One of my clients is having a issue with a windows 7 machine, I have tried multiple things that I could think of on the remote side.
I have tried using the fix bat to re-initiate the windows update services but it gives an error message.
I also have tried to do a FSS report and all it does is close (and delete itself)...
I've done a malwarebytes scan, it found minor items and deleted those.
Also, IE and Chrome are both giving the famous Virus Scan Failed on every downloaded file, which was why they called me in to repair the problem but this is a little bit strange to say the least. I tried editing the registry to get that fixed but the registry policy dword addition didn't fix that. What should I be doing when I go into the pc on-site tomorrow?
I used RKill on it and here's what it did.
E:\>rkill
Rkill 2.8.4 by Lawrence Abrams (Grinler)
BleepingComputer.com - News, Reviews, and Technical Support
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
RKill - What it does and What it Doesnt - A brief introduction to the program - Anti-Virus, Anti-Malware, and Privacy Software
Program started at: 06/07/2017 06:48:59 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Windows\system32\HPSIsvc.exe (PID: 5016) [WD-HEUR]
1 proccess terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Firewall Disabled
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolic
y\StandardProfile]
"EnableFirewall" = dword:00000000
Checking Windows Service Integrity:
* WinDefend (WinDefend) is not Running.
Startup Type set to: Disabled
* wuauserv (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)
Searching for Missing Digital Signatures:
(it closes after this and asks me if I want to check online for a solution....)
The reset windows update full.bat file does this...
E:\>resetwindowsupdatefull
The Background Intelligent Transfer Service service is not started.
More help is available by typing NET HELPMSG 3521.
Checking the bits service status.
STATE : 1 STOPPED
The wuauserv service is not started.
More help is available by typing NET HELPMSG 3521.
Checking the wuauserv service status.
STATE : 1 STOPPED
The Application Identity service is not started.
More help is available by typing NET HELPMSG 3521.
Checking the appidsvc service status.
STATE : 1 STOPPED
The Cryptographic Services service is stopping..
The Cryptographic Services service was stopped successfully.
Checking the cryptsvc service status.
STATE : 1 STOPPED
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
Deleted file - C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr
0.dat
Deleted file - C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr
1.dat
[SC] SetServiceObjectSecurity SUCCESS
[SC] SetServiceObjectSecurity SUCCESS
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
Current WinHTTP proxy settings:
Direct access (no proxy server).
The Background Intelligent Transfer Service service is starting.
The Background Intelligent Transfer Service service was started successfully.
The wuauserv service is starting.
The wuauserv service could not be started.
A system error has occurred.
System error 5 has occurred.
Access is denied.
The Application Identity service is starting.
The Application Identity service was started successfully.
The requested service has already been started.
More help is available by typing NET HELPMSG 2182.
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions
of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cm
dlets.
0 out of 0 jobs canceled.
C:\Windows\System32>
Any help would be greatly appreciated.
I have tried using the fix bat to re-initiate the windows update services but it gives an error message.
I also have tried to do a FSS report and all it does is close (and delete itself)...
I've done a malwarebytes scan, it found minor items and deleted those.
Also, IE and Chrome are both giving the famous Virus Scan Failed on every downloaded file, which was why they called me in to repair the problem but this is a little bit strange to say the least. I tried editing the registry to get that fixed but the registry policy dword addition didn't fix that. What should I be doing when I go into the pc on-site tomorrow?
I used RKill on it and here's what it did.
E:\>rkill
Rkill 2.8.4 by Lawrence Abrams (Grinler)
BleepingComputer.com - News, Reviews, and Technical Support
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
RKill - What it does and What it Doesnt - A brief introduction to the program - Anti-Virus, Anti-Malware, and Privacy Software
Program started at: 06/07/2017 06:48:59 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Windows\system32\HPSIsvc.exe (PID: 5016) [WD-HEUR]
1 proccess terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Firewall Disabled
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolic
y\StandardProfile]
"EnableFirewall" = dword:00000000
Checking Windows Service Integrity:
* WinDefend (WinDefend) is not Running.
Startup Type set to: Disabled
* wuauserv (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)
Searching for Missing Digital Signatures:
(it closes after this and asks me if I want to check online for a solution....)
The reset windows update full.bat file does this...
E:\>resetwindowsupdatefull
The Background Intelligent Transfer Service service is not started.
More help is available by typing NET HELPMSG 3521.
Checking the bits service status.
STATE : 1 STOPPED
The wuauserv service is not started.
More help is available by typing NET HELPMSG 3521.
Checking the wuauserv service status.
STATE : 1 STOPPED
The Application Identity service is not started.
More help is available by typing NET HELPMSG 3521.
Checking the appidsvc service status.
STATE : 1 STOPPED
The Cryptographic Services service is stopping..
The Cryptographic Services service was stopped successfully.
Checking the cryptsvc service status.
STATE : 1 STOPPED
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
Deleted file - C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr
0.dat
Deleted file - C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr
1.dat
[SC] SetServiceObjectSecurity SUCCESS
[SC] SetServiceObjectSecurity SUCCESS
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
Current WinHTTP proxy settings:
Direct access (no proxy server).
The Background Intelligent Transfer Service service is starting.
The Background Intelligent Transfer Service service was started successfully.
The wuauserv service is starting.
The wuauserv service could not be started.
A system error has occurred.
System error 5 has occurred.
Access is denied.
The Application Identity service is starting.
The Application Identity service was started successfully.
The requested service has already been started.
More help is available by typing NET HELPMSG 2182.
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions
of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cm
dlets.
0 out of 0 jobs canceled.
C:\Windows\System32>
Any help would be greatly appreciated.
My Computer
- Computer type
- PC/Desktop
- Computer Manufacturer/Model Number
- Hp dv6704 and dell latitude e5520
- OS
- Windows XP Pro SP3 and windows 7 ultimate
