windows 7 can not check for updates because service is not running

Page 1 of 2 12 LastLast

  1. Posts : 11
    windows 7 home premium 64
       #1

    windows 7 can not check for updates because service is not running


    all security programs seem missing -- and is also preventing me from updating .NET files
      My Computer


  2. Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       #2

    Please download the Farbar Service Scanner from

    http://www.bleepingcomputer.com/download/farbar-service-scanner/

    Right-click on the saved file and select 'Run as Administrator', and tick all the options, then click on the Scan button - copy and paste the report to your response.

    Here's the summary from your CBS.log....
    Code:
     Line 3508: 2013-12-31 17:33:00, Info                  CSI    00000302 [SR] Repairing 1 components
     Line 3509: 2013-12-31 17:33:00, Info                  CSI    00000303 [SR] Beginning Verify and Repair transaction
     Line 3512: 2013-12-31 17:33:01, Info                  CSI    00000305 [SR] Cannot repair member file [l:22{11}]"secur32.dll" of Microsoft-Windows-LSA, Version = 6.1.7601.17856, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
     Line 3513: 2013-12-31 17:33:01, Info                  CSI    00000306 [SR] Repaired file \SystemRoot\WinSxS\Manifests\\[l:22{11}]"secur32.dll" by copying from backup
     Line 3516: 2013-12-31 17:33:01, Info                  CSI    00000308 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:22{11}]"secur32.dll" from store
     Line 3530: 2013-12-31 17:33:01, Info                  CSI    0000030b [SR] Repair complete


    It looks to me as if SFC properly corrected the error.

      My Computer


  3. Posts : 11
    windows 7 home premium 64
    Thread Starter
       #3

    thanks for quick response -- here is report

    Farbar Service Scanner Version: 05-12-2013
    Ran by Jeff Desktop (administrator) on 31-12-2013 at 19:35:11
    Running from "C:\Users\Jeff Desktop\Downloads"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.
    IE proxy is enabled.
    ProxyServer: http=127.0.0.1:50915;https=127.0.0.1:50915


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    wscsvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

    Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============
    Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
    Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
    Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.



    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
      My Computer


  4. Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       #4

    It looks to me as if you've had a severs malware infection - Sirefef or ZeroAccess, probably.
    Lets first check that it's not still present...
    follow the instructions to run the cleaner tool here - How do I remove Sirefef (ZeroAccess) trojan? - ESET Knowledgebase+

    IF that comes up negative, then download and install the Windows Repair (AiO) tool from here... http://www.tweaking.com/content/page...ll_in_one.html
    UNcheck ALL the options - then check only the "Restore Important Windows Services" option.
    run the tool and reboot, then run the Farbar Service Scanner again, and post the new results.
      My Computer


  5. Posts : 11
    windows 7 home premium 64
    Thread Starter
       #5

    ran the Sirefef -- believe it found and repaired one item --- went to tweaking.com -- a lot of downloading options ... can you direct me to correct one ? I see the pic with items to uncheck -- but could not get that pic to become an active option
      My Computer


  6. Posts : 11
    windows 7 home premium 64
    Thread Starter
       #6

    still unsure about tweaking.com -- can not get to page with options to uncheck -- here is Farbar report after running Sirefef scan .... Farbar Service Scanner Version: 05-12-2013
    Ran by Jeff Desktop (administrator) on 31-12-2013 at 20:19:31
    Running from "C:\Users\Jeff Desktop\Downloads"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.
    IE proxy is enabled.
    ProxyServer: http=127.0.0.1:50915;https=127.0.0.1:50915


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.

    Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is OK.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
      My Computer


  7. Posts : 11
    windows 7 home premium 64
    Thread Starter
       #7

    OK - did the tweaking.com scan -- so here is report after both scans ...

    Farbar Service Scanner Version: 05-12-2013
    Ran by Jeff Desktop (administrator) on 31-12-2013 at 20:47:51
    Running from "C:\Users\Jeff Desktop\Downloads"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
      My Computer


  8. Posts : 11
    windows 7 home premium 64
    Thread Starter
       #8

    Interesting ... Computer now running very slow ... But is now allowing me to check for updates ... Found approx 150 updates ... Starting with important updates ... But have unchecked .net updates ... As per your reco in other posts at this site ...
      My Computer


  9. Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       #9

    :) (Hey - someone actually takes notice of what I say! :))
    There's only one error left in the FarBar report

    Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


    The rest are normal.

    What Anti-Virus are you running? is it up-to-date?

    Please open an Elevated Command Prompt, and run the following commands...

    Code:
     
    REG QUERY "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}" /S
    REG QUERY "HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}" /S
    REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}" /S
     
    .
    Post the results.

    Here are some instructions to make life easier :)
    1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt.
    2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once.
    3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.
      My Computer


  10. Posts : 11
    windows 7 home premium 64
    Thread Starter
       #10

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation. All rights reserved.

    C:\Users\Jeff Desktop>REG QUERY "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Cur
    rentVersion\explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}"
    /S

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explore
    r\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}
    AutoStart REG_SZ


    C:\Users\Jeff Desktop>REG QUERY "HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F56F6F
    DD-AA9D-4618-A949-C1B91AF43B1A}" /S

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F56F6FDD-AA9D-4618-A949-C
    1B91AF43B1A}
    (Default) REG_SZ Action Center Shell Service Object

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F56F6FDD-AA9D-4618-A949-C
    1B91AF43B1A}\InProcServer32
    (Default) REG_EXPAND_SZ %SystemRoot%\System32\Actioncenter.dll
    ThreadingModel REG_SZ Free

    Running AT&T Internet Security Suite -- McAfee -- Security Center v 12.8, AV&SV v16.8, PF v 13.8, SA v 3.6, QC&Shred v12.8

    C:\Users\Jeff Desktop>REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}" /S
    ERROR: The system was unable to find the specified registry key or value.

    C:\Users\Jeff Desktop>
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 10:42.
Find Us