Suspect Viral issue, but can't confirm

[NavionMI]

A client has brought me her Windows 10 Home 64 system. Can't start Windows Defender service, and installing MWB only gets me  Cannot Connect To Service error. Housecalls and Hitman Pro did not find an issue. Initially, I couldn't open Windows Explorer. Icon on taskbar indicated no associated program. Fixed that in the registry. Weird intermittent errors like inability to open Services.msc, can't run Windows Update (sometimes just flashes past, other times it just runs and runs with no result) Tried safe mode with networking, no change. The fact that MWB won't run is my biggest flag though. 

Ran Farbar and here are the results files. Any ideas?

Addition.txt

FRST.txt

[Malwarebytes]

***This is an automated reply***

Hi,

Thanks for posting in the Malware Removal for Windows Help forum. Being infected is not fun and can be very frustrating to resolve, but don't worry because we have a team of experts here help you!!

Note: Please be patient. When the site is busy it can take up to 48 hours before a malware removal helper can assist you. If no one has replied to your new topic after 48 hours please contact a Moderator or Administrator to let them know.

 

First, if you haven't done so, please run a Threat Scan with the latest version of Malwarebytes. This may resolve your malware infection issue without the need for additional support. Click "Reveal Hidden Contents" below for details:

Spoiler

Malwarebytes can detect and remove most malware with no further actions required for free.

If you do not have Malwarebytes, please download it here and install. Be sure to post back the log as shown below.

1. Open Malwarebytes for Windows
2. To the left, click Scan > Scan Types.
   
3. Select Threat Scan. Threat Scan is the most thorough and recommended scan method available.
   
4. Click Start Scan

Next, if you're still experiencing issues after running Malwarebytes, then technical logs will be required to assist you. Click "Reveal Hidden Contents" below and follow the instructions to run the Farbar Recovery Scan Tool:

Spoiler

Don't use any temporary file cleaners unless requested - this can cause data loss and make a recovery difficult.

Please download the Farbar Recovery Scan Tool here and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

1. Double-click to run it. When the tool opens click Yes to the disclaimer.
2. Press the Scan button.
   
3. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
4. The first time the tool is run, it also makes another log (Addition.txt). If you've run it before it may not and you may need to select it manually.

Finally, attach the Malwarebytes Threat Scan, FRST.txt and Additional.txt logs to your reply. Before submitting your reply, be sure to enable "Notify me of replies" like so: 

Click "Reveal Hidden Contents" below for details on how to add attachments to your post.
Note: If you are unable to attach files, please copy and past the contents of the requested files in your Reply instead. 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

Please Note the Following:

• One of our expert helpers will give you one-on-one assistance when one becomes available.
• Refrain from making any further changes to your computer (such as Install/Uninstall programs, using special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.
• Do not 'bump' or add a reply to your topic once it is started. Topics which appear to have replies are considered to have a helper assisting them and may be overlooked, resulting in a longer waiting period for help
• If you're using Peer 2 Peer software such as uTorrent or similar, please completely disable it from running while being assisted here.

Troubleshooting Tips

• FAQ - Malwarebytes won't run or failed to resolve my issues
• Groups authorized to help with Malware Removal for Windows logs

[nasdaq]

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold via the Control Panel > Programs > Programs and Features.
Arcadesafari (HKU\S-1-5-21-3998426896-3379565100-2659692663-1000\...\Arcadesafari) (Version:  - Arcadesafari)
Daily Fitness Center Toolbar (HKLM-x32\...\DailyFitnessCenter_53bar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
<<<>>>

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click the Scan button and wait for the process to complete.
• Click the LogFile button and the report will open in Notepad.
  

IMPORTANT

• If you click the Clean button all items listed in the report will be removed.
  

If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click the Scan button and wait for the process to complete.
• Check off the element(s) you wish to keep.
• Click on the Clean button follow the prompts.
• A log file will automatically open after the scan has finished.
• Please post the content of that log file with your next answer.
• You can find the log file at C:\AdwCleanerCx.txt (x is a number).
  

===

Repair these services.

Boot with Safe Mode with Networking. Execute the following.

Please Download Tweaking.com - Windows Repair from Here

• Install and then run the program
• Execute the instructions on Step 1 Important
• Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
• On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
• Click Repairs - Open Repairs in the bottom right corner
• Uncheck the All repair button then select just the item(s) listed below
• 
  

  01 - Repair Registry Permissions
  03 - Reset Service permissions
  04 - Register System Files
  05 - Repair WMI
  10 - Remove Policies Set By Infections
  16 - Repair Windows Updates
  20 - Repair MSI (Windows Installer)
  25 - Restore Important Windows Services
  26 - Set Windows Service to Default Startup

• Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
• Please copy and paste the Contents of this file on your next reply.

===

Restart the computer normally.

How is the computer running now?

fixlist.txt

[NavionMI]

Hi, nasdaq...regards to Dow, Jones, Standard and Poors. 
Did as requested, and it improved things significantly. Went in to the registry and thoroughly deleted the ArcadeSafariThe biggest issue now is Windows Updates. I tried downloading the newest major service release from the MS catalog site, however after an hour of it churning away, it indicated that it was already installed (1709).  If I try to open the Updates section in settings, it just flashes away. That also applies if I try to update a device driver, like the network card which seemed intermittent. So I went into the properties and tried to update the driver. As soon as it went to look for an update, the window closed. Same in Safe Mode with Networking. 

Ran most of those tools a few times, and the hard drive is VERY busy (it's not the notorious Windows 10 disk at 100% bug) but I did manage to get the Windows Defender running again. 

Windows event viewer is giving me dozens of "Failed to Schedule Software Protection service..." errors

[nasdaq]

Hi,

Windows event viewer is giving me dozens of "Failed to Schedule Software Protection service..." errors

Navigate to this Microsoft page and execute the instructions.

https://answers.microsoft.com/en-us/windows/forum/windows_10-performance-winpc/error-failed-to-schedule-software-protection/380a4ea2-4c62-4358-a7df-eeef390980b8

Restart the computer normally.

Is the issue solved?

[NavionMI]

My results were pretty much the same as the original poster of that article, minus the happy ending with the update. The problem with mine, of course, is that I can't get updates to run. . 1) Service was already running and 2) Couldn't adjust any settings because they were grey'd out and 3) DISM did nothing. (Tweaking.exe does a pretty thorough DISM scrub as well as an SFC on it's own.) Any other ideas? 

[nasdaq]

Hi,

Try this. Follow the instructions on each step.

Locate the CMD.EXE and run it as an Administrator.

At the DOS prompt execute this command in bold.

net stop wuauserv

Renames the C:\Windows\SoftwareDistribution folder to C:\Windows\SoftwareDistribution.old , essentially clearing the Windows Update download cache so that it can start over.

Restart the Windows Update service net start wuauserv

Restart the computer normally.

How is it now?
<<<>>>

[NavionMI]

Nope. Tried that before contacting you. 

Also trying to create a new profile to hopefully update, and it's truly annoying because it doesn't want to let me create a local account, just log in with an MS account. I'll let you know hwo that goes. 

[NavionMI]

OK, creating a new profile is a no-go either. it will only allow creation of a MS account. Tried that, tried to log back in, it asks for a password, which it never set in the first place. So I go to another machine, create the MS login account with password, go back to the screwed machine, try logging in with MS account and PW, won't accept it. 

Looking at another article that mentions MS Store Aps flashing away. So I tried opening MS Store icon, and IT hangs. A-ha! Tried the MS Store troubleshooter: in Real mode, it indicates there's no MS account set. Go to settings, e-mail & account settings just has waving dots, no actual content in the screen. Tried in Safe mode, same thing. 

[NavionMI]

Well, here's a new one. Ever heard of the Windows Orchestrator Service? No, it doesn't go out and find you a new First Violin if yours is hit by a bus, it apparently runs Windows 10 update service, because the other 8 friggin' services weren't enough! It was disabled. Enaled and started...voila, as the Turks say. 

Thanks for you help.

[nasdaq]

Microsoft launched a Windows error code troubleshooting site.
Now you can finally get an answer on those strange error codes

Navigate to this pag.

https://support.microsoft.com/en-gb/help/10164/fix-windows-update-errors

It supports Windows 7, Windows 8.1 and Windows 10. The site offers different options based on the operating system you select. 

If you select Windows 10, you will be asked to download the Windows Update Troubleshooter and run it. For Windows 8.1 and Windows 7 users, you get different troubleshooters for their respective operating systems. 

Some of the repair options provided by the tool: 

Repair Windows Update Database corruption.
Repair Windows update components.
Fix Windows Firefox blocking connections to Windows Update on the PC.
Contact a network or system administrator, or ISP, to fix internet connectivity issues.
Check whether default Windows Update data locations have changed.
Fix improperly configured security settings, or missing settings.
Check for missing or corrupt files.
Fix service registration is missing or corrupt.
Fix system date and time aren’t correct.

It doesn't look like they spent a lot of time on this tool, but it should do its job and help get answers to error codes and fix the basic Windows problems users encounter.

Source:
http://www.networkworld.com/article/3152602/windows/microsoft-launches-a-windows-error-code-troubleshooting-site.html
----

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks