Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cannot run or open any .exe (executable) file in Windows normal mode.


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,825 posts
  • MVP

Something funny going on.

 

The fixlog says the files are on the desktop but when I tell it to copy them it tells me it can't find them.  Also the D-link file was copied correctly and seemed to be OK but the FRST scan says it is 0 bytes.  The two broken devices are still showing so nothing improved.

 

Please uninstall SUPERAntiSpyware.  It's a pretty worthless program and it sometimes plays games with permissions.

 

Start up FRST but do not hit SCAN.  Put

vpnpbus;aswTap

in the Search Box then hit Search Registry.  You should get one log file.  Please post it.

 

Copy the next lines:

 

copy \Users\Home\Desktop\W32UIRes.dll  \Windows\System32\oobe\W32UIRes.dll

copy \Users\Home\Desktop\spwizimg.dll  \Windows\System32\spwizimg.dll

 

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste (or Edit then Paste) and the copied lines should appear.  Hit Enter if the prompt does not return.

Do you get errors?  What exactly does it say?

 


  • 0

Advertisements


#17
MagickMage

MagickMage

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Greetings RKinner.
As instructed I have uninstalled SUPERAntiSpyware.
Opened FRST in Regular mode and as Admin.
Searched for vpnpbus;aswTap in Registry.
Received the file SearchReg.
Here is SearchReg
 
Farbar Recovery Scan Tool (x64) Version: 21.07.2018
Ran by Home (21-07-2018 20:33:57)
Running from C:\Users\Home\Desktop
Boot Mode: Normal
 
================== Search Registry: "vpnpbus;aswTap" ===========
 
 
===================== Search result for "vpnpbus" ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles]
"%SystemPath%\system32\DRIVERS\vpnpbus.sys"="5"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles]
"%SystemPath%\system32\DRIVERS\vpnpbus.sys"="5"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\root#eldos_virtual_pnp_bus]
"Service"="vpnpbus"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\SYSTEM\0001]
"Service"="vpnpbus"
 
 
===================== Search result for "aswTap" ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles]
"%SystemPath%\system32\DRIVERS\aswTap.sys"="5"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles]
"%SystemPath%\system32\DRIVERS\aswTap.sys"="5"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011]
"ComponentId"="aswtap"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011]
"InfSection"="aswTap.ndi"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011]
"MatchingDeviceId"="aswtap"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011\Ndi]
"Service"="aswTap"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\NET\0001]
"HardwareID"="aswTap"
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\NET\0001]
"Service"="aswTap"
 
====== End of Search ======
 
 
 
 
 
In the Command Prompt, as Admin,I copy and pasted the following commands
 
copy \Users\Home\Desktop\W32UIRes.dll  \Windows\System32\oobe\W32UIRes.dll
 
copy \Users\Home\Desktop\spwizimg.dll  \Windows\System32\spwizimg.dll"
 
The reply for
copy \Users\Home\Desktop\W32UIRes.dll  \Windows\System32\oobe\W32UIRes.dll
It asks if I want to "Overwrite\Windows\System32\oobe\W32UIRes.dll? (Yes/No/All):"
 
copy \Users\Home\Desktop\spwizimg.dll  \Windows\System32\spwizimg.dll
It asks if I want to "Overwrite\Windows\System32\spwizimg.dll? (Yes/No/All):"
 
 
Btw, RKinner,speaking of "something funny going on" I do have a a query for you regarding the sfc problems with the sfc /scannow command line and SFCFix.exe results.
 
I opened an elevated Command Prompt as Admin and ran sfc  /scannow with the results
It starts with "Beginning system scan.This process will take some time.
Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection found corrupt files but was unable to fix some of them.
Details are included in the CBS.Log windir\Logs\CBS\CBS.Log. For example C:\Windows\Logs\CBS\CBS.log "
 
And right after,I immediately right clicked on SFCFix.exe and ran it as Admin.
It opened another Dosbox and After pressing all the keys to continue....produced the SFCFix.txt
SFCFix txt
 
SFCFix version 3.0.0.0 by niemiro.
Start time: 2018-07-21 21:26:31.570
Microsoft Windows 7 Service Pack 1 - amd64
Not using a script file.
 
 
 
 
AutoAnalysis::
SUMMARY: No corruptions were detected.
AutoAnalysis:: directive completed successfully.
 
 
 
 
Successfully processed all directives.
SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 2 datablocks.
Finish time: 2018-07-21 21:27:04.951
----------------------EOF-----------------------
 
 
In the analysis it says no corruptions were detected.Yet sfc  /scannow say it has found corrupt files So you see my confusion.
Hope you can shed some light on that.
In any case RKinner,I hope you are not too busy at the moment.
Many thanks to you.

Edited by MagickMage, Today, 08:05 AM.

  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,825 posts
  • MVP

Appears that the two files do exist where they are supposed to be but that their permissions are messed up or windows is blocking them somehow. 

 

Please download GrantPerms.zip http://download.blee.../GrantPerms.zipand save it to your desktop.
Unzip the file and run GrantPerms.exe by right clicking and Run As Admin.
Copy and paste the following in the edit box:

  

C:\Windows\System32\oobe\W32UIRes.dll
C:\Windows\System32\spwizimg.dll
 

Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.

 

 


  • 0

#19
MagickMage

MagickMage

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Greetings RKinner.
Have downloaded GrantPerms.zip to the desktop.Unzipped and ran the exe as Admin
Resultant txt of Perms.txt.
Here is Perms.txt
 
GrantPerms by Farbar 
Ran by Home (administrator) at 2018-07-21 23:46:22
 
===============================================
ERROR: Parsing the SD of <\\?\C:\Windows\System32\oobe\W32UIRes.dll> failed with: The system cannot find the file specified.
 
 
Operating system error message: The system cannot find the file specified.
\\?\C:\Windows\System32\spwizimg.dll
 
   Owner: BUILTIN\Administrators
 
   DACL(P)(AI):
   BUILTIN\Administrators   FULL   ALLOW   (NI)
   NT AUTHORITY\SYSTEM   FULL   ALLOW   (NI)
   BUILTIN\Users   READ/EXECUTE   ALLOW   (NI)
 
 
Thanks again RKinner.

  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,825 posts
  • MVP

In answer to your earlier question about sfc:  When you right click on sfc.exe and run as admin you do not tell it what to look at so you get an all is clear message.   If you open an elevated (admin) Command Prompt and type:

 

sfc /?

 

It will show you the different options available.  If you don't give it an option it doesn't know what to check.

 

If I understand the output of the GrantPerms we now should have one of the files present.

 

You can test it without running the whole sfc /scannow.  Instead ask it to look at the file:

 

sfc /scanfile=C:\Windows\System32\spwizimg.dll

 

It should say:

 

Windows Resource Protection did not find any integrity violations.
 

 

The other file is located in the  oobe folder which stands for Out Of the Box Experience so presumably it only gets used when you first setup Windows.

 

See if GrantPerms will work on:

 

C:\Windows\system32\Rtlihvs.dll

 

 

 

For the two drivers that don't want to go away:

 

right click on Computer and select Manage then Device Manager.

 

View, Show Hidden Devices

 

There should be an entry for Non Plug and Play devices or something like that.

Click on the arrow in front to open it.

See if you can find either of these:

 

aswTap

vpnpbus

 

If you find one then right click on it and Delete or Uninstall

 

If that doesn't work for aswTap then try the Avast Uninstall tool:

 

https://www.avast.co...install-utility


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP