Root Admin AdvancedSetup Posted March 16, 2021 Root Admin ID:1444973 Share Posted March 16, 2021 No problem 1 Link to post Share on other sites More sharing options...
Jeff7171 Posted March 16, 2021 Author ID:1444981 Share Posted March 16, 2021 Something showed up, but It looks like it only detected Malwarebytes as my primary antivirus. Thanks. Link to post Share on other sites More sharing options...
Jeff7171 Posted March 16, 2021 Author ID:1444983 Share Posted March 16, 2021 Oh, it's turned off. I think it's because of Malwarebytes. I'll try to enable Windows Defender. Link to post Share on other sites More sharing options...
Jeff7171 Posted March 16, 2021 Author ID:1444985 Share Posted March 16, 2021 Oh, crap. I think I did something bad. I quit Malwarebytes, and clicked Restart Now, and an error popped up: Link to post Share on other sites More sharing options...
Jeff7171 Posted March 16, 2021 Author ID:1444987 Share Posted March 16, 2021 5 minutes ago, Jeff7171 said: Oh, it's turned off. I think it's because of Malwarebytes. I'll try to enable Windows Defender. It's back to this state now. I just restarted my PC. I'll wait for your reply. I apologize. Link to post Share on other sites More sharing options...
Jeff7171 Posted March 16, 2021 Author ID:1444989 Share Posted March 16, 2021 Nevermind, I'm a bit impatient xD. I tried turning off Malwwarebytes inside it's settings, and tried to turn on Windows Defender again and this error popped up. I disabled this: Then I clicked this: Then this showed up: And I clicked Restart Now and this happened: Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 16, 2021 Root Admin ID:1444992 Share Posted March 16, 2021 Please open an elevated admin command prompt and type in the following SFC /SCANNOW Then copy / paste the following and press the Enter key DISM.exe /Online /Cleanup-image /Restorehealth Then run this one ECHO Y|CHKDSK C: /F Then restart the computer and let me know. Link to post Share on other sites More sharing options...
Jeff7171 Posted March 16, 2021 Author ID:1444993 Share Posted March 16, 2021 I keep enabling Real Time protection, but it's turning itself off. Then this happened again. Link to post Share on other sites More sharing options...
Jeff7171 Posted March 16, 2021 Author ID:1444994 Share Posted March 16, 2021 1 minute ago, AdvancedSetup said: Please open an elevated admin command prompt and type in the following SFC /SCANNOW Then copy / paste the following and press the Enter key DISM.exe /Online /Cleanup-image /Restorehealth Then run this one ECHO Y|CHKDSK C: /F Then restart the computer and let me know. Okay. Link to post Share on other sites More sharing options...
Jeff7171 Posted March 16, 2021 Author ID:1444995 Share Posted March 16, 2021 I'll keep Malwarebytes turned off for now, right? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 16, 2021 Root Admin ID:1444996 Share Posted March 16, 2021 Yes, you don't need the option enabled. You can keep it disabled and Malwarebytes and Windows Defender should both run just fine. 1 Link to post Share on other sites More sharing options...
Jeff7171 Posted March 16, 2021 Author ID:1444997 Share Posted March 16, 2021 Should I schedule the Check Disk? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 16, 2021 Root Admin ID:1444999 Share Posted March 16, 2021 Nope, it is already scheduled to run on restart Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 16, 2021 Root Admin ID:1445001 Share Posted March 16, 2021 I need to go take care of some plumbing issues. I'll try to be back on later tonight If it's still not working then please get me new FRST logs and I'll review them later tonight Thanks 1 Link to post Share on other sites More sharing options...
Jeff7171 Posted March 16, 2021 Author ID:1445003 Share Posted March 16, 2021 It didn't work. Here are the scans from FRST64. Thanks!FRST.txtAddition.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 16, 2021 Root Admin ID:1445006 Share Posted March 16, 2021 Please run the following again from an elevated admin command prompt Run each of these one-by-one pressing the Enter key after each line reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /s reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\WinDefend" /s sc qc SecurityHealthService sc queryex SecurityHealthService sc qc WinDefend sc queryex WinDefend Link to post Share on other sites More sharing options...
Jeff7171 Posted March 16, 2021 Author ID:1445007 Share Posted March 16, 2021 Here it is. Thanks. ________ Microsoft Windows [Version 10.0.18363.1379] (c) 2019 Microsoft Corporation. All rights reserved. C:\Windows\system32>reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /s HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService DependOnService REG_MULTI_SZ RpcSs Description REG_SZ @%systemroot%\system32\SecurityHealthAgent.dll,-1001 DisplayName REG_SZ @%systemroot%\system32\SecurityHealthAgent.dll,-1002 ErrorControl REG_DWORD 0x1 FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA00000100000060EA00000000000000000000 ImagePath REG_EXPAND_SZ %SystemRoot%\system32\SecurityHealthService.exe LaunchProtected REG_DWORD 0x2 ObjectName REG_SZ LocalSystem RequiredPrivileges REG_MULTI_SZ SeImpersonatePrivilege\0SeBackupPrivilege\0SeRestorePrivilege\0SeDebugPrivilege\0SeChangeNotifyPrivilege\0SeSecurityPrivilege\0SeAssignPrimaryTokenPrivilege\0SeTcbPrivilege\0SeSystemEnvironmentPrivilege\0SeShutdownPrivilege ServiceSidType REG_DWORD 0x1 Start REG_DWORD 0x3 Type REG_DWORD 0x10 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService\Security Security REG_BINARY 010014801C01000028010000140000003000000002001C000100000002801400FF010F000101000000000001000000000200EC0008000000000018009D00020001020000000000052000000021020000000014009D010200010100000000000512000000000018009D01020001020000000000052000000020020000000014009D000200010100000000000504000000000014009D00020001010000000000050600000000002800FD010200010600000000000550000000E5FE795FA0AE0D3B22FA0AC9015A413AE5A64AB700002800FF010F00010600000000000550000000B589FB381984C2CB5C6C236D5700776EC002648700002800FF010F00010600000000000550000000DB8C740FC27273F32B26B944771E4F027663B521010100000000000512000000010100000000000512000000 C:\Windows\system32>reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\WinDefend" /s HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\WinDefend EventMessageFile REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MpEvMsg.dll ParameterMessageFile REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MpEvMsg.dll ProviderGuid REG_SZ {11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78} TypesSupported REG_DWORD 0x7 C:\Windows\system32>sc qc SecurityHealthService [SC] QueryServiceConfig SUCCESS SERVICE_NAME: SecurityHealthService TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\SecurityHealthService.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Windows Security Service DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem C:\Windows\system32>sc queryex SecurityHealthService SERVICE_NAME: SecurityHealthService TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_PRESHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 15548 FLAGS : C:\Windows\system32>sc qc WinDefend [SC] OpenService FAILED 1060: The specified service does not exist as an installed service. C:\Windows\system32>sc queryex WinDefend [SC] EnumQueryServicesStatus:OpenService FAILED 1060: The specified service does not exist as an installed service. C:\Windows\system32> Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 16, 2021 Root Admin ID:1445009 Share Posted March 16, 2021 Sorry about that. I had an invalid entry there for the query. Please try again with these reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /s reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend" /s reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc" /s sc qc SecurityHealthService sc queryex SecurityHealthService sc qc WinDefend sc queryex WinDefend sc qc mpssvc sc queryex mpssvc Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 16, 2021 Root Admin ID:1445010 Share Posted March 16, 2021 Also, run the following for me from the Command Prompt dir /a /s MsMpEng.exe >MsMpEng_Locations.txt Then attach that file MsMpEng_Locations.txt Link to post Share on other sites More sharing options...
Jeff7171 Posted March 16, 2021 Author ID:1445011 Share Posted March 16, 2021 Microsoft Windows [Version 10.0.18363.1379] (c) 2019 Microsoft Corporation. All rights reserved. C:\Windows\system32>reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /s HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService DependOnService REG_MULTI_SZ RpcSs Description REG_SZ @%systemroot%\system32\SecurityHealthAgent.dll,-1001 DisplayName REG_SZ @%systemroot%\system32\SecurityHealthAgent.dll,-1002 ErrorControl REG_DWORD 0x1 FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA00000100000060EA00000000000000000000 ImagePath REG_EXPAND_SZ %SystemRoot%\system32\SecurityHealthService.exe LaunchProtected REG_DWORD 0x2 ObjectName REG_SZ LocalSystem RequiredPrivileges REG_MULTI_SZ SeImpersonatePrivilege\0SeBackupPrivilege\0SeRestorePrivilege\0SeDebugPrivilege\0SeChangeNotifyPrivilege\0SeSecurityPrivilege\0SeAssignPrimaryTokenPrivilege\0SeTcbPrivilege\0SeSystemEnvironmentPrivilege\0SeShutdownPrivilege ServiceSidType REG_DWORD 0x1 Start REG_DWORD 0x3 Type REG_DWORD 0x10 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService\Security Security REG_BINARY 010014801C01000028010000140000003000000002001C000100000002801400FF010F000101000000000001000000000200EC0008000000000018009D00020001020000000000052000000021020000000014009D010200010100000000000512000000000018009D01020001020000000000052000000020020000000014009D000200010100000000000504000000000014009D00020001010000000000050600000000002800FD010200010600000000000550000000E5FE795FA0AE0D3B22FA0AC9015A413AE5A64AB700002800FF010F00010600000000000550000000B589FB381984C2CB5C6C236D5700776EC002648700002800FF010F00010600000000000550000000DB8C740FC27273F32B26B944771E4F027663B521010100000000000512000000010100000000000512000000 C:\Windows\system32>reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend" /s ERROR: The system was unable to find the specified registry key or value. C:\Windows\system32>reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc" /s HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc DependOnService REG_MULTI_SZ mpsdrv\0bfe Description REG_SZ @%SystemRoot%\system32\FirewallAPI.dll,-23091 DisplayName REG_SZ @%SystemRoot%\system32\FirewallAPI.dll,-23090 ErrorControl REG_DWORD 0x1 FailureActions REG_BINARY 80510100000000000000000003000000140000000200000060EA00000200000060EA00000200000060EA0000 Group REG_SZ NetworkProvider ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p ObjectName REG_SZ NT Authority\LocalService RequiredPrivileges REG_MULTI_SZ SeAssignPrimaryTokenPrivilege\0SeAuditPrivilege\0SeChangeNotifyPrivilege\0SeCreateGlobalPrivilege\0SeImpersonatePrivilege\0SeIncreaseQuotaPrivilege ServiceSidType REG_DWORD 0x3 Start REG_DWORD 0x2 SvcHostSplitDisable REG_DWORD 0x1 SvcMemHardLimitInMB REG_DWORD 0x1b SvcMemMidLimitInMB REG_DWORD 0x14 SvcMemSoftLimitInMB REG_DWORD 0xc Type REG_DWORD 0x20 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\system32\mpssvc.dll ServiceDllUnloadOnStop REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters\ACService HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters\AppCs HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters\PortKeywords HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters\PortKeywords\DHCP HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters\PortKeywords\IPTLSIn HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters\PortKeywords\IPTLSOut HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters\PortKeywords\RPC-EPMap HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters\PortKeywords\Teredo HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Security Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF000F000101000000000001000000000200600004000000000014008500020001010000000000050B000000000014009F000E00010100000000000512000000000018009D000E0001020000000000052000000020020000000018008500000001020000000000052000000021020000010100000000000512000000010100000000000512000000 C:\Windows\system32>sc qc SecurityHealthService [SC] QueryServiceConfig SUCCESS SERVICE_NAME: SecurityHealthService TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\SecurityHealthService.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Windows Security Service DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem C:\Windows\system32>sc queryex SecurityHealthService SERVICE_NAME: SecurityHealthService TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_PRESHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 15548 FLAGS : C:\Windows\system32>sc qc WinDefend [SC] OpenService FAILED 1060: The specified service does not exist as an installed service. C:\Windows\system32>sc queryex WinDefend [SC] EnumQueryServicesStatus:OpenService FAILED 1060: The specified service does not exist as an installed service. C:\Windows\system32>sc qc mpssvc [SC] QueryServiceConfig SUCCESS SERVICE_NAME: mpssvc TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p LOAD_ORDER_GROUP : NetworkProvider TAG : 0 DISPLAY_NAME : Windows Defender Firewall DEPENDENCIES : mpsdrv : bfe SERVICE_START_NAME : NT Authority\LocalService C:\Windows\system32>sc queryex mpssvc SERVICE_NAME: mpssvc TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 4260 FLAGS : C:\Windows\system32>dir /a /s MsMpEng.exe >MsMpEng_Locations.txt File Not Found -------------- I don't get the "attach" part Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 16, 2021 Root Admin ID:1445015 Share Posted March 16, 2021 Just like all the other files you attached from FRST You click on the CHOOSE FILES... Link to post Share on other sites More sharing options...
Jeff7171 Posted March 16, 2021 Author ID:1445016 Share Posted March 16, 2021 I mean, what will I attach? Link to post Share on other sites More sharing options...
Jeff7171 Posted March 16, 2021 Author ID:1445017 Share Posted March 16, 2021 If it's this-- MsMpEng_Locations.txt -- Where do I get it? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 16, 2021 Root Admin ID:1445019 Share Posted March 16, 2021 I sent you a private message Link to post Share on other sites More sharing options...
Jeff7171 Posted March 16, 2021 Author ID:1445047 Share Posted March 16, 2021 (edited) Hi! It's fixed now. Maraming salamat, AdvancedSetup! 😊 Edited March 16, 2021 by Jeff7171 Link to post Share on other sites More sharing options...
Recommended Posts