Maurice Naggar Posted September 27, 2020 ID:1410135 Share Posted September 27, 2020 Thanks for the OTL reports. Thanks very much. Yes, yea verily, the key is not there, after many attempts to put it in there ( in my past custom script runs). There is something here that seems a bit goofy. Have much patience till my next reply. 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 27, 2020 ID:1410172 Share Posted September 27, 2020 Again, Thank you so much for the OTL reports. I have a small run for you to do. This goal here is to make a few tweaks in registry related to system policies , some relating to admin & some to turn on Windows User Account Control. To that end, I am attaching one zip file. Save it to the desktop first. Then Extract the content to the Desktop. You ought to then have a reg file named Polsys.reg Double-click on Polsys.reg and let it proceed & let it merge. Please advise about the run. We will do more later. polsys.zip 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 28, 2020 ID:1410226 Share Posted September 28, 2020 After completing the preceding procedure ( with the polsys from the preceding post of mine ) Here is the next one. Just please be sure to do the prior one. . You may want to print out or copy these instructions to Notepad for offline reference!These steps are for the originator only PieterC. If you are a casual viewer, do NOT try this on your system! If you are not the Original Poster and have a similar problem, do NOT post here; start your own topic Download the attached file OTLFIX.txt and SAVE to your DESKTOP Start NOTEPAD Start NOTEPAD. Check and make sure "word wrap" is off. From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked. IF it -is- check-marked, click that one time so that it is un-checked. Open the OTLFIX.txt that you saved Copy ALL the lines to the clipboard by clicking once at the top & then pressing CTRL +A keys to select ALL of them and pressing CTRL + C keys now, right-click on the file OTL.exe & and choose Run As Administrator to start it. Right click in the white-box (under the aqua-blue bar) and choose Paste. [ where it says Custom scans / fixes near the bottom ] Using your mouse, click on the red-lettered button Run Fix .[ near top left of screen ] Once you see a message box "Fix complete! Click OK to open the fix log." Click the OK button The log will open in Notepad (your default text editor). Save the log. Attach that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present. You can put the log into a ZIP file and attach that with your reply. OTLFIX.txt 1 Link to post Share on other sites More sharing options...
PieterC Posted September 28, 2020 Author ID:1410274 Share Posted September 28, 2020 polsys.reg merged successfully. OTL fix executed, 09282020_102438.log attached. Still unable to set some values? Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 28, 2020 ID:1410286 Share Posted September 28, 2020 Good morning. I do not see any attachment in last reply. You may have to put the file into a ZIP file & then attach that. Then, elaborate on just what ""unable to set some values"" . I am happy to read that the polsys run did merge. I do need to review this last log. . Here is the other parts I would suggest to do now. The goal at hand t this time is just to see about Windows Defender. First, do one Windows RESTART from the Start menu. and then do as much as you can, as far as you can, of what follows. ( if needed use the visual cues to turn on Windows Defender ) Do a manual Check for Update for Windows Defender by using the Windows Settings menu. From the Start menu, select Settings, then select Update and Security. Next, look at the left-side menu & select Windows Security Next, In Windows Security section: Click on the grey button Open Windows Security . Now, click on the shield Virus and threat protection By the way, when you see a green check-mark on your display, it means a good status and that protection is on. On the next display, look at all the options. Look down the list and see "Check for Updates" which I have highlighted with a blue icon. You can click on that to have the system check for updates for Windows Defender. Please also note that the Scan options (all) can be displayed by clicking on Scan options. ( You can do Quick, Full, or Custom). Link to post Share on other sites More sharing options...
PieterC Posted September 28, 2020 Author ID:1410287 Share Posted September 28, 2020 Here the log file again in RAR file. My remark concerning "unable to set some values" comes from the log file. The last instructions resulted i the screens that I enclose. Open "Windows Security" led to OpenWindowsSecurity.jpg "Nu opnieuw opstarten" (New start now) led to StartNow.jpg So no changes there, I'm afraid Still like this job? 09282020_102438.rar Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 28, 2020 ID:1410293 Share Posted September 28, 2020 I wanted to take a moment & ask about something I noticed, that logical drives S T U V W X Z were mentioned as being drives . Question: Is this machine on a organization or business network ? Link to post Share on other sites More sharing options...
PieterC Posted September 28, 2020 Author ID:1410295 Share Posted September 28, 2020 No those are my NAS stations Link to post Share on other sites More sharing options...
PieterC Posted September 28, 2020 Author ID:1410297 Share Posted September 28, 2020 Or, more correctly, the networklocations that I gave to subdirectories on my NAS Link to post Share on other sites More sharing options...
PieterC Posted September 28, 2020 Author ID:1410299 Share Posted September 28, 2020 Or, still more correctly, the driveletters I gave to subdirectories on my NAS Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 28, 2020 ID:1410369 Share Posted September 28, 2020 Hello. I would like for you to download and save one cleanup tool. And then following that, do two things while in SAFE mode of Windows. Study this article or perhaps see about printing it ) for use belowhttps://support.microsoft.com/nl-nl/help/12376/windows-10-start-your-pc-in-safe-mode Recalling that this machine had had in the past Avast antivirus, I feel firmly we have been dealing with some sort of residual effect. I very much would like for you to run the tool to do a cleanup of any traces of Avast. Get / save the AVAST removal tool saving it to DESKTOP ( just do not run it yet } https://support.avast.com/en-us/article/Uninstall-Antivirus-Utility/ Next Start PC in safe mode in Windows 10 from Settings ( Dutch language )https://support.microsoft.com/nl-nl/help/12376/windows-10-start-your-pc-in-safe-mode See about using the top method by clicking / expanding the section on this article marked Alles verbergen. Then once in Windows Safe mode Locate the Avast uninstall utility on the DESKTOP and then run the tool. Next, again, Restart Windows back into Safe mode ( just like the time above) Look on the Desktop for the reg file WinDefend.reg Double-click on WinDefend.reg and allow it to Merge / monitor the process Link to post Share on other sites More sharing options...
PieterC Posted September 28, 2020 Author ID:1410393 Share Posted September 28, 2020 In Safe Mode, after executing your suggestions, Windefend.reg did merge successfully! As I do not know if you plan furher actions first, I have NOT tried to get Defender working yet. What's next? Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 28, 2020 ID:1410418 Share Posted September 28, 2020 That is a good sign. ☺️ 😸 We want the Windows system back in normal mode. Then I would like you to run a few commands that I had mentioned previously. Open an elevated command prompt window i.e. run Command Prompt as an administrator . To Get the elevated command prompt, press Windows-key + X key and then selected Command prompt ( Admin ) It is best to use the Windows Copy ( CTRL+ C ) and paste ( CTRL+V ) for the whole line, as-is On that command prompt, Copy & Paste this command WMIC SERVICE WHERE Name="windefend" CALL ChangeStartMode "automatic" press Enter-key on keyboard and watch & write down the result Next Copy & Paste this command WMIC SERVICE WHERE Name="windefend" CALL startservice press Enter-key on keyboard and watch & write down the result When these succeed, you ought to be able to go into Windows >> Settings >> Update & Security >> Windows Security >> Virus and Threat protection then click on Quick scan button Link to post Share on other sites More sharing options...
PieterC Posted September 28, 2020 Author ID:1410428 Share Posted September 28, 2020 Yeah!, Quick scan worked, however when I try to open Windows Security to activate Defender I get this screen. Translation: Virus- and Threat security Automatic sampling is off. Your device is vulnerable. Result of scan: 0 threats found Link to post Share on other sites More sharing options...
PieterC Posted September 28, 2020 Author ID:1410429 Share Posted September 28, 2020 Also the results of the WMIC commands WMIC command results.txt 1 Link to post Share on other sites More sharing options...
PieterC Posted September 28, 2020 Author ID:1410435 Share Posted September 28, 2020 Maurice, or should I say: MASTER Naggar: I think you nailed it. Defender is back and functioning. Only the icon in the hidden pictograms box does not appear. Already very happy! Thank you. Link to post Share on other sites More sharing options...
PieterC Posted September 28, 2020 Author ID:1410436 Share Posted September 28, 2020 1 Link to post Share on other sites More sharing options...
PieterC Posted September 28, 2020 Author ID:1410451 Share Posted September 28, 2020 Checked the firewall: this message appears: "Microsoft Defender Firewall uses configuration that can make your device unsafe." Clicked "Instellingen herstellen" (repair settings): nothing happened. Is this next problem? Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 28, 2020 ID:1410460 Share Posted September 28, 2020 The Security / threat protection GUI area that you were in should have the mechanism to turn on what you need. Also, you can checkout this article at Tenforums How to Restore Default Windows Defender Firewall Settings in Windows 10 https://www.tenforums.com/tutorials/70749-restore-default-windows-defender-firewall-settings-windows-10-a.html By the way, the earlier image of the Windows Defender status displays appeared quite normal. I mean the one 2 posts earlier than here. . One other thing you may consider is a tweaking-tool from Microsoft called Configure Defender https://www.bleepingcomputer.com/news/microsoft/windows-10-defenders-hidden-features-revealed-by-this-free-tool/ I would suggest you only select the Default selection button. Quote "ConfigureDefender utility is a small GUI application to view and configure important Defender settings on Windows 10. It uses PowerShell cmdlets, with a few exceptions to change the Windows Defender settings," ConfigureDefender's GitHub page explains. Link to post Share on other sites More sharing options...
PieterC Posted September 29, 2020 Author ID:1410584 Share Posted September 29, 2020 Hi Maurice, There is still something wrong. I tried all the options from tenforums.com. The resulting screen are enclosed. ConfigureDefender is run with the default button, but to no avail. Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 29, 2020 ID:1410646 Share Posted September 29, 2020 Your already have the FSS.exe report tool. Lets get a fresh report. Later on, we can do some other steps. Right-Click on fss.exe and select Run As Admisnitrator. Answer Yes to ok when prompted. If your firewall then puts out a prompt, again, allow it to run. Once FSS is on-screen, be sure the following items are checkmarked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender Other services Click on "Scan". It will create a log (FSS.txt) in the same directory the tool is run. Attach the report file FSS.txt into your reply. Link to post Share on other sites More sharing options...
PieterC Posted September 29, 2020 Author ID:1410647 Share Posted September 29, 2020 Called this one fss2.txt FSS2.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 29, 2020 ID:1410658 Share Posted September 29, 2020 I'm going to guide you one service at a time. mpssvc is the service for the Windows Defender Firewall. its startup type is supposed to be automatic Open an elevated command prompt window i.e. run Command Prompt as an administrator . To Get the elevated command prompt, press Windows-key + X key and then selected Command prompt ( Admin ) It is best to use the Windows Copy ( CTRL+ C ) and paste ( CTRL+V ) for the whole line, as-is On that command prompt, Copy & Paste this command WMIC SERVICE WHERE Name="mpssvc" CALL ChangeStartMode "automatic" press Enter-key on keyboard and watch & let me know if it succeeds Next Copy & Paste this command WMIC SERVICE WHERE Name="mpssvc" CALL startservice press Enter-key on keyboard and watch & let me know if it succeeds Next Copy & Paste this command sc queryex mpssvc press Enter-key on keyboard On that, I just only need to know if it is shown as " running " Link to post Share on other sites More sharing options...
PieterC Posted September 29, 2020 Author ID:1410659 Share Posted September 29, 2020 results: Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 29, 2020 ID:1410675 Share Posted September 29, 2020 Hello Pieter. mpsdrv is Windows Defender Firewall Authorization Driver service & it is one of the services that is needed for the other service mpssvc This next link listed below is to a registry file that I need for you to SAVE as is to the Desktop RIGHT click the link with your mouse-pointer and select SAVE ...as.... & guide the folder for saving to DESKTOP ( do not double click / do not 'run' the file / nor open ) https://download.bleepingcomputer.com/win-services/win-10/mpsdrv.reg Next Start PC in safe mode in Windows 10 from Settings ( Dutch language )https://support.microsoft.com/nl-nl/help/12376/windows-10-start-your-pc-in-safe-mode Look on the Desktop for the reg file WinDefend.reg Double-click on mpsdrv.reg and allow it to Merge / monitor the process When that is done, please RESTART Windows back into normal mode. After that is done, and it is settled in, the system Security should be much better. Just a reminder, that all this is entirely outside of the realm and scope of the Malwarebytes application. All of this situation is all about having had a 3rd party antivirus & its after-effects. Link to post Share on other sites More sharing options...
Recommended Posts