Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Since Malware removal, cannot access files & programmes

Started by GrahamH , Jul 19 2013 03:58 PM

  • Please log in to reply

#46
RKinner
Posted 18 September 2013 - 04:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Funny I don't get it either:

vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
© Copyright 2001-2005 Microsoft Corp.

Writer name: 'Task Scheduler Writer'
Writer Id: {d61d61c8-d73a-4eee-8cdd-f6f9786b7124}
Writer Instance Id: {1bddd48e-5052-49db-9b07-b96f96727e6b}
State: [1] Stable
Last error: No error

Writer name: 'VSS Metadata Store Writer'
Writer Id: {75dfb225-e2e4-4d39-9ac9-ffaff65ddf06}
Writer Instance Id: {088e7a7d-09a8-4cc6-a609-ad90e75ddc93}
State: [1] Stable
Last error: No error

Writer name: 'Performance Counters Writer'
Writer Id: {0bada1de-01a9-4625-8278-69e735f39dd2}
Writer Instance Id: {f0086dda-9efc-47c5-8eb6-a944c3d09381}
State: [1] Stable
Last error: No error

Writer name: 'ASR Writer'
Writer Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Instance Id: {42011dfb-0ae3-4f52-8f30-596b1b6903e1}
State: [1] Stable
Last error: No error

Writer name: 'BITS Writer'
Writer Id: {4969d978-be47-48b0-b100-f328f07ac1e0}
Writer Instance Id: {5764aa31-dcd7-4a60-976b-a0b243928999}
State: [1] Stable
Last error: No error

Writer name: 'Registry Writer'
Writer Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Instance Id: {d2a9133f-8b06-48a5-badd-f48e19e47d05}
State: [1] Stable
Last error: No error

Writer name: 'COM+ REGDB Writer'
Writer Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Instance Id: {57438050-8df2-49ab-bd63-c056a083abab}
State: [1] Stable
Last error: No error

Writer name: 'Shadow Copy Optimization Writer'
Writer Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Instance Id: {632883cd-e4fa-42d9-83fa-f2d36e7d0ee9}
State: [1] Stable
Last error: No error

Writer name: 'WMI Writer'
Writer Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Instance Id: {3a6ac464-e10b-47f9-9f7c-0d4e1708a2f3}
State: [5] Waiting for completion
Last error: No error


Are you missing the BITS Writer?
  • 0

Advertisements

#47
GrahamH
Posted 18 September 2013 - 04:20 PM

GrahamH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
No BITS Writer there either.
  • 0

#48
RKinner
Posted 18 September 2013 - 04:36 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Can't do updates without BITS. Is the service running?
net  start  bits

Should say it is already running:

The requested service has already been started.

More help is available by typing NET HELPMSG 2182.


Does it?
  • 0

#49
GrahamH
Posted 18 September 2013 - 04:42 PM

GrahamH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Yes it says it's already running
  • 0

#50
RKinner
Posted 18 September 2013 - 04:49 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Try:

net  stop  bits
del  \ProgramData\Microsoft\Network\Downloader\qmgr0.dat
del  \ProgramData\Microsoft\Network\Downloader\qmgr1.dat
net  start  bits

  • 0

#51
GrahamH
Posted 18 September 2013 - 04:52 PM

GrahamH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
It confirms that BITS has started successfully
  • 0

#52
RKinner
Posted 18 September 2013 - 05:17 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Does vssadmin list writers show BITS now?
  • 0

#53
GrahamH
Posted 18 September 2013 - 05:22 PM

GrahamH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Yes it does
  • 0

#54
RKinner
Posted 18 September 2013 - 05:28 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Nice that something worked for us.

Clear the alarms (if you can) and reboot and run VEW again and let's see what alarms we get now.
  • 0

#55
GrahamH
Posted 18 September 2013 - 05:31 PM

GrahamH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
OK, I'll run VEW again and post the logs but then I will need to log off. 00.30 local time and 07.30 start tomorrow!
  • 0

Advertisements

#56
RKinner
Posted 18 September 2013 - 05:32 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Go to bed!
  • 0

#57
GrahamH
Posted 18 September 2013 - 05:44 PM

GrahamH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
OK Last post of the day!
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 19/09/2013 00:37:34

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 18/09/2013 23:22:30
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 18/09/2013 21:25:47
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 18/09/2013 12:33:45
Type: Error Category: 0
Event: 8211 Source: System Restore
The scheduled restore point could not be created. Additional information: (0x80042308).

Log: 'Application' Date/Time: 18/09/2013 12:33:45
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80042308).

Log: 'Application' Date/Time: 18/09/2013 12:33:16
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 18/09/2013 12:33:15
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 17/09/2013 22:03:27
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16686, time stamp: 0x52058cf0 Faulting module name: vbscript.dll, version: 5.8.9200.16521, time stamp: 0x512080e8 Exception code: 0xc0000005 Fault offset: 0x00005349 Faulting process id: 0x1960 Faulting application start time: 0x01ceb3ed3899428f Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\Windows\SysWow64\vbscript.dll Report Id: fa82bc70-1fe4-11e3-aacb-a4badbcb00d5

Log: 'Application' Date/Time: 17/09/2013 21:40:14
Type: Error Category: 0
Event: 1043 Source: MsiInstaller
Failed to end a Windows Installer transaction {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}. Error 1622 occurred while ending the transaction.

Log: 'Application' Date/Time: 17/09/2013 21:39:41
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 17/09/2013 21:39:40
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 17/09/2013 15:34:25
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 17/09/2013 15:34:24
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 17/09/2013 13:21:33
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16686, time stamp: 0x52058cf0 Faulting module name: vbscript.dll, version: 5.8.9200.16521, time stamp: 0x512080e8 Exception code: 0xc0000005 Fault offset: 0x00005349 Faulting process id: 0x18cc Faulting application start time: 0x01ceb3a8d2b8840d Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\Windows\SysWow64\vbscript.dll Report Id: 120fa5b1-1f9c-11e3-aa21-a4badbcb00d5

Log: 'Application' Date/Time: 17/09/2013 13:21:29
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16686, time stamp: 0x52058cf0 Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072 Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process id: 0x1a40 Faulting application start time: 0x01ceb3a8ca969ce1 Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 0f233130-1f9c-11e3-aa21-a4badbcb00d5

Log: 'Application' Date/Time: 17/09/2013 13:21:08
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16686, time stamp: 0x52058cf0 Faulting module name: vbscript.dll, version: 5.8.9200.16521, time stamp: 0x512080e8 Exception code: 0xc0000005 Fault offset: 0x00005349 Faulting process id: 0xf00 Faulting application start time: 0x01ceb3a8c35b80a6 Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\Windows\SysWow64\vbscript.dll Report Id: 02c3fdb7-1f9c-11e3-aa21-a4badbcb00d5

Log: 'Application' Date/Time: 17/09/2013 13:20:29
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16686, time stamp: 0x52058cf0 Faulting module name: vbscript.dll, version: 5.8.9200.16521, time stamp: 0x512080e8 Exception code: 0xc0000005 Fault offset: 0x00005349 Faulting process id: 0x9f8 Faulting application start time: 0x01ceb3a817cc156b Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\Windows\SysWow64\vbscript.dll Report Id: ebcf96ac-1f9b-11e3-aa21-a4badbcb00d5

Log: 'Application' Date/Time: 17/09/2013 12:21:11
Type: Error Category: 0
Event: 1101 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x800700d8


Log: 'Application' Date/Time: 17/09/2013 12:21:10
Type: Error Category: 0
Event: 1101 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x800700d8


Log: 'Application' Date/Time: 17/09/2013 11:40:56
Type: Error Category: 0
Event: 1024 Source: MsiInstaller
Product: Microsoft Office Click-to-Run 2010 - Update 'Update for Microsoft Office 2010 (KB2598285) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Log: 'Application' Date/Time: 17/09/2013 11:40:49
Type: Error Category: 0
Event: 1024 Source: MsiInstaller
Product: Microsoft Office Professional Plus 2010 - Update 'Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 18/09/2013 23:34:14
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=D80}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.1.10263 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: MARION-PC Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 18/09/2013 23:34:05
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=D80}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 18/09/2013 23:20:45
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{c2247e9d-8f60-11df-9d02-a4badbcb00d5}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

Operation:
Removing auto-release shadow copies
Loading provider

Context:
Execution Context: System Provider

Log: 'Application' Date/Time: 18/09/2013 22:20:45
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{c2247e9d-8f60-11df-9d02-a4badbcb00d5}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

Operation:
Removing auto-release shadow copies
Loading provider

Context:
Execution Context: System Provider

Log: 'Application' Date/Time: 18/09/2013 21:21:29
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. CurrentSoftGridPrereq: Click2Run installation (version = 14.0.4763.1000) is found on the machine; skipping installation...

Log: 'Application' Date/Time: 18/09/2013 21:21:29
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE is trusted.

Log: 'Application' Date/Time: 18/09/2013 21:20:42
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{c2247e9d-8f60-11df-9d02-a4badbcb00d5}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

Operation:
Removing auto-release shadow copies
Loading provider

Context:
Execution Context: System Provider

Log: 'Application' Date/Time: 18/09/2013 21:11:20
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=E28}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.1.10263 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: MARION-PC Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 18/09/2013 21:11:06
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=E28}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 18/09/2013 19:30:31
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. CurrentSoftGridPrereq: Click2Run installation (version = 14.0.4763.1000) is found on the machine; skipping installation...

Log: 'Application' Date/Time: 18/09/2013 19:30:31
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE is trusted.

Log: 'Application' Date/Time: 18/09/2013 19:20:23
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=D1C}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.1.10263 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: MARION-PC Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 18/09/2013 19:20:10
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=D1C}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 18/09/2013 16:36:26
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{c2247e9d-8f60-11df-9d02-a4badbcb00d5}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

Operation:
Removing auto-release shadow copies
Loading provider

Context:
Execution Context: System Provider

Log: 'Application' Date/Time: 18/09/2013 16:32:09
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. CurrentSoftGridPrereq: Click2Run installation (version = 14.0.4763.1000) is found on the machine; skipping installation...

Log: 'Application' Date/Time: 18/09/2013 16:32:09
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE is trusted.

Log: 'Application' Date/Time: 18/09/2013 16:22:03
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=B58}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.1.10263 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: MARION-PC Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 18/09/2013 16:21:49
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=B58}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 18/09/2013 13:05:20
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{c2247e9d-8f60-11df-9d02-a4badbcb00d5}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

Operation:
Removing auto-release shadow copies
Loading provider

Context:
Execution Context: System Provider

Log: 'Application' Date/Time: 18/09/2013 12:33:17
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{c2247e9d-8f60-11df-9d02-a4badbcb00d5}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

Operation:
Automatically choosing a diff-area volume
Processing EndPrepareSnapshots

Context:
Execution Context: System Provider

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 19/09/2013 00:38:50

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/08/2013 20:05:02
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 06/07/2013 21:12:47
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/06/2013 10:43:11
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 12/06/2013 19:26:52
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/09/2013 23:35:30
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 18/09/2013 23:35:30
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

Log: 'System' Date/Time: 18/09/2013 23:35:29
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 18/09/2013 23:35:29
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

Log: 'System' Date/Time: 18/09/2013 23:35:30
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 18/09/2013 23:35:29
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 18/09/2013 23:35:20
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

Log: 'System' Date/Time: 18/09/2013 23:35:20
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 18/09/2013 23:35:20
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 18/09/2013 23:35:03
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 18/09/2013 23:34:23
Type: Error Category: 0
Event: 30013 Source: Microsoft-Windows-SharedAccess_NAT
The DHCP allocator has disabled itself on IP address 192.168.0.2, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.

Log: 'System' Date/Time: 18/09/2013 23:34:23
Type: Error Category: 0
Event: 34001 Source: Microsoft-Windows-SharedAccess_NAT
The ICS_IPV6 failed to configure IPv6 stack.

Log: 'System' Date/Time: 18/09/2013 23:32:10
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 18/09/2013 23:32:10
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

Log: 'System' Date/Time: 18/09/2013 23:32:10
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 18/09/2013 23:24:18
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 18/09/2013 23:24:18
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

Log: 'System' Date/Time: 18/09/2013 23:24:18
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 18/09/2013 23:24:16
Type: Error Category: 0
Event: 30013 Source: Microsoft-Windows-SharedAccess_NAT
The DHCP allocator has disabled itself on IP address 192.168.0.2, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.

Log: 'System' Date/Time: 18/09/2013 23:24:15
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/09/2013 23:34:23
Type: Warning Category: 0
Event: 34005 Source: Microsoft-Windows-SharedAccess_NAT
The ICS_IPV6 was unable to allocate  bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Log: 'System' Date/Time: 18/09/2013 23:32:16
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 18/09/2013 23:32:16
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 18/09/2013 23:24:16
Type: Warning Category: 0
Event: 34005 Source: Microsoft-Windows-SharedAccess_NAT
The ICS_IPV6 was unable to allocate  bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Log: 'System' Date/Time: 18/09/2013 23:24:14
Type: Warning Category: 0
Event: 34005 Source: Microsoft-Windows-SharedAccess_NAT
The ICS_IPV6 was unable to allocate  bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Log: 'System' Date/Time: 18/09/2013 19:58:52
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 18/09/2013 19:58:52
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 18/09/2013 17:28:56
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 18/09/2013 17:28:56
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 18/09/2013 16:24:50
Type: Warning Category: 0
Event: 34005 Source: Microsoft-Windows-SharedAccess_NAT
The ICS_IPV6 was unable to allocate  bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Log: 'System' Date/Time: 18/09/2013 16:24:49
Type: Warning Category: 0
Event: 34005 Source: Microsoft-Windows-SharedAccess_NAT
The ICS_IPV6 was unable to allocate  bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Log: 'System' Date/Time: 18/09/2013 13:16:25
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 18/09/2013 13:16:25
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 18/09/2013 11:53:46
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 18/09/2013 11:53:46
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 17/09/2013 22:29:39
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 17/09/2013 22:29:39
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 17/09/2013 21:40:09
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 17/09/2013 21:40:09
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 17/09/2013 21:40:09
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.
  • 0

#58
RKinner
Posted 19 September 2013 - 02:35 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Press Start, press All programs, press Accessories and click Notepad

Copy and paste the following text into the document:



net stop wuauserv
net stop bits
net stop cryptsvc
net stop trustedinstaller
sc config cryptsvc start= auto obj= "NT Authority\NetworkService" password= a
sc config wuauserv start= auto obj= LocalSystem
sc config bits start= delayed-auto obj= LocalSystem
Sc config trustedinstaller start= demand obj= LocalSystem
Sc config eventlog start= auto
reg add HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "%systemroot%\system32\wuaueng.dll" /f
reg add HKLM\SYSTEM\CurrentControlSet\Services\bits\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "%systemroot%\system32\qmgr.dll" /f
reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /f
reg delete HKLM\COMPONENTS\PendingXmlIdentifier /f
reg delete HKLM\COMPONENTS\NextQueueEntryIndex /f
reg delete HKLM\COMPONENTS\AdvancedInstallersNeedResolving /f
sc sdset wuauserv D:(A;;CCLCSWRPLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOSDRCWDWO;;;WD)
sc sdset bits D:(A;CI;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;SAFA;WDWO;;;BA)
sc sdset cryptsvc D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
sc sdset trustedinstaller D:(A;CI;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRRC;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;SAFA;WDWO;;;BA)
sc sdset eventlog D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;SA;DCRPWPDTCRSDWDWO;;;WD)(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
takeown /f %systemroot%\winsxs\pending.xml
icacls %systemroot%\winsxs\pending.xml /grant Administrators:(F)
icacls %systemroot%\winsxs\pending.xml /grant Administratörer:(F)
del /q %systemroot%\winsxs\pending.xml
ren %systemroot%\System32\Catroot2 oldcatroot2
ren %systemroot%\SoftwareDistribution SoftwareDistribution.old
rename \ProgramData\Microsoft\Network\Downloader Downloader.old
cd /d %windir%\system32
regsvr32.exe atl.dll /s
regsvr32.exe urlmon.dll /s
regsvr32.exe jscript.dll /s
regsvr32.exe vbscript.dll /s
regsvr32.exe scrrun.dll /s
regsvr32.exe msxml3.dll /s
regsvr32.exe msxml6.dll /s
regsvr32.exe actxprxy.dll /s
regsvr32.exe softpub.dll /s
regsvr32.exe wintrust.dll /s
regsvr32.exe dssenh.dll /s
regsvr32.exe rsaenh.dll /s
regsvr32.exe cryptdlg.dll /s
regsvr32.exe oleaut32.dll /s
regsvr32.exe ole32.dll /s
regsvr32.exe shell32.dll /s
regsvr32.exe wuapi.dll /s
regsvr32.exe wuaueng.dll /s
regsvr32.exe wups.dll /s
regsvr32.exe wups2.dll /s
regsvr32.exe qmgrprxy.dll /s
regsvr32.exe wucltux.dll /s
regsvr32.exe wuwebv.dll /s
net start eventlog
net start cryptsvc
net start bits
net start wuauserv
fsutil resource setautoreset true c:\
netsh winhttp reset proxy
bitsadmin /reset /allusers
wuauclt.exe /resetauthorization /detectnow
:MESSAGE
echo+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
echo===========================================================
echo The commands has been succesfully executed. Hit enter to continue
echo===========================================================
echo+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Pause > Null
:end

Press File and click Save as.

Navigate to the desktop, in the field File name you write reset.bat and in the field save as type you choose All files (*.*). Now hit Save.

Navigate to your desktop, rightclick the file and choose Run as administrator. Reboot and see if windows update will work now.
  • 0

#59
GrahamH
Posted 19 September 2013 - 04:37 AM

GrahamH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Have saved and run Windows repair as administrator but, depressingly, get the same error message as before "unable to open setup file"
  • 0

#60
RKinner
Posted 19 September 2013 - 09:37 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Go into Control Panel, Windows Updates and see if that works.

Run VEW and let me see what errors you got when you tried to run Windows Repair All in One.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP