New
#71
Log in normally, not in Safe Mode.
I've run this MGDiag on normal boot.
Please downloadthe Farbar Service Scanner from
http://www.bleepingcomputer.com/download/farbar-service-scanner/
Right-click onthe saved file and select 'Run as Administrator', and tick all the options,then click on the Scan button - copy and paste the report to your response.
Thank, I'll give you the report shortly.
Here you are :
Code:Farbar Service Scanner Version: 13-09-2013 Ran by Welson Oktario (administrator) on 14-09-2013 at 14:47:23 Running from "C:\Users\Welson Oktario\Desktop" Microsoft Windows 7 Ultimate Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is set to Disabled. The default start type is Auto. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll [2013-04-05 01:00] - [2013-04-05 01:00] - 0317952 ____A (Microsoft Corporation) 3249F4E4DBF1BD24B40DFF385F2511D4 C:\Windows\System32\drivers\afd.sys [2013-04-05 01:08] - [2013-04-05 01:08] - 0498176 ____A (Microsoft Corporation) 3F3CF42B66819B811EFF648289508EF7 C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2013-08-17 04:09] - [2013-08-17 04:09] - 1900992 ____A (Microsoft Corporation) B27F13153343BC37A27EAE01634D94E1 C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll [2013-04-05 01:08] - [2013-04-05 01:08] - 0706560 ____A (Microsoft Corporation) 7399BA470E5D59EC8551E054ABD2C53A C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\iphlpsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe [2013-04-05 01:08] - [2013-04-05 01:08] - 0027136 ____A (Microsoft Corporation) DFDE777FAF31DC25E3624E8071073146 C:\Windows\System32\rpcss.dll [2013-04-05 01:08] - [2013-04-05 01:08] - 0512000 ____A (Microsoft Corporation) F3EF088F45BE326B4EDAC8C1C5A35105 **** End of log ****
You appear to have disabled the Windows Update service?
Please open an Elevated COmmand Prompt, and run the following commands...
SC QC SPPSVC
SC QC SPPUINOTIFY
SC QC WSCSVC
SC QC EVENTSYSTEM
SC QC WINMGMT
Post the results.
Here are some instructions to make lifeeasier :)
1) To open anElevated Command Prompt Window (the ECP window), click on Start, All Programs,Accessories – then right-click on Command Prompt, and select Run asAdministrator. Accept the UAC prompt.
2) To run thecommands easier, highlight the block of commands, and right-click on thehighlight – select Copy. In the CP Window, click on the black/white icon at topleft – select Paste. The commands will run but may not complete the lastcommand, so hit the Enter Key once.
3) To copy theresults... click on the Black/White icon in the top left, and select Edit...'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to pasteit into your response.
Here you are
Code:Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32>SC QC SPPSVC [SC] QueryServiceConfig SUCCESS SERVICE_NAME: SPPSVC TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START (DELAYED) ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\sppsvc.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Software Protection DEPENDENCIES : RpcSs SERVICE_START_NAME : NT AUTHORITY\NetworkService C:\Windows\system32>SC QC SPPUINOTIFY [SC] QueryServiceConfig SUCCESS SERVICE_NAME: SPPUINOTIFY TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalService LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : SPP Notification Service DEPENDENCIES : EventSystem SERVICE_START_NAME : NT AUTHORITY\LocalService C:\Windows\system32>SC QC WSCSVC [SC] QueryServiceConfig SUCCESS SERVICE_NAME: WSCSVC TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START (DELAYED) ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\System32\svchost.exe -k LocalServiceNetw orkRestricted LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Security Center DEPENDENCIES : RpcSs : winmgmt SERVICE_START_NAME : NT AUTHORITY\LocalService C:\Windows\system32>SC QC EVENTSYSTEM [SC] QueryServiceConfig SUCCESS SERVICE_NAME: EVENTSYSTEM TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalService LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : COM+ Event System DEPENDENCIES : rpcss SERVICE_START_NAME : NT AUTHORITY\LocalService C:\Windows\system32>SC QC WINMGMT [SC] QueryServiceConfig SUCCESS SERVICE_NAME: WINMGMT TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 0 IGNORE BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Windows Management Instrumentation DEPENDENCIES : RPCSS SERVICE_START_NAME : localSystem
Here you are the missing one :)
Code:Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32>SC QC WATADMINSVC [SC] QueryServiceConfig SUCCESS SERVICE_NAME: WATADMINSVC TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 4 DISABLED ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\Wat\WatAdminSvc.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Windows Activation Technologies Service DEPENDENCIES : SERVICE_START_NAME : LocalSystem C:\Windows\system32>