_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.20862_none_ef541ff0fdf7fb5d\msxml3.dll
[2011-02-09 13:33] - [2010-12-21 00:28] - 1236992 ____A (Microsoft Corporation) 016BB6475196C655E0B7A027BC397B3C

C:\Windows\winsxs\wow64_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.20728_none_ef855f76fdd2267c\msxml3.dll
[2010-10-24 19:24] - [2010-06-08 00:00] - 1233920 ____A (Microsoft Corporation) 63F2E533E833A1AA54E22A4601563F03

C:\Windows\winsxs\wow64_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.17036_none_eeeecfffe4be9aac\msxml3.dll
[2012-07-11 09:02] - [2012-06-06 00:09] - 1236992 ____A (Microsoft Corporation) 00D1F89836927C0F2E37321E6B441FCE

C:\Windows\winsxs\wow64_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.16723_none_eef6c31fe4b90526\msxml3.dll
[2011-02-09 13:33] - [2010-12-21 00:36] - 1236992 ____A (Microsoft Corporation) BD669749EAEFF96773B5F8D0A43E0068

C:\Windows\winsxs\wow64_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.16605_none_ef0e61a5e4a702cb\msxml3.dll
[2010-10-24 19:24] - [2010-06-08 01:02] - 1233920 ____A (Microsoft Corporation) 3D1E43DDA2D9EAC5820F810C0B2B90D5

C:\Windows\winsxs\wow64_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.16385_none_eeb7dc93e4e7eade\msxml3.dll
[2009-07-13 19:21] - [2009-07-13 20:15] - 1233408 ____A (Microsoft Corporation) 26EB385F014AE2592D6495E6D4E9EFE8

C:\Windows\winsxs\amd64_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7601.22012_none_e71bc014c6954450\msxml3.dll
[2012-07-11 09:02] - [2012-06-06 00:24] - 1879552 ____A (Microsoft Corporation) C752BA2EFEA49BDD2077A494F9690F44

C:\Windows\winsxs\amd64_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7601.17857_none_e66c0ce9ad935fbb\msxml3.dll
[2012-07-11 09:02] - [2012-06-06 01:06] - 1881600 ____A (Microsoft Corporation) 0B2D65FDDE31069299AA6330F359FF9C

C:\Windows\winsxs\amd64_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.21227_none_e52f9494c9727308\msxml3.dll
[2012-07-11 09:02] - [2012-06-06 00:26] - 1879552 ____A (Microsoft Corporation) 1E2307EB43D0BB5BC004E5C64AFD687E

C:\Windows\winsxs\amd64_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.20862_none_e4ff759ec9973962\msxml3.dll
[2011-02-09 13:33] - [2010-12-21 01:07] - 1880064 ____A (Microsoft Corporation) 23DC8684C587987E7F7101A18F9D3A02

C:\Windows\winsxs\amd64_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.20728_none_e530b524c9716481\msxml3.dll
[2010-10-24 19:24] - [2010-06-08 00:32] - 1877504 ____A (Microsoft Corporation) E20CF99DFD5E4D1B0078224094818829

C:\Windows\winsxs\amd64_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.17036_none_e49a25adb05dd8b1\msxml3.dll
[2012-07-11 09:02] - [2012-06-06 00:50] - 1880064 ____A (Microsoft Corporation) CE07AF86AA72F4AE964239DE0DABE738

C:\Windows\winsxs\amd64_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.16723_none_e4a218cdb058432b\msxml3.dll
[2011-02-09 13:33] - [2010-12-21 01:13] - 1880576 ____A (Microsoft Corporation) 99829F5F2B0742CEEE5DD82FBE2E6FAF

C:\Windows\winsxs\amd64_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.16605_none_e4b9b753b04640d0\msxml3.dll
[2010-10-24 19:24] - [2010-06-08 00:36] - 1877504 ____A (Microsoft Corporation) 6D9BE951A06135ADCD7ADDD72F39E306

C:\Windows\winsxs\amd64_microsoft-windows-msxml30_31bf3856ad364e35_6.1.7600.16385_none_e4633241b08728e3\msxml3.dll
[2009-07-13 19:42] - [2009-07-13 20:41] - 1876992 ____A (Microsoft Corporation) 98417DB5BF5777BC6C60D7317CB781C4

C:\Windows\SysWOW64\msxml3.dll
[2012-07-11 09:02] - [2012-06-06 00:09] - 1236992 ____A (Microsoft Corporation) 00D1F89836927C0F2E37321E6B441FCE

C:\Windows\System32\msxml3.dll
[2012-07-11 09:02] - [2012-06-06 00:50] - 1880064 ____A (Microsoft Corporation) CE07AF86AA72F4AE964239DE0DABE738

C:\Program Files (x86)\Common Files\microsoft shared\SFPCA Cache\msxml3.dll
[2005-01-25 08:33] - [2005-01-25 08:33] - 1049088 ____A (Microsoft Corporation) 4F99145EF64D7076709A14AC8B17D2BD

====== End Of Search ======



#41 deaftunes

deaftunes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 26 June 2013 - 12:29 PM

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2933BF90-7B36-11D2-B20E-00C04F983E60}]
@="XML DOM Document"

[HKEY_CLASSES_ROOT\CLSID\{2933BF90-7B36-11D2-B20E-00C04F983E60}\InProcServer32]
"ThreadingModel"="Both"
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\
  78,00,6d,00,6c,00,33,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_CLASSES_ROOT\CLSID\{2933BF90-7B36-11D2-B20E-00C04F983E60}\ProgID]
@="Microsoft.XMLDOM.1.0"

[HKEY_CLASSES_ROOT\CLSID\{2933BF90-7B36-11D2-B20E-00C04F983E60}\SideBySide]
"RegVersion"="6.0"
"Version60RefCount"=dword:00000001
"RefCount"=dword:00000001
"Version30RefCount"=dword:00000001

[HKEY_CLASSES_ROOT\CLSID\{2933BF90-7B36-11D2-B20E-00C04F983E60}\TypeLib]
@="{D63E0CE2-A0A2-11D0-9C02-00C04FC99C8E}"

[HKEY_CLASSES_ROOT\CLSID\{2933BF90-7B36-11D2-B20E-00C04F983E60}\Version]
@="1.0"

[HKEY_CLASSES_ROOT\CLSID\{2933BF90-7B36-11D2-B20E-00C04F983E60}\VersionIndependentProgID]
@="Microsoft.XMLDOM"

[HKEY_CLASSES_ROOT\CLSID\{2933BF90-7B36-11D2-B20E-00C04F983E60}\VersionList]
"6.0"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
  25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,\
  00,78,00,6d,00,6c,00,36,00,2e,00,64,00,6c,00,6c,00,00,00
"3.0"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
  25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,\
  00,78,00,6d,00,6c,00,33,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}]
@="XML DOM Document 3.0"

[HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InProcServer32]
"ThreadingModel"="Both"
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\
  78,00,6d,00,6c,00,33,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\ProgID]
@="Msxml2.DOMDocument.3.0"

[HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\TypeLib]
@="{F5078F18-C551-11D3-89B9-0000F81FE221}"

[HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\Version]
@="3.0"

[HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\VersionIndependentProgID]
@="Msxml2.DOMDocument"
 



#42 deaftunes

deaftunes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 26 June 2013 - 12:30 PM

MiniToolBox by Farbar  Version: 16-06-2013
Ran by CBK BLM (administrator) on 26-06-2013 at 12:29:51
Running from "C:\Users\CBK BLM\Desktop"
Windows 7 Home Premium  (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/26/2013 11:12:05 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error: CoCreateInstance failed HResult: 0x8007045a.

Error: (06/26/2013 09:13:54 AM) (Source: CardSpace 3.0.0.0) (User: NT AUTHORITY)
Description: The Windows CardSpace service is too busy to process this request.
User has too many outstanding requests.



Additional Information:
   at System.Environment.get_StackTrace()
   at Microsoft.InfoCards.Diagnostics.InfoCardTrace.BuildMessage(InfoCardBaseException ie)
   at Microsoft.InfoCards.Diagnostics.InfoCardTrace.TraceAndLogException(Exception e)
   at Microsoft.InfoCards.Diagnostics.InfoCardTrace.ThrowHelperError(Exception e)
   at Microsoft.InfoCards.UIAgentMonitor.AddNewClient(UIAgentMonitorHandle handle)
   at Microsoft.InfoCards.UIAgentMonitorHandle.CreateAgent(Int32 callerPid, WindowsIdentity callerIdentity, Int32 tsSessionId)
   at Microsoft.InfoCards.RequestFactory.CreateClientRequestInstance(UIAgentMonitorHandle monitorHandle, String reqName, IntPtr rpcHandle, Stream inStream, Stream outStream)
   at Microsoft.InfoCards.RequestFactory.ProcessNewRequest(Int32 parentRequestHandle, IntPtr rpcHandle, IntPtr inArgs, IntPtr& outArgs)

Error: (06/26/2013 08:00:27 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered
.


Operation:
   Initialize For Backup

Error: (06/26/2013 08:00:27 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {f5078f32-c551-11d3-89b9-0000f81fe221} and Name MSXML30 is [0x80040154, Class not registered
].


Operation:
   Initialize For Backup

Error: (06/26/2013 08:00:27 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered
.


Operation:
   Initialize For Backup

Error: (06/26/2013 08:00:27 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {f5078f32-c551-11d3-89b9-0000f81fe221} and Name MSXML30 is [0x80040154, Class not registered
].


Operation:
   Initialize For Backup

Error: (06/26/2013 08:00:27 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered
.


Operation:
   Initialize For Backup

Error: (06/26/2013 08:00:27 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {f5078f32-c551-11d3-89b9-0000f81fe221} and Name MSXML30 is [0x80040154, Class not registered
].


Operation:
   Initialize For Backup

Error: (06/26/2013 07:54:36 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/26/2013 07:53:31 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.


System errors:
=============
Error: (06/25/2013 00:57:40 PM) (Source: Service Control Manager) (User: )
Description: The Updater By SweetPacks service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/25/2013 07:38:27 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (06/24/2013 03:21:14 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (06/24/2013 03:20:52 PM) (Source: Service Control Manager) (User: )
Description: The IP Helper service terminated with the following error:
%%126

Error: (06/24/2013 03:19:48 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (06/24/2013 01:58:07 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.254.30.
The computer with the IP address 192.168.254.39 did not allow the name to be claimed by
this computer.

Error: (06/24/2013 01:57:55 PM) (Source: Service Control Manager) (User: )
Description: The IP Helper service terminated with the following error:
%%126

Error: (06/24/2013 01:56:54 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (06/24/2013 11:00:09 AM) (Source: Service Control Manager) (User: )
Description: The IP Helper service terminated with the following error:
%%126

Error: (06/24/2013 10:59:10 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (06/26/2013 11:12:05 AM) (Source: CVHSVC)(User: )
Description: Error: CoCreateInstance failed HResult: 0x8007045a.

Error: (06/26/2013 09:13:54 AM) (Source: CardSpace 3.0.0.0)(User: NT AUTHORITY)
Description: User has too many outstanding requests.



Additional Information:
   at System.Environment.get_StackTrace()
   at Microsoft.InfoCards.Diagnostics.InfoCardTrace.BuildMessage(InfoCardBaseException ie)
   at Microsoft.InfoCards.Diagnostics.InfoCardTrace.TraceAndLogException(Exception e)
   at Microsoft.InfoCards.Diagnostics.InfoCardTrace.ThrowHelperError(Exception e)
   at Microsoft.InfoCards.UIAgentMonitor.AddNewClient(UIAgentMonitorHandle handle)
   at Microsoft.InfoCards.UIAgentMonitorHandle.CreateAgent(Int32 callerPid, WindowsIdentity callerIdentity, Int32 tsSessionId)
   at Microsoft.InfoCards.RequestFactory.CreateClientRequestInstance(UIAgentMonitorHandle monitorHandle, String reqName, IntPtr rpcHandle, Stream inStream, Stream outStream)
   at Microsoft.InfoCards.RequestFactory.ProcessNewRequest(Int32 parentRequestHandle, IntPtr rpcHandle, IntPtr inArgs, IntPtr& outArgs)

Error: (06/26/2013 08:00:27 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040154, Class not registered


Operation:
   Initialize For Backup

Error: (06/26/2013 08:00:27 AM) (Source: VSS)(User: )
Description: {f5078f32-c551-11d3-89b9-0000f81fe221}MSXML300x80040154, Class not registered


Operation:
   Initialize For Backup

Error: (06/26/2013 08:00:27 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040154, Class not registered


Operation:
   Initialize For Backup

Error: (06/26/2013 08:00:27 AM) (Source: VSS)(User: )
Description: {f5078f32-c551-11d3-89b9-0000f81fe221}MSXML300x80040154, Class not registered


Operation:
   Initialize For Backup

Error: (06/26/2013 08:00:27 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040154, Class not registered


Operation:
   Initialize For Backup

Error: (06/26/2013 08:00:27 AM) (Source: VSS)(User: )
Description: {f5078f32-c551-11d3-89b9-0000f81fe221}MSXML300x80040154, Class not registered


Operation:
   Initialize For Backup

Error: (06/26/2013 07:54:36 AM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (06/26/2013 07:53:31 AM) (Source: SideBySide)(User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2


========================= Devices: ================================


**** End of log ****
 



#43 Farbar

Farbar

    Just Curious


  • Security Developer
  • 20,814 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:08 PM

Posted 26 June 2013 - 12:49 PM

Did you restart the computer after the fix in Post #36 before trying to see if the issues are remaining?



#44 Farbar

Farbar

    Just Curious


  • Security Developer
  • 20,814 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:08 PM

Posted 26 June 2013 - 12:56 PM

Please don't miss my previous post.

 

Let's make sure.

 

Please download TDSSKiller.zip and and extract it.

  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

 



#45 deaftunes

deaftunes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 26 June 2013 - 12:57 PM

Yes, and the issues still remained.  Just restarted again, still the same.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users