Windows -> classic ( WAM, AERO disabled, taskmgr.exe deleted)

[Castravete]

Ok, I did the scan with DSS and Windows Defender was still disabled and that file associated with it was still missing. Afterwards, I ran the repair tool once again and it stopped at: Reset Registry Permissions

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (12.11.2013 17:02:51)
   Running Repair Under System Account

 

 

After finding 3 entries which couldn't be repaired it simply froze and even though I let it run for 3 hours, it didn't finish.
 

 

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

 

I will restart the laptop and see what happens.

[Castravete]

Is windows defender a vital tool when I already use avast and malwarebytes ?

[Psychotic]

Why do you run tools without being adviced?! :-/

 

Do you have the windows disk?

[Castravete]

Sorry about that, I did one step twice because I thought that I might have affected the results of it, initially.

 

Windows was installed in 2009 ( first and only time ). I managed to keep the laptop running since then. I should have the disk at home but that is in a different country right now.

[Psychotic]

Download the attached MPSvc.zip and extract it to your C drive.

Then run the following script:

 

 

Fix with FRST (normal mode)
 

• Open notepad (Start =>All Programs => Accessories => Notepad).
• Please copy the entire contents of the code box below.
  (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
• Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.
  
  

  Replace: C:\MpSvc.dll C:\Program Files\Windows Defender\MpSvc.dll

  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
• Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
• The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

MpSvc.zip

[Castravete]

Content of fixlist:

*****************

Replace: C:\MpSvc.dll C:\Program Files\Windows Defender\MpSvc.dll

*****************

 

Could not find C:\Program Files\Windows Defender\MpSvc.dll

Could not replace C:\Program Files\Windows Defender\MpSvc.dll

 

==== End of Fixlog ====

 

 

The file was deleted initially, i could just copy your mcsvc.dll to windows defender folder. Same happened with taskmgr.exe

[Psychotic]

Is Defender working now?

[Castravete]

Marius, is it possible that I might not have Windows Defender installed at all ? I don't even have a folder in Program Files named Windows Defender. I am not sure what to say ...

 

I don't think there is a problem with it as I don't really remember using it. It could be that a virus deleted everything about it but I am not sure about that. 

 

Would it be unreasonable to take care of aero, taskmgr.exe and the desktop problem ? 

[Psychotic]

OK, then we head for taskmgr.exe:

 

 

Search for files with FRST (Recovery Environment)


Run FRST.

Type the following in the edit box after "Search:"

taskmgr.exe

Click Search button and post the log (Search.txt) it makes to your reply.

[Castravete]

Got it. Here it is: 

================== Search: "taskmgr.exe" ===================

 

C:\Windows\winsxs\x86_microsoft-windows-taskmgr_31bf3856ad364e35_6.1.7600.16385_none_143885510a878638\taskmgr.exe

[2009-07-13 23:20] - [2009-09-09 18:45] - 0245248 ____A (Microsoft Corporation) B0192047313D6DE92A8BF21F387B5BED

 

=== End Of Search ===

 

 

[Psychotic]

Fix with FRST (normal mode)

• Open notepad (Start =>All Programs => Accessories => Notepad).
• Please copy the entire contents of the code box below.
  (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
• Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.
  
  

  Replace: C:\Windows\winsxs\x86_microsoft-windows-taskmgr_31bf3856ad364e35_6.1.7600.16385_none_143885510a878638\taskmgr.exe C:\windows\system32\taskmgr.exe

  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
• Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
• The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.
  

 

 

when finished, run this fixIt! by Microsoft and reboot your machine. Tell me if the aero problem still exists:

http://go.microsoft.com/?linkid=9740812

[Castravete]

Content of fixlist:
*****************
Replace: C:\Windows\winsxs\x86_microsoft-windows-taskmgr_31bf3856ad364e35_6.1.7600.16385_none_143885510a878638\taskmgr.exe C:\windows\system32\taskmgr.exe
*****************

Could not find C:\windows\system32\taskmgr.exe
C:\Windows\winsxs\x86_microsoft-windows-taskmgr_31bf3856ad364e35_6.1.7600.16385_none_143885510a878638\taskmgr.exe copied successfully to C:\windows\system32\taskmgr.exe

==== End of Fixlog ====

 

 

Awesome, the task manager appears to be restored. Can we do something about the final problem: Aero and Windows Desktop Manager ? the classical style for windows

[Castravete]

I'm on it, didn't see your link

[Castravete]

It found one problem: Windows Desktop Manager is disabled and it couldn't enable it ( i tried to do it manually but nothing happened )

[Psychotic]

This is a well known problem and MS seems to have its work with that.

Have a look here:

 

http://www.techerator.com/2011/05/how-to-restore-aero-effects-if-the-windows-desktop-window-manager-crashes/

 

Tell me if one of these suggestions bring back your dwm functionality.

[Castravete]

I followed these steps a while ago and they were useless. This problem occurred during the random installation/ random plug-in for Firefox/chrome. Suspicious programs were installed and suspicious plug-ins were opened in the browsers.

 

WDM is still disabled and Aero cannot run the current theme.

[Psychotic]

OK, I cannot provide further support for this. Let´s finish the removal process, I´ll handle you over to our windows guys, then.

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.

• Run adwcleaner.exe
• Hit Scan and wait for the scan to finish.
• Confirm the message but don´t uncheck anything.
• Hit Clean
• When the run is finished, it will open up a text file
• Please post its contents within your next reply
• You´ll find the log file at C:\AdwCleaner[s1].txt also
  

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

• Save it to your desktop, start it and follow the instructions in the window.
• After the scan finished the (checkup.txt) will open. Copy its content to your thread.
  

[AdvancedSetup]

This topic will now be closed due to evidence of cracked or pirated software on this system.

Piracy Policy

 

This is a Pirated version of Windows   -  Microsoft® Windows 7 Eternity™ 2009   (X86)