Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Windows Update Service Not Running


21 Oct 2013   #1

Windows 7 Home Premium 64Bit
 
 
Windows Update Service Not Running

Hi, I have read about this issue with other users, saying Windows can not update, please restart. I also ran the Elevated Command Prompt with the following commands

NET START BFE
NET START BITS
NET START WUAUSERV
NET START TRUSTEDINSTALLER

and the results came back as:

C:\Users\Chris>NET START BFE
The Service name is invalid.
More help is available by typing NET HELPMSG 2185.

C:\Users\Chris>NET START BITS
System error 5 has occured.

Access is denied.

C:\Users\Chris>NET START WUAUSERV
The service name is invalid.
More help is available by typing NET HELPMSG 2185.

C:\Users\Chris>NET START TRUSTEDINSTALLER
System error 5 has occured.

Access is denied.

I also looked at Services and its seems that the Windows update is missing entirely
and when i tried to install this update: Update for Windows 7 for x64-based Systems (KB982018)it verified my windows but came back with this i recive an error ''installer encountered an error 0x80070424''

Any help getting my Windows update restarted would be greatly appreciated.

Many thanks and Kind Regards in advance

Chris


My System SpecsSystem Spec
.

21 Oct 2013   #2

Windows 7 Home Premium 64Bit
 
 

Further to my ppost, I just found some rootkits which maybe are causing the problem?

Performing miscellaneous checks:
* ALERT: ZEROACCESS rootkit symptoms found!
* C:\Users\Chris\AppData\Local\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\ [ZA Dir]
* C:\Users\Chris\AppData\Local\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\@ [ZA File]
* C:\Users\Chris\AppData\Local\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\L\ [ZA Dir]
* C:\Users\Chris\AppData\Local\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\U\ [ZA Dir]
* C:\Windows\installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\ [ZA Dir]
* C:\Windows\installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\@ [ZA File]
* C:\Windows\installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\L\ [ZA Dir]
* C:\Windows\installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\U\ [ZA Dir]
Checking Windows Service Integrity:
* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual
* BFE [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]
* SharedAccess [Missing ImagePath]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* No issues found.
Program finished at: 10/21/2013 12:14:54 PM
Execution time: 0 hours(s), 4 minute(s), and 1 seconds(s)

When I run TDSS rootkit removing tool and Malwarebytes it can not find anything to remove... if this is to blame, has anyone got any hints, many thanks Chris
My System SpecsSystem Spec
21 Oct 2013   #3

Microsoft Community Contributor Award Recipient

Win 7 x64 Home Premium (and x86 VirtualBox VM)
 
 

Please downloadthe Farbar Service Scanner from



http://www.bleepingcomputer.com/download/farbar-service-scanner/



Right-click onthe saved file and select 'Run as Administrator', and tick all the options,then click on the Scan button - copy and paste the report to your response.
My System SpecsSystem Spec
.


21 Oct 2013   #4

Windows 7 Home Premium 64Bit
 
 

Farbar Service Scanner Version: 20-10-2013
Ran by Chris (administrator) on 21-10-2013 at 15:11:33
Running from "C:\Users\Chris\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is offline

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Parameters\FirewallPolicy\FirewallRules" registry key. The key does not exist.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****
My System SpecsSystem Spec
21 Oct 2013   #5

Microsoft Community Contributor Award Recipient

Win 7 x64 Home Premium (and x86 VirtualBox VM)
 
 

I think you'd better make sure the machine is clean before we take steps to repair the current damage.
I'm going to ask a malware specialist to come in and advise...
stay tuned
My System SpecsSystem Spec
21 Oct 2013   #6
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

I see this in the log above: " * ALERT: ZEROACCESS rootkit symptoms found!"

Do you have the log from TDSS rootkit removing tool saved? If not, please run another scan with the tool and post the contents of that log.
My System SpecsSystem Spec
22 Oct 2013   #7

Windows 7 Home Premium 64Bit
 
 

Hi, this is the original log that I saved.

kill 2.6.2 by Lawrence Abrams (Grinler)
Bleeping Computer - Technical Support and Computer Help
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
RKill - What it does and What it Doesn't - A brief introduction to the program - Anti-Virus and Anti-Malware Software
Program started at: 10/21/2013 12:10:53 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]
Backup Registry file created at:
C:\Users\Chris\Desktop\rkill\rkill-10-21-2013-12-11-31.reg
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* ALERT: ZEROACCESS rootkit symptoms found!
* C:\Users\Chris\AppData\Local\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\ [ZA Dir]
* C:\Users\Chris\AppData\Local\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\@ [ZA File]
* C:\Users\Chris\AppData\Local\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\L\ [ZA Dir]
* C:\Users\Chris\AppData\Local\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\U\ [ZA Dir]
* C:\Windows\installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\ [ZA Dir]
* C:\Windows\installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\@ [ZA File]
* C:\Windows\installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\L\ [ZA Dir]
* C:\Windows\installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\U\ [ZA Dir]
Checking Windows Service Integrity:
* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual
* BFE [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]
* SharedAccess [Missing ImagePath]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* No issues found.
Program finished at: 10/21/2013 12:14:54 PM
Execution time: 0 hours(s), 4 minute(s), and 1 seconds(s)
My System SpecsSystem Spec
22 Oct 2013   #8
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Okay, that's an Rkill log.




Download http://www.bleepingcomputer.com/download/tdsskiller/

and save it to your Desktop
  • Extract the file and run it.
  • Once completed it will create a log in the root directory (usually C:\).
  • Please post the contents of that log in your next reply.
My System SpecsSystem Spec
23 Oct 2013   #9

Windows 7 Home Premium 64Bit
 
 

So sorry I was rushing, i had already done a TDSSKiller scan but have done a fresh one anyway:

Here Goes the shortened version, I have enclosed the full version as an attachement, as it wouldn't fit on. If you need the full version posting just let me know.

17:19:55.0308 0x189c TDSS rootkit removing tool 3.0.0.14 Oct 15 2013 15:35:38
============================================================
17:19:58.0488 0x189c Current date / time: 2013/10/23 17:19:58.0488
17:19:58.0488 0x189c SystemInfo:
17:19:58.0488 0x189c
17:19:58.0488 0x189c OS Version: 6.1.7601 ServicePack: 1.0
17:19:58.0488 0x189c Product type: Workstation
17:19:58.0488 0x189c ComputerName: CHRIS-PC
17:19:58.0488 0x189c UserName: Chris
17:19:58.0488 0x189c Windows directory: C:\Windows
17:19:58.0488 0x189c System windows directory: C:\Windows
17:19:58.0488 0x189c Running under WOW64
17:19:58.0488 0x189c Processor architecture: Intel x64
17:19:58.0488 0x189c Number of processors: 4
17:19:58.0488 0x189c Page size: 0x1000
17:19:58.0488 0x189c Boot type: Normal boot
17:19:58.0488 0x189c ============================================================
17:20:01.0868 0x189c Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:20:01.0868 0x189c ============================================================
17:20:01.0868 0x189c \Device\Harddisk0\DR0:
17:20:01.0868 0x189c MBR partitions:
17:20:01.0868 0x189c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1388000
17:20:01.0868 0x189c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13BA800, BlocksNum 0x7530000
17:20:01.0888 0x189c \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x88EB000, BlocksNum 0x31A9A800
17:20:01.0888 0x189c ============================================================
17:20:01.0908 0x189c C: <-> \Device\Harddisk0\DR0\Partition2
17:20:01.0938 0x189c D: <-> \Device\Harddisk0\DR0\Partition3
17:20:01.0938 0x189c ============================================================
17:20:01.0938 0x189c Initialize success
17:20:01.0938 0x189c ============================================================
17:20:05.0798 0x0d3c ============================================================
17:20:05.0798 0x0d3c Scan started
17:20:05.0798 0x0d3c Mode: Manual;
17:20:05.0798 0x0d3c ============================================================
17:20:05.0798 0x0d3c KSN ping started
17:20:29.0088 0x0d3c KSN ping finished: true
17:20:29.0698 0x0d3c ================ Scan system memory ========================
17:20:29.0698 0x0d3c System memory - ok
17:20:29.0698 0x0d3c ================ Scan services =============================
============================================================
17:21:17.0248 0x0d3c Scan finished
17:21:17.0248 0x0d3c ============================================================
17:21:17.0258 0x1130 Detected object count: 0
17:21:17.0258 0x1130 Actual detected object count: 0
17:22:02.0878 0x186c Deinitialize success


Attached Files
File Type: txt TDSSKiller.3.0.0.14_23.10.2013_17.19.55_log.txt (197.0 KB, 3 views)
My System SpecsSystem Spec
23 Oct 2013   #10
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Well, you have something going on here, but it doesn't appear to be a "Rootkit" at this point.

Download DDS from one of these links:
DDS.com
DDS.pif
  • Disable any script blocking protection
  • Double click the dds icon to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt <--- will be minimized in the task tray
  • Save both reports to your desktop.
Include the contents of both logs in your next post.
The scan will instruct you to post Attach.txt as an attachment.
My System SpecsSystem Spec
Reply

 Windows Update Service Not Running




Thread Tools



Similar help and support threads for2: Windows Update Service Not Running
Thread Forum
Windows Update Service Not Running Windows Updates & Activation
Solved Windows Update, service not running Windows Updates & Activation
windows update service is not running !!! Windows Updates & Activation
Solved Windows update service not running. Windows Updates & Activation
Windows Update service not running Windows Updates & Activation

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:04 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33