Jump to content
Sign in to follow this  
Kylla4

Had Exploit:Jave/cve-2012-4681 don't think it's all gone

Recommended Posts

All hives have been replaced, can you re-boot to normal mode then run FSS and post fresh log...

Share this post


Link to post
Share on other sites

Here is the FSS log:

Farbar Service Scanner Version: 03-01-2016

Ran by Patricia (administrator) on 20-01-2016 at 16:22:07

Running from "C:\Users\Patricia\Downloads"

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error. Google IP is unreachable

Google.com is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to retrieve start type of bfe. The value does not exist.

Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of bfe. The value does not exist.

Unable to retrieve ServiceDll of bfe. The value does not exist.

Firewall Disabled Policy:

==================

"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.

System Restore:

============

System Restore Policy:

========================

Action Center:

============

wscsvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to retrieve start type of WinDefend. The value does not exist.

Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of WinDefend. The value does not exist.

Unable to retrieve ServiceDll of WinDefend. The value does not exist.

Windows Defender Disabled Policy:

==========================

Other Services:

==============

Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.

Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.

Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.

Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.

Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Parameters\FirewallPolicy\FirewallRules" registry key. The key does not exist.

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\dhcpcore.dll => File is digitally signed

C:\Windows\System32\drivers\afd.sys => File is digitally signed

C:\Windows\System32\drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\mpssvc.dll => File is digitally signed

C:\Windows\System32\bfe.dll => File is digitally signed

C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed

C:\Windows\System32\SDRSVC.dll => File is digitally signed

C:\Windows\System32\vssvc.exe => File is digitally signed

C:\Windows\System32\wscsvc.dll => File is digitally signed

C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\System32\wuaueng.dll => File is digitally signed

C:\Windows\System32\qmgr.dll => File is digitally signed

C:\Windows\System32\es.dll => File is digitally signed

C:\Windows\System32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Share this post


Link to post
Share on other sites

As expected we are post infection, so reverting to the registry settings listed in FRST did not help.... I want to run services repair, then FSS. If no improvement uninstall Service Pack 1 (SP1) reboot, then install Service Pack 1 (SP1)

 

ESET Services Repair

 

servicerepairico.png Fix with ESET Services Repair

 

Please download Services Repair by ESET and save it to your desktop.

 

Right-click on servicerepairico.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

If security notifications appear, click Continue or Run.

Accept the prompt about restoring services.

Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.

A log will be saved in the CCSupport folder the tool created on your desktop.

Please include that logfile in your next reply.

 

Next,

 

Run FSS again and post fresh log....

Share this post


Link to post
Share on other sites

I think this is the right report; the date in the folder is correct, but is different than the date on the report:

Log Opened: 2016-01-16 @ 20:02:57

20:02:57 - -----------------

20:02:57 - | Begin Logging |

20:02:57 - -----------------

20:02:57 - Fix started on a WIN_7 X64 computer

20:02:57 - Prep in progress. Please Wait.

20:02:58 - Prep complete

20:02:58 - Repairing Services Now. Please wait...

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE\Parameters> failed with: Access is denied.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE> failed with: Access is denied.

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo> failed with: The system cannot find the file specified.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap> failed with: The system cannot find the file specified.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut> failed with: The system cannot find the file specified.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn> failed with: The system cannot find the file specified.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP> failed with: The system cannot find the file specified.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.

20:02:59 - Services Repair Complete.

20:03:04 - Reboot Initiated

Log Opened: 2016-01-20 @ 17:17:37

17:17:37 - -----------------

17:17:37 - | Begin Logging |

17:17:37 - -----------------

17:17:37 - Fix started on a WIN_7 X64 computer

17:17:37 - Prep in progress. Please Wait.

17:17:38 - Prep complete

17:17:38 - Repairing Services Now. Please wait...

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE\Parameters> failed with: Access is denied.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE> failed with: Access is denied.

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo> failed with: The system cannot find the file specified.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap> failed with: The system cannot find the file specified.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut> failed with: The system cannot find the file specified.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn> failed with: The system cannot find the file specified.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP> failed with: The system cannot find the file specified.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.

17:17:39 - Services Repair Complete.

17:17:43 - Reboot Initiated

And FSS:

Farbar Service Scanner Version: 03-01-2016

Ran by Patricia (administrator) on 20-01-2016 at 17:25:21

Running from "C:\Users\Patricia\Downloads"

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error. Google IP is unreachable

Google.com is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

The start type of MpsSvc service is OK.

The ImagePath of MpsSvc service is OK.

The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to retrieve start type of bfe. The value does not exist.

Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of bfe. The value does not exist.

Unable to retrieve ServiceDll of bfe. The value does not exist.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Policy:

========================

Action Center:

============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\dhcpcore.dll => File is digitally signed

C:\Windows\System32\drivers\afd.sys => File is digitally signed

C:\Windows\System32\drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\mpssvc.dll => File is digitally signed

C:\Windows\System32\bfe.dll => File is digitally signed

C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed

C:\Windows\System32\SDRSVC.dll => File is digitally signed

C:\Windows\System32\vssvc.exe => File is digitally signed

C:\Windows\System32\wscsvc.dll => File is digitally signed

C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\System32\wuaueng.dll => File is digitally signed

C:\Windows\System32\qmgr.dll => File is digitally signed

C:\Windows\System32\es.dll => File is digitally signed

C:\Windows\System32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Share this post


Link to post
Share on other sites

Ok we still have the same issue with BFE, I want to try and merge that reg file once more. I`ve had instructions from a friend how to do that action with "System" status, maybe we can get a result this time.....

 

Go here: http://download.bleepingcomputer.com/win-services/7/BFE.reg  download and save that reg file direct to the Desktop.....

 

Next,

 

Download RunAsSystem from here: http://sourceforge.net/projects/runassystem/files/latest/download?source=typ_redirect save it direct to your Desktop (do not save anywhere else)....

Run that tool, it will not install and will finish very quickly.... A new option will be in the context menu as "Run as System" right underneath "Run as Administrator" it will have higher privileges so should make this task work....

Next

Navigate to C:\Windows\regedit.exe right click directly onto regedit.exe then select "Run as system".

Regedit will open, expand this key > HKEY_LOCAL_MACHINE > system > currentcontrolset > services > BFE right click direct onto BFE folder and select "Delete" agree any alerts.

From the same Regedit window, Select  File > Import Navigate through Explorer to the reg file BFE.reg it is saved to the Desktop, but access it through Explorer, Double click on that file, it should merge ok....

 

Next,

 

Run FSS and post new log....

Share this post


Link to post
Share on other sites

Ok, I tried to run RunAsSystem twice and both times Malwarebytes said it blocked Trojan.crypt and I don't have the option to run as system when I right click reg edit. I don't want to turn of MBAM and get this virus either so I'm not sure how to proceed?

Share this post


Link to post
Share on other sites

Ok, Download RunAsSystem again, save to the Desktop....

 

Open Malwarebytes, select "Settings" > "Malware Exclusions" > "Add File" then Navigate to C:\Users\your name\Desktop\RunasSystem  Double left click direct onto "RunAsSystem" to load the exclusion...

 

Close Malwarebytes.. Follow the instructions again for RunAsSystem...

Share this post


Link to post
Share on other sites

Ok, it downloaded differently and properly this time with no alerts - I didn't have to change MBAM.  But, when I got to the part about deleting BFE, it asked me if I was sure I wanted to permanently delete this key and all of its subkeys and I said yes and it says "Cannot delete BFE: Error while deleting key".  By the way, Windows Defender is back up and running, but still can't open Malwarebytes Anti Exploit or the Microsoft Security Scanner page.

Share this post


Link to post
Share on other sites

The is turning into a bit of a saga.....  OK lets see if we can remove that elusive reg key via FRST... Boot system into normal mode then run the following:

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Cheers,

 

Kevin...
 

 

Fixlist.txt

Share this post


Link to post
Share on other sites

Yes, the neverending saga :-). I'm sorry my computer is being such a pain!

FRST log:

Fix result of Farbar Recovery Scan Tool (x64) Version:18-01-2016

Ran by Patricia (2016-01-21 14:14:51) Run:4

Running from C:\Users\Patricia\Desktop\FRST

Loaded Profiles: Patricia (Available Profiles: Patricia)

Boot Mode: Normal

==============================================

fixlist content:

*****************

Start

Reg: reg delete HKEY_LOCAL_MACHINE\system\currentcontrolset\services\BFE

end

*****************

========= reg delete HKEY_LOCAL_MACHINE\system\currentcontrolset\services\BFE =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\services\BFE (Yes/No)? ERROR: Access is denied.

========= End of Reg: =========

==== End of Fixlog 14:14:52 ====

Share this post


Link to post
Share on other sites

Your system is Windows 7 with Service Pack 1 (SP1) Was the system installed with SP1 or was that a windows update?

 

We are floundering with no progress to replace the problematic reg key..  I feel the best way forward is either a repair install, or a full clean install. Let me know what you think. Couple of questions first, do you have the installation CD for the OS, or does the system have a recovery partition....

 

Before we hold up hands and go for either of those options I want you to run Tweaking.com windows repair tool once more. This time I want to run two other options before the one we tried last time....

 

So tell me was Windows installed with SP1 or did that come as an update...

Do you have the installation DVD... or is there a recovery partition..

Do you want to go for a straight full reinstall or a repair install if we cannot effect a fix.

Do you still have the windows repair tool from Tweaking.come

 

Thank you,

 

Kevin...

Share this post


Link to post
Share on other sites

I have the Windows 7 DVD and installed it when I built the computer so it was installed with SP1. I still have the repair tool from Tweaking.com. I don't know which option to do because it won't let me backup my email for some reason. What do you think I should do?

Share this post


Link to post
Share on other sites

As you still have the tool run as follows please:

 

Open the Tweaking.com folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"

tweak1.jpg

From the main GUI do the following:

Select Tab 3 and allow it to run Disk check

tweak2.jpg

Select Tab 4 and allow it to run SFC

tweak3.jpg

Select Tab 5 and Create System Restore Point

tweak4.jpg

Select Repairs tab => Click the Open repairs tab

tweak5.jpg

The repairs window will open, Check the boxes as indicated, also the "Restart" option, then select Start...

tweak6.jpg

DON'T use the computer while each scan is in progress.

Post the log, to access select "settings" tab > "open log folder" tab, log will be named _Windows_Repair_Log

tweak7.jpg

Let me see the logs,

 

The first two steps may take awhile to complete, they are well worth trying so let them complete.....

 

Cheers,

 

Kevin...

Share this post


Link to post
Share on other sites

Ok, I tried to do that and it says "Missing File: files\regfiles\vista\bfe.reg".  The vista part is throwing me off - my laptop is on Vista, but this one isn't.

Share this post


Link to post
Share on other sites

Delete the portable version of tweaking.com.... D/L a fresh copy and try again, I give instructions again...

 

Download Portable Windows Repair (all in one) from one of the following:


 

http://www.tweaking.com/content/page/windows_repair_all_in_one.html

http://www.majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.html

http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/


 

Unzip the contents into a newly created folder on your desktop.


 

Open the folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"


 


 

tweak1.jpg


 

From the main GUI do the following:


 


 

Select Tab 3 and allow it to run Disk check


 


 

tweak2.jpg


 

Select Tab 4 and allow it to run SFC


 


 

tweak3.jpg


 

Select Tab 5 and Create System Restore Point


 


 

tweak4.jpg


 

Select Repairs tab => Click the Open repairs tab


 


 

tweak5.jpg


 

The repairs window will open, Check the boxes as indicated, also the "Restart" option, then select Start...


 


 

tweak6.jpg


 

DON'T use the computer while each scan is in progress.


 

Post the log, to access select "settings" tab > "open log folder" tab, log will be named _Windows_Repair_Log


 

tweak7.jpg
 

Let me see the logs,

Share this post


Link to post
Share on other sites

Now it says these files are missing or corrupted:

Missing File: files\ManageACL_64.exe

Missing File: files\mdac.txt

Missing File: files\permissions\10\default.7z

Missing File: files\permissions\10\hklm.7z

Missing File: files\permissions\10\hku.7z

Missing File: files\permissions\10\profile.7z

Missing File: files\permissions\10\program_files.7z

Missing File: files\permissions\10\program_files_x86.7z

Missing File: files\permissions\10\programdata.7z

Missing File: files\permissions\10\services.7z

Missing File: files\permissions\10\windows.7z

Missing File: files\permissions\7\default.7z

Missing File: files\permissions\7\hklm.7z

Missing File: files\permissions\7\hku.7z

Missing File: files\permissions\7\profile.7z

Missing File: files\permissions\7\program_files.7z

Missing File: files\permissions\7\program_files_x86.7z

Missing File: files\permissions\7\programdata.7z

Missing File: files\permissions\7\services.7z

Missing File: files\permissions\7\windows.7z

Missing File: files\permissions\8\default.7z

Missing File: files\permissions\8\hklm.7z

Missing File: files\permissions\8\hku.7z

Missing File: files\permissions\8\profile.7z

Missing File: files\permissions\8\program_files.7z

Missing File: files\permissions\8\program_files_x86.7z

Missing File: files\permissions\8\programdata.7z

Missing File: files\permissions\8\services.7z

Missing File: files\permissions\8\windows.7z

Missing File: files\policy_cleanup.txt

Missing File: files\reg_permissions_excludes.txt

Missing File: files\regfiles\10\AFD.reg

Missing File: files\regfiles\10\AudioEndpointBuilder.reg

Missing File: files\regfiles\10\Audiosrv.reg

Missing File: files\regfiles\10\BFE.reg

Missing File: files\regfiles\10\BITS.reg

Missing File: files\regfiles\10\Browser.reg

Missing File: files\regfiles\10\Connections.reg

Missing File: files\regfiles\10\CryptSvc.reg

Missing File: files\regfiles\10\DcomLaunch.reg

Missing File: files\regfiles\10\Dhcp.reg

Missing File: files\regfiles\10\Dnscache.reg

Missing File: files\regfiles\10\DPS.reg

Missing File: files\regfiles\10\EventSystem.reg

Missing File: files\regfiles\10\hidserv.reg

Missing File: files\regfiles\10\HomeGroupListener.reg

Missing File: files\regfiles\10\HomeGroupProvider.reg

Missing File: files\regfiles\10\iphlpsvc.reg

Missing File: files\regfiles\10\lmhosts.reg

Missing File: files\regfiles\10\MpsSvc.reg

Missing File: files\regfiles\10\msiserver.reg

Missing File: files\regfiles\10\NetBT.reg

Missing File: files\regfiles\10\Netlogon.reg

Missing File: files\regfiles\10\nsi.reg

Missing File: files\regfiles\10\NTDS.reg

Missing File: files\regfiles\10\oleaut32.reg

Missing File: files\regfiles\10\oleaut32_wow64.reg

Missing File: files\regfiles\10\PlugPlay.reg

Missing File: files\regfiles\10\PolicyAgent.reg

Missing File: files\regfiles\10\RpcSs.reg

Missing File: files\regfiles\10\SafeBoot.reg

Missing File: files\regfiles\10\Schedule.reg

Missing File: files\regfiles\10\SharedAccess.reg

Missing File: files\regfiles\10\ShellHWDetection.reg

Missing File: files\regfiles\10\Spooler.reg

Missing File: files\regfiles\10\sppsvc.reg

Missing File: files\regfiles\10\StringCacheSettings.reg

Missing File: files\regfiles\10\swprv.reg

Missing File: files\regfiles\10\tdx.reg

Missing File: files\regfiles\10\uac.reg

Missing File: files\regfiles\10\Unmarshalers.reg

Missing File: files\regfiles\10\vds.reg

Missing File: files\regfiles\10\VSS.reg

Missing File: files\regfiles\10\wbengine.reg

Missing File: files\regfiles\10\WinDefend.reg

Missing File: files\regfiles\10\WinHttpAutoProxySvc.reg

Missing File: files\regfiles\10\Winmgmt.reg

Missing File: files\regfiles\10\Winsock.reg

Missing File: files\regfiles\10\WinSock2.reg

Missing File: files\regfiles\10\wscsvc.reg

Missing File: files\regfiles\10\wuauserv.reg

Missing File: files\regfiles\7\AFD.reg

Missing File: files\regfiles\7\AudioEndpointBuilder.reg

Missing File: files\regfiles\7\Audiosrv.reg

Missing File: files\regfiles\7\bfe.reg

Missing File: files\regfiles\7\bits.reg

Missing File: files\regfiles\7\Browser.reg

Missing File: files\regfiles\7\Connections.reg

Missing File: files\regfiles\7\cryptsvc.reg

Missing File: files\regfiles\7\DcomLaunch.reg

Missing File: files\regfiles\7\Dhcp.reg

Missing File: files\regfiles\7\Dnscache.reg

Missing File: files\regfiles\7\dps.reg

Missing File: files\regfiles\7\EventSystem.reg

Missing File: files\regfiles\7\hidserv.reg

Missing File: files\regfiles\7\HomeGroupListener.reg

Missing File: files\regfiles\7\HomeGroupProvider.reg

Missing File: files\regfiles\7\iphlpsvc.reg

Missing File: files\regfiles\7\lmhosts.reg

Missing File: files\regfiles\7\mpssvc.reg

Missing File: files\regfiles\7\msiserver.reg

Missing File: files\regfiles\7\NetBT.reg

Missing File: files\regfiles\7\Netlogon.reg

Missing File: files\regfiles\7\nsi.reg

Missing File: files\regfiles\7\NTDS.reg

Missing File: files\regfiles\7\oleaut32.reg

Missing File: files\regfiles\7\oleaut32_wow64.reg

Missing File: files\regfiles\7\PlugPlay.reg

Missing File: files\regfiles\7\PolicyAgent.reg

Missing File: files\regfiles\7\RpcSs.reg

Missing File: files\regfiles\7\safeboot.reg

Missing File: files\regfiles\7\Schedule.reg

Missing File: files\regfiles\7\sharedaccess.reg

Missing File: files\regfiles\7\ShellHWDetection.reg

Missing File: files\regfiles\7\spooler.reg

Missing File: files\regfiles\7\sppsvc.reg

Missing File: files\regfiles\7\StringCacheSettings.reg

Missing File: files\regfiles\7\svchost_gpsvc.reg

Missing File: files\regfiles\7\swprv.reg

Missing File: files\regfiles\7\tdx.reg

Missing File: files\regfiles\7\uac.reg

Missing File: files\regfiles\7\vds.reg

Missing File: files\regfiles\7\vss.reg

Missing File: files\regfiles\7\wbengine.reg

Missing File: files\regfiles\7\windefend.reg

Missing File: files\regfiles\7\WinHttpAutoProxySvc.reg

Missing File: files\regfiles\7\winmgmt.reg

Missing File: files\regfiles\7\Winsock.reg

Missing File: files\regfiles\7\Winsock2.reg

Missing File: files\regfiles\7\wscsvc.reg

Missing File: files\regfiles\7\wuauserv.reg

Missing File: files\regfiles\8.1\afd.reg

Missing File: files\regfiles\8.1\audioendpointbuilder.reg

Missing File: files\regfiles\8.1\audiosrv.reg

Missing File: files\regfiles\8.1\bfe.reg

Missing File: files\regfiles\8.1\bits.reg

Missing File: files\regfiles\8.1\browser.reg

Missing File: files\regfiles\8.1\Connections.reg

Missing File: files\regfiles\8.1\cryptsvc.reg

Missing File: files\regfiles\8.1\dcomlaunch.reg

Missing File: files\regfiles\8.1\dhcp.reg

Missing File: files\regfiles\8.1\dnscache.reg

Missing File: files\regfiles\8.1\dps.reg

Missing File: files\regfiles\8.1\eventsystem.reg

Missing File: files\regfiles\8.1\hidserv.reg

Missing File: files\regfiles\8.1\HomeGroupListener.reg

Missing File: files\regfiles\8.1\HomeGroupProvider.reg

Missing File: files\regfiles\8.1\iphlpsvc.reg

Missing File: files\regfiles\8.1\lmhosts.reg

Missing File: files\regfiles\8.1\mpssvc.reg

Missing File: files\regfiles\8.1\msiserver.reg

Missing File: files\regfiles\8.1\netbt.reg

Missing File: files\regfiles\8.1\Netlogon.reg

Missing File: files\regfiles\8.1\nsi.reg

Missing File: files\regfiles\8.1\NTDS.reg

Missing File: files\regfiles\8.1\oleaut32.reg

Missing File: files\regfiles\8.1\oleaut32_wow64.reg

Missing File: files\regfiles\8.1\plugplay.reg

Missing File: files\regfiles\8.1\policyagent.reg

Missing File: files\regfiles\8.1\rpcss.reg

Missing File: files\regfiles\8.1\safeboot.reg

Missing File: files\regfiles\8.1\schedule.reg

Missing File: files\regfiles\8.1\sharedaccess.reg

Missing File: files\regfiles\8.1\shellhwdetection.reg

Missing File: files\regfiles\8.1\spooler.reg

Missing File: files\regfiles\8.1\sppsvc.reg

Missing File: files\regfiles\8.1\StringCacheSettings.reg

Missing File: files\regfiles\8.1\swprv.reg

Missing File: files\regfiles\8.1\tdx.reg

Missing File: files\regfiles\8.1\uac.reg

Missing File: files\regfiles\8.1\Unmarshalers.reg

Missing File: files\regfiles\8.1\vds.reg

Missing File: files\regfiles\8.1\vss.reg

Missing File: files\regfiles\8.1\wbengine.reg

Missing File: files\regfiles\8.1\windefend.reg

Missing File: files\regfiles\8.1\winhttpautoproxysvc.reg

Missing File: files\regfiles\8.1\winmgmt.reg

Missing File: files\regfiles\8.1\Winsock.reg

Missing File: files\regfiles\8.1\WinSock2.reg

Missing File: files\regfiles\8.1\wscsvc.reg

Missing File: files\regfiles\8.1\wuauserv.reg

Missing File: files\regfiles\8\afd.reg

Missing File: files\regfiles\8\audioendpointbuilder.reg

Missing File: files\regfiles\8\audiosrv.reg

Missing File: files\regfiles\8\bfe.reg

Missing File: files\regfiles\8\bits.reg

Missing File: files\regfiles\8\browser.reg

Missing File: files\regfiles\8\Connections.reg

Missing File: files\regfiles\8\cryptsvc.reg

Missing File: files\regfiles\8\dcomlaunch.reg

Missing File: files\regfiles\8\dhcp.reg

Missing File: files\regfiles\8\dnscache.reg

Missing File: files\regfiles\8\dps.reg

Missing File: files\regfiles\8\eventsystem.reg

Missing File: files\regfiles\8\hidserv.reg

Missing File: files\regfiles\8\HomeGroupListener.reg

Missing File: files\regfiles\8\HomeGroupProvider.reg

Missing File: files\regfiles\8\iphlpsvc.reg

Missing File: files\regfiles\8\lmhosts.reg

Missing File: files\regfiles\8\mpssvc.reg

Missing File: files\regfiles\8\msiserver.reg

Missing File: files\regfiles\8\netbt.reg

Missing File: files\regfiles\8\Netlogon.reg

Missing File: files\regfiles\8\nsi.reg

Missing File: files\regfiles\8\NTDS.reg

Missing File: files\regfiles\8\oleaut32.reg

Missing File: files\regfiles\8\oleaut32_wow64.reg

Missing File: files\regfiles\8\plugplay.reg

Missing File: files\regfiles\8\policyagent.reg

Missing File: files\regfiles\8\rpcss.reg

Missing File: files\regfiles\8\safeboot.reg

Missing File: files\regfiles\8\schedule.reg

Missing File: files\regfiles\8\sharedaccess.reg

Missing File: files\regfiles\8\shellhwdetection.reg

Missing File: files\regfiles\8\spooler.reg

Missing File: files\regfiles\8\sppsvc.reg

Missing File: files\regfiles\8\StringCacheSettings.reg

Missing File: files\regfiles\8\swprv.reg

Missing File: files\regfiles\8\tdx.reg

Missing File: files\regfiles\8\uac.reg

Missing File: files\regfiles\8\Unmarshalers.reg

Missing File: files\regfiles\8\vds.reg

Missing File: files\regfiles\8\vss.reg

Missing File: files\regfiles\8\wbengine.reg

Missing File: files\regfiles\8\windefend.reg

Missing File: files\regfiles\8\winhttpautoproxysvc.reg

Missing File: files\regfiles\8\winmgmt.reg

Missing File: files\regfiles\8\Winsock.reg

Missing File: files\regfiles\8\WinSock2.reg

Missing File: files\regfiles\8\wscsvc.reg

Missing File: files\regfiles\8\wuauserv.reg

Missing File: files\regfiles\file_associations\10\bat.reg

Missing File: files\regfiles\file_associations\10\cmd.reg

Missing File: files\regfiles\file_associations\10\com.reg

Missing File: files\regfiles\file_associations\10\dir.reg

Missing File: files\regfiles\file_associations\10\drive.reg

Missing File: files\regfiles\file_associations\10\exe.reg

Missing File: files\regfiles\file_associations\10\folder.reg

Missing File: files\regfiles\file_associations\10\inf.reg

Missing File: files\regfiles\file_associations\10\lnk.reg

Missing File: files\regfiles\file_associations\10\msc.reg

Missing File: files\regfiles\file_associations\10\reg.reg

Missing File: files\regfiles\file_associations\10\scr.reg

Missing File: files\regfiles\file_associations\7\bat.reg

Missing File: files\regfiles\file_associations\7\cmd.reg

Missing File: files\regfiles\file_associations\7\com.reg

Missing File: files\regfiles\file_associations\7\dir.reg

Missing File: files\regfiles\file_associations\7\drive.reg

Missing File: files\regfiles\file_associations\7\exe.reg

Missing File: files\regfiles\file_associations\7\folder.reg

Missing File: files\regfiles\file_associations\7\inf.reg

Missing File: files\regfiles\file_associations\7\lnk.reg

Missing File: files\regfiles\file_associations\7\msc.reg

Missing File: files\regfiles\file_associations\7\reg.reg

Missing File: files\regfiles\file_associations\7\scr.reg

Missing File: files\regfiles\file_associations\8.1\bat.reg

Missing File: files\regfiles\file_associations\8.1\cmd.reg

Missing File: files\regfiles\file_associations\8.1\com.reg

Missing File: files\regfiles\file_associations\8.1\dir.reg

Missing File: files\regfiles\file_associations\8.1\drive.reg

Missing File: files\regfiles\file_associations\8.1\exe.reg

Missing File: files\regfiles\file_associations\8.1\folder.reg

Missing File: files\regfiles\file_associations\8.1\inf.reg

Missing File: files\regfiles\file_associations\8.1\lnk.reg

Missing File: files\regfiles\file_associations\8.1\msc.reg

Missing File: files\regfiles\file_associations\8.1\reg.reg

Missing File: files\regfiles\file_associations\8.1\scr.reg

Missing File: files\regfiles\file_associations\8\bat.reg

Missing File: files\regfiles\file_associations\8\cmd.reg

Missing File: files\regfiles\file_associations\8\com.reg

Missing File: files\regfiles\file_associations\8\dir.reg

Missing File: files\regfiles\file_associations\8\drive.reg

Missing File: files\regfiles\file_associations\8\exe.reg

Missing File: files\regfiles\file_associations\8\folder.reg

Missing File: files\regfiles\file_associations\8\inf.reg

Missing File: files\regfiles\file_associations\8\lnk.reg

Missing File: files\regfiles\file_associations\8\msc.reg

Missing File: files\regfiles\file_associations\8\reg.reg

Missing File: files\regfiles\file_associations\8\scr.reg

Missing File: files\regfiles\file_associations\vista\bat.reg

Missing File: files\regfiles\file_associations\vista\cmd.reg

Missing File: files\regfiles\file_associations\vista\com.reg

Missing File: files\regfiles\file_associations\vista\dir.reg

Missing File: files\regfiles\file_associations\vista\drive.reg

Missing File: files\regfiles\file_associations\vista\exe.reg

Missing File: files\regfiles\file_associations\vista\folder.reg

Missing File: files\regfiles\file_associations\vista\inf.reg

Missing File: files\regfiles\file_associations\vista\lnk.reg

Missing File: files\regfiles\file_associations\vista\msc.reg

Missing File: files\regfiles\file_associations\vista\reg.reg

Missing File: files\regfiles\file_associations\vista\scr.reg

Missing File: files\regfiles\file_associations\xp\bat.reg

Missing File: files\regfiles\file_associations\xp\cmd.reg

Missing File: files\regfiles\file_associations\xp\com.reg

Missing File: files\regfiles\file_associations\xp\dir.reg

Missing File: files\regfiles\file_associations\xp\drive.reg

Missing File: files\regfiles\file_associations\xp\exe.reg

Missing File: files\regfiles\file_associations\xp\folder.reg

Missing File: files\regfiles\file_associations\xp\inf.reg

Missing File: files\regfiles\file_associations\xp\lnk.reg

Missing File: files\regfiles\file_associations\xp\msc.reg

Missing File: files\regfiles\file_associations\xp\reg.reg

Missing File: files\regfiles\file_associations\xp\scr.reg

Missing File: files\regfiles\remove.reg

Missing File: files\regfiles\vista\AFD.reg

Missing File: files\regfiles\vista\AudioEndpointBuilder.reg

Missing File: files\regfiles\vista\AudioSrv.reg

Missing File: files\regfiles\vista\bfe.reg

Missing File: files\regfiles\vista\bits.reg

Missing File: files\regfiles\vista\bowser.reg

Missing File: files\regfiles\vista\Connections.reg

Missing File: files\regfiles\vista\cryptsvc.reg

Missing File: files\regfiles\vista\DcomLaunch.reg

Missing File: files\regfiles\vista\Dhcp.reg

Missing File: files\regfiles\vista\Dnscache.reg

Missing File: files\regfiles\vista\dps.reg

Missing File: files\regfiles\vista\EventSystem.reg

Missing File: files\regfiles\vista\hidserv.reg

Missing File: files\regfiles\vista\iphlpsvc.reg

Missing File: files\regfiles\vista\lmhosts.reg

Missing File: files\regfiles\vista\mpssvc.reg

Missing File: files\regfiles\vista\msiserver.reg

Missing File: files\regfiles\vista\netbt.reg

Missing File: files\regfiles\vista\Netlogon.reg

Missing File: files\regfiles\vista\nsi.reg

Missing File: files\regfiles\vista\NTDS.reg

Missing File: files\regfiles\vista\oleaut32.reg

Missing File: files\regfiles\vista\oleaut32_wow64.reg

Missing File: files\regfiles\vista\PlugPlay.reg

Missing File: files\regfiles\vista\PolicyAgent.reg

Missing File: files\regfiles\vista\RpcSs.reg

Missing File: files\regfiles\vista\safeboot.reg

Missing File: files\regfiles\vista\Schedule.reg

Missing File: files\regfiles\vista\sharedaccess.reg

Missing File: files\regfiles\vista\ShellHWDetection.reg

Missing File: files\regfiles\vista\spooler.reg

Missing File: files\regfiles\vista\StringCacheSettings.reg

Missing File: files\regfiles\vista\svchost_gpsvc.reg

Missing File: files\regfiles\vista\swprv.reg

Missing File: files\regfiles\vista\tdx.reg

Missing File: files\regfiles\vista\uac.reg

Missing File: files\regfiles\vista\vds.reg

Missing File: files\regfiles\vista\vss.reg

Missing File: files\regfiles\vista\wbengine.reg

Missing File: files\regfiles\vista\windefend.reg

Missing File: files\regfiles\vista\WinHttpAutoProxySvc.reg

Missing File: files\regfiles\vista\winmgmt.reg

Missing File: files\regfiles\vista\Winsock.reg

Missing File: files\regfiles\vista\WinSock2.reg

Missing File: files\regfiles\vista\wscsvc.reg

Missing File: files\regfiles\vista\wuauserv.reg

Missing File: files\regfiles\windows_new_submenu\vista-7-8\32bit.reg

Missing File: files\regfiles\windows_new_submenu\vista-7-8\64bit.reg

Missing File: files\regfiles\windows_new_submenu\xp\32bit.reg

Missing File: files\regfiles\xp\AFD.reg

Missing File: files\regfiles\xp\AudioSrv.reg

Missing File: files\regfiles\xp\bits.reg

Missing File: files\regfiles\xp\Browser.reg

Missing File: files\regfiles\xp\Connections.reg

Missing File: files\regfiles\xp\cryptsvc.reg

Missing File: files\regfiles\xp\DcomLaunch.reg

Missing File: files\regfiles\xp\Dhcp.reg

Missing File: files\regfiles\xp\Dnscache.reg

Missing File: files\regfiles\xp\EventSystem.reg

Missing File: files\regfiles\xp\HidServ.reg

Missing File: files\regfiles\xp\LmHosts.reg

Missing File: files\regfiles\xp\MSIServer.reg

Missing File: files\regfiles\xp\NetBT.reg

Missing File: files\regfiles\xp\Netlogon.reg

Missing File: files\regfiles\xp\PlugPlay.reg

Missing File: files\regfiles\xp\PolicyAgent.reg

Missing File: files\regfiles\xp\RpcSs.reg

Missing File: files\regfiles\xp\safeboot.reg

Missing File: files\regfiles\xp\Schedule.reg

Missing File: files\regfiles\xp\sharedaccess.reg

Missing File: files\regfiles\xp\ShellHWDetection.reg

Missing File: files\regfiles\xp\spooler.reg

Missing File: files\regfiles\xp\swprv.reg

Missing File: files\regfiles\xp\vss.reg

Missing File: files\regfiles\xp\winmgmt.reg

Missing File: files\regfiles\xp\Winsock.reg

Missing File: files\regfiles\xp\WinSock2.reg

Missing File: files\regfiles\xp\wscsvc.reg

Missing File: files\regfiles\xp\wuauserv.reg

Missing File: files\registry_backup_tool\files\Backup_Failed_Message.exe

Missing File: files\registry_backup_tool\files\dosdev.exe

Missing File: files\registry_backup_tool\files\recovery_console.reg

Missing File: files\registry_backup_tool\files\vss_2003.exe

Missing File: files\registry_backup_tool\files\vss_7_8_2008_2012_32.exe

Missing File: files\registry_backup_tool\files\vss_7_8_2008_2012_64.exe

Missing File: files\registry_backup_tool\files\vss_pause.exe

Missing File: files\registry_backup_tool\files\vss_start.exe.manifest

Missing File: files\registry_backup_tool\files\vss_start.exe

Missing File: files\registry_backup_tool\files\vss_vista_32.exe

Missing File: files\registry_backup_tool\files\vss_vista_64.exe

Missing File: files\registry_backup_tool\files\vss_xp.exe

Missing File: files\registry_backup_tool\MSINET.Ocx

Missing File: files\registry_backup_tool\pcwintech_tasksch.dll

Missing File: files\registry_backup_tool\SSubTmr6.dll

Missing File: files\registry_backup_tool\tweaking_com_treeview.ocx

Missing File: files\registry_backup_tool\Tweaking_Tabsv2.ocx

Missing File: files\registry_backup_tool\TweakingFormControls.ocx

Missing File: files\registry_backup_tool\TweakingImgCtl.ocx

Missing File: files\registry_backup_tool\TweakingRegistryBackup.exe

Missing File: files\remove_symbolic_links_from_windows_defender_folder.bat

Missing File: files\services_startup_10.txt

Missing File: files\services_startup_7.txt

Missing File: files\services_startup_8.1.txt

Missing File: files\services_startup_8.txt

Missing File: files\services_startup_vista.txt

Missing File: files\services_startup_xp.txt

Missing File: files\system_files_reg_list.txt

Missing File: files\Tweaking_CleanMem.exe.manifest

Missing File: files\Tweaking_CleanMem.exe

Missing File: files\tweaking_ras.exe

Missing File: files\tweaking_rati.exe

Missing File: files\tweaking_winverify.exe

Missing File: files\TweakingRemoveSafeBoot_32.exe

Missing File: files\TweakingRemoveSafeBoot_64.exe

Share this post


Link to post
Share on other sites

THAT was the problem :-).  Ok, under Step 3, number 2, mine says Check Disk (if needed) and the button to push says Open Check Disk at Next Boot so it looks different than yours.  If I hit that button, it says (\F) Fixes error on the disk OR (\R) Fixes errors on the disk also locates bad sectors and recovers readable information (I have to choose one) and then the button says Add to Next Boot.  Which should I do?

Share this post


Link to post
Share on other sites

Should I reboot before I go to the next task and let that \R thing run? Or just move on to step 4?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.