Sysinternals Homepage
Forum Home Forum Home > Windows Discussions > Malware
  New Posts New Posts RSS Feed - 0xc000007B??
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

0xc000007B??

 Post Reply Post Reply
Author
Message
Tomas View Drop Down
Newbie
Newbie
Avatar

Joined: 18 September 2007
Location: Sweden
Status: Offline
Points: 10
Post Options Post Options   Thanks (0) Thanks(0)   Quote Tomas Quote  Post ReplyReply Direct Link To This Post Topic: 0xc000007B??
    Posted: 17 January 2009 at 6:56pm
Hello!

I have a sneaking suspicion that I have malware on my laptop. When I try to install many new programs (such as, vlc, acrobat reader, acrobat flash, mplayer, google desktop etc) this message pops up:

"The application failed to initialize properly 0xc000007B. Click ok to terminate the application."

Posts from other webpages correlate this problem with W32.Klez.gen@mm or W32.ElKern.gen

I can not locate any malware using Symantec Endpoint. Symantec has a program for removing this malware but I failed in finding any when running Symantecs program in safemode.

When starting up AWG Anti-Spyware it fails in connecting to its server for updates. I find that puzzling.

SuperAntiSpyware downloads fine, updates, but does not detect malware.

When using autoruns, this is the log I get after both "verify code signatures" and "hide signed microsoft entries" have been checked.



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run           
+ !AVG Anti-Spyware    AVG Anti-Spyware    (Verified) GRISOFT LTD    c:\program\grisoft\avg anti-spyware 7.5\avgas.exe
+ Broadcom Wireless Manager UI    Dell Wireless WLAN Card Wireless Network Tray Applet    (Not verified) Dell Inc.    c:\windows\system32\wltray.exe
+ ccApp    Symantec User Session    (Verified) Symantec Corporation    c:\program\delade filer\symantec shared\ccapp.exe
+ ChangeTPMAuth    ChangeTPMAuth Application    (Not verified) Wave Systems Corp.    c:\program\wave systems corp\common\changetpmauth.exe
+ Document Manager    Document Manager Hook Startup    (Not verified) Wave Systems Corp.    c:\program\wave systems corp\services manager\docmgr\bin\docmgr.exe
+ IntelWireless    Intel(R) PROSet/Wireless Framework    (Not verified) Intel(R) Corporation    c:\program\delade filer\intel\wirelesscommon\ifrmewrk.exe
+ IntelZeroConfig    Intel(R) PROSet/Wireless Zero Config Service    (Not verified) Intel(R) Corporation    c:\program\intel\wifi\bin\zcfgsvc.exe
+ KADxMain    IntelliSonic Systray Control (KADxMain)    (Not verified) Knowles Acoustics    c:\windows\system32\kadxmain.exe
+ SecureUpgrade    Check For Later Product Line     (Not verified) Wave Systems Corp.    c:\program\wave systems corp\secureupgrade.exe
+ SunJavaUpdateSched    Java(TM) 2 Platform Standard Edition binary    (Not verified) Sun Microsystems, Inc.    c:\program\java\jre1.5.0_06\bin\jusched.exe
C:\Documents and Settings\Tomas Persson\Start-meny\Program\Autostart           
+ Dropbox.lnk    Dropbox        c:\program\dropbox\dropbox.exe
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components           
+ 0            File not found: About:Home
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks           
+ AVG Anti-Spyware 7.5    AVG Anti-Spyware shellexecutehook    (Verified) GRISOFT LTD    c:\program\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved           
+ 7-Zip Shell Extension    7-Zip Shell Extension    (Not verified) Igor Pavlov    c:\program\7-zip\7-zip.dll
+ DropboxExt    Dropbox Shell Extension    (Not verified) Evenflow, Inc.    c:\program\dropbox\dropboxext.dll
+ DropboxExt    Dropbox Shell Extension    (Not verified) Evenflow, Inc.    c:\program\dropbox\dropboxext.dll
+ DropboxExt    Dropbox Shell Extension    (Not verified) Evenflow, Inc.    c:\program\dropbox\dropboxext.dll
+ Kontrollpanelstillägg för bildskärmspanorering            File not found: deskpan.dll
+ LDVP Shell Extensions    Symantec AntiVirus    (Verified) Symantec Corporation    c:\program\symantec\symantec endpoint protection\vpshell2.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects           
+ SSVHelper Class    Java(TM) 2 Platform Standard Edition binary    (Not verified) Sun Microsystems, Inc.    c:\program\java\jre1.5.0_06\bin\ssv.dll
HKLM\System\CurrentControlSet\Services           
+ AVG Anti-Spyware Guard    AVG Anti-Spyware guard    (Verified) GRISOFT LTD    c:\program\grisoft\avg anti-spyware 7.5\guard.exe
+ ccEvtMgr    Event propagation and logging service    (Verified) Symantec Corporation    c:\program\delade filer\symantec shared\ccsvchst.exe
+ ccSetMgr    Settings storage and management service    (Verified) Symantec Corporation    c:\program\delade filer\symantec shared\ccsvchst.exe
+ EvtEng    Manages the event trace messages for all the Intel® PROSet/Wireless Software components.    (Not verified) Intel(R) Corporation    c:\program\intel\wifi\bin\evteng.exe
+ RegSrvc    Provides registry access to all Intel® PROSet/Wireless Software components    (Not verified) Intel(R) Corporation    c:\program\delade filer\intel\wirelesscommon\regsrvc.exe
+ S24EventMonitor    Wireless Management Service for Intel® PROSet/Wireless WiFi Software    (Not verified) Intel(R) Corporation    c:\program\intel\wifi\bin\s24evmon.exe
+ SmcService    Provides communication with the Symantec Endpoint Protection Manager. It also provides network threat protection and application and device control for the client.    (Verified) Symantec Corporation    c:\program\symantec\symantec endpoint protection\smc.exe
+ Symantec AntiVirus    Provides virus-scanning for Symantec Endpoint Protection.    (Verified) Symantec Corporation    c:\program\symantec\symantec endpoint protection\rtvscan.exe
+ tcsd_win32.exe    TCS service for accessing the TPM        c:\program\ntru cryptosystems\ntru tcg software stack\bin\tcsd_win32.exe
+ WLANKEEPER    Provides Single Sign On (SSO) functionality.    (Not verified) Intel(R) Corporation    c:\program\intel\wifi\bin\wlkeeper.exe
+ wltrysvc    Provides automatic configuration for the 802.11 adapter using the Broadcom supplicant.        c:\windows\system32\wltrysvc.exe
HKLM\System\CurrentControlSet\Services           
+ AVG Anti-Spyware Driver        (Verified) GRISOFT LTD    c:\program\grisoft\avg anti-spyware 7.5\guard.sys
+ AvgAsCln    AVG7 Clean Driver    (Verified) GRISOFT LTD    c:\windows\system32\drivers\avgascln.sys
+ cercsr6    DELL CERC SATA1.5/6ch Miniport Driver    (Not verified) Adaptec, Inc.    c:\windows\system32\drivers\cercsr6.sys
+ Changer            File not found: C:\WINDOWS\System32\Drivers\Changer.sys
+ DXEC01    dxec01.sys    (Not verified) Knowles Acoustics    c:\windows\system32\drivers\dxec01.sys
+ eeCtrl    Symantec Eraser Control Driver    (Verified) Symantec Corporation    c:\program\delade filer\symantec shared\eengine\eectrl.sys
+ EraserUtilRebootDrv    Symantec Eraser Utility Driver    (Verified) Symantec Corporation    c:\program\delade filer\symantec shared\eengine\eraserutilrebootdrv.sys
+ i2omgmt            File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys
+ lbrtfdc            File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys
+ NAVENG    AV Engine    (Verified) Symantec Corporation    c:\program\delade filer\symantec shared\virusdefs\20090116.004\naveng.sys
+ NAVEX15    AV Engine    (Verified) Symantec Corporation    c:\program\delade filer\symantec shared\virusdefs\20090116.004\navex15.sys
+ PBADRV    PBADRV    (Not verified) Dell Inc    c:\windows\system32\drivers\pbadrv.sys
+ PCIDump            File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
+ PDCOMP            File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
+ PDFRAME            File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys
+ PDRELI            File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys
+ PDRFRAME            File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
+ PxHelp20    Px Engine Device Driver for Windows 2000/XP    (Verified) Sonic Solutions    c:\windows\system32\drivers\pxhelp20.sys
+ SPBBCDrv    SPBBC Driver    (Verified) Symantec Corporation    c:\program\delade filer\symantec shared\spbbc\spbbcdrv.sys
+ SRTSP    Symantec AutoProtect    (Verified) Symantec Corporation    c:\windows\system32\drivers\srtsp.sys
+ SRTSPL    Symantec AutoProtect    (Verified) Symantec Corporation    c:\windows\system32\drivers\srtspl.sys
+ SRTSPX    Symantec AutoProtect    (Verified) Symantec Corporation    c:\windows\system32\drivers\srtspx.sys
+ SymEvent    Symantec Event Library    (Verified) Symantec Corporation    c:\windows\system32\drivers\symevent.sys
+ SYMREDRV    Redirector Filter Driver    (Verified) Symantec Corporation    c:\windows\system32\drivers\symredrv.sys
+ SYMTDI    Network Dispatch Driver    (Verified) Symantec Corporation    c:\windows\system32\drivers\symtdi.sys
+ SysPlant    Symantec CMC Firewall SysPlant    (Verified) Symantec Corporation    c:\windows\system32\drivers\sysplant.sys
+ UIUSys            File not found: system32\DRIVERS\UIUSYS.SYS
+ VBoxDrv        (Verified) Sun Microsystems, Inc.    c:\windows\system32\drivers\vboxdrv.sys
+ VBoxNetFlt    VirtualBox Host Interface Networking Driver    (Verified) Sun Microsystems, Inc.    c:\windows\system32\drivers\vboxnetflt.sys
+ VBoxUSBMon    VirtualBox USB Monitor Driver    (Verified) Sun Microsystems, Inc.    c:\windows\system32\drivers\vboxusbmon.sys
+ WDICA            File not found: C:\WINDOWS\System32\Drivers\WDICA.sys
+ WPS    Symantec CMC Firewall WPS    (Verified) Symantec Corporation    c:\windows\system32\drivers\wpsdrvnt.sys
+ WpsHelper    Symantec CMC Firewall WpsHelper    (Verified) Symantec Corporation    c:\windows\system32\drivers\wpshelper.sys
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls           
+ wxvault.dll    wxvault Dynamic Link Library        c:\windows\system32\wxvault.dll
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9           
+ Wave Systems Kerberos LSP    BioLsp Dynamic Link Library    (Not verified) Wave Systems Corp.    c:\windows\system32\biolsp.dll
+ Wave Systems Kerberos LSP over [MSAFD Tcpip [RAW/IP]]    BioLsp Dynamic Link Library    (Not verified) Wave Systems Corp.    c:\windows\system32\biolsp.dll
+ Wave Systems Kerberos LSP over [MSAFD Tcpip [TCP/IP]]    BioLsp Dynamic Link Library    (Not verified) Wave Systems Corp.    c:\windows\system32\biolsp.dll
+ Wave Systems Kerberos LSP over [MSAFD Tcpip [UDP/IP]]    BioLsp Dynamic Link Library    (Not verified) Wave Systems Corp.    c:\windows\system32\biolsp.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages           
+ wvauth    Authentication Package    (Not verified) Wave Systems Corp.    c:\windows\system32\wvauth.dll
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order           
+ BCMLogon    Dell Wireless WLAN Card Logon Provider    (Not verified) Dell Inc.    c:\windows\system32\bcmlogon.dll
+ IntelNetProvCredMan    IntelNetProvCredMan    (Not verified) Intel(R) Corporation    c:\windows\system32\netprovcredman.dll
+ SnacNp    Symantec SNAC Network Provider    (Verified) Symantec Corporation    c:\program\symantec\symantec endpoint protection\snacnp.dll


I saw a post somewhere linking the 0xc000007B error with an uninstalled .NET framework. I have the .NET Framework 3.5 installed.



Could someone help me out?

Thanks
Tomas
Back to Top
Tomas View Drop Down
Newbie
Newbie
Avatar

Joined: 18 September 2007
Location: Sweden
Status: Offline
Points: 10
Post Options Post Options   Thanks (0) Thanks(0)   Quote Tomas Quote  Post ReplyReply Direct Link To This Post Posted: 17 January 2009 at 9:58pm
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008022914263148
Back to Top
SvenBomwollen View Drop Down
Senior Member
Senior Member


Joined: 29 August 2008
Location: Germany
Status: Offline
Points: 1630
Post Options Post Options   Thanks (0) Thanks(0)   Quote SvenBomwollen Quote  Post ReplyReply Direct Link To This Post Posted: 18 January 2009 at 1:01am
Hello, Tomas.
Originally posted by Tomas Tomas wrote:

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008022914263148
Is this meant to be the diagnosis and therefore the solution as well?

It does not sound totally unlikely. And as far as I can tell from your Autoruns logfile, you have got the "Wave System's Embassy Security Suite" installed on your machine.

A general note:
Using several different security suites simultaneously does not necessarily mean that you are better protected from malware and intruders, but it is not completely unlikely to cause conflicts between the different security suites.

Have you tried to get the update which Symantec talk about? Or have you applied the recommended workaround? With which result?

Kind regards,
SvenBomwollen
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down