gonzalo96 Posted January 15, 2021 ID:1432547 Share Posted January 15, 2021 Good morning, If you are reading this, first of all, let me thank you in advance for the time in this matter. I will put things into perspective, then put the respective files regarding the situation. I've been working non-stop for the last month, and I didn't notice that the windows defender was off, went to windows update, and there was an error: 0x80070057. After 3 long hours of trying diferent solutions, i managed to fix the problem by this solution: https://www.wintips.org/fix-windows-10-update-service-is-missing/#method-1 After a virus check with cmd.exe, there was 4 malware detected, eliminated with an anti virus from windows that lasts 10 days (thats what said in description can't recall the name of the anti virus). I really never used any extra anti-virus, always used windows defender only, so its not a conflict between anti-viruses. Windows update now working, the only thing missing is windows defender, and i found a very good article in this website: I had the same issues as this guy, did everything (except some steps, like deleting anti viruses), and his solution in the end of: starting windows in safe mode, allowed me to merge the respective file. at cmd.exe, the following messages appeard too: ''Result for WMIC SERVICE WHERE Name="windefend" set startmode="auto" was: Updating property(s) of '\\DESKTOP-PDP3S9S\ROOT\CIMV:Win32_Service.Name="WinDefend"' Property(s) update successful. Result for net start windefend was: The requested service has already been started. More help is available by typing NET HELPMSG 2182.'' Thinking this would be the fix of the problem, i restart the computer, and windows defender still shows blank, and doesnt start when I open windows. I really don't know what else to do. Addition.txt FRST.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 15, 2021 ID:1432549 Share Posted January 15, 2021 Hello @gonzalo96 I will take a look at your FRST files. Later on, I will make a new reply. Cheers, Maurice Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 15, 2021 ID:1432553 Share Posted January 15, 2021 As to the Powershell screen-grab ( above), the "commands" entered belong in a actual Command prompt and not in Powershell. That is why they did not work. I would caution to not automatically assume that advice or direction given to others can or should be used without expert guidance. A lot of times, directions on this forum by our expert helpers is customized specifically to one machine only. Then I would add that OS commands for Powershell are unique & different to it, and, are not the same syntax at all as the ones for a Command prompt ( CMD ). . Please do not do any other self-fixing while this case is open. Ask me first if you have questions as we go along; or if something is not clear. The first thing I need you to do is to use Windows File Explorer. Go to the folder Downloads Locate the FRST64.exe Use the mouse and do a RIGHT-click and select RENAME and rename the FRST64 to ENGLISHFRST.TXT 1 Link to post Share on other sites More sharing options...
gonzalo96 Posted January 15, 2021 Author ID:1432556 Share Posted January 15, 2021 Thank you for the quick reply. I did it in cmd.exe ( open as administrator) as you said before. I did not use Powershell like you told not to on the other thread. I successfully changed the name of the 'FRST64' to 'ENGLISHFRST.TXT''. I will wait for more instructions. Thank you for your time. 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 15, 2021 ID:1432566 Share Posted January 15, 2021 I have made a inadvertent & bad typo. I wrote the wrong extension. That has to be changed ! Locate the file we named ENGLISHFRST.TXT and rename it to ENGLISHFRST.EXE I am sorry for that typo. The script on this post is ONLY for this machine and NO other. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. The system will be rebooted after the script has run. . This custom script is for Gonzalo96 only / for this machine only. The custom Fix script is going to be used by the ENGLISHFRST tool. They will both work together as a pair. Please save the (attached file named) FIXLIST.txt to the Downloads folder The tool named ENGLISHFRST .exe tool is already on the Downloads Start the Windows Explorer and then, to the Downloads folder. RIGHT click on ENGLISHFRST.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity Please know this will do a Windows Restart. Just let it do its thing. Do let me know how things are overall, after all this The expectation after all this, is, that the Microsoft Windows Defender service is set to auto-start. That it will be active. That it will be the resident antivirus service. Fixlist.txt Link to post Share on other sites More sharing options...
gonzalo96 Posted January 15, 2021 Author ID:1432573 Share Posted January 15, 2021 Just finished doing the process. The system has restarted, still not working windows defender though. i will send a printscreen of how windows defender appears ( sorry my pc is in portuguese)Fixlog.txt i will translate the title: ''Security at glance''. Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 15, 2021 ID:1432579 Share Posted January 15, 2021 Lets do a new run with a new script. Find the old FIXLIST.TXT on Downloads folder & then Delete it. . The system will be rebooted after the script has run. . This custom script is for Gonzalo96 only / for this machine only. The custom Fix script is going to be used by the ENGLISHFRST tool. They will both work together as a pair. Please save the (attached file named) FIXLIST.txt to the Downloads folder The tool named ENGLISHFRST .exe tool is already on the Downloads Start the Windows Explorer and then, to the Downloads folder. RIGHT click on ENGLISHFRST.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity Please know this will do a Windows Restart. Just let it do its thing. Do let me know how things are overall, after all this The expectation after all this, is, that the Microsoft Windows Defender service is set to auto-start. That it will be active. That it will be the resident antivirus service. Fixlist.txt Link to post Share on other sites More sharing options...
gonzalo96 Posted January 15, 2021 Author ID:1432582 Share Posted January 15, 2021 Everything is the same, but this time i think I noticed something i might have done wrong the first time. When i download the 'Fixlist.txt' it said it contained virus and it just opened and closed. Now this second time, i open and manually saved at the download files to make sure its saved. Did everything like you said, the system has restarted. I am going to proceed to send the respective file. It just feels like the windows defender is not installed. I've noticed something too, when i do ''search of windows update'' it always says its updated, but sometimes it tries to download an update for windows defender, and just stays at 0% of ''installing'' and then disappears back to ''windows updated''. I will send a printscreen of this, sorry for the portuguese language on the printscreen. Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 15, 2021 ID:1432588 Share Posted January 15, 2021 Have patience and allow that Windows Update to finish. It likely just needs nore time. Do not do anything else on your won. Wait for my further reply later. But in the meantime, do this nex report. This next diagnostic will shed some lights about the Windows Update service state. Download Farbar's Service Scanner utility from this link and Save to your Desktop. Right-Click on fss.exe and select Run As Administrator. Answer Yes to ok when prompted. If your firewall then puts out a prompt, again, allow it to run. Once FSS is on-screen, be sure the following items are checkmarked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender Other services Click on "Scan". It will create a log (FSS.txt) in the same directory the tool is run. Attach FSS.txt into your reply. Link to post Share on other sites More sharing options...
gonzalo96 Posted January 15, 2021 Author ID:1432592 Share Posted January 15, 2021 Hello again, The link you sent was corrupted, it downloaded and then my computer proceeded to delete it automatically. So i went to a different website and download it, and I will send attached the FSS.txt. I am starting to notice something, correct me if I am wrong. I am supposed to not have the windows defender working, however its preventing some files from corrupting my computer somehow? I then tried to: ''Analyse with windows defender'' and it showed me this error: (i will translate from Portuguese) '' your IT administrator has limited access to some areas of this application and the item you tried to access is not available. For more information, contact IT technical support.'' ( i send print screen #2 attached in Portuguese with the error). Maybe i don't have permission to use windows defender in settings? yesterday when I was trying to fix this problem, I tried some stuff, and i did what is in this link: https://www.technipages.com/how-to-fix-windows-defender-wont-start Which didn't have any affect on the problem, but maybe this impacts the permissions of use? Hopefully I am not making this any more confusing to you sir, I am honestly just trying to think of what can be. I know its much easier when the computer is in front of you. As asked, i will send the FSS.txt FSS.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 15, 2021 ID:1432597 Share Posted January 15, 2021 I am reading this last note. As I tried to convey before, do not go hunting & searching outside resources or even other posts here. Please stop trying to self-fix on your own. Wait for my guidance. Here is what I would like you to do next. [ 1 ] The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download please select " FULL " scan from the scan option. Let me know the result of this. The log is named MSERT.log The log will be at C:\Windows\debug\msert.log Go ahead and do all the steps listed below too. [ 2 ] It appears that 2 Windows services need actions to be done. need you to get a download and then Save to a known area on your computer, and then "merge" it into the system. Such as DESKTOP or the Downloads folder. Click this link / then Download / then SAVE from https://download.bleepingcomputer.com/win-services/win-10/wuauserv.reg Once after wuauserv.reg is on your pc, go to that area ( that folder) and then RIGHT-click with your mouse and select MERGE and allow it to proceed and to merge into the system. Windows will show a confirmation when done. Next Click this link / then Download / then SAVE from https://download.bleepingcomputer.com/win-services/win-10/WinDefend.reg Once after windefend.reg is on your pc, go to that area ( that folder) and then RIGHT-click with your mouse and select MERGE and allow it to proceed and to merge into the system. Windows will show a confirmation when done. That done, my expectation is that this ought to be a tremendous help. So, next, please do a Windows Restart.. NEXT Just only a visual check. Press and hold the Windows-flag-key on keyboard and tap the *R* key to get the RUN menu option.type in services.msc and press Enter key. Scroll down the list. Look for "Microsoft Defender Antivirus Service".Does it show in the list as Running? Please attach the log C:\Windows\debug\msert.log with your reply. Link to post Share on other sites More sharing options...
gonzalo96 Posted January 15, 2021 Author ID:1432604 Share Posted January 15, 2021 Understood. I used this exact anti virus yesterday, did a full scan and it detected and eliminated 4 viruses in Windows/C: (sorry i cant remember the rest, should had taken a picture). I am doing it right now again. Once I finish this steps i will let you know. Link to post Share on other sites More sharing options...
gonzalo96 Posted January 15, 2021 Author ID:1432616 Share Posted January 15, 2021 Step 1 is finished. I am sending attached the result. You will notice the 4 viruses detected in the first one, and 0 on this last one that just finished. I will now start the 2nd step. I will give feedback once its concluded. msert.log Link to post Share on other sites More sharing options...
gonzalo96 Posted January 15, 2021 Author ID:1432620 Share Posted January 15, 2021 Update: I did everything as said, wuauserv was merged easily, WinDefend could only be merged in safe mode. However both are merged and i restarted the system in normal mode. I couldn't find Microsoft Defender Antivirus Service. Only thing i could find related to it, was the firewall of Microsoft Defender. When i try to use windows update, it shows Microsoft defender update again, and then just disappears again without me even doing anything and goes back to 'system updated. It's like it cant be updated, but no error or whatsoever. I sent the msert.log in the text above. Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 16, 2021 ID:1432673 Share Posted January 16, 2021 OK, the MS safety scanner reports zero virus / zero malware. Looking back on the FRST reports, I realize now that this pc does not have Malwarebytes for Windows. I am listing below, how to install it ( can be done without cost) & scan with it. Also to scan with Adwcleaner, just to be sure about adwares. Then another scan with a different security tool. We want to insure there is no actual malware at present. [ 1 ] Get and install Malwarebytes for Windows. See Download and install Malwarebytes for Windows – Malwarebytes Support [ 2 ] In Malwarebytes for Windows program, we want to do a special scan. Click Settings ( gear icon) at the top right of Malwarebytes window. We want to see the SETTINGS window. Then click the Security tab. Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON 👈 Click it to get it ON if it does not show a blue-color. Next, click the small x on the Settings line to go to the main Malwarebytes Window. Next click the blue button marked Scan. When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical. You can actually click ( tick ) the topmost left check-box on the very top line to get ALL lines ticked ( all selected). 👈 🔻 Then click on Quarantine selected. Then, locate the Scan run report; export out a copy; & then attach in with your reply. See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4 [ 3 ] Be sure you close all web browsers before you click on the "Scan" button on this next procedure. I would suggest to download, Save, and then run Malwarebytes ADWCLEANER. Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan. Adwcleaner detects factory Preinstalled applications too! Please download Malwarebytes AdwCleaner https://downloads.malwarebytes.com/file/adwcleaner Be sure to Save the file first, to your system. Saving to the Downloads folder should be the default on your system. Go to the folder where you saved Adwcleaner. Double click Adwcleaner to start it. At the prompt for license agreement, review and then click on I agree. You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner). Then click on Dashboard button. Click the blue button "Scan Now". allow it a few minutes to finish the Scan. Let it remove what it finds. NOTE: When it comes to the section " Pre-installed applications You can skip that. Please find and send the Adwcleaner "C" clean report. In Adwcleaner, click the "Reports" button. Look at the list of reports for the latest date & type "Clean". Double Click that line & it will open in Notepad. Save the file to your system and then Attach that with your reply. That C clean report will be the one with the most recent Date and time at folder C:\AdwCleaner\Logs [ 4 ] I would suggest a free scan with the ESET Online Scanner Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom). Press Continue when all done. You should click to off the offer for “periodic scanning”. We will do more later. Link to post Share on other sites More sharing options...
gonzalo96 Posted January 16, 2021 Author ID:1432729 Share Posted January 16, 2021 Good morning, I am sending attached the respective report files. Malwarebyte - detected 10 adwcleaner - detected 4 ESET anti-virus- Detected 0 Should I uninstall these programs now? Will they get in conflict between each other? AdwCleaner[C00] report.txt ESET txt.txt Malwarebyte report.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 16, 2021 ID:1432757 Share Posted January 16, 2021 You inquired Quote Will they get in conflict between each other? Answer, No. As to Quote Should I uninstall these programs now? There is no need to rush to do any of that. Adwcleaner you may keep and use on-demand to check for adwares. It is not a "installed" program. It is free-standing executable program to find adwares & P U P ( potentially unwanted programs). It is free to use, It's presence does not conflict. Malwarebytes for Windows is very handy. I suggest you keep it installed. I would just suggest one adjustment. Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center Click the Security Tab. Scroll down to "Windows Security Center" Click the selection to the left for the line "Always register Malwarebytes in the Windows Security Center". { all the way to the left side so that it is set to Off.} Close Malwarebytes when done. .. It is good to see the ESET scan app report no virus. We are done with it. You may delete the downloaded file named esetonlinescanner.exe . The scan by Malwarebytes for Windows did do cleanups that are quite handy, timely, and very helpful to this situation. It did remove a setting on the firewall from a Trojan.BitCoinMiner leftover trace & also PUM.Optional.DisabledSecurityCenter & also PUP.Optional.Restoro . Next, I need you to run one more custom script fix. The main goal on this is to remove one extremely suspicious driver file. This custom script is for Gonzalo96 only / for this machine only. This run may take something like 30 minutes or so. Lets do a new run with a new script. Find the old FIXLIST.TXT on Downloads folder & then Delete it. . The system will be rebooted after the script has run. The custom Fix script is going to be used by the ENGLISHFRST tool. They will both work together as a pair. Please save the (attached file named) FIXLIST.txt to the Downloads folder The tool named ENGLISHFRST .exe tool is already on the Downloads Start the Windows Explorer and then, to the Downloads folder. RIGHT click on ENGLISHFRST.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity Please know this will do a Windows Restart. Just let it do its thing. Do let me know how things are overall, after all this Fixlist.txt Link to post Share on other sites More sharing options...
gonzalo96 Posted January 16, 2021 Author ID:1432761 Share Posted January 16, 2021 Hello again sir, thank you for the effort on fixing this problem. I will send attached the respective fixlog. So, windows defender doesn't appear when I start windows, and still appears the same message at the control panel. I will send a printscreen. (read this when you see the printscreen): On the left side, should be all the icons/options of windows defender, like quickscan etc... and it just shows the same old message. Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 16, 2021 ID:1432771 Share Posted January 16, 2021 Thank you for the Fixlog. That run is a good run. Now then, please go real slow and let's not rush. Take your time. First, when Windows restarts, it takes time before all is loaded. And then, normally, it is not expected to have a visual notice about Microsoft Defender antivirus service. On the window titled "seguranca do windows" ( which in English means Windows Security ) you should click on the button that is marked "Abrir a seguranca do windows" and after that, see the new display on the window that follows. Link to post Share on other sites More sharing options...
gonzalo96 Posted January 16, 2021 Author ID:1432772 Share Posted January 16, 2021 I will do the translation of the print screen myself: Security at a glance See what happens with the safety and functional state of the device and take any necessary actions. Once again thank you for your time. Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 17, 2021 ID:1432841 Share Posted January 17, 2021 (edited) Hello. I have to say, that the situation here seems odd. Let us collect 2 different reports. [ 1 ] Please download RogueKiller (x64) using the link below. → http://download.adlice.com/api?action=download&app=roguekiller&type=x64 Save the file first, Close any running programs that you started on your own ( if any). Please disconnect any USB or external drives from the computer before you run this scan! Double-click RogueKillerx64.exe to run the program. Follow the prompts. If a browser window opens, close the window. In the HOME tab, click Scan button Next, on the Quick scan pane, click om the Start button to proceed. . Upon completion, a browser window may open. Close this window. Important: Please do not have RogueKiller remove any detected items. Click the HISTORY tab followed by Scan Reports. Double-click the scan log. Click Export TXT, enter a filename and save the file to your Desktop. Please attach the file in your next reply. [ 2 ] I would like you to run a tool named SecurityCheck to inquire on the current-security-update status of some applications. Download SecurityCheck by glax24 from here https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt Edited January 17, 2021 by Maurice Naggar Link to post Share on other sites More sharing options...
gonzalo96 Posted January 17, 2021 Author ID:1432843 Share Posted January 17, 2021 I know right... The only solution might be a reset, problem is I really don't know how to do it. I will send attached the respective files. Thank you Maurice. Rogue Report File.txt SecurityCheck.txt Link to post Share on other sites More sharing options...
gonzalo96 Posted January 17, 2021 Author ID:1432844 Share Posted January 17, 2021 By the way, nothing was found by the RogueKiller. Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 17, 2021 ID:1432850 Share Posted January 17, 2021 Thanks for the reports. Just hold on. I now think it is a situation of a registry value that is specific to Microsoft Defender that effectively prevents the dis[lay. Just hold on with me here. I would very much like to gather a different report about the Defender preference, by using a Elevated Command prompt. What follows is a first step to have Windows 10 show all files and folder. Do not let this spook you out. There is a how-to at Tenforums. Use either option one or two or three https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html Using a Command prompt. On the Windows taskbar , on the Windows search box, type in cmd.exe and then look at the entire list of choices, and click on Run as Administrator. It is best to use COPY & Paste for the following. paste into the Command prompt window powershell get-mppreference >%userprofile%\Desktop\myprefs.txt press Enter-key on keyboard to run this inquiry. Allow a minute for it to finish. When finished, the command prompt window should return with the flashing right-arrow caret symbol. When it is all completed, there will be a new text file on the Desktop named Quote myprefs.txt Please attach that file with your next reply. There will be more to do. I expect on the next round we will do a special adjustment. Link to post Share on other sites More sharing options...
gonzalo96 Posted January 17, 2021 Author ID:1432854 Share Posted January 17, 2021 Hello again... I am afraid the command is having no effect on cmd.exe I write it, and nothing happens. I did the step 1, ''show all files and folders''. I took a print screen of that to show you, and a print screen of my cmd.exe. Link to post Share on other sites More sharing options...
Recommended Posts