Verify class id problem

I recently got infected with some malware and now when I boot up I get a verify class id error. I can't continue until manually killing it and then get some dr Watson spam. It occurs in safe mode as well. I can run most programs after getting the verify class error and killing it, but after running super anti spyware I can no longer access the internet.

Thanks

 

http://www.majorgeeks.com/images/grenade.gifWelcome! to MajorGeeks.com!http://www.majorgeeks.com/images/grenade.gif

Please follow the instructions in the READ & RUN ME FIRST link given further down and attach the requested logs when you finish these instructions.

• If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
  • TDSSserv Non-Plug & Play Driver Disable
• If something does not run, write down the info to explain to us later but keep on going.
• Do not assume that because one step does not work that they all will not.

READ & RUN ME FIRST. Malware Removal Guide


Helpful Notes:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in Safe Mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
3. To avoid additional delay in getting a response, it is advised that after completing the READ & RUN ME you also read this sticky:
   • Don't Bump! It Only Hurts You!
4. Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.

 

Not sure how much help you can provide with what little actually worked and no logs could be recorded.

First of all, I can't get to Add/Remove programs. A Run a DLL as an App error comes up and prevents me from doing that.

Same goes for checking msconfig

CCleaner ran fine.

Super Anti Spyware installed fine (no updates as my internet connections won't come up) and removed some files. I was unable to get to the logs as the verclsid error seems to prevent those from being displayed.

Spybot found and tried to clean win32.delf.uc It claimed it was fixed but it always comes back.

Combofix and MGTools can't run as cmd.exe crashes immediately.

 

You need to try and run as many steps as possible. You can also try the scans in Safe Mode.

Once complete, we can't help you without logs as it's our only way to see inside your computer.

 

I believe I listed them all, I guess I did forget to mention that the same thing occurs in safe mode. The only programs that I can run are Super Anti Spyware and Spybot. I don't believe there are logs for Spybot and I can't view them for Super Anti Spyware as I get the error messages that I mentioned.

 

The log is a .TXT file, I'm asking you to attach this file.

Also, you did not appear to have ran MGTools as requested. Go back and try to run this and attach the log it creates (C:\MGTools.zip).

 

I did mention MGTools, it has the same problem that combofix has. When I try to run it I get a plethora of errors about cmd.exe crashing and it never runs. I couldn't find any logs for Spybot or SuperAntiSpyware in their folders. Only the ones in SuperAntiSpyware that are brought up through preferences and then choosing view. Those won't come up due to the verclsid.exe error. I'll look again when I get home tonight, but I don't think I can get to any of them.

 

I believe this problem is related to a recent MS update, let's try the below fix.

First, I would recommend downloading Erunt and backing up the registry.

Next, please follow the steps below carefully.

1. (If you have multiple user accounts set up) Log onto the computer using an account with Administrator privileges
   
2. Click the Start button, then click Run and type "regedit" at the prompt, without the quotes; this will start Registry Editor
   
3. Locate the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached key in Registry Editor.
   
4. Right click on the key and select New / DWORD Value
   
5. Rename the resulting value "{A4DF5659-0801-4A60-9607-1C48695EFDA9}
   {000214E6-0000-0000-C000-000000000046} 0x401", without the quotes
   
6. Right click the value, select Modify, and type "1" into the Value Data field
   
7. Close Registry Editor

Once you have completed the above, reboot and try the scans again and let me know how things went.

 

Unfortunately, editing the registry via regedit wasn't possible either. The verclsid error would come up and the registry editor would never come up. Believe a swreg.exe error would follow the verclsid error.

I then tried to do a repair installation of Windows XP. After a small problem getting windows to activate that required removing IE7, the only error I get when logging on now is that explorer.exe has crashed. It will crash any time that I try to start it manually as well. Through the task manager I can still run things, but still get a plethora of errors when trying to run combofix. MGTools now tries to run before eventually crashing. Spybot still finds the same thing as before.

Unless something works soon, I'm just going to reformat.

 

Download RegistarLite and try once more to run the fix in my previous post.

If this still does not allow you to run my previous post then I would recommend the Software Forum to get this issue resolved as it's not a Malware problem. Once you get this problem fixed, we can start the malware steps again but as of right now there isn't anything we can do because of your software issues.