Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Well .. if no one can help .. where to next ?

14 Jun 2013   #91
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

That's the log from ServicesRepair.exe

The log I was referring to is from Farbar Service Scanner . The program should be called FSS.exe


My System SpecsSystem Spec
.
14 Jun 2013   #92
MikePD

Windows 7 Home Premium 64 bit SP1
 
 

Farbar Service Scanner Version: 31-05-2013 01
Ran by Mike's (administrator) on 14-06-2013 at 17:19:43
Running from "E:\"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-06-12 16:26] - [2013-05-08 07:39] - 1910632 ____A (Microsoft Corporation) 9849EA3843A2ADBDD1497E97A85D8CAE
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2013-06-12 16:26] - [2013-05-13 06:51] - 0184320 ____A (Microsoft Corporation) D8129C49798CBBFB2E4351D4B7B8EF9C

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll Reparse point on file detected.
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log **
My System SpecsSystem Spec
14 Jun 2013   #93
MikePD

Windows 7 Home Premium 64 bit SP1
 
 

Looking like death to me :-(
My System SpecsSystem Spec
.

14 Jun 2013   #94
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Open notepad one more time .

Inside notepad . Paste the highlighted text below .

Start
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
End


Save the file as Fixlist.txt to your Desktop . Make sure FRST64.exe and Fixlist.txt are on the desktop .

Right click on FRST64.exe and choose click on Yes button on the disclaimer window .

On the Farbar Recovery Scan Tool click on the Fix button . Once done it will create a Fixlog.txt on the Desktop . Restart and upload that file .
My System SpecsSystem Spec
14 Jun 2013   #95
MikePD

Windows 7 Home Premium 64 bit SP1
 
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-06-2013
Ran by Mike's at 2013-06-14 17:38:34 Run:2
Running from C:\Users\Mike's\Desktop
Boot Mode: Normal
==============================================
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
==== End of Fixlog ====
My System SpecsSystem Spec
14 Jun 2013   #96
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

I apologize Mike . Can you run FSS.exe one more time . Trying to see if we fixed the Defender service .
My System SpecsSystem Spec
14 Jun 2013   #97
MikePD

Windows 7 Home Premium 64 bit SP1
 
 

Farbar Service Scanner Version: 31-05-2013 01
Ran by Mike's (administrator) on 14-06-2013 at 17:43:43
Running from "E:\"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-06-12 16:26] - [2013-05-08 07:39] - 1910632 ____A (Microsoft Corporation) 9849EA3843A2ADBDD1497E97A85D8CAE
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2013-06-12 16:26] - [2013-05-13 06:51] - 0184320 ____A (Microsoft Corporation) D8129C49798CBBFB2E4351D4B7B8EF9C
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****
My System SpecsSystem Spec
14 Jun 2013   #98
MikePD

Windows 7 Home Premium 64 bit SP1
 
 

I wonder if these virus creators are watching this and enjoying the moment ?
My System SpecsSystem Spec
14 Jun 2013   #99
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Ok back inside the FRST64.exe programs copy and paste this to the Search box

tcpip.sys;cryptsvc.dll

Click the Search File(s) button
My System SpecsSystem Spec
14 Jun 2013   #100
MikePD

Windows 7 Home Premium 64 bit SP1
 
 

Farbar Recovery Scan Tool (x64) Version: 13-06-2013
Ran by Mike's at 2013-06-14 18:02:40
Running from C:\Users\Mike's\Desktop
Boot Mode: Normal
================== Search: "tcpip.sys;cryptsvc.dll" ===================
C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[2013-06-12 16:26] - [2013-05-11 05:59] - 0142848 ____A (Microsoft Corporation) AC04D05309BB2C418D0D80B9FB014642
C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[2013-06-12 16:26] - [2013-05-10 06:06] - 0142848 ____A (Microsoft Corporation) E122AA1C9A3CC46FF9DDDE46E5EB0C58
C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[2012-10-10 08:15] - [2012-06-02 05:52] - 0142336 ____A (Microsoft Corporation) 063DD65889D21035311463337BD268E7
C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2012-06-14 16:41] - [2012-04-24 05:28] - 0142336 ____A (Microsoft Corporation) 21993009E0CCB9B4FA195F14D3408626
C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[2013-06-12 16:26] - [2013-05-13 05:45] - 0140288 ____A (Microsoft Corporation) 3897DFF247D9ED0006190349DE264E14
C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[2013-06-12 16:26] - [2013-05-10 05:49] - 0140288 ____A (Microsoft Corporation) 33ADF6E0853AB39EA1723BE82842C1D3
C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[2012-10-10 08:15] - [2012-06-02 05:36] - 0140288 ____A (Microsoft Corporation) 96C0E38905CFD788313BE8E11DAE3F2F
C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2012-06-14 16:41] - [2012-04-24 05:36] - 0140288 ____A (Microsoft Corporation) 06E771AA596B8761107AB57E99F128D7
C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2010-11-21 04:24] - [2010-11-21 04:24] - 0136192 ____A (Microsoft Corporation) A585BEBF7D054BD9618EDA0922D5484A
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_11d29984961f0be0\tcpip.sys
[2013-06-12 16:26] - [2013-05-08 07:14] - 1900392 ____A (Microsoft Corporation) 3E94650745D4DAB67E161F5F32CEA597
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[2013-02-18 08:26] - [2013-01-04 06:47] - 1901416 ____A (Microsoft Corporation) B8C1AAC0523E1C33AEB0EF7572144BA2
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2012-11-16 11:32] - [2012-10-03 18:44] - 1902472 ____A (Microsoft Corporation) D5707FC2300AA5B04B7BFE86D40C0133
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[2012-09-12 09:32] - [2012-08-22 19:06] - 1901936 ____A (Microsoft Corporation) 7880A26B7D3B96FDA8EFD9F985036B1D
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2012-06-06 18:03] - [2012-03-30 11:26] - 1901424 ____A (Microsoft Corporation) 885B202006EE17AE99B9FBCEC9AF88C9
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_11278ac57d1aa96b\tcpip.sys
[2013-06-12 16:26] - [2013-05-08 07:39] - 1910632 ____A (Microsoft Corporation) 9849EA3843A2ADBDD1497E97A85D8CAE
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2013-02-18 08:26] - [2013-01-03 07:00] - 1913192 ____A (Microsoft Corporation) B62A953F2BF3922C8764A29C34A22899
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2012-11-16 11:32] - [2012-10-03 18:56] - 1914248 ____A (Microsoft Corporation) 37608401DFDB388CAF66917F6B2D6FB0
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys
[2012-09-12 09:32] - [2012-08-22 19:12] - 1913200 ____A (Microsoft Corporation) F782CAD3CEDBB3F9FFE3BF2775D92DDC
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2012-06-06 18:03] - [2012-03-30 12:35] - 1918320 ____A (Microsoft Corporation) ACB82BDA8F46C84F465C1AFA517DC4B9
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2010-11-21 04:24] - [2010-11-21 04:24] - 1924480 ____A (Microsoft Corporation) 509383E505C973ED7534A06B3D19688D
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_d4a24ea4ca968363\cryptsvc.dll
[2013-06-12 16:26] - [2013-05-11 06:18] - 0186880 ____A (Microsoft Corporation) 8122252F0A4ACFA92FA0C1D50D18493B
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_d4a14e5aca976a0c\cryptsvc.dll
[2013-06-12 16:26] - [2013-05-10 06:18] - 0186880 ____A (Microsoft Corporation) CA13C4F92BEE66DB48E58AB3223DDF6E
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_d4ab184aca903d4f\cryptsvc.dll
[2012-10-10 08:15] - [2012-06-04 08:52] - 0186880 ____A (Microsoft Corporation) 7E7D2DACF65D750D466F36BD3D09AE20
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll
[2012-06-14 16:41] - [2012-04-24 06:22] - 0186880 ____A (Microsoft Corporation) B7337E9C9E5936355BB700AA33E0936E
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_d3f73fe5b19220ee\cryptsvc.dll
[2013-06-12 16:26] - [2013-05-13 06:51] - 0184320 ____A (Microsoft Corporation) D8129C49798CBBFB2E4351D4B7B8EF9C
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_d3f63f9bb1930797\cryptsvc.dll
[2013-06-12 16:26] - [2013-05-10 06:49] - 0184320 ____A (Microsoft Corporation) 7FDC4626B01106A8EF328C88C7C0DEE3
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_d3fc6569b18d7211\cryptsvc.dll
[2012-10-10 08:15] - [2012-06-02 06:41] - 0184320 ____A (Microsoft Corporation) 9C01375BE382E834CC26D1B7EAF2C4FE
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
[2012-06-14 16:41] - [2012-04-24 06:37] - 0184320 ____A (Microsoft Corporation) 4F5414602E2544A4554D95517948B705
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2010-11-21 04:24] - [2010-11-21 04:24] - 0177152 ____A (Microsoft Corporation) 15597883FBE9B056F276ADA3AD87D9AF
C:\Windows\SysWOW64\cryptsvc.dll
[2013-06-12 16:26] - [2013-05-13 05:45] - 0140288 ____A (Microsoft Corporation) 3897DFF247D9ED0006190349DE264E14
C:\Windows\System32\cryptsvc.dll
[2013-06-12 16:26] - [2013-05-13 06:51] - 0184320 ____A (Microsoft Corporation) D8129C49798CBBFB2E4351D4B7B8EF9C
C:\Windows\System32\drivers\tcpip.sys
[2013-06-12 16:26] - [2013-05-08 07:39] - 1910632 ____A (Microsoft Corporation) 9849EA3843A2ADBDD1497E97A85D8CAE
C:\Users\Mike's\Documents\xp bak\My Documents\driverback\CRYPTSVC.DLL
[2012-06-15 09:48] - [2004-08-04 05:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B
C:\Users\Mike's\Documents\xp bak\My Documents\driverback\tcpip.sys
[2012-06-15 09:51] - [2005-05-25 20:04] - 0359808 ____A (Microsoft Corporation) 88763A98A4C26C409741B4AA162720C9
====== End Of Search ======
My System SpecsSystem Spec
Reply

 Well .. if no one can help .. where to next ?




Thread Tools Search this Thread
Search this Thread:

Advanced Search



Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 14:05.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App