New
#1
windows 7 can not check for updates because service is not running
all security programs seem missing -- and is also preventing me from updating .NET files
all security programs seem missing -- and is also preventing me from updating .NET files
Please download the Farbar Service Scanner from
http://www.bleepingcomputer.com/download/farbar-service-scanner/
Right-click on the saved file and select 'Run as Administrator', and tick all the options, then click on the Scan button - copy and paste the report to your response.
Here's the summary from your CBS.log....
Code:Line 3508: 2013-12-31 17:33:00, Info CSI 00000302 [SR] Repairing 1 components Line 3509: 2013-12-31 17:33:00, Info CSI 00000303 [SR] Beginning Verify and Repair transaction Line 3512: 2013-12-31 17:33:01, Info CSI 00000305 [SR] Cannot repair member file [l:22{11}]"secur32.dll" of Microsoft-Windows-LSA, Version = 6.1.7601.17856, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch Line 3513: 2013-12-31 17:33:01, Info CSI 00000306 [SR] Repaired file \SystemRoot\WinSxS\Manifests\\[l:22{11}]"secur32.dll" by copying from backup Line 3516: 2013-12-31 17:33:01, Info CSI 00000308 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:22{11}]"secur32.dll" from store Line 3530: 2013-12-31 17:33:01, Info CSI 0000030b [SR] Repair complete
It looks to me as if SFC properly corrected the error.
thanks for quick response -- here is report
Farbar Service Scanner Version: 05-12-2013
Ran by Jeff Desktop (administrator) on 31-12-2013 at 19:35:11
Running from "C:\Users\Jeff Desktop\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
IE proxy is enabled.
ProxyServer: http=127.0.0.1:50915;https=127.0.0.1:50915
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
It looks to me as if you've had a severs malware infection - Sirefef or ZeroAccess, probably.
Lets first check that it's not still present...
follow the instructions to run the cleaner tool here - How do I remove Sirefef (ZeroAccess) trojan? - ESET Knowledgebase+
IF that comes up negative, then download and install the Windows Repair (AiO) tool from here... http://www.tweaking.com/content/page...ll_in_one.html
UNcheck ALL the options - then check only the "Restore Important Windows Services" option.
run the tool and reboot, then run the Farbar Service Scanner again, and post the new results.
ran the Sirefef -- believe it found and repaired one item --- went to tweaking.com -- a lot of downloading options ... can you direct me to correct one ? I see the pic with items to uncheck -- but could not get that pic to become an active option
still unsure about tweaking.com -- can not get to page with options to uncheck -- here is Farbar report after running Sirefef scan .... Farbar Service Scanner Version: 05-12-2013
Ran by Jeff Desktop (administrator) on 31-12-2013 at 20:19:31
Running from "C:\Users\Jeff Desktop\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
IE proxy is enabled.
ProxyServer: http=127.0.0.1:50915;https=127.0.0.1:50915
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
OK - did the tweaking.com scan -- so here is report after both scans ...
Farbar Service Scanner Version: 05-12-2013
Ran by Jeff Desktop (administrator) on 31-12-2013 at 20:47:51
Running from "C:\Users\Jeff Desktop\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
Interesting ... Computer now running very slow ... But is now allowing me to check for updates ... Found approx 150 updates ... Starting with important updates ... But have unchecked .net updates ... As per your reco in other posts at this site ...
:) (Hey - someone actually takes notice of what I say! :))
There's only one error left in the FarBar report
Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.
The rest are normal.
What Anti-Virus are you running? is it up-to-date?
Please open an Elevated Command Prompt, and run the following commands...
Post the results.Code:REG QUERY "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}" /S REG QUERY "HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}" /S REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}" /S .
Here are some instructions to make life easier :)
1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt.
2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once.
3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Jeff Desktop>REG QUERY "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Cur
rentVersion\explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}"
/S
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explore
r\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}
AutoStart REG_SZ
C:\Users\Jeff Desktop>REG QUERY "HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F56F6F
DD-AA9D-4618-A949-C1B91AF43B1A}" /S
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F56F6FDD-AA9D-4618-A949-C
1B91AF43B1A}
(Default) REG_SZ Action Center Shell Service Object
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F56F6FDD-AA9D-4618-A949-C
1B91AF43B1A}\InProcServer32
(Default) REG_EXPAND_SZ %SystemRoot%\System32\Actioncenter.dll
ThreadingModel REG_SZ Free
Running AT&T Internet Security Suite -- McAfee -- Security Center v 12.8, AV&SV v16.8, PF v 13.8, SA v 3.6, QC&Shred v12.8
C:\Users\Jeff Desktop>REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}" /S
ERROR: The system was unable to find the specified registry key or value.
C:\Users\Jeff Desktop>