Avast WEBforum
Other => Viruses and worms => Topic started by: SteveinMD on August 07, 2012, 08:03:25 AM
-
Please help me fix my computer!
I only got an OTL.txt file from OTL. I did not see an Extras.txt file.
MBAM log...
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.07.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Stephen :: BLACK [administrator]
Protection: Disabled
8/7/2012 1:20:17 AM
mbam-log-2012-08-07 (01-20-17).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 290321
Time elapsed: 7 minute(s), 48 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 2
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE "%1") Good: ("%1" /S) -> Quarantined and repaired successfully.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\Installer\{71f18028-78c5-4b57-0579-0f6bde86711e}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
(end)
-
ansMBR scan attached...
-
FSS
Farbar Service Scanner Version: 06-08-2012
Ran by Stephen (administrator) on 07-08-2012 at 02:15:48
Running from "C:\Users\Stephen\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of wuauserv. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
-
I dont see a message that anyone is going to look at my logs. Did I do something wrong, or did mt thread just get missed?
-
Did I do something wrong, or did mt thread just get missed?
No, you just have to wait a bit. ;)
-
There may be some delay due to differing time zones and availability of the volunteer malware removal specialists.
-
Thank you for the reply. I'm happy to wait my turn.
-
You're welcome, hopefully it won't be too long.
-
Am I still in the queue?
-
Hi SteveinMD,
I'm sorry you've had to wait.
A malware expert has been notified.
As he lives in England, he should be online in a few hours later on today.
-
No problem. Thank you.
-
Hi sorry you were missed
Lets get to work... I will need a fresh run of FSS on completion as both OTL and Combofix will be carrying out repairs but I will need to confirm that they stuck
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:Files
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\Installer\{71f18028-78c5-4b57-0579-0f6bde86711e}
C:\Users\Stephen\AppData\Local\{71f18028-78c5-4b57-0579-0f6bde86711e}
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /release /c
ipconfig /renew /c
sc create BITS binpath= "c:\windows\system32\svchost.exe -k netsvcs" start= delayed-auto /c
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
(http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png)
(http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png)
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
FINALLY
Please re-run FSS
-
My OTL log is attached. I'm moving on with the ComboFix steps.
-
The computer seems to be operating normally. I can't thank you enough!
Logs are attached.
-
Any further problems ?
-
No problems to report. You guys rock!
-
Subject to no further problems :)
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean :thumbsup:
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands
[resethosts]
[emptytemp]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
Remove ComboFix
- Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
- In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK
(http://i1224.photobucket.com/albums/ee362/Essexboy3/Misc%20screen%20shots/CF_Uninstall-1.jpg)
- Follow the prompts on the screen
- A message should appear confirming that ComboFix was uninstalled
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
- Go to control panel
- Select folder options (Appearance > Folder options in category view)
- Select the View Tab.
- Under the Hidden files and folders heading select Do not show hidden files and folders.
- Click Yes to confirm.
- Click OK.
(http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif)
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:
- Go to this site (http://java.com/en/) and click Do I have Java
- It will check your current version and then offer to update to the latest version
SPRING CLEAN
To manually create a new Restore Point
- Go to Control Panel and select System
- Select System
- On the left select System Protection and accept the warning if you get one
- Select System Protection Tab
- Select Create at the bottom
- Type in a name i.e. Clean
- Select Create
Now we can purge the infected ones
- GoStart > All programs > Accessories > system tools
- Right click Disc cleanup and select run as administrator
- Select Your main drive and accept the warning if you get one
- For a few moments the system will make some calculations
- Select the More Options tab
- In the System Restore and Shadow Backups select Clean up
- Select Delete on the pop up
- Select OK
- Select Delete
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif)
Malwarebytes (http://www.malwarebytes.org/mbam-download.php). Update and run weekly to keep your system clean
Download and install FileHippo update checker (http://www.filehippo.com/updatechecker/) and run it monthly it will show you which programmes on your system need updating and give a download link
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
- Microsoft Windows Update (http://windowsupdate.microsoft.com)
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ? (http://www.geekstogo.com/forum/topic/225044-preventing-malware-and-safe-computing/)
Keep safe :wave:
-
It turns out that the malware damaged or removed the BITS service (Background Intelligent Transfer Service) which affects my ability to run Windows Updates. Is this something that can be fixed?
-
There will be a bit of a delay until essexboy is back on-line later this afternoon (almost 10:40am in the UK).
Are you getting any errors when you try to use windows update ?
It may be that the service is disabled rather than damaged or removed, check Windows Run and type services.msc and look for the Background Intelligent Transfer Service - is it set to Automatic and is it running ?
If not set it to Automatic and click the Start button. You may need administrative privileges to do this.
If the above doesn't resolve it, I'm sure essexboy has some fixes up his sleeve.
-
Same problem here... :(
(in french sorry, i can translate some part if needed)
Malwarebytes Anti-Malware (Essai) 1.62.0.1300
www.malwarebytes.org
Version de la base de données: v2012.08.08.11
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Philippe :: PHILIPPE-MUSIC [administrateur]
Protection: Activé
08/08/2012 23:52:23
mbam-log-2012-08-08 (23-52-23).txt
Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 295505
Temps écoulé: 18 minute(s), 23 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 1
HKCU\Software\Visicom Media (Adware.KeenValue) -> Mis en quarantaine et supprimé avec succès.
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 4
C:\Windows\Installer\{583a3e06-fa9b-8b8f-dcd4-8949182b6ad4}\n (Rootkit.0Access) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\Installer\{583a3e06-fa9b-8b8f-dcd4-8949182b6ad4}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\Installer\{583a3e06-fa9b-8b8f-dcd4-8949182b6ad4}\U\000000cb.@ (Rootkit.0Access) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\Installer\{583a3e06-fa9b-8b8f-dcd4-8949182b6ad4}\U\80000032.@ (Rootkit.0Access) -> Mis en quarantaine et supprimé avec succès.
(fin)
Need some help please... :-[
Thank you !
Phil
-
@ PhRey
- Please create your own new topic, here http://forum.avast.com/index.php?board=4.0 (http://forum.avast.com/index.php?board=4.0) in the viruses and worms forum (click the New topic button at the top of the page see image) and we will try and help you there.
-
Ok sorry, i thought it was the same problem. ;o)
->
-
When I try to start the BITS service it says...
Windows could not start the BITS service on Local Computer. Error 126: The specified module could not be found.
-
Ok sorry, i thought it was the same problem. ;o)
->
No problem, whilst it might be the same problem, the fixes are unique to the particular system and helping two in the same topic can confuse.
-
OK I have an answer for that
But it did not show as a problem in FSS
Right click the following link and select "Save Target As...." and save to the desktop
https://dl.dropbox.com/u/73555776/bits.reg
Then right click the registry file and select merge
Accept the warnings and reboot
Now try
-
When I try to start the BITS service it says...
Windows could not start the BITS service on Local Computer. Error 126: The specified module could not be found.
OK, I found this on that error, BITS error 126 windows 7 (http://answers.microsoft.com/en-us/windows/forum/windows_other-windows_update/bits-error-126-windows-7/eafdfddd-8a5c-4163-88f5-28f74995a136), if that doesn't help, hopefully essexboy will be able to get back to the topic soon.
Edit: he's already here.
-
Looks perfect, thank you. I won't be able try it until about 10 hours from now. I'll post the results.
-
The MS link is a bit drastic... Reformat for one registry key missing
-
Understood. I'll try your fix.
-
The MS link is a bit drastic... Reformat for one registry key missing
Yes MS can often suggest a sledge hammer to crack a nut, that way they don't have to give any detailed information to resolve the problem.
-
OK I have an answer for that
But it did not show as a problem in FSS
Right click the following link and select "Save Target As...." and save to the desktop
https://dl.dropbox.com/u/73555776/bits.reg
Then right click the registry file and select merge
Accept the warnings and reboot
Now try
I think I correctly followed the instructions but still no BITS service. Actually before I did these steps BITS showed up under services, but it would not start. Afterwards, I no longer see the BITS service at all. Hopefully I don't have to go with the MS solution! Thanks for your help.
-
Could you re-run FSS please
-
FSS Log
-
Windows Update:
============
BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
All the parts are there it is just not running... So I have three programmes that should be able to fix this.. I will run the two most likely to succed first
First :
Run the MSFixit from here http://support.microsoft.com/kb/971058
Reboot then try updates
If that fails then :
Second :
This will reset windows services to default, so if you have disabled any you will need to reset them to how you want
Download Windows Repair (all in one) from this site (http://www.tweaking.com/content/page/windows_repair_all_in_one.html)
Install the programme then run
(https://dl.dropbox.com/u/73555776/waio%20start.JPG)
Go to step 3 and allow it to run SFC
(https://dl.dropbox.com/u/73555776/waio%20step3.JPG)
On the start repairs tab click start
(https://dl.dropbox.com/u/73555776/waiostart%20rep.JPG)
Select the following items and tick restart system when finished
(https://dl.dropbox.com/u/73555776/waio%20rep%20list.JPG)
-
I tried method 1 - still no BITS service after reboot.
Then method 2 - still not BITs service. Does the tweaking.com repair create a log file somewhere that I can post? While running it I did notice there were a few changes that did not work due to a permissions error, but the program finished executing.
-
There should be a log on the C drive
Could you open reg edit and see if this key is present
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS\Parameters]
“ServiceDll”=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,71,00,6d,00,\
67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00
-
see...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS\Parameters
Name “ServiceDll” Type REG_EXPAND__SZ Data %systemroot%\system32\qmgr.dll
Binary Data
0000 25 00 73 00 79 00 73 00 %.s.y.s.
0008 74 00 65 00 6D 00 72 00 t.e.m.r
0010 6F 00 6F 00 74 00 25 00 o.o.t.%.
0018 5C 00 73 00 79 00 73 00 \.s.y.s.
0020 74 00 65 00 6D 00 33 00 t.e.m.3.
0028 32 00 5C 00 71 00 6D 00 2.\.q.m.
0030 67 00 72 00 2E 00 64 00 g.r...d.
0038 6C 00 6C 00 00 00 l.l...
First 4 repair logs attached.
-
Next 2
-
Next 1
-
Next 1
-
Last 2
-
OK looks like this new version has deleted some other files in addition to breaking the registry
Also could you check to see if you have a service called BFE (Base Filtering Engine)
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
:filefind
qmgr.*
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
-
I do have BFE and it seems to be running.
System Look log attached.
-
I have fielded this out to the rest of the malware staffs as this is definitely a new twist .. qmgr is missing from the proper place
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:Files
C:\Windows\system32\qmgr.dll|C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll /replace
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
OTL Log attached
-
Could you retry now .. We may need to reregister the dll
-
Same result. Windows update fails.
-
Could you re-run windows repair but this time just select windows updates that should re-register the file for us... Also could you post the log for that section
-
Same result. Windows update fails, and I don't see BITS listed as a service. Log attached.
-
Could you set the bits service by going start > All programs > Accessories
Right click command prompt
Select run as administrator
Type in the following and press enter:
sc create BITS binpath= "c:\windows\system32\svchost.exe -k netsvcs" start= delayed-auto
That should create the BITS service
I have another one here with the same problem http://forum.avast.com/index.php?topic=103020.new#new
Could you follow the instructions that I gave hin in the last post
-
Okay - sorry, I do have BITS installed. Previously it was just called BITS, now the service has the name spelled out and I missed it. It fails to start with error 193: 0xc1
The dependencies are the same as yours, and both say their status is started.
-
TA a bit more data to check out
Hopefully when I find a resolution to this it will be a quick (ish) fix for any one else that has it
-
Could you follow the steps on this page please... http://support.microsoft.com/kb/916251
I will be doing the same to see if I can make it simpler
-
I check back in a few hours. Thank you for your persistence.
-
Start --> Run --> regsvr32 qmgr.dll
Result...
The module "qmgr.dll was loaded but the entry-point DllRegisterServer as not found. Make sure that qmgr.dll is valid DLL or OCX file and then try again.
-
Step 2 b works correctly.
Start --> Run --> regsvr32 qmgrprxy.dll
-
Thanks I will pass that to the programming gurus to see if they have an answer
-
OK here is a known good copy of qmgr
Download and place in the windows system32 folder.. Allow to overwrite
https://dl.dropbox.com/u/73555776/qmgr.dll
Then try regsrv32 on that file again
-
I downloaded the file with no problem, but I got the same result as above when I tried to register it.
The module "qmgr.dll" was loaded but the entry-point DllRegisterServer as not found. Make sure that "qmgr.dll" is valid DLL or OCX file and then try again.
I'm on Win 7, 64 bit. Is this the correct dll for me?
-
Yes it was from my win 7 64bit
A slightly modified registry file that may work
Download from the link by right clicking and selecting "Save Target As " to the desktop
Right click and select merge
then reboot
https://dl.dropbox.com/u/73555776/bits.reg
-
I downloaded, merged, and rebooted, but the computer remains in the same state.
-
Bear with me there are still discussions ongoing on this
-
So far - as far as I can ascertain you are the only one with this problem.. So it may be a variation on a theme
Next option on the qmgr to to specify the full path
Start --> Run --> regsvr32 C:\Windows\system32\qmgr.dll
-
The same error was the result
-
Could regsvr32 have been modified to fail when registering qmgr.dll? It works fine when registering qmgrprxy.dll.
-
I re-downloaded the dll to make sure I properly over-wrote the old one. I'm confident I did it correctly, but I still get the same result.
-
Thoughts are coming in fairly regularly
The next possibility is a permissions problem on this folder
C:\Users\All Users\Application Data\Microsoft\Network\Downloader
So we will confirm or deny that part
Download from the link below "take Ownership.zip"
https://dl.dropbox.com/u/73555776/TakeOwnership.zip
Extract the reg file and merge to the registry
Then navigate to C:\Users\All Users\Application Data\Microsoft\Network\Downloader
you may need to show hidden files and folders
Right click the folder and you will find a new option "Take Ownership"
Select that and a command box will open and ownership will be taken
Reboot and try again
-
I got a different error...
________________
The module "C:\Windows\System32\qmgr.dll " failed to load.
Make sure the binary is stored at the specified path or debug to check for problems with the binary or dependent .DLL files.
The specified module could not be found.
________________
The qmgt.dll is under C:\Windows\System32.
-
Unfortunately I'm going to have to take the rest of the day off. I'll be traveling until Monday morning. I'm supposed to have Internet connectivity at my destination and I'll continue to help any way I can.
-
Thank you for your assistance in trying to resolve this
See you later
-
I'm back online and available off and on today. I believe we made some progress with the permissions on the downloader directory. Once we reset it I think we got past one error anyway. Let me know if I can help.
-
There are about five people at the moment discussing this problem... So far no others have yet come across it.. So we feel it is either a new trial variant of the malware or a badly constructed one.
The programmiing gurus are trying to back trace the required elements for bits to determine where the break could be
And this is weird as the necessary files/registry keys appear to be in the right place
-
We have a solution from an elevated command prompt :
Go Start > All Programs > Accessories
Right click command prompt and select run as administrator
In the black box type the following :
sc delete bits
Reboot and then run the registry file you downloaded previously
-
After running the delete, rebooting, merging the BITS registry file, and rebooting again, BITS is up and running. Windows Update seems to be downloading updates.
-
Sheesh.. That took a lot of brain power and people to suss out... But now we have a solution ;D
How is the computer behaving now ?
-
Everything seems to be operating normally. As I said before...You Guys Rock!
I'll see if I can find any other issues, but I think we're in good shape.
-
Well it was a nice training experience for me ;D
-
+1
-
I'm having trouble printing and I think it's related to the virus I had. The print spooler does not start automatically even though it's set to automatic. It seems to start when I do it manually, but applications don't see my installed printers but I can see them in Devices and Printers. When I try to print my applications says to install a printer.
-
There are several options here http://social.technet.microsoft.com/Forums/en-US/w7itproperf/thread/fd7f46d3-baa1-4a38-9ad3-dec5426d9297
Went directly to the directory suggested by Arthur_Li and I saw two files (00005.SHD and 00005.SPL) with creation date and time exactly the date and time the first time I had the printer error. I deleted the files and the Spooler Service ended stopping at his own.
This option looks like a good starting point
-
I deleted the files in the specified directory and it cleared up the problem. Thank you, again!
-
I love it when a plan comes together ;D
-
I was having the same Print Spooler issues after some massive infection probs, was completely unable to print anything... (Full scans with Avast and Malwarebytes removed all sorts of recent incursions) But deleting the files in that location worked for me also! yay! Thanks bunches!