Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Viruses and PUPs [Closed]


  • This topic is locked This topic is locked

#31
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts

=================================
Checking System Update Readiness.
Binary Version 6.1.7601.22471
Package Version 26.0
2015-05-08 21:02

Checking Windows Servicing Packages

Checking Package Manifests and Catalogs

Checking Package Watchlist

Checking Component Watchlist

Checking Packages

Checking Component Store

Summary:
Seconds executed: 811
 No errors detected
 


  • 0

Advertisements


#32
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

OK, let me know if Windows Updates works now.


  • 0

#33
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts

Failed again with this code:  0x800f0816


  • 0

#34
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

OK, this is the next step.

 

System File Checker
 
1. Click your Start Orb in the lower left of your computer and type cmd in the search box.
2. Once the cmd program is found, right-click on it with your mouse and select Run as administrator as shown below.
ElevateCommandPrompt.JPG

3. Answer Yes when asked to allow.
4. You should now have a black window open that you can type in to.
5. Type sfc /scannow and hit enter to start the scan. Please notice the space between sfc and /scannow.
6. Once the scan finishes please zip and attach the C:\Windows\Logs\CBS\CBS.log

Note: If the file is too large to attach here please upload to a service such as SendSpace or OneDrive or Dropbox and then provide the link.


  • 0

#35
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts

It got to 33% complete and it failed.

 

Windows Resource Protection could not perform the requested operation.


  • 0

#36
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Please zip/attach the CBS.log.


  • 0

#37
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts

Hw can I attach?


  • 0

#38
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts

CBS File

Attached Files

  • Attached File  CBS.zip   563.03KB   95 downloads

  • 0

#39
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thanks. I'm seeing errors like the following. I believe there may be permissions issues on two files. To confirm this I need you to zip/attach the following file. c:\windows\inf\setupapi.dev.log

 

2015-05-08 20:27:45, Error                 CBS    SPI: (SPIRegQueryDWORDValue:400)Failed to open the registry root: n/a, key: SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ServicePack\SP1. er=0x2
2015-05-08 20:27:45, Error                 CBS    SPI: (SPIRegQueryDWORDValue:400)Failed to open the registry root: n/a, key: SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ServicePack\SP1. er=0x2
2015-05-08 20:27:45, Error                 CBS    SPI: (SPIRegQueryDWORDValue:400)Failed to open the registry root: n/a, key: SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ServicePack\SP1. er=0x2
2015-05-08 20:27:45, Error                 CBS    SPI: (SPIRegQueryDWORDValue:400)Failed to open the registry root: n/a, key: SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ServicePack\SP1. er=0x2

 


  • 0

#40
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts

log file

Attached Files


  • 0

Advertisements


#41
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thanks. It doesn't confirm that these files are at fault but I think we should explicitly validate that. Please do the following.

 

Examine Permissions
 

  • Click Start -> Inside the search field search for Powershell.exe
  • Right-Click on Powershell in the search results and select Run as administrator.
  • Inside the PowerShell windows copy the following commands (one by one) and press enter after each line.
    get-acl "C:\Windows\inf\Usbstor.inf" | format-list >2
    get-acl "C:\Windows\inf\Usbstor.pnf" | format-list >>2
    notepad 2
  • You should now have a notepad file with all the security permissions for these files. Please post the contents back into this thread.

  • 0

#42
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts

Path   : Microsoft.PowerShell.Core\FileSystem::C:\Windows\inf\Usbstor.inf
Owner  : NT AUTHORITY\SYSTEM
Group  : NT AUTHORITY\SYSTEM
Access : NT AUTHORITY\SYSTEM Allow  FullControl
         BUILTIN\Administrators Allow  FullControl
         BUILTIN\Users Allow  ReadAndExecute, Synchronize
Audit  :
Sddl   : O:SYG:SYD:AI(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0x1200a9;;;BU)





Path   : Microsoft.PowerShell.Core\FileSystem::C:\Windows\inf\Usbstor.pnf
Owner  : NT AUTHORITY\SYSTEM
Group  : NT AUTHORITY\SYSTEM
Access : NT AUTHORITY\SYSTEM Allow  FullControl
         BUILTIN\Administrators Allow  FullControl
         BUILTIN\Users Allow  ReadAndExecute, Synchronize
Audit  :
Sddl   : O:SYG:SYD:AI(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0x1200a9;;;BU)
 


  • 0

#43
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thanks. Just to confirm something. When you open up Windows Updates does it give you an error right away or only when you try to install an update?


  • 0

#44
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

I'm going to turn in for the evening and will check back tomorrow for your answer to my previous question. In addition because of the following error in the log I would like to check the permissions on one more file.

2015-05-08 21:47:00, Error                 CSI    00000122 (F) c0000185 [Error,Facility=(system),Code=389 (0x0185)] #2360284# from Windows::Rtl::SystemImplementation::DirectFileSystemProvider::SysReadFile(h = aa4 ("\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3"), evt = 0, apcr = NULL, apcc = NULL, iosb = @0x141cbe0, data = {l:0 b:}, byteoffset = 0, key = (null))
[gle=0xd0000185]
2015-05-08 21:47:00, Error                 CSI    [email protected]/5/9:01:47:00.376 (F) d:\win7sp1_gdr\base\wcp\sil\merged\ntu\ntsystem.cpp(2155): Error c0000185 [Error,Facility=(system),Code=389 (0x0185)] originated in function Windows::Rtl::SystemImplementation::DirectFileSystemProvider::SysReadFile expression: (null)
[gle=0x80004005]
2015-05-08 21:47:03, Error                 CSI    00000124 (F) c0000185 [Error,Facility=(system),Code=389 (0x0185)] #2360283# from Windows::Rtl::SystemImplementation::CFile_IRtlFileTearoff::ReadFile(Flags = 3, Buffer = {l:0 ml:65536 b:}, Offset = 0, Disposition = 0)[gle=0xd0000185]


Please do the following.
 
Examine Permissions

  • Click Start -> Inside the search field search for Powershell.exe
  • Right-Click on Powershell in the search results and select Run as administrator.
  • Inside the PowerShell windows copy the following commands (one by one) and press enter after each line.
    get-acl "C:\Windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3" | format-list >2
    notepad 2
  • You should now have a notepad file with all the security permissions for these files. Please post the contents back into this thread.

  • 0

#45
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts

Updates start to run and it looks like they are going to take and then it stops and has the error.

 

Path   : Microsoft.PowerShell.Core\FileSystem::C:\Windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_
         6.1.7600.16385_none_06495209cbd8e93b\Maid with the Flaxen Hair.mp3
Owner  : NT SERVICE\TrustedInstaller
Group  : NT SERVICE\TrustedInstaller
Access : NT AUTHORITY\SYSTEM Allow  ReadAndExecute, Synchronize
         BUILTIN\Administrators Allow  ReadAndExecute, Synchronize
         BUILTIN\Users Allow  ReadAndExecute, Synchronize
         NT SERVICE\TrustedInstaller Allow  FullControl
Audit  :
Sddl   : O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464G:S-1-5-80-956008885-3418522649-1831038044-185
         3292631-2271478464D:PAI(A;;0x1200a9;;;SY)(A;;0x1200a9;;;BA)(A;;0x1200a9;;;BU)(A;;FA;;;S-1-5-80-956008885-34185
         22649-1831038044-1853292631-2271478464)


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP