New
#11
what type of infections were they?
Do you have an Anti-Virus installed? which one? Do a full system scan and report the results.
what type of infections were they?
Do you have an Anti-Virus installed? which one? Do a full system scan and report the results.
I have narrowed down the problem and attached 2 files. Windows Installer Service could not be accessed.
I uninstalled AVG and downloaded Avast Free Antivirus. No viruses detected. When I ran Malware-bytes Free it detected 55 PUP files. Those were quarantined & deleted.
OK - let's have a look at a few more services...
Please download the Farbar Service Scanner from
http://www.bleepingcomputer.com/download/farbar-service-scanner/
Right-click on the saved file and select 'Run as Administrator', and tick all the options, then click on the Scan button - copy and paste the report to your response.
Farbar Service Scanner Version: 17-01-2015
Ran by CoolerMaster (administrator) on 26-05-2015 at 10:48:01
Running from "C:\Users\CoolerMaster\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
OK - PLease open an Elevated Command Prompt, and run the following commands
REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msiserver /S
SC START msiserver
SC QC msiserver
SC QUERYEX msiserver
post the results.
Here are some instructions to make life easier :)
1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt.
2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once.
3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\CoolerMaster>REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Serv
ices\msiserver /S
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msiserver
DisplayName REG_SZ @%SystemRoot%\system32\msimsg.dll,-27
ImagePath REG_EXPAND_SZ %systemroot%\system32\msiexec /V
Description REG_SZ @%SystemRoot%\system32\msimsg.dll,-32
ObjectName REG_SZ LocalSystem
ErrorControl REG_DWORD 0x1
Start REG_DWORD 0x3
Type REG_DWORD 0x10
DependOnService REG_MULTI_SZ rpcss
ServiceSidType REG_DWORD 0x1
RequiredPrivileges REG_MULTI_SZ SeTcbPrivilege\0SeCreatePagefilePrivil
ege\0SeLockMemoryPrivilege\0SeIncreaseBasePriorityPrivilege\0SeCreatePermanentPr
ivilege\0SeAuditPrivilege\0SeSecurityPrivilege\0SeChangeNotifyPrivilege\0SeProfi
leSingleProcessPrivilege\0SeImpersonatePrivilege\0SeCreateGlobalPrivilege\0SeAss
ignPrimaryTokenPrivilege\0SeRestorePrivilege\0SeIncreaseQuotaPrivilege\0SeShutdo
wnPrivilege\0SeTakeOwnershipPrivilege\0SeLoadDriverPrivilege
FailureActions REG_BINARY 84030000000000000000000003000000140000000100
0000C0D4010001000000E09304000000000000000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msiserver\Enum
0 REG_SZ Root\LEGACY_MSISERVER\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1
C:\Users\CoolerMaster>SC START msiserver
SERVICE_NAME: msiserver
TYPE : 10 WIN32_OWN_PROCESS
STATE : 2 START_PENDING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x1
WAIT_HINT : 0xbb8
PID : 1468
FLAGS :
C:\Users\CoolerMaster>SC QC msiserver
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: msiserver
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\msiexec /V
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Installer
DEPENDENCIES : rpcss
SERVICE_START_NAME : LocalSystem
C:\Users\CoolerMaster>SC QUERYEX msiserver
SERVICE_NAME: msiserver
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1468
FLAGS :
C:\Users\CoolerMaster>
That all looks normal - for Windows XP!
It's not normal for Windows 7 (or at least, it's not the same as any of my installs).
Please open an Elevated Command Prompt, and run the following command
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msiserver\Enum
Then reboot and try WIndows Update again - do a new Check for updates, and then attempt to install ONLY the oldest found update - what happens?
Followed your instructions and only attempted to install the oldest update.
Security Update for Microsoft .NET Framework 4 on Windows Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 x64 (KB2972215) Published 9/9/2014
Download size: 25.8 MB
You may need to restart your computer for this update to take effect.
Update type: Important
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.
More information:
MS14-053: Description of the security update for the .NET Framework 4 for Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: September 9, 2014
Keeps showing up as a New Update.
Windows Malicious Software Removal Tool x64 - May 2015 (KB890830)
Installation date: 5/25/2015 11:36 AM
Installation status: Successful
Update type: Important
After the download, this tool runs one time to check your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps remove any infection that is found. If an infection is found, the tool will display a status report the next time that you start your computer. A new version of the tool will be offered every month. If you want to manually run the tool on your computer, you can download a copy from the Microsoft Download Center, or you can run an online version from microsoft.com. This tool is not a replacement for an antivirus product. To help protect your computer, you should use an antivirus product.
More information:
The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running supported versions of Windows
Help and Support:
Microsoft Support