[BrianDrab]

Once again I sincerely apologize for the delay. There's some damage left over from the malware that we'll attempt to get cleaned up. Windows Updates are failing on your machine as a result of this damage as well.
 
Please follow the instructions below.
 
Step#1 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.   fixlist.txt   4.24KB   165 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
 
Step#2 - Disable Windows Defender
Since you have Avast, there is no need to have Windows Defender enabled as it's possible it could cause conflicts and/or undesirable behavior.
 
1. Open Windows Defender by clicking the Start button. In the search box, type Defender, and then, in the list of results, click Windows Defender.
2. Click Tools, and then click Options.
3. Click Administrator, select or clear the Use this program check box, and then click Save.  If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
 
 
Step#3 - Repair Services
Important: Disable your Avast antivirus so it doesn't interfere with the fix! Right-click on the avast! icon in the system tray. Select avast! shields control and there will be options to disable avast for 10 minutes, 1 hour, until the computer is restarted or permanently.

• Please download the ESET services repair tool to your desktop.
• Right-click on the ServicesRepair.exe file and choose Run as administrator.
• If security notifications appear, click Allow and then click Yes when asked if you want to proceed.
• Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
• A log named SvcRepair.log will be saved in the CCSupport\Logs folder the tool created on your desktop, please post the content in your next reply

Step#4 - Verify Repair
1. Open up FarBar Service Scanner (FSS.exe) from your desktop.
2. Ensure all options are checked and click Scan.

 
3. It will create a log (FSS.txt) in the same directory the tool is run.
4. Please copy and paste the log to your reply.
 
  
 
Things For Your Next Post:
Please post the logs in the order requested.
1. FRST Fix log
2. Contents of SvcRepair.log
3. Contents of FSS.txt

[Advertisements]

I apologize again for the delay, here you go:

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01

Ran by Adrian at 2014-11-27 18:41:37 Run:2

Running from C:\Users\Adrian\Desktop

Loaded Profiles: Adrian & per & UpdatusUser (Available profiles: Adrian & per & UpdatusUser & Administrator)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer

HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer

HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll",DllRegisterServer

HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll",DllRegisterServer

HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXAACDecode.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXAACDecode.dll",DllRegisterServer

HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXAVCDecode.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXAVCDecode.dll",DllRegisterServer

HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll",DllRegisterServer

HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\TextDecode.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\TextDecode.dll",DllRegisterServer

HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll",DllRegisterServer

HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer

HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer

HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer

HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer

HKU\S-1-5-21-41113278-582576069-4287591673-1007\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-41113278-582576069-4287591673-1007\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\S-1-5-21-41113278-582576069-4287591673-1007\...\MountPoints2: {75987811-d9c0-11de-bb7b-806e6f6e6963} - D:\autorun.exe -auto

Toolbar: HKU\S-1-5-21-41113278-582576069-4287591673-1007 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Task: {3ED23CB9-A402-4E0D-8282-B4C196874C7A} - System32\Tasks\{09AB6897-1BED-4CBF-A01D-DE7FBE2E6BA6} => D:\SETUP.EXE

Task: {731CAEE4-3689-4C3A-B9C6-30D1DB8A3529} - System32\Tasks\{F9153D87-6A11-4CFA-8878-5ADFDA90DE23} => D:\SETUP.EXE

Task: {9F3A7641-2BEC-4640-8C0E-DF96D07A28C3} - System32\Tasks\{503E6934-355F-4F11-890E-037549D4CB4F} => D:\tony2.exe

Task: {D4EB0095-9EA0-4B62-BAD7-BC5C95E28515} - System32\Tasks\{D5100DE6-6E6B-4BDC-B12C-176113C8B219} => H:\tony2.exe

reg: reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} /v AutoStart /d ""

EmptyTemp:

*****************

 

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXAACDecode.dll => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXAVCDecode.dll => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\TextDecode.dll => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll => value deleted successfully.

HKU\S-1-5-21-41113278-582576069-4287591673-1007\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => value deleted successfully.

HKU\S-1-5-21-41113278-582576069-4287591673-1007\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => value deleted successfully.

"HKU\S-1-5-21-41113278-582576069-4287591673-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75987811-d9c0-11de-bb7b-806e6f6e6963}" => Key deleted successfully.

"HKCR\CLSID\{75987811-d9c0-11de-bb7b-806e6f6e6963}" => Key not found.

HKU\S-1-5-21-41113278-582576069-4287591673-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.

"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3ED23CB9-A402-4E0D-8282-B4C196874C7A}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3ED23CB9-A402-4E0D-8282-B4C196874C7A}" => Key deleted successfully.

C:\Windows\System32\Tasks\{09AB6897-1BED-4CBF-A01D-DE7FBE2E6BA6} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{09AB6897-1BED-4CBF-A01D-DE7FBE2E6BA6}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{731CAEE4-3689-4C3A-B9C6-30D1DB8A3529}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{731CAEE4-3689-4C3A-B9C6-30D1DB8A3529}" => Key deleted successfully.

C:\Windows\System32\Tasks\{F9153D87-6A11-4CFA-8878-5ADFDA90DE23} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F9153D87-6A11-4CFA-8878-5ADFDA90DE23}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F3A7641-2BEC-4640-8C0E-DF96D07A28C3}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F3A7641-2BEC-4640-8C0E-DF96D07A28C3}" => Key deleted successfully.

C:\Windows\System32\Tasks\{503E6934-355F-4F11-890E-037549D4CB4F} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{503E6934-355F-4F11-890E-037549D4CB4F}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4EB0095-9EA0-4B62-BAD7-BC5C95E28515}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4EB0095-9EA0-4B62-BAD7-BC5C95E28515}" => Key deleted successfully.

C:\Windows\System32\Tasks\{D5100DE6-6E6B-4BDC-B12C-176113C8B219} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D5100DE6-6E6B-4BDC-B12C-176113C8B219}" => Key deleted successfully.

 

========= reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} /v AutoStart /d "" =========

 

Operasjonen er utf›rt.

 

 

 

========= End of Reg: =========

 

EmptyTemp: => Removed 323.6 MB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

 

 

 

 

 

Log Opened: 2014-11-29 @ 18:22:53

18:22:53 - -----------------

18:22:53 - | Begin Logging |

18:22:53 - -----------------

18:22:53 - Fix started on a WIN_7 X64 computer

18:22:53 - Prep in progress.  Please Wait.

18:22:55 - Prep complete

18:22:55 - Repairing Services Now.  Please wait...

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer> failed with: Systemet finner ikke angitt fil.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider> failed with: Systemet finner ikke angitt fil.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter> failed with: Systemet finner ikke angitt fil.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent> failed with: Systemet finner ikke angitt fil.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter> failed with: Systemet finner ikke angitt fil.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime> failed with: Systemet finner ikke angitt fil.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE\Parameters\Policy> failed with: Systemet finner ikke angitt fil.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE\Parameters> failed with: Systemet finner ikke angitt fil.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE> failed with: Systemet finner ikke angitt fil.

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

 

SetACL finished successfully.

18:23:01 - Services Repair Complete.

18:23:05 - Reboot Initiated

 

 

 

Farbar Service Scanner Version: 21-07-2014

Ran by Adrian (administrator) on 29-11-2014 at 18:29:40

Running from "C:\Users\Adrian\Desktop"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

The start type of MpsSvc service is OK.

The ImagePath of MpsSvc service is OK.

The ServiceDll of MpsSvc service is OK.

 

bfe Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

 

 

Firewall Disabled Policy: 

==================

 

 

System Restore:

============

 

System Restore Disabled Policy: 

========================

 

 

Action Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

 

 

Windows Defender Disabled Policy: 

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

 

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\dhcpcore.dll => File is digitally signed

C:\Windows\System32\drivers\afd.sys => File is digitally signed

C:\Windows\System32\drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\mpssvc.dll => File is digitally signed

C:\Windows\System32\bfe.dll => File is digitally signed

C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed

C:\Windows\System32\SDRSVC.dll => File is digitally signed

C:\Windows\System32\vssvc.exe => File is digitally signed

C:\Windows\System32\wscsvc.dll => File is digitally signed

C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\System32\wuaueng.dll => File is digitally signed

C:\Windows\System32\qmgr.dll => File is digitally signed

C:\Windows\System32\es.dll => File is digitally signed

C:\Windows\System32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\System32\ipnathlp.dll => File is digitally signed

C:\Windows\System32\iphlpsvc.dll => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

 

 

**** End of log ****

 

[Avalanche9]

I apologize again for the delay, here you go:

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01

Ran by Adrian at 2014-11-27 18:41:37 Run:2

Running from C:\Users\Adrian\Desktop

Loaded Profiles: Adrian & per & UpdatusUser (Available profiles: Adrian & per & UpdatusUser & Administrator)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer

HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer

HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll",DllRegisterServer

HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll",DllRegisterServer

HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXAACDecode.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXAACDecode.dll",DllRegisterServer

HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXAVCDecode.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXAVCDecode.dll",DllRegisterServer

HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll",DllRegisterServer

HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\TextDecode.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\TextDecode.dll",DllRegisterServer

HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll",DllRegisterServer

HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer

HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer

HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer

HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer

HKU\S-1-5-21-41113278-582576069-4287591673-1007\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-41113278-582576069-4287591673-1007\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\S-1-5-21-41113278-582576069-4287591673-1007\...\MountPoints2: {75987811-d9c0-11de-bb7b-806e6f6e6963} - D:\autorun.exe -auto

Toolbar: HKU\S-1-5-21-41113278-582576069-4287591673-1007 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Task: {3ED23CB9-A402-4E0D-8282-B4C196874C7A} - System32\Tasks\{09AB6897-1BED-4CBF-A01D-DE7FBE2E6BA6} => D:\SETUP.EXE

Task: {731CAEE4-3689-4C3A-B9C6-30D1DB8A3529} - System32\Tasks\{F9153D87-6A11-4CFA-8878-5ADFDA90DE23} => D:\SETUP.EXE

Task: {9F3A7641-2BEC-4640-8C0E-DF96D07A28C3} - System32\Tasks\{503E6934-355F-4F11-890E-037549D4CB4F} => D:\tony2.exe

Task: {D4EB0095-9EA0-4B62-BAD7-BC5C95E28515} - System32\Tasks\{D5100DE6-6E6B-4BDC-B12C-176113C8B219} => H:\tony2.exe

reg: reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} /v AutoStart /d ""

EmptyTemp:

*****************

 

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXAACDecode.dll => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXAVCDecode.dll => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\TextDecode.dll => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll => value deleted successfully.

HKU\S-1-5-21-41113278-582576069-4287591673-1007\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => value deleted successfully.

HKU\S-1-5-21-41113278-582576069-4287591673-1007\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => value deleted successfully.

"HKU\S-1-5-21-41113278-582576069-4287591673-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75987811-d9c0-11de-bb7b-806e6f6e6963}" => Key deleted successfully.

"HKCR\CLSID\{75987811-d9c0-11de-bb7b-806e6f6e6963}" => Key not found.

HKU\S-1-5-21-41113278-582576069-4287591673-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.

"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3ED23CB9-A402-4E0D-8282-B4C196874C7A}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3ED23CB9-A402-4E0D-8282-B4C196874C7A}" => Key deleted successfully.

C:\Windows\System32\Tasks\{09AB6897-1BED-4CBF-A01D-DE7FBE2E6BA6} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{09AB6897-1BED-4CBF-A01D-DE7FBE2E6BA6}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{731CAEE4-3689-4C3A-B9C6-30D1DB8A3529}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{731CAEE4-3689-4C3A-B9C6-30D1DB8A3529}" => Key deleted successfully.

C:\Windows\System32\Tasks\{F9153D87-6A11-4CFA-8878-5ADFDA90DE23} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F9153D87-6A11-4CFA-8878-5ADFDA90DE23}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F3A7641-2BEC-4640-8C0E-DF96D07A28C3}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F3A7641-2BEC-4640-8C0E-DF96D07A28C3}" => Key deleted successfully.

C:\Windows\System32\Tasks\{503E6934-355F-4F11-890E-037549D4CB4F} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{503E6934-355F-4F11-890E-037549D4CB4F}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4EB0095-9EA0-4B62-BAD7-BC5C95E28515}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4EB0095-9EA0-4B62-BAD7-BC5C95E28515}" => Key deleted successfully.

C:\Windows\System32\Tasks\{D5100DE6-6E6B-4BDC-B12C-176113C8B219} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D5100DE6-6E6B-4BDC-B12C-176113C8B219}" => Key deleted successfully.

 

========= reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} /v AutoStart /d "" =========

 

Operasjonen er utf›rt.

 

 

 

========= End of Reg: =========

 

EmptyTemp: => Removed 323.6 MB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

 

 

 

 

 

Log Opened: 2014-11-29 @ 18:22:53

18:22:53 - -----------------

18:22:53 - | Begin Logging |

18:22:53 - -----------------

18:22:53 - Fix started on a WIN_7 X64 computer

18:22:53 - Prep in progress.  Please Wait.

18:22:55 - Prep complete

18:22:55 - Repairing Services Now.  Please wait...

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer> failed with: Systemet finner ikke angitt fil.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider> failed with: Systemet finner ikke angitt fil.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter> failed with: Systemet finner ikke angitt fil.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent> failed with: Systemet finner ikke angitt fil.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter> failed with: Systemet finner ikke angitt fil.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime> failed with: Systemet finner ikke angitt fil.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE\Parameters\Policy> failed with: Systemet finner ikke angitt fil.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE\Parameters> failed with: Systemet finner ikke angitt fil.

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

ERROR: Writing SD to <machine\System\CurrentControlset\Services\BFE> failed with: Systemet finner ikke angitt fil.

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

 

SetACL finished successfully.

18:23:01 - Services Repair Complete.

18:23:05 - Reboot Initiated

 

 

 

Farbar Service Scanner Version: 21-07-2014

Ran by Adrian (administrator) on 29-11-2014 at 18:29:40

Running from "C:\Users\Adrian\Desktop"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

The start type of MpsSvc service is OK.

The ImagePath of MpsSvc service is OK.

The ServiceDll of MpsSvc service is OK.

 

bfe Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

 

 

Firewall Disabled Policy: 

==================

 

 

System Restore:

============

 

System Restore Disabled Policy: 

========================

 

 

Action Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

 

 

Windows Defender Disabled Policy: 

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

 

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\dhcpcore.dll => File is digitally signed

C:\Windows\System32\drivers\afd.sys => File is digitally signed

C:\Windows\System32\drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\mpssvc.dll => File is digitally signed

C:\Windows\System32\bfe.dll => File is digitally signed

C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed

C:\Windows\System32\SDRSVC.dll => File is digitally signed

C:\Windows\System32\vssvc.exe => File is digitally signed

C:\Windows\System32\wscsvc.dll => File is digitally signed

C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\System32\wuaueng.dll => File is digitally signed

C:\Windows\System32\qmgr.dll => File is digitally signed

C:\Windows\System32\es.dll => File is digitally signed

C:\Windows\System32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\System32\ipnathlp.dll => File is digitally signed

C:\Windows\System32\iphlpsvc.dll => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

 

 

**** End of log ****

 

[BrianDrab]

OK, one was fixed by that. One remaining. Please follow the instructions below.

 

Step#1 - Registry Fix

Please follow the instructions below.

 

1. Download BFE.reg to your desktop.

2. Double-click the file and answer Yes to the warning message that comes up.

3. You should get an informational message letting you know that it was successfully entered into the registry. Let me know if you don't get a confirmation message like this or get any other error/message!

4. Please reboot your machine. 

 

Step#2 - Verify Repair (only do this step if Step#1 was successful).
1. Open up FarBar Service Scanner (FSS.exe) from your desktop.
2. Ensure all options are checked and click Scan.

 
3. It will create a log (FSS.txt) in the same directory the tool is run.
4. Please copy and paste the log to your reply.
 
Things For Your Next Post:
1. Contents of FSS.txt

[Avalanche9]

I get an error message saying I can't import the file, no access the registry, or something along those lines. how do I proceed?

[BrianDrab]

I suspected you would get an error of some sorts. I've put together next steps and submitted for approval. Once approved I'll be back to you. Thank you!

[BrianDrab]

Step#1 - Set Registry/File permissions
1.  Download Windows Repair (All-in-One) Portable to your desktop.
2.  Once the file is downloaded, right-click on the file on your desktop and choose Extract All...

3.  Keep the defaults and click the Extract button.
4.  A folder named tweaking.com_windows_repair_aio will be extracted to the desktop. Once the extraction is complete the folder will open.
5.  Inside this folder, there is a folder named Tweaking.com - Windows Repair. Open this folder as well.

 
 
6. Double-click on Repair_Windows.exe to open.
7. When the program opens, click the Repairs tab and click the Open Repairs button.

8. A backup of your registry will be made. After a few moments you will have many options from which you can choose.
9. Please click the Unselect All button and then click to enable only the following ones:
      01 - Reset Registry Permissions
      02 - Reset File Permissions
      03 - Reset Service Permissions
      04 - Register System Files
      05 - Repair WMI
  
10. Ensure the Restart check box is selected and click the Start Repairs button in the lower right of the screen. This may take some time to run so be patient.

11. Once the fixes are complete you will be prompted to restart your machine. Answer Yes.

 

 

Step#2 - Registry Fix

Please follow the instructions below.

 

1. Double-click the file BFE.reg that you previously downloaded to your desktop and answer Yes to the warning message that comes up.

2. You should get an informational message letting you know that it was successfully entered into the registry. Let me know if you don't get a confirmation message like this or get any other error/message!

3. Please reboot your machine. 

 

Step#3 - Verify Repair (only do this step if Step#2 was successful).
1. Open up FarBar Service Scanner (FSS.exe) from your desktop.
2. Ensure all options are checked and click Scan.

 
3. It will create a log (FSS.txt) in the same directory the tool is run.
4. Please copy and paste the log to your reply.
 
Things For Your Next Post:
1. Contents of FSS.txt

[Avalanche9]

So, while I was running the windows repair my boyfriend managed to close all the scan windows... Will it be safe to run it again? I'm not sure how far it got..

[BrianDrab]

Yes, please do.

[Avalanche9]

Finished step #1, but at step #2 I get the same error message as last time.. What now?

[BrianDrab]

Would you mind replying back with the exact message that is displayed? That would be helpful.

 

Thank you.

[Avalanche9]

Registerredigering

 

Kan ikke importere C:\Users\Adrian\Desktop\BFE.reg. Får ikke tilgang til registeret.

 

 

Or, transelated from Norwegian:

 

Registry editing 

 

Can't import C:\Users\Adrian\Desktop\BFE.reg. No access to the registry.

[BrianDrab]

Thank you for the info. I'd like you to try to manually edit the registry to see if we get a similar error.

Note: Editing of the registry should be done with extreme caution. Please follow the steps exactly and if you have any questions at all please ask before moving on.

 

Step#1 - Create Restore Point
1. Please click your start button, right-click on the Computer menu item and select Properties as show below.

 
2. Click on the Advanced system settings link.

 
3. Click the System Protection tab and then click the Create button.
 

 
4. You will be asked to provide a description. Please type G2G and click Create.
 

 
5. You will get a message telling you when it's complete. Click Close on the message. Note: If you get any error message trying to create the restore point let me know and don't continue.

 

 

Step#2 - Manually Edit Registry

1. Please click the Start Orb in the lower left of your computer and type regedit.exe.

2. Click on regedit that shows up in the search results.

 

3. If you receive a User Account Control message asking you  to allow the program to make changes to the computer, please click Yes.

4. Next, ensure you are all the way at the top of the screen. Click on the arrow next to HKEY_LOCAL_MACHINE so it's expanded.

 

5. Then go ahead and expand SYSTEM. Then expand CurrentControlSet and then services.

 

6. There will be a lot of entries under services which is expected. Scroll down the list of entries and see if there is one named BFE. If you do have this, stop here and let me know.

 

7. Assuming this key is missing, please scroll back up to the services key. Right-click on this key, select New and Key.

 

8. A new key will be added to the bottom of the services list ready to be named. Please type BFE and hit enter.

 

 

Let me know any errors that you get during this process. You may now close the Registry Editor.

[Avalanche9]

So sorry for the delay, so busy at the moment. Will try my best to do this today after work.

[Avalanche9]

Again, I apologize for the delay, thank you for staying with me.   I got to part 6 og the reg edit, but there is no BFE folder.

[BrianDrab]

Good. Continue on. Please try Step#7 & 8.