Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible virus, Diagnostic Policy Service is nonfunctional, Unable to

Started by Kristin51505 , Feb 02 2014 04:56 PM

  • Please log in to reply

#16
SleepyDude
Posted 06 February 2014 - 05:04 PM

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,975 posts
Hi,

Unfortunately the fix didn't run as expected, let's try a different one...


Step 1 - FRST Fix

!!! WARNING !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...

  • Open Notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy.)
  • Right-click in the open Notepad and select Paste.
  • Save it on the Desktop as fixlist.txt
    (It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work!)

    cmd: c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\45512895.sys" /f
    cmd: c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\47996404.sys" /f
    cmd: c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\51270607.sys" /f
    cmd: c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\90111080.sys" /f
    cmd: c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\93752228.sys" /f
    cmd: c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\96369202.sys" /f
    cmd: c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\45512895.sys" /f
    cmd: c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\47996404.sys" /f
    cmd: c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\51270607.sys" /f
    cmd: c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\90111080.sys" /f
    cmd: c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\93752228.sys" /f
    cmd: c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\96369202.sys" /f

  • Run FRST/FRST64 and press the Fix button just once and Wait. After the fix the system needs to restart if the tool does not request it please Restart the computer.
  • The tool will make a log (Fixlog.txt) on the same location as FRST/FRST64 please post it in your next reply.


Things I would like to see in your next reply:
  • The Fixlog.txt log

  • 0

Advertisements

#17
Kristin51505
Posted 08 February 2014 - 07:20 PM

Kristin51505

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Hi SleepyDude,

Sorry for the late reply, I didn't see that you'd posted on the second page! Anyway, here's the log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2014 04
Ran by Kristin at 2014-02-08 17:15:39 Run:3
Running from C:\Users\Kristin\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
cmd: c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\45512895.sys" /f
cmd: c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\47996404.sys" /f
cmd: c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\51270607.sys" /f
cmd: c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\90111080.sys" /f
cmd: c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\93752228.sys" /f
cmd: c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\96369202.sys" /f
cmd: c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\45512895.sys" /f
cmd: c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\47996404.sys" /f
cmd: c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\51270607.sys" /f
cmd: c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\90111080.sys" /f
cmd: c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\93752228.sys" /f
cmd: c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\96369202.sys" /f
*****************


========= c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\45512895.sys" /f =========

The operation completed successfully.


========= End of CMD: =========


========= c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\47996404.sys" /f =========

The operation completed successfully.


========= End of CMD: =========


========= c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\51270607.sys" /f =========

The operation completed successfully.


========= End of CMD: =========


========= c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\90111080.sys" /f =========

The operation completed successfully.


========= End of CMD: =========


========= c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\93752228.sys" /f =========

The operation completed successfully.


========= End of CMD: =========


========= c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\96369202.sys" /f =========

The operation completed successfully.


========= End of CMD: =========


========= c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\45512895.sys" /f =========

The operation completed successfully.


========= End of CMD: =========


========= c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\47996404.sys" /f =========

The operation completed successfully.


========= End of CMD: =========


========= c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\51270607.sys" /f =========

The operation completed successfully.


========= End of CMD: =========


========= c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\90111080.sys" /f =========

The operation completed successfully.


========= End of CMD: =========


========= c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\93752228.sys" /f =========

The operation completed successfully.


========= End of CMD: =========


========= c:\windows\system32\reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\96369202.sys" /f =========

The operation completed successfully.


========= End of CMD: =========


==== End of Fixlog ====
  • 0

#18
SleepyDude
Posted 09 February 2014 - 09:14 AM

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,975 posts
Hi Kristin,

Finally the last fix run correctly, it seems there is some system configuration error that we need to check ...

Step 1 - FRST Fix

  • Open Notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy.)
  • Right-click in the open Notepad and select Paste.
  • Save it on the Desktop as fixlist.txt
    (It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work!)

    cmd: c:\windows\system32\reg.exe query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment"

  • Run FRST/FRST64 and press the Fix button just once and Wait. After the fix the system needs to restart if the tool does not request it please Restart the computer.
  • The tool will make a log (Fixlog.txt) on the same location as FRST/FRST64 please post it in your next reply.


Step 2 - Fix Windows Services

Download the ESET services repair tool, and save it to the flash drive, copy the ServicesRepair.exe to the Desktop of the infected computer.
  • Double-click ServicesRepair Posted Image
    (On Windows Vista and above right click the icon and choose Run as Administrator, accept the security warning)
  • On the prompt This utility will reinstall Services commonly removed by exploits. Click Yes to proceed.
  • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
  • A log will be saved in the CCSupport folder the tool created on your Desktop, please post the content in your next reply.


Step 3 - Farbar Service Scanner

  • Run FSS by double clicking the Posted Image icon
    (On Windows Vista or higher right click the file and select Run as Administrator)
    Posted Image
  • Check all the options
  • click Scan
  • Post the generated log on your reply (The FSS.txt log is saved to the same folder where FSS is run from).


Things I would like to see in your next reply:
  • The Fixlog.txt log
  • The ServicesRepair log
  • The FSS.txt log

  • 0

#19
Kristin51505
Posted 09 February 2014 - 04:53 PM

Kristin51505

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Hi SleepyDude,

I'm so glad it finally worked! Here are the logs for you:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2014 04
Ran by Kristin at 2014-02-09 14:32:05 Run:4
Running from C:\Users\Kristin\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
cmd: c:\windows\system32\reg.exe query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment"
*****************


========= c:\windows\system32\reg.exe query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" =========


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
FP_NO_HOST_CHECK REG_SZ NO
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE REG_SZ AMD64
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
USERNAME REG_SZ SYSTEM
windir REG_EXPAND_SZ %SystemRoot%
PROCESSOR_LEVEL REG_SZ 6
PROCESSOR_IDENTIFIER REG_SZ Intel64 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_REVISION REG_SZ 0f0d
NUMBER_OF_PROCESSORS REG_SZ 2
TRACE_FORMAT_SEARCH_PATH REG_EXPAND_SZ \\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
DFSTRACINGON REG_EXPAND_SZ FALSE
CLASSPATH REG_SZ .;C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
QTJAVA REG_SZ C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
PSModulePath REG_EXPAND_SZ %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\


========= End of CMD: =========


==== End of Fixlog ====


Log Opened: 2014-02-09 @ 14:35:28
14:35:28 - -----------------
14:35:28 - | Begin Logging |
14:35:28 - -----------------
14:35:28 - Fix started on a WIN_VISTA X64 computer
14:35:28 - Prep in progress. Please Wait.
14:35:29 - Prep complete
14:35:29 - Repairing Services Now. Please wait...
14:35:29 - Services Repair Complete.
14:35:41 - Reboot Initiated



Farbar Service Scanner Version: 02-02-2014
Ran by Kristin (administrator) on 09-02-2014 at 14:38:56
Running from "C:\Users\Kristin\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.
Checking LEGACY_bfe: ATTENTION!=====> Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: ATTENTION!=====> Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-02-13 14:11] - [2013-01-04 03:31] - 1423720 ____A (Microsoft Corporation) 0E970F59D7FBB838316176B19A2ADB82

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-10-10 05:20] - [2012-06-01 16:20] - 0174592 ____A (Microsoft Corporation) CA78B312C44E4D52E842C2C8BD48E452

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#20
SleepyDude
Posted 10 February 2014 - 08:07 AM

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,975 posts
Hi Kristin,

The last steps didn't fix the problems reported by FSS, we have to use a different method...

Step 1 - OTL Fix

  • Open Notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy.)
  • Right-click in the open Notepad and select Paste.
  • Save it on the flash drive as fix.txt then copy the file to the Desktop of the infected computer
  • Make sure you have also OTL on the Desktop of the infected computer
    (It's important that both files, OTL and fix.txt are in the same location or the fix will not work!)

    :Commands
    [CreateRestorePoint]

    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
    Path3=hex(2):"%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Java\jre7\bin"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MPSSVC]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MPSSVC\0000]
    "Service"="MpsSvc"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="@%SystemRoot%\\system32\\FirewallAPI.dll,-23090"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFE]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFE\0000]
    "Service"="BFE"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="@%SystemRoot%\\system32\\bfe.dll,-1001"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SDRSVC]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SDRSVC\0000]
    "Service"="SDRSVC"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="@%SystemRoot%\\system32\\sdrsvc.dll,-107"

    :COMMANDS
    [EMPTYTEMP]
    [REBOOT]

  • Right click on the icon Posted Image and choose Run as Administrator to execute the tool. Make sure all other windows are closed.
    Do not change any other settings unless otherwise told to do so.
  • click the Posted Image button at the top.
  • On the prompt "No fix has been provided!" click Ok and select to open the fix.txt file on the Desktop
  • Let the program run uninterrupted.
  • click OK
Notes:
  • The report should appear in Notepad after the reboot. Copy & Paste that report in your next reply and not as attachment.
  • The OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - where mmddyyy _hhmmss is the date and time when the fix run.


Step 2 - Farbar Service Scanner

  • Run FSS by double clicking the Posted Image icon
    (On Windows Vista or higher right click the file and select Run as Administrator)
    Posted Image
  • Check all the options
  • click Scan
  • Post the generated log on your reply (The FSS.txt log is saved to the same folder where FSS is run from).


Things I would like to see in your next reply:
  • The OTL Fix log
  • The FSS.txt log

  • 0

#21
Kristin51505
Posted 10 February 2014 - 09:53 PM

Kristin51505

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Hi SleepyDude,

Here are the two logs you asked for; the OTL log says that a file failed to move so I'm not sure if it worked, or maybe it only partially worked. Thanks again for all of your help so far! I have a feeling that my computer is being more difficult than expected and I appreciate you sticking with me :)

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path3|hex(2):"%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Java\jre7\bin" /E : value set successfully!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MPSSVC\\"NextInstance"|dword:00000001 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MPSSVC\0000\\"Service"|"MpsSvc" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MPSSVC\0000\\"Legacy"|dword:00000001 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MPSSVC\0000\\"ConfigFlags"|dword:00000000 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MPSSVC\0000\\"Class"|"LegacyDriver" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MPSSVC\0000\\"ClassGUID"|"{8ECC055D-047F-11D1-A537-0000F8753ED1}" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MPSSVC\0000\\"DeviceDesc"|"@%SystemRoot%\\system32\\FirewallAPI.dll,-23090" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFE\\"NextInstance"|dword:00000001 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFE\0000\\"Service"|"BFE" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFE\0000\\"Legacy"|dword:00000001 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFE\0000\\"ConfigFlags"|dword:00000000 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFE\0000\\"Class"|"LegacyDriver" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFE\0000\\"ClassGUID"|"{8ECC055D-047F-11D1-A537-0000F8753ED1}" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFE\0000\\"DeviceDesc"|"@%SystemRoot%\\system32\\bfe.dll,-1001" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SDRSVC\\"NextInstance"|dword:00000001 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SDRSVC\0000\\"Service"|"SDRSVC" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SDRSVC\0000\\"Legacy"|dword:00000001 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SDRSVC\0000\\"ConfigFlags"|dword:00000000 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SDRSVC\0000\\"Class"|"LegacyDriver" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SDRSVC\0000\\"ClassGUID"|"{8ECC055D-047F-11D1-A537-0000F8753ED1}" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SDRSVC\0000\\"DeviceDesc"|"@%SystemRoot%\\system32\\sdrsvc.dll,-107" /E!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kristin
->Temp folder emptied: 1412811152 bytes
->Temporary Internet Files folder emptied: 1182672347 bytes
->Java cache emptied: 78449 bytes
->FireFox cache emptied: 17278907 bytes
->Flash cache emptied: 271241 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9763511019 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 565 bytes

Total Files Cleaned = 11,803.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02102014_173140

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Farbar Service Scanner Version: 02-02-2014
Ran by Kristin (administrator) on 10-02-2014 at 19:17:48
Running from "C:\Users\Kristin\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.
Checking LEGACY_bfe: ATTENTION!=====> Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: ATTENTION!=====> Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-02-13 14:11] - [2013-01-04 03:31] - 1423720 ____A (Microsoft Corporation) 0E970F59D7FBB838316176B19A2ADB82

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-10-10 05:20] - [2012-06-01 16:20] - 0174592 ____A (Microsoft Corporation) CA78B312C44E4D52E842C2C8BD48E452

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#22
SleepyDude
Posted 12 February 2014 - 03:16 PM

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,975 posts

Hi SleepyDude,

Here are the two logs you asked for; the OTL log says that a file failed to move so I'm not sure if it worked, or maybe it only partially worked. Thanks again for all of your help so far! I have a feeling that my computer is being more difficult than expected and I appreciate you sticking with me :)


No problem. Yes only part of the fix worked! I have created a different fix for your...

Step 1 - Fix Script
  • Create a folder called G2G inside C:\Windows\TEMP\
  • Download the file KristinFix.zip and save it to the folder C:\Windows\TEMP\G2G\
  • extract the file KristinFix.zip to the folder containing the zip file
  • inside the folder G2G you will find several files right click Kristin-Fix.cmd and select Run as Administrator
  • when the script ends Notepad will open showing a long please Copy & Paste the log to your post


Step 2 - Farbar Service Scanner

  • Run FSS by double clicking the Posted Image icon
    (On Windows Vista or higher right click the file and select Run as Administrator)
    Posted Image
  • Check all the options
  • click Scan
  • Post the generated log on your reply (The FSS.txt log is saved to the same folder where FSS is run from).



Things I would like to see in your next reply:
  • The log.txt
  • The FSS.txt log

  • 0

#23
Kristin51505
Posted 13 February 2014 - 12:33 AM

Kristin51505

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Hi SleepyDude,

Here are the latest logs!

cmd: reg import "C:\Windows\Temp\G2G\legacy_bfe.reg"
The operation completed successfully.

cmd: reg import "C:\Windows\Temp\G2G\legacy_mpssvc.reg"
The operation completed successfully.

cmd: reg import "C:\Windows\Temp\G2G\legacy_sdrsvc.reg"
The operation completed successfully.


Farbar Service Scanner Version: 02-02-2014
Ran by Kristin (administrator) on 12-02-2014 at 22:30:24
Running from "C:\Users\Kristin\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-02-13 14:11] - [2013-01-04 03:31] - 1423720 ____A (Microsoft Corporation) 0E970F59D7FBB838316176B19A2ADB82

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-10-10 05:20] - [2012-06-01 16:20] - 0174592 ____A (Microsoft Corporation) CA78B312C44E4D52E842C2C8BD48E452

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#24
SleepyDude
Posted 13 February 2014 - 03:20 AM

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,975 posts
Hi,

I should have told you to restart the computer after the Fix and only then run FSS.

Please restart the computer and confirm if the internet is working or not, if not please post a new FSS log.
  • 0

#25
Kristin51505
Posted 13 February 2014 - 05:43 PM

Kristin51505

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Hi SleepyDude,

I restarted my computer, but still no Internet. Here's the new log, though it looks about the same as the last one:

Farbar Service Scanner Version: 02-02-2014
Ran by Kristin (administrator) on 13-02-2014 at 13:22:59
Running from "C:\Users\Kristin\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-02-13 14:11] - [2013-01-04 03:31] - 1423720 ____A (Microsoft Corporation) 0E970F59D7FBB838316176B19A2ADB82

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-10-10 05:20] - [2012-06-01 16:20] - 0174592 ____A (Microsoft Corporation) CA78B312C44E4D52E842C2C8BD48E452

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

Advertisements

#26
SleepyDude
Posted 15 February 2014 - 11:24 AM

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,975 posts
Hi,

I restarted my computer, but still no Internet. Here's the new log, though it looks about the same as the last one:


The new log is different the tool shows other problems now that some of the windows services are running, this is normal because of services dependencies. Let's use a different tool to apply several fix's at one to see if all this problems go away...


Step 1 - Tweaking.com - Windows Repair

Download Windows Repair (All-in-One) Portable
  • extract the tweaking.com_windows_repair_aio.zip to c:\Windows\TEMP the zip will extract to a folder called Tweaking.com - Windows Repair
  • execute the file Repair_Windows.exe from the Tweaking.com - Windows Repair folder
  • click on the tab Start Repairs, next click the Start button to access the following screen
    Posted Image
  • accept the prompt to create the Backup
  • click the Start button again
  • click the button Unselect All
  • check the following box's:
    • 05 - Repair Windows Firewall
    • 16 - Repair Windows Updates
    • 18 - Repair Volume Shadow Copy Service
    • 25 - Restore Important Windows Services
  • check the box Restart/Shutdown System When Finished > Restart System
  • click the Start button


Step 2 - Farbar Service Scanner

  • Run FSS by double clicking the Posted Image icon
    (On Windows Vista or higher right click the file and select Run as Administrator)
    Posted Image
  • Check all the options
  • click Scan
  • Post the generated log on your reply (The FSS.txt log is saved to the same folder where FSS is run from).


Step 3 - OTL Scan
  • Execute OTL, right click on the icon Posted Image and choose Run as Administrator. Make sure all other windows are closed.
  • Click the Posted Image button.
  • on the Extra Registry group make sure you check the option Use SafeList
  • Then click the Posted Image button at the top. Let the program run uninterrupted, the scan won't take long.
  • When the scan completes, it will open notepad with OTL.Txt and Extras.txt. Both files are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file Extras.txt and post in your topic.


Things I would like to see in your next reply:
  • The FSS.txt log
  • Only the Extras.txt

  • 0

#27
Kristin51505
Posted 16 February 2014 - 01:08 AM

Kristin51505

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Hi SleepyDude,

I wasn't able to finish the OTL scan; it kept getting stuck right at the beginning (at the "scanning HKEY_LOCAL_MACHINE file association keys"). For some reason it seems like I can't do any OTL scans, I was able to do the OTL fix a few days ago but none of the scans I've tried have worked. So I only have the FSS log to show you, here you go:

Farbar Service Scanner Version: 02-02-2014
Ran by Kristin (administrator) on 15-02-2014 at 20:55:11
Running from "C:\Users\Kristin\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-02-13 14:11] - [2013-01-04 03:31] - 1423720 ____A (Microsoft Corporation) 0E970F59D7FBB838316176B19A2ADB82

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-10-10 05:20] - [2012-06-01 16:20] - 0174592 ____A (Microsoft Corporation) CA78B312C44E4D52E842C2C8BD48E452

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#28
SleepyDude
Posted 16 February 2014 - 05:54 AM

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,975 posts
Hi,

Please disable temporarily ESET, right click the Icon next to the clock and you should have one option do disable the Antivirus and AntiSpyware then repeat the OTL scan.

Let me know if it works.
  • 0

#29
Kristin51505
Posted 16 February 2014 - 04:03 PM

Kristin51505

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Hi SleepyDude,

I disabled ESET and ran the scan again, but it's still not working. Is there another program I can use to run a scan?
  • 0

#30
SleepyDude
Posted 18 February 2014 - 01:37 PM

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,975 posts
Hi,

Sorry for the delay...

Step 1 - Tweaking.com - Windows Repair

  • execute again the file Repair_Windows.exe from the Tweaking.com - Windows Repair folder
  • click on the tab Start Repairs, next click the Start button to access the following screen
    Posted Image
  • accept the prompt to create the Backup
  • click the Start button again
  • click the button Unselect All
  • check the following box's:
    • 22 - Repair File Associations
  • check the box Restart/Shutdown System When Finished > Restart System
  • click the Start button

Step 2 - Fix Script
  • Download the attached files and save them to the folder C:\Windows\TEMP\G2G\
  • inside the folder G2G you should have the old files and also the new ones, right click Kristin-Fix.cmd and select Run as Administrator
  • when the script ends Notepad will open showing a long please Copy & Paste the log to your post (the log is created inside the G2G folder and named log.txt)
  • Restart the computer
Attached File  legacy_wscsvc.reg   866bytes   176 downloads
Attached File  legacy_bits.reg   852bytes   306 downloads

Step 3 - Run the Network Troubleshooter

If after restart the network isn't working try this:

  • Make sure that all the network cables are properly connected if applicable
  • Open Network Diagnostics by right-clicking the network icon in the notification area, and then clicking Diagnose and repair.
  • Let me know the result


Things I would like to see in your next reply:
  • The log.txt
  • The result of the Network Troubleshooter

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP