delacroix

I'm at Risk! What's the better way to do!?

132 posts in this topic

press Windows-Key + D, write services.msc.

Search the above listed services, rightclick them and select run - what happens?

Share this post


Link to post
Share on other sites

I keep on trying to "press Windows-Key + D"

it just minimize the tab

as what I know Windows-Key + R

is that alright?

Share this post


Link to post
Share on other sites

thought you have Windows 8...

Windows 8 Single Language (X64)

Well then, it´s Windows + R for you...

Share this post


Link to post
Share on other sites

Base Filtering Engine

Windows could not start the Base Filtering Engine service on Local Computer.

Error 1290: The service start failed since one or more services in the same process have an incompatible service SID type setting. A service with restricted service SID type can only coexist an the same process with other services with a restricted SID type. If the service SID type for this service was just configured, the hosting process must be restarted in order to start this service.

IPsec Policy Agent

Windows could not start the IPsec Policy Agent service on Local Computer.

Error 1068: The dependency service or group failed to start.

Windows Firewall

Windows could not start the Windows Firewall service on Local Computer.

Error 1068: The dependency service or group failed to start.

Share this post


Link to post
Share on other sites

Please download Windows Repair (all in one) from here.

Install the program then run it.

Go to step 2 and allow it to run Disk check.

Capture3.gif

Once that is done then go to step 3 and allow it to run SFC

Capture.gif

On the the Start Repairs tab, unselect all.

Check only the following:

  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Windows Firewall
  • Repair Windows Updates
  • Remove policies set by infections

then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.

Let me know how that worked out for you.

Share this post


Link to post
Share on other sites

I run step 2 Disk Check

after scanning and repair BSOD pops up ERROR CODE 0xC000021A

I just go to start up setting and DIsable Driver Signature Enforcemant

I also observe that it slows down a bit

Share this post


Link to post
Share on other sites

Is your computer starting normal now?

Can you proceed with Step 3?

Share this post


Link to post
Share on other sites

Step 3 done!! ^_^

where to find the unselect all???

I go to start repairs but I don't see that option

Share this post


Link to post
Share on other sites

The tool has changed...

On the Start Repairs tab, click Start.

Within the opening window, hit unselect all.

Check only the following:

  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Windows Firewall
  • Repair Windows Updates
  • Remove policies set by infections

then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.

Let me know how that worked out for you.

Share this post


Link to post
Share on other sites

I can't MARK

  • Reset Registry Permissions (Disabled in Windows 8 due to App Store Bug)

there is no

  • Windows Firewall

but there's an option

  • Repair Windows Firewall

I'll mark that??

Share this post


Link to post
Share on other sites

how about the

  • Reset Registry Permissions (Disabled in Windows 8 due to App Store Bug)

I can't mark it right after I mark it when the cursor moves the check mark disappears

Share this post


Link to post
Share on other sites

Due to the fact your system thinks it´s a windows 8 box, leave this option unchecked and go on.

Share this post


Link to post
Share on other sites

what's the next thing to do??

what about the log??

is it supposed to be saved?

Share this post


Link to post
Share on other sites

I already restart it

you mean I'll Run Farbar Service Scanner and post the log???

Right??

:)

Share this post


Link to post
Share on other sites

^_^ here's the log ^_^

Farbar Service Scanner Version: 31-05-2013 01

Ran by Mariano (administrator) on 06-06-2013 at 19:52:26

Running from "C:\Users\New One\Desktop\Malwarebytes.org"

Windows 8 Single Language (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

The start type of MpsSvc service is OK.

The ImagePath of MpsSvc service is OK.

The ServiceDll of MpsSvc service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv: "C:\windows\system32\wuaueng.dll".

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys

[2013-04-28 17:38] - [2013-03-02 17:59] - 2231528 ____A (Microsoft Corporation) B6D52E2C38B49A156E58FF5B9C6CA8BE

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll

[2013-05-24 23:00] - [2013-04-09 12:51] - 0099840 ____A (Microsoft Corporation) 012CFE7F0F95266F554EE3B91EE2128A

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll

[2013-04-28 17:38] - [2013-03-02 10:45] - 3240448 ____A (Microsoft Corporation) 79F95469604B77296346DE7DB463EA2A

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll

[2013-03-26 13:42] - [2013-01-29 07:08] - 1555920 ____A (Microsoft Corporation) 905601FFF40D8DA9FA82CBE77D1F5EB1

C:\Program Files\Windows Defender\MsMpEng.exe

[2013-03-26 13:42] - [2013-01-29 09:57] - 0014920 ____A (Microsoft Corporation) 473B9548568BA927ACE0B77EC208A561

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\iphlpsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Share this post


Link to post
Share on other sites

ahmm Marius is it a serious problem?

Microsoft Fix it 50687

  • This Microsoft Fix it does not apply to your operating system or application version.

Microsoft Fix it 50844

  • This Microsoft Fix it does not apply to your operating system or application version.

This Microsoft Fix it failed to process

Share this post


Link to post
Share on other sites

Now I know what our problem is...

Please download the attached services.zip and extract it to your desktop.

Run services.reg by doubleclick, confirm the following message with yes and restart the system.

Get a new FSS log and post it, please.

services.zip

Share this post


Link to post
Share on other sites

services.zip DONE! ^_^

FSS DONE! ^_^

here's the log

Farbar Service Scanner Version: 31-05-2013 01

Ran by Mariano (administrator) on 06-06-2013 at 20:45:41

Running from "C:\Users\New One\Desktop\Malwarebytes.org"

Windows 8 Single Language (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Attempt to access Yahoo IP returned error. Yahoo IP is offline

Attempt to access Yahoo.com returned error: Yahoo.com is offline

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

The start type of MpsSvc service is OK.

The ImagePath of MpsSvc service is OK.

The ServiceDll of MpsSvc service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is set to Demand. The default start type is Auto.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is OK.

The ImagePath of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys

[2013-04-28 17:38] - [2013-03-02 17:59] - 2231528 ____A (Microsoft Corporation) B6D52E2C38B49A156E58FF5B9C6CA8BE

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll

[2013-05-24 23:00] - [2013-04-09 12:51] - 0099840 ____A (Microsoft Corporation) 012CFE7F0F95266F554EE3B91EE2128A

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll

[2013-04-28 17:38] - [2013-03-02 10:45] - 3240448 ____A (Microsoft Corporation) 79F95469604B77296346DE7DB463EA2A

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll

[2013-03-26 13:42] - [2013-01-29 07:08] - 1555920 ____A (Microsoft Corporation) 905601FFF40D8DA9FA82CBE77D1F5EB1

C:\Program Files\Windows Defender\MsMpEng.exe

[2013-03-26 13:42] - [2013-01-29 09:57] - 0014920 ____A (Microsoft Corporation) 473B9548568BA927ACE0B77EC208A561

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\iphlpsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Share this post


Link to post
Share on other sites

Stay patient. I have to ask other colleagues what could help us here.

Share this post


Link to post
Share on other sites

Navigate to the folder where you unzipped Malwarebytes Anti-Rootkit to.

Open the "plugins"-directory and run fixdamage.exe by double click.

Reboot and post up a new FSS log.

Share this post


Link to post
Share on other sites

hi Marius,

here's the FSS log

Farbar Service Scanner Version: 31-05-2013 01

Ran by Mariano (administrator) on 06-06-2013 at 22:15:35

Running from "C:\Users\New One\Desktop\Malwarebytes.org"

Windows 8 Single Language (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

The start type of MpsSvc service is OK.

The ImagePath of MpsSvc service is OK.

The ServiceDll of MpsSvc service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is OK.

The ImagePath of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys

[2013-04-28 17:38] - [2013-03-02 17:59] - 2231528 ____A (Microsoft Corporation) B6D52E2C38B49A156E58FF5B9C6CA8BE

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll

[2013-05-24 23:00] - [2013-04-09 12:51] - 0099840 ____A (Microsoft Corporation) 012CFE7F0F95266F554EE3B91EE2128A

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll

[2013-04-28 17:38] - [2013-03-02 10:45] - 3240448 ____A (Microsoft Corporation) 79F95469604B77296346DE7DB463EA2A

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll

[2013-03-26 13:42] - [2013-01-29 07:08] - 1555920 ____A (Microsoft Corporation) 905601FFF40D8DA9FA82CBE77D1F5EB1

C:\Program Files\Windows Defender\MsMpEng.exe

[2013-03-26 13:42] - [2013-01-29 09:57] - 0014920 ____A (Microsoft Corporation) 473B9548568BA927ACE0B77EC208A561

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\iphlpsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.