Jump to content

Cleaning infections from friend's computer


Recommended Posts

  • Replies 80
  • Created
  • Last Reply

Top Posters In This Topic

Fix result of Farbar Recovery Scan Tool (x86) Version: 14-09-2017 01
Ran by m (15-09-2017 03:29:19) Run:2
Running from C:\Users\m\Desktop
Loaded Profiles: m (Available Profiles: m)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

VirusTotal: C:\Users\m\Downloads\legitcheck.hta

REG: REG DELETE "HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp" /f

HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\...\Policies\Explorer: [DisallowRun] 0

FF Session Restore: Mozilla\Firefox\Profiles\m78g5t0e.default -> is enabled.
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff => not found
FF Plugin HKU\S-1-5-21-1375491003-1713059225-295888860-1000: @tightropeinteractive.com/Plugin -> C:\Users\m\AppData\Local\TNT2\2.0.0.1534\npTNT2.dll [No File]
FF Plugin HKU\S-1-5-21-1375491003-1713059225-295888860-1000: @tnt2ghost.com/Plugin -> C:\Users\m\AppData\Local\TNT2\2.0.0.1534\npTNT2ghost.dll [No File]

S4 BAVSvc; C:\Program Files\Baidu Security\Cloud Security\BAVSvc.exe [1554280 2013-07-08] (Baidu, Inc.)
S4 PCFasterSvc_{PCFaster_3.6.0.35848}; C:\Program Files\Baidu Security\PC Faster\3.6.0.35848\PCFasterSvc.exe [567792 2013-07-12] (Baidu Inc.) [File not signed]
S4 HWDeviceService.exe; "C:\ProgramData\DatacardService\HWDeviceService.exe" -/service [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]

Task: {1B6FF82A-DF2A-4FCF-92FA-14A2E25F07B7} - System32\Tasks\Baidu Antivirus Update => C:\Program Files\Baidu Security\Cloud Security\BavUpdater.exe [2013-07-08] (Baidu, Inc.)
Task: {58416E09-F255-41C2-A2D5-05B7DDA1291D} - System32\Tasks\cFos\Registration Tasks\Open Browser => c:\program files\google\chrome\application\old_chrome.exe "hxxp://localhost:1487/cfosspeed/console.htm"
Task: {5D3F6B74-8582-4632-B051-4D6C6F4D117E} - System32\Tasks\Driver Whiz-RTMScanRunOnce => F:\برامج\وايرليس\DriverWhiz.exe
Task: {625685A0-C04C-4598-ADEA-8D545C4A0F60} - System32\Tasks\{F219436C-CF36-43D4-B478-503DAC6B2E79} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\NCH Software\Debut\debutfilterinstallerx86.exe" -d "C:\Program Files\NCH Software\Debut"
Task: {FD4F824F-368F-4136-9A4C-140319DBF71D} - \FTdownloader V4.0-updater -> No File <==== ATTENTION

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="3"

MSCONFIG\Services: PCFasterSvc_{PCFaster_3.6.0.35848} => 2
MSCONFIG\Services: Update LemurLeap => 2
MSCONFIG\Services: Util LemurLeap => 2
MSCONFIG\startupreg: Baidu PC Faster 3.6.0.35848 => "C:\Program Files\Baidu Security\PC Faster\3.6.0.35848\PCFaster.exe" -auto -start
MSCONFIG\startupreg: Driver Whiz => F:\برامج\وايرليس\DriverWhiz.exe /applicationMode:systemTray /showWelcome:false
MSCONFIG\startupreg: DriverPack Notifier => C:\Program Files\DriverPack Notifier\DriverPackNotifier.exe --run startup
MSCONFIG\startupreg: DrvUpdater => C:\Users\m\AppData\Roaming\DRPSu\DrvUpdater.exe /hide
MSCONFIG\startupreg: PrivitizeVPN => C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe /autorun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

C:\Program Files\Baidu Security
C:\Program Files\Common Files\Java

EmptyTemp:
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
VirusTotal: C:\Users\m\Downloads\legitcheck.hta => https://www.virustotal.com/file/e9e22e81b570894ac5c766822db618ea1efc64dd16df152c02d494755225eed8/analysis/1491369417/

========= REG DELETE "HKU\S-1-5-21-1375491003-1713059225-295888860-1000\SOFTWARE\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp" /f =========

The operation completed successfully.

 

========= End of Reg: =========

HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Windows\CurrentVersion\Run\\zASRockInstantBoot => value removed successfully.
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisallowRun => value removed successfully.
FF Session Restore: -> removed successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} => value removed successfully.
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\MozillaPlugins\@tightropeinteractive.com/Plugin => key removed successfully.
C:\Users\m\AppData\Local\TNT2\2.0.0.1534\npTNT2.dll => not found.
HKU\S-1-5-21-1375491003-1713059225-295888860-1000\Software\MozillaPlugins\@tnt2ghost.com/Plugin => key removed successfully.
C:\Users\m\AppData\Local\TNT2\2.0.0.1534\npTNT2ghost.dll => not found.
HKLM\System\CurrentControlSet\Services\BAVSvc => key removed successfully.
BAVSvc => service removed successfully.
HKLM\System\CurrentControlSet\Services\PCFasterSvc_{PCFaster_3.6.0.35848} => key removed successfully.
PCFasterSvc_{PCFaster_3.6.0.35848} => service removed successfully.
HKLM\System\CurrentControlSet\Services\HWDeviceService.exe => key removed successfully.
HWDeviceService.exe => service removed successfully.
HKLM\System\CurrentControlSet\Services\ew_hwusbdev => key removed successfully.
ew_hwusbdev => service removed successfully.
HKLM\System\CurrentControlSet\Services\ew_usbenumfilter => key removed successfully.
ew_usbenumfilter => service removed successfully.
HKLM\System\CurrentControlSet\Services\huawei_cdcacm => key removed successfully.
huawei_cdcacm => service removed successfully.
HKLM\System\CurrentControlSet\Services\huawei_enumerator => key removed successfully.
huawei_enumerator => service removed successfully.
HKLM\System\CurrentControlSet\Services\huawei_ext_ctrl => key removed successfully.
huawei_ext_ctrl => service removed successfully.
HKLM\System\CurrentControlSet\Services\huawei_wwanecm => key removed successfully.
huawei_wwanecm => service removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B6FF82A-DF2A-4FCF-92FA-14A2E25F07B7} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B6FF82A-DF2A-4FCF-92FA-14A2E25F07B7} => key removed successfully.
C:\Windows\System32\Tasks\Baidu Antivirus Update => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu Antivirus Update => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58416E09-F255-41C2-A2D5-05B7DDA1291D} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58416E09-F255-41C2-A2D5-05B7DDA1291D} => key removed successfully.
C:\Windows\System32\Tasks\cFos\Registration Tasks\Open Browser => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\cFos\Registration Tasks\Open Browser => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D3F6B74-8582-4632-B051-4D6C6F4D117E} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D3F6B74-8582-4632-B051-4D6C6F4D117E} => key removed successfully.
C:\Windows\System32\Tasks\Driver Whiz-RTMScanRunOnce => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Whiz-RTMScanRunOnce => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{625685A0-C04C-4598-ADEA-8D545C4A0F60} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{625685A0-C04C-4598-ADEA-8D545C4A0F60} => key removed successfully.
C:\Windows\System32\Tasks\{F219436C-CF36-43D4-B478-503DAC6B2E79} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F219436C-CF36-43D4-B478-503DAC6B2E79} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FD4F824F-368F-4136-9A4C-140319DBF71D} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD4F824F-368F-4136-9A4C-140319DBF71D} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-updater => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PCFasterSvc_{PCFaster_3.6.0.35848} => key removed successfully.
HKLM\System\CurrentControlSet\Services\PCFasterSvc_{PCFaster_3.6.0.35848} => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Update LemurLeap => key removed successfully.
HKLM\System\CurrentControlSet\Services\Update LemurLeap => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Util LemurLeap => key removed successfully.
HKLM\System\CurrentControlSet\Services\Util LemurLeap => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Baidu PC Faster 3.6.0.35848 => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Driver Whiz => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DriverPack Notifier => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DrvUpdater => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PrivitizeVPN => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched => key removed successfully.
C:\Program Files\Baidu Security => moved successfully
C:\Program Files\Common Files\Java => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4200840 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 0 B
m => 2981570 B

RecycleBin => 0 B
EmptyTemp: => 6.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 03:29:48 ====

Link to post
Share on other sites

Have him follow the instructions below. I'll need the log afterwards.

Q9GdiYj.pngFarbar Service Scanner (FSS)
Follow the instructions below to run Farbar Service Scanner and provide a log.

  • Download Farbar Service Scanner and move the executable to your Desktop
  • Right-click on FSS.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Check every options:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services

    KUTc3I2.png
  • Once done, click on the Scan button to launch a scan
  • On completion, a Notepad file called FSS.txt (saved where FSS.exe was ran) will open. Copy and paste the content of this file in your next reply and post it

Link to post
Share on other sites

Farbar Service Scanner Version: 27-01-2016
Ran by m (administrator) on 16-09-2017 at 19:00:50
Running from "C:\Users\m\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of bfe. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of bfe. The value does not exist.
Unable to retrieve ServiceDll of bfe. The value does not exist.


Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.


System Restore:
============

System Restore Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================


Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Parameters\FirewallPolicy\FirewallRules" registry key. The key does not exist.

 

File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****

Link to post
Share on other sites

A lot of his services keys are damaged and/or non-existent. Let's restore them.

zImGw67.pngWindows Repair All-In-One
NOTE: Before following to step below, please disable your Antivirus software or any other real-time security software that you have enabled.

  • Download the portable version of Windows Repair All-In-One;
  • Move the file (archive) on your Desktop, and extract it there;
  • Go in the tweaking.com_windows_repair_aio folder, then Tweaking.com - Windows Repair folder, right-click on Repair_Windows.exe and select Run as Administrator;
  • From there, click on the Next button until you are presented with an Open Repairs button and click on it;
  • Let the Registry back up complete, and move on to the check-list window;
  • Click on the Unselect All button at the bottom, then check the following items:
    • Reset Service Permissions
    • Repair WMI
    • Repair Windows Firewall
    • Remove Policies Set By Infections
    • Restore Important Windows Services
    • Set Windows Services To Default Startup
  • Once done, click on the Start Repairs button and let the scan execute;
  • If you are being prompted with a Security Warning, allow it to go through;
  • Once the repair is complete, it'll ask you to restart your computer, please do it;
Edited by Aura
Link to post
Share on other sites

Farbar Service Scanner Version: 27-01-2016
Ran by m (administrator) on 16-09-2017 at 23:44:29
Running from "C:\Users\m\Desktop"
Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt: "%systemroot%\system32\svchost.exe -k netsvcs".
The ServiceDll of winmgmt service is OK.

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x86) Version: 16-09-2017
Ran by m (17-09-2017 00:00:17) Run:3
Running from C:\Users\m\Desktop
Loaded Profiles: m (Available Profiles: m)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CMD: sc config wscsvc start= delayed-auto
CMD: sc config winmgmt start = auto
CMD: sc config wuauserv start = auto

StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]
"AutoStart"=""
EndRegedit:

CMD: sc start wscsvc
CMD: sc start winmgmt
CMD: sc start wuauserv
*****************


========= sc config wscsvc start= delayed-auto =========

[SC] ChangeServiceConfig SUCCESS

========= End of CMD: =========


========= sc config winmgmt start = auto =========

DESCRIPTION:
        Modifies a service entry in the registry and Service Database.
USAGE:
        sc <server> config [service name] <option1> <option2>...

OPTIONS:
NOTE: The option name includes the equal sign.
      A space is required between the equal sign and the value.
 type= <own|share|interact|kernel|filesys|rec|adapt>
 start= <boot|system|auto|demand|disabled|delayed-auto>
 error= <normal|severe|critical|ignore>
 binPath= <BinaryPathName>
 group= <LoadOrderGroup>
 tag= <yes|no>
 depend= <Dependencies(separated by / (forward slash))>
 obj= <AccountName|ObjectName>
 DisplayName= <display name>
 password= <password>

========= End of CMD: =========


========= sc config wuauserv start = auto =========

DESCRIPTION:
        Modifies a service entry in the registry and Service Database.
USAGE:
        sc <server> config [service name] <option1> <option2>...

OPTIONS:
NOTE: The option name includes the equal sign.
      A space is required between the equal sign and the value.
 type= <own|share|interact|kernel|filesys|rec|adapt>
 start= <boot|system|auto|demand|disabled|delayed-auto>
 error= <normal|severe|critical|ignore>
 binPath= <BinaryPathName>
 group= <LoadOrderGroup>
 tag= <yes|no>
 depend= <Dependencies(separated by / (forward slash))>
 obj= <AccountName|ObjectName>
 DisplayName= <display name>
 password= <password>

========= End of CMD: =========


====> Registry

========= sc start wscsvc =========

[SC] StartService FAILED 1068:

The dependency service or group failed to start.


========= End of CMD: =========


========= sc start winmgmt =========

[SC] StartService FAILED 1083:

The executable program that this service is configured to run in does not implement the service.


========= End of CMD: =========


========= sc start wuauserv =========

[SC] StartService FAILED 1058:

The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


========= End of CMD: =========


==== End of Fixlog 00:00:23 ====

Link to post
Share on other sites

Farbar Service Scanner Version: 27-01-2016
Ran by m (administrator) on 17-09-2017 at 00:22:59
Running from "C:\Users\m\Desktop"
Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt: "%systemroot%\system32\svchost.exe -k netsvcs".
The ServiceDll of winmgmt service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****

Link to post
Share on other sites

We all make mistakes! :P

 

 

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 16-09-2017
Ran by m (17-09-2017 00:44:42) Run:4
Running from C:\Users\m\Desktop
Loaded Profiles: m (Available Profiles: m)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CMD: sc config winmgmt start= auto
CMD: sc config wuauserv start= auto

CMD: sc start wscsvc
CMD: sc start winmgmt
CMD: sc start wuauserv
*****************


========= sc config winmgmt start= auto =========

[SC] ChangeServiceConfig SUCCESS

========= End of CMD: =========


========= sc config wuauserv start= auto =========

[SC] ChangeServiceConfig SUCCESS

========= End of CMD: =========


========= sc start wscsvc =========

[SC] StartService FAILED 1068:

The dependency service or group failed to start.


========= End of CMD: =========


========= sc start winmgmt =========

[SC] StartService FAILED 1083:

The executable program that this service is configured to run in does not implement the service.


========= End of CMD: =========


========= sc start wuauserv =========


SERVICE_NAME: wuauserv
        TYPE               : 20  WIN32_SHARE_PROCESS 
        STATE              : 2  START_PENDING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x7d0
        PID                : 1012
        FLAGS              :

========= End of CMD: =========


==== End of Fixlog 00:44:45 ====

Link to post
Share on other sites

Farbar Service Scanner Version: 27-01-2016
Ran by m (administrator) on 17-09-2017 at 01:26:49
Running from "C:\Users\m\Desktop"
Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt: "%systemroot%\system32\svchost.exe -k netsvcs".
The ServiceDll of winmgmt service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****

Link to post
Share on other sites

Looks like two of his services are messed up. Ask him to do the following. I'll need the download link for his CBS.txt file.

EndqYRa.pngSystem File Checker (SFC)
Follow the instructions below to run a SFC scan on your system and to provide the CBS log in your next reply;

  • On Windows Vista & 7, click on the Windows Start Menu, then enter cmd in the search box, right-click on the cmd icon and select Spcusrh.pngRun as Administrator
  • On Windows 8, drag your cursor in the bottom-left corner, and right-click on the metro menu preview, then select Command Prompt (Admin);
  • On Windows 8.1 and Windows 10, right click on the Windows logo in the bottom-left corner and select Command Prompt (Admin);
  • Enter the command below and press on Enter;
    sfc /scannow

    Note: There's a space between "sfc" and "/scannow";
  • Once the scan is complete, enter the command below and press on Enter
    copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"
  • A file called cbs.txt will have appeared on your Desktop. Upload the file on SendSpace.com and PM me the download link


Note: Please note that the CBS.log is volatile, which means that if you don't upload it after the SFC scan is completed, it won't have the information from the scan anymore. So archive it and upload it as soon as you can.

 

Link to post
Share on other sites

Looks like quite a few files got repaired by SFC. Let's see if SURT have anything to add.

IGJdB0T.pngSystem Update Readiness Tool (SURT) - Scan
Follow the instructions below to run a scan with the System Update Readiness Tool (SURT) and provide a log;

  • Download the right version of SURT for your system;
    • Your version of Windows is: Windows 7 x86
  • Once downloaded, execute the installer, and go throught the installation (this process can take around 15-20 minutes);
  • On completion, a log will be created in C:\Windows\Logs\CBS\CheckSUR.log;
  • Attach this log in your next reply;


Alternatively, if these instructions are unclear for you, you can follow the tutorial below.

System Update Readiness Tool (SURT)
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.