Tweaking.com Support Forums
Main Forum => General Computer Support => Topic started by: pablo204 on August 10, 2013, 03:29:10 pm
-
Hi,
If anyone could help I would be very grateful. I have windows 8 and have problems with the firewall which is affecting things like skype and the store because they rely on the firewall to work. I believe this has something to do with a 'bit coin miner' trojan that has been detected on the computer. I have attached log reports for Tweaking Windows Repair, Rkill and Rogue Killer.
Thanks
-
I have also done a Malware Bytes anti-rootkit scan and the log result is attahced here
thanks
-
ok so i think ive managed to get rid of the trojan but my problem with firewall and the store and skype remains
thanks
-
If the infection has gone have you ran my Windows repair tool to get the firewall working?
Shane
-
hi,
yes i ran it several times - i have attached the latest log here
-
You may still have an infection. Those errors mean the services couldnt start and I bet if you check the registry you will see they have been deleted.
My repair tool puts those keys back in the registry, so if they are still gone then something is still deleting them.
Try running these two tools.
Malwarebytes Anti Rootkit (Different than there normal scanner)
http://www.malwarebytes.org/products/mbar/
And then combofix
http://www.bleepingcomputer.com/download/combofix/
Lets see if they find anything. :wink:
Shane
-
will combofix work with windows 8? i thought i read somewhere that it didnt - well anyway ill try them both now
thanks
-
Hi,
I have run malware bytes anti-root, combofix and the windows repiar tool again and the problem remains - I have attached the logs here
thanks
-
They both did find a few more things.
Also I noticed you have norton internet security installed, which has its own firewall and I believe will turn off the Windows firewall.
Also lets see if the regkeys are back or if they are still being deleted.
See if you have these reg keys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
and
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS
Shane
-
Hi, yes I have both of those regkeys. the problem is still there though - ive tried switching off the firewall on norton.
thanks
-
Check the event viewer and tell me the exact error number for it and I will research it and see what I can find :-)
Shane
-
Service Control Manager - 7024
thanks
-
Ah! that is the permission denied error.
And since my reset reg permissions in Windows 8 isnt allowed to run. (Because it will break the app store if you even touch permissions)
Normally my reg permissions would have fixed that error.
The virus you had change the permissions on the those reg keys for the services. You will have to manually edit the permissions for those keys and that should get it working again.
I should modify the repair to change permission just on those keys as well, that way it will work on Windows 8 :-)
Shane
-
excuse the ignorance but how do you change the permisions?
-
In the registry editor you can right click on the key and choose permissions.
Shane
-
hi. which ones do i need to change exactly? and for administrators or users?
-
@Pablo204: Download the file in the attachment and place it in the "files" subfolder of Windows Repair (WR). Unzip it and make sure you have 4 new files in that "files" sub-folder. Temporarily switch off Norton. Run the *.bat file with admin rights and run WR (Repair Firewall) again. Post the results in this thread. If it worked then it provides Shane (& me) a good clue of how & where WR needs to be improved.
You can switch off the MS Firewall if you want to run the Norton firewall only.
Go through this thread:
http://www.tweaking.com/forums/index.php/topic,1195.0.html
(And make sure you tick "Set Services to default ........" every time you run WR)
@Shane:
- The *.bat file changes the reg permissions for "Sharedaccess", "Mpssvc", "BFE" & "Bits". But I thought BITS had nothing to do with the MS Firewall ?
- Go through the stuff I have sent you. It contains these "change reg permissions" files as well.
-
Running Repair Under System Account
Running Repair Under System Account
Starting Repairs...
Start (10/08/2013 18:16:23)
Register System Files
Start (10/08/2013 18:16:23)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:16:46)
Repair WMI
Start (10/08/2013 18:16:46)
Running Repair Under Current User Account
Invalid Global Switch.
Invalid Global Switch.
Running Repair Under System Account
Invalid Global Switch.
Invalid Global Switch.
Done (10/08/2013 18:19:50)
Repair Windows Firewall
Start (10/08/2013 18:19:50)
Running Repair Under Current User Account
The Windows Firewall service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service could not be started.
The service did not report an error.
More help is available by typing NET HELPMSG 3534.
The Windows Firewall service could not be started.
A service specific error occurred: 5.
More help is available by typing NET HELPMSG 3547.
Running Repair Under System Account
The Windows Firewall service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service could not be started.
The service did not report an error.
More help is available by typing NET HELPMSG 3534.
The Windows Firewall service could not be started.
A service specific error occurred: 5.
More help is available by typing NET HELPMSG 3547.
Done (10/08/2013 18:20:13)
Repair Internet Explorer
Start (10/08/2013 18:20:13)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:20:46)
Repair MDAC/MS Jet
Start (10/08/2013 18:20:46)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:20:55)
Repair Hosts File
Start (10/08/2013 18:20:55)
Running Repair Under System Account
Done (10/08/2013 18:20:57)
Remove Policies Set By Infections
Start (10/08/2013 18:20:57)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:21:02)
Repair Icons
Start (10/08/2013 18:21:02)
Running Repair Under System Account
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db
Done (10/08/2013 18:21:04)
Repair Winsock & DNS Cache
Start (10/08/2013 18:21:04)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:21:13)
Repair Proxy Settings
Start (10/08/2013 18:21:13)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:21:17)
Repair Windows Updates
Start (10/08/2013 18:21:17)
Running Repair Under Current User Account
The Automatic Updates service is not started.
More help is available by typing NET HELPMSG 3521.
The system cannot find the file specified.
Running Repair Under System Account
The Cryptographic Services service is not started.
More help is available by typing NET HELPMSG 3521.
The Background Intelligent Transfer Service service is not started.
More help is available by typing NET HELPMSG 3521.
The Automatic Updates service is not started.
More help is available by typing NET HELPMSG 3521.
The system cannot find the file specified.
Done (10/08/2013 18:21:33)
Repair CD/DVD Missing/Not Working
Start (10/08/2013 18:21:33)
Done (10/08/2013 18:21:33)
Repair Volume Shadow Copy Service
Start (10/08/2013 18:21:33)
Running Repair Under Current User Account
The Volume Shadow Copy service is not started.
More help is available by typing NET HELPMSG 3521.
Running Repair Under System Account
The Volume Shadow Copy service is not started.
More help is available by typing NET HELPMSG 3521.
The Microsoft Software Shadow Copy Provider service is not started.
More help is available by typing NET HELPMSG 3521.
Done (10/08/2013 18:21:39)
Repair MSI (Windows Installer)
Start (10/08/2013 18:21:39)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:21:48)
Repair bat Association
Start (10/08/2013 18:21:48)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:21:53)
Repair cmd Association
Start (10/08/2013 18:21:53)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:21:57)
Repair com Association
Start (10/08/2013 18:21:57)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:22:02)
Repair Directory Association
Start (10/08/2013 18:22:02)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:22:06)
Repair Drive Association
Start (10/08/2013 18:22:06)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:22:11)
Repair exe Association
Start (10/08/2013 18:22:11)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:22:16)
Repair Folder Association
Start (10/08/2013 18:22:16)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:22:20)
Repair inf Association
Start (10/08/2013 18:22:20)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:22:25)
Repair lnk (Shortcuts) Association
Start (10/08/2013 18:22:25)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:22:29)
Repair msc Association
Start (10/08/2013 18:22:29)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:22:34)
Repair reg Association
Start (10/08/2013 18:22:34)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:22:39)
Repair scr Association
Start (10/08/2013 18:22:39)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:22:43)
Repair Windows Safe Mode
Start (10/08/2013 18:22:43)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:22:48)
Repair Print Spooler
Start (10/08/2013 18:22:48)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:23:01)
Restore Important Windows Services
Start (10/08/2013 18:23:01)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:23:05)
Set Windows Services To Default Startup
Start (10/08/2013 18:23:06)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:23:10)
Cleaning up empty logs...
All Selected Repairs Done.
Done (10/08/2013 18:23:10)
Total Repair Time: 00:06:47
...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under System Account
Starting Repairs...
Start (10/08/2013 18:43:29)
Register System Files
Start (10/08/2013 18:43:29)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:44:07)
Repair WMI
Start (10/08/2013 18:44:07)
Running Repair Under Current User Account
Invalid Global Switch.
Invalid Global Switch.
Running Repair Under System Account
Invalid Global Switch.
Invalid Global Switch.
Done (10/08/2013 18:47:50)
Repair Windows Firewall
Start (10/08/2013 18:47:50)
Running Repair Under Current User Account
The Windows Firewall service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service could not be started.
The service did not report an error.
More help is available by typing NET HELPMSG 3534.
The Windows Firewall service could not be started.
A service specific error occurred: 5.
More help is available by typing NET HELPMSG 3547.
Running Repair Under System Account
The Windows Firewall service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service could not be started.
The service did not report an error.
More help is available by typing NET HELPMSG 3534.
The Windows Firewall service could not be started.
A service specific error occurred: 5.
More help is available by typing NET HELPMSG 3547.
Done (10/08/2013 18:48:13)
Repair Internet Explorer
Start (10/08/2013 18:48:13)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:48:40)
Repair MDAC/MS Jet
Start (10/08/2013 18:48:40)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:48:49)
Repair Hosts File
Start (10/08/2013 18:48:49)
Running Repair Under System Account
Done (10/08/2013 18:48:51)
Remove Policies Set By Infections
Start (10/08/2013 18:48:51)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:48:56)
Repair Icons
Start (10/08/2013 18:48:56)
Running Repair Under System Account
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db
Done (10/08/2013 18:48:58)
Repair Winsock & DNS Cache
Start (10/08/2013 18:48:58)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:49:07)
Repair Proxy Settings
Start (10/08/2013 18:49:07)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:49:11)
Repair Windows Updates
Start (10/08/2013 18:49:11)
Running Repair Under Current User Account
The Windows Update service is not started.
More help is available by typing NET HELPMSG 3521.
The system cannot find the file specified.
Running Repair Under System Account
The Cryptographic Services service is not started.
More help is available by typing NET HELPMSG 3521.
The Background Intelligent Transfer Service service is not started.
More help is available by typing NET HELPMSG 3521.
The Windows Update service is not started.
More help is available by typing NET HELPMSG 3521.
The system cannot find the file specified.
Done (10/08/2013 18:49:26)
Repair CD/DVD Missing/Not Working
Start (10/08/2013 18:49:26)
Done (10/08/2013 18:49:26)
Repair Volume Shadow Copy Service
Start (10/08/2013 18:49:26)
Running Repair Under Current User Account
The Volume Shadow Copy service is not started.
More help is available by typing NET HELPMSG 3521.
The Microsoft Software Shadow Copy Provider service is not started.
More help is available by typing NET HELPMSG 3521.
Running Repair Under System Account
The Volume Shadow Copy service is not started.
More help is available by typing NET HELPMSG 3521.
The Microsoft Software Shadow Copy Provider service is not started.
More help is available by typing NET HELPMSG 3521.
Done (10/08/2013 18:49:31)
Repair MSI (Windows Installer)
Start (10/08/2013 18:49:31)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:49:40)
Repair bat Association
Start (10/08/2013 18:49:40)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:49:51)
Repair cmd Association
Start (10/08/2013 18:49:51)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:49:56)
Repair com Association
Start (10/08/2013 18:49:56)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:50:00)
Repair Directory Association
Start (10/08/2013 18:50:00)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:50:05)
Repair Drive Association
Start (10/08/2013 18:50:05)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:50:09)
Repair exe Association
Start (10/08/2013 18:50:09)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:50:14)
Repair Folder Association
Start (10/08/2013 18:50:14)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:50:19)
Repair inf Association
Start (10/08/2013 18:50:19)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:50:23)
Repair lnk (Shortcuts) Association
Start (10/08/2013 18:50:23)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:50:28)
Repair msc Association
Start (10/08/2013 18:50:28)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:50:33)
Repair reg Association
Start (10/08/2013 18:50:33)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:50:37)
Repair scr Association
Start (10/08/2013 18:50:37)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:50:42)
Repair Windows Safe Mode
Start (10/08/2013 18:50:42)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:50:47)
Repair Print Spooler
Start (10/08/2013 18:50:47)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:50:59)
Restore Important Windows Services
Start (10/08/2013 18:50:59)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:51:04)
Set Windows Services To Default Startup
Start (10/08/2013 18:51:04)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 18:51:09)
Cleaning up empty logs...
All Selected Repairs Done.
Done (10/08/2013 18:51:09)
Total Repair Time: 00:07:40
...YOU MUST RESTART YOUR SYSTEM...
Starting Repairs...
Start (10/08/2013 22:11:46)
Register System Files
Start (10/08/2013 22:11:46)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 22:12:06)
Repair WMI
Start (10/08/2013 22:12:06)
Running Repair Under Current User Account
Invalid Global Switch.
Invalid Global Switch.
Running Repair Under System Account
Invalid Global Switch.
Invalid Global Switch.
Done (10/08/2013 22:15:00)
Repair Windows Firewall
Start (10/08/2013 22:15:00)
Running Repair Under Current User Account
The Windows Firewall service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service could not be started.
The service did not report an error.
More help is available by typing NET HELPMSG 3534.
The Windows Firewall service could not be started.
A service specific error occurred: 5.
More help is available by typing NET HELPMSG 3547.
Running Repair Under System Account
The Windows Firewall service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service could not be started.
The service did not report an error.
More help is available by typing NET HELPMSG 3534.
The Windows Firewall service could not be started.
A service specific error occurred: 5.
More help is available by typing NET HELPMSG 3547.
Done (10/08/2013 22:15:23)
Repair Internet Explorer
Start (10/08/2013 22:15:23)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 22:15:46)
Repair MDAC/MS Jet
Start (10/08/2013 22:15:46)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 22:15:55)
Repair Hosts File
Start (10/08/2013 22:15:55)
Running Repair Under System Account
Done (10/08/2013 22:15:57)
Remove Policies Set By Infections
Start (10/08/2013 22:15:57)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 22:16:02)
Repair Icons
Start (10/08/2013 22:16:02)
Running Repair Under System Account
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db
Done (10/08/2013 22:16:04)
Repair Winsock & DNS Cache
Start (10/08/2013 22:16:04)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 22:16:13)
Repair Proxy Settings
Start (10/08/2013 22:16:13)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 22:16:18)
Repair Windows Updates
Start (10/08/2013 22:16:18)
Running Repair Under Current User Account
The Windows Update service is not started.
More help is available by typing NET HELPMSG 3521.
The system cannot find the file specified.
Running Repair Under System Account
The Cryptographic Services service is not started.
More help is available by typing NET HELPMSG 3521.
The Background Intelligent Transfer Service service is not started.
More help is available by typing NET HELPMSG 3521.
The Windows Update service is not started.
More help is available by typing NET HELPMSG 3521.
The system cannot find the file specified.
Done (10/08/2013 22:16:32)
Repair CD/DVD Missing/Not Working
Start (10/08/2013 22:16:32)
Done (10/08/2013 22:16:32)
Repair Volume Shadow Copy Service
Start (10/08/2013 22:16:33)
Running Repair Under Current User Account
The Volume Shadow Copy service is not started.
More help is available by typing NET HELPMSG 3521.
Running Repair Under System Account
The Volume Shadow Copy service is not started.
More help is available by typing NET HELPMSG 3521.
The Microsoft Software Shadow Copy Provider service is not started.
More help is available by typing NET HELPMSG 3521.
Done (10/08/2013 22:16:39)
Repair MSI (Windows Installer)
Start (10/08/2013 22:16:39)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 22:16:48)
Repair bat Association
Start (10/08/2013 22:16:48)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 22:16:52)
Repair cmd Association
Start (10/08/2013 22:16:52)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 22:16:57)
Repair com Association
Start (10/08/2013 22:16:57)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 22:17:02)
Repair Directory Association
Start (10/08/2013 22:17:02)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 22:17:06)
Repair Drive Association
Start (10/08/2013 22:17:06)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 22:17:11)
Repair exe Association
Start (10/08/2013 22:17:11)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 22:17:16)
Repair Folder Association
Start (10/08/2013 22:17:16)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 22:17:20)
Repair inf Association
Start (10/08/2013 22:17:20)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 22:17:25)
Repair lnk (Shortcuts) Association
Start (10/08/2013 22:17:25)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 22:17:29)
Repair msc Association
Start (10/08/2013 22:17:29)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 22:17:34)
Repair reg Association
Start (10/08/2013 22:17:34)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 22:17:39)
Repair scr Association
Start (10/08/2013 22:17:39)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 22:17:43)
Repair Windows Safe Mode
Start (10/08/2013 22:17:43)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 22:17:48)
Repair Print Spooler
Start (10/08/2013 22:17:48)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 22:18:00)
Restore Important Windows Services
Start (10/08/2013 22:18:00)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 22:18:05)
Set Windows Services To Default Startup
Start (10/08/2013 22:18:05)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 22:18:10)
Cleaning up empty logs...
All Selected Repairs Done.
Done (10/08/2013 22:18:10)
Total Repair Time: 00:06:24
...YOU MUST RESTART YOUR SYSTEM...
Starting Repairs...
Start (10/08/2013 23:50:18)
Register System Files
Start (10/08/2013 23:50:18)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 23:50:41)
Repair WMI
Start (10/08/2013 23:50:41)
Running Repair Under Current User Account
Invalid Global Switch.
Invalid Global Switch.
Running Repair Under System Account
Invalid Global Switch.
Invalid Global Switch.
Done (10/08/2013 23:53:46)
Repair Windows Firewall
Start (10/08/2013 23:53:46)
Running Repair Under Current User Account
The Windows Firewall service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service could not be started.
The service did not report an error.
More help is available by typing NET HELPMSG 3534.
The Windows Firewall service could not be started.
A service specific error occurred: 5.
More help is available by typing NET HELPMSG 3547.
Running Repair Under System Account
The Windows Firewall service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service could not be started.
The service did not report an error.
More help is available by typing NET HELPMSG 3534.
The Windows Firewall service could not be started.
A service specific error occurred: 5.
More help is available by typing NET HELPMSG 3547.
Done (10/08/2013 23:54:09)
Repair Internet Explorer
Start (10/08/2013 23:54:09)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 23:54:34)
Repair MDAC/MS Jet
Start (10/08/2013 23:54:34)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 23:54:42)
Repair Hosts File
Start (10/08/2013 23:54:42)
Running Repair Under System Account
Done (10/08/2013 23:54:45)
Remove Policies Set By Infections
Start (10/08/2013 23:54:45)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 23:54:49)
Repair Icons
Start (10/08/2013 23:54:49)
Running Repair Under System Account
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db
Done (10/08/2013 23:54:52)
Repair Winsock & DNS Cache
Start (10/08/2013 23:54:52)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 23:55:04)
Repair Proxy Settings
Start (10/08/2013 23:55:04)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 23:55:09)
Repair Windows Updates
Start (10/08/2013 23:55:09)
Running Repair Under Current User Account
The Windows Update service is not started.
More help is available by typing NET HELPMSG 3521.
The system cannot find the file specified.
Running Repair Under System Account
The Cryptographic Services service is not started.
More help is available by typing NET HELPMSG 3521.
The Background Intelligent Transfer Service service is not started.
More help is available by typing NET HELPMSG 3521.
The Windows Update service is not started.
More help is available by typing NET HELPMSG 3521.
The system cannot find the file specified.
Done (10/08/2013 23:55:24)
Repair CD/DVD Missing/Not Working
Start (10/08/2013 23:55:24)
Done (10/08/2013 23:55:24)
Repair Volume Shadow Copy Service
Start (10/08/2013 23:55:24)
Running Repair Under Current User Account
The Volume Shadow Copy service is not started.
More help is available by typing NET HELPMSG 3521.
Running Repair Under System Account
The Volume Shadow Copy service is not started.
More help is available by typing NET HELPMSG 3521.
The Microsoft Software Shadow Copy Provider service is not started.
More help is available by typing NET HELPMSG 3521.
Done (10/08/2013 23:55:31)
Repair MSI (Windows Installer)
Start (10/08/2013 23:55:31)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 23:55:39)
Repair bat Association
Start (10/08/2013 23:55:39)
Running Repair Under Current User Account
Stopping, Waiting for current repair to finish...
Running Repair Under System Account
Done (10/08/2013 23:55:44)
Repairs Stopped By User.
Done (10/08/2013 23:55:44)
Total Repair Time: 00:05:26
Starting Repairs...
Start (10/08/2013 23:56:35)
Register System Files
Start (10/08/2013 23:56:35)
Running Repair Under Current User Account
Running Repair Under System Account
Done (10/08/2013 23:56:55)
Repair WMI
Start (10/08/2013 23:56:55)
Running Repair Under Current User Account
Invalid Global Switch.
Invalid Global Switch.
Running Repair Under System Account
Invalid Global Switch.
Invalid Global Switch.
Done (11/08/2013 00:00:59)
Repair Windows Firewall
Start (11/08/2013 00:00:59)
Running Repair Under Current User Account
The Windows Firewall service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service could not be started.
The service did not report an error.
More help is available by typing NET HELPMSG 3534.
The Windows Firewall service could not be started.
A service specific error occurred: 5.
More help is available by typing NET HELPMSG 3547.
Running Repair Under System Account
The Windows Firewall service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service could not be started.
The service did not report an error.
More help is available by typing NET HELPMSG 3534.
The Windows Firewall service could not be started.
A service specific error occurred: 5.
More help is available by typing NET HELPMSG 3547.
Done (11/08/2013 00:01:20)
Repair Internet Explorer
Start (11/08/2013 00:01:20)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 00:01:37)
Repair MDAC/MS Jet
Start (11/08/2013 00:01:37)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 00:01:46)
Repair Hosts File
Start (11/08/2013 00:01:46)
Running Repair Under System Account
Done (11/08/2013 00:01:48)
Remove Policies Set By Infections
Start (11/08/2013 00:01:48)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 00:01:53)
Repair Icons
Start (11/08/2013 00:01:53)
Running Repair Under System Account
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db.bak
The system cannot find the file specified.
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db.bak
Done (11/08/2013 00:01:55)
Repair Winsock & DNS Cache
Start (11/08/2013 00:01:55)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 00:02:04)
Repair Proxy Settings
Start (11/08/2013 00:02:04)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 00:02:08)
Repair Windows Updates
Start (11/08/2013 00:02:08)
Running Repair Under Current User Account
The Cryptographic Services service is not started.
More help is available by typing NET HELPMSG 3521.
The Background Intelligent Transfer Service service is not started.
More help is available by typing NET HELPMSG 3521.
The Windows Update service is not started.
More help is available by typing NET HELPMSG 3521.
The system cannot find the file specified.
Running Repair Under System Account
The Cryptographic Services service is not started.
More help is available by typing NET HELPMSG 3521.
The Background Intelligent Transfer Service service is not started.
More help is available by typing NET HELPMSG 3521.
The Windows Update service is not started.
More help is available by typing NET HELPMSG 3521.
The system cannot find the file specified.
Done (11/08/2013 00:02:21)
Repair CD/DVD Missing/Not Working
Start (11/08/2013 00:02:21)
Done (11/08/2013 00:02:21)
Repair Volume Shadow Copy Service
Start (11/08/2013 00:02:21)
Running Repair Under Current User Account
The Volume Shadow Copy service is not started.
More help is available by typing NET HELPMSG 3521.
The Microsoft Software Shadow Copy Provider service is not started.
More help is available by typing NET HELPMSG 3521.
Running Repair Under System Account
The Volume Shadow Copy service is not started.
More help is available by typing NET HELPMSG 3521.
The Microsoft Software Shadow Copy Provider service is not started.
More help is available by typing NET HELPMSG 3521.
Done (11/08/2013 00:02:26)
Repair MSI (Windows Installer)
Start (11/08/2013 00:02:26)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 00:02:34)
Repair bat Association
Start (11/08/2013 00:02:34)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 00:02:39)
Repair cmd Association
Start (11/08/2013 00:02:39)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 00:02:44)
Repair com Association
Start (11/08/2013 00:02:44)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 00:02:48)
Repair Directory Association
Start (11/08/2013 00:02:48)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 00:02:53)
Repair Drive Association
Start (11/08/2013 00:02:53)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 00:02:57)
Repair exe Association
Start (11/08/2013 00:02:57)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 00:03:02)
Repair Folder Association
Start (11/08/2013 00:03:02)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 00:03:06)
Repair inf Association
Start (11/08/2013 00:03:07)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 00:03:11)
Repair lnk (Shortcuts) Association
Start (11/08/2013 00:03:11)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 00:03:16)
Repair msc Association
Start (11/08/2013 00:03:16)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 00:03:20)
Repair reg Association
Start (11/08/2013 00:03:20)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 00:03:25)
Repair scr Association
Start (11/08/2013 00:03:25)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 00:03:29)
Repair Windows Safe Mode
Start (11/08/2013 00:03:29)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 00:03:34)
Repair Print Spooler
Start (11/08/2013 00:03:34)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 00:03:47)
Restore Important Windows Services
Start (11/08/2013 00:03:47)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 00:03:51)
Set Windows Services To Default Startup
Start (11/08/2013 00:03:51)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 00:03:56)
Cleaning up empty logs...
All Selected Repairs Done.
Done (11/08/2013 00:03:56)
Total Repair Time: 00:07:21
...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under System Account
Starting Repairs...
Start (11/08/2013 23:04:13)
Register System Files
Start (11/08/2013 23:04:13)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 23:04:41)
Repair WMI
Start (11/08/2013 23:04:41)
Running Repair Under Current User Account
Invalid Global Switch.
Invalid Global Switch.
Running Repair Under System Account
Invalid Global Switch.
Invalid Global Switch.
Done (11/08/2013 23:07:45)
Repair Windows Firewall
Start (11/08/2013 23:07:45)
Running Repair Under Current User Account
The Windows Firewall service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service could not be started.
The service did not report an error.
More help is available by typing NET HELPMSG 3534.
The Windows Firewall service could not be started.
A service specific error occurred: 5.
More help is available by typing NET HELPMSG 3547.
Running Repair Under System Account
The Windows Firewall service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service could not be started.
The service did not report an error.
More help is available by typing NET HELPMSG 3534.
The Windows Firewall service could not be started.
A service specific error occurred: 5.
More help is available by typing NET HELPMSG 3547.
Done (11/08/2013 23:08:10)
Repair Internet Explorer
Start (11/08/2013 23:08:10)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 23:08:33)
Repair MDAC/MS Jet
Start (11/08/2013 23:08:34)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 23:08:42)
Repair Hosts File
Start (11/08/2013 23:08:42)
Running Repair Under System Account
Done (11/08/2013 23:08:44)
Remove Policies Set By Infections
Start (11/08/2013 23:08:44)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 23:08:49)
Repair Icons
Start (11/08/2013 23:08:49)
Running Repair Under System Account
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db
Done (11/08/2013 23:08:51)
Repair Winsock & DNS Cache
Start (11/08/2013 23:08:51)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 23:09:04)
Repair Proxy Settings
Start (11/08/2013 23:09:04)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 23:09:09)
Repair Windows Updates
Start (11/08/2013 23:09:09)
Running Repair Under Current User Account
The Windows Update service is not started.
More help is available by typing NET HELPMSG 3521.
The system cannot find the file specified.
Running Repair Under System Account
The Cryptographic Services service is not started.
More help is available by typing NET HELPMSG 3521.
The Background Intelligent Transfer Service service is not started.
More help is available by typing NET HELPMSG 3521.
The Windows Update service is not started.
More help is available by typing NET HELPMSG 3521.
The system cannot find the file specified.
Done (11/08/2013 23:09:26)
Repair CD/DVD Missing/Not Working
Start (11/08/2013 23:09:26)
Done (11/08/2013 23:09:26)
Repair Volume Shadow Copy Service
Start (11/08/2013 23:09:26)
Running Repair Under Current User Account
The Volume Shadow Copy service is not started.
More help is available by typing NET HELPMSG 3521.
The Microsoft Software Shadow Copy Provider service is not started.
More help is available by typing NET HELPMSG 3521.
Running Repair Under System Account
The Volume Shadow Copy service is not started.
More help is available by typing NET HELPMSG 3521.
The Microsoft Software Shadow Copy Provider service is not started.
More help is available by typing NET HELPMSG 3521.
Done (11/08/2013 23:09:31)
Repair MSI (Windows Installer)
Start (11/08/2013 23:09:31)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 23:09:39)
Repair bat Association
Start (11/08/2013 23:09:39)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 23:09:44)
Repair cmd Association
Start (11/08/2013 23:09:44)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 23:09:49)
Repair com Association
Start (11/08/2013 23:09:49)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 23:09:53)
Repair Directory Association
Start (11/08/2013 23:09:53)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 23:09:58)
Repair Drive Association
Start (11/08/2013 23:09:58)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 23:10:03)
Repair exe Association
Start (11/08/2013 23:10:03)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 23:10:07)
Repair Folder Association
Start (11/08/2013 23:10:07)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 23:10:12)
Repair inf Association
Start (11/08/2013 23:10:12)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 23:10:16)
Repair lnk (Shortcuts) Association
Start (11/08/2013 23:10:16)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 23:10:21)
Repair msc Association
Start (11/08/2013 23:10:21)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 23:10:26)
Repair reg Association
Start (11/08/2013 23:10:26)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 23:10:30)
Repair scr Association
Start (11/08/2013 23:10:30)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 23:10:35)
Repair Windows Safe Mode
Start (11/08/2013 23:10:35)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 23:10:39)
Repair Print Spooler
Start (11/08/2013 23:10:40)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 23:10:52)
Restore Important Windows Services
Start (11/08/2013 23:10:52)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 23:10:57)
Set Windows Services To Default Startup
Start (11/08/2013 23:10:57)
Running Repair Under Current User Account
Running Repair Under System Account
Done (11/08/2013 23:11:02)
Cleaning up empty logs...
All Selected Repairs Done.
Done (11/08/2013 23:11:02)
Total Repair Time: 00:06:49
...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under System Account
Starting Repairs...
Start (12/08/2013 16:57:38)
Register System Files
Start (12/08/2013 16:57:38)
Running Repair Under Current User Account
Running Repair Under System Account
Done (12/08/2013 16:57:59)
Repair WMI
Start (12/08/2013 16:57:59)
Running Repair Under Current User Account
Invalid Global Switch.
Invalid Global Switch.
Running Repair Under System Account
Invalid Global Switch.
Invalid Global Switch.
Done (12/08/2013 17:00:57)
Repair Windows Firewall
Start (12/08/2013 17:00:57)
Running Repair Under Current User Account
The Windows Firewall service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service could not be started.
The service did not report an error.
More help is available by typing NET HELPMSG 3534.
The Windows Firewall service could not be started.
A service specific error occurred: 5.
More help is available by typing NET HELPMSG 3547.
Running Repair Under System Account
The Windows Firewall service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service could not be started.
The service did not report an error.
More help is available by typing NET HELPMSG 3534.
The Windows Firewall service could not be started.
A service specific error occurred: 5.
More help is available by typing NET HELPMSG 3547.
Done (12/08/2013 17:01:20)
Repair Internet Explorer
Start (12/08/2013 17:01:20)
Running Repair Under Current User Account
Running Repair Under System Account
Done (12/08/2013 17:01:43)
Repair MDAC/MS Jet
Start (12/08/2013 17:01:43)
Running Repair Under Current User Account
Running Repair Under System Account
Done (12/08/2013 17:01:52)
Repair Hosts File
Start (12/08/2013 17:01:52)
Running Repair Under System Account
Done (12/08/2013 17:01:54)
Remove Policies Set By Infections
Start (12/08/2013 17:01:54)
Running Repair Under Current User Account
Running Repair Under System Account
Done (12/08/2013 17:01:59)
Repair Icons
Start (12/08/2013 17:01:59)
Running Repair Under System Account
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db
Done (12/08/2013 17:02:01)
Repair Winsock & DNS Cache
Start (12/08/2013 17:02:01)
Running Repair Under Current User Account
Running Repair Under System Account
Done (12/08/2013 17:02:12)
Repair Proxy Settings
Start (12/08/2013 17:02:12)
Running Repair Under Current User Account
Running Repair Under System Account
Done (12/08/2013 17:02:16)
Repair Windows Updates
Start (12/08/2013 17:02:16)
Running Repair Under Current User Account
The Windows Update service is not started.
More help is available by typing NET HELPMSG 3521.
The system cannot find the file specified.
Running Repair Under System Account
The Cryptographic Services service is not started.
More help is available by typing NET HELPMSG 3521.
The Background Intelligent Transfer Service service is not started.
More help is available by typing NET HELPMSG 3521.
The Windows Update service is not started.
More help is available by typing NET HELPMSG 3521.
The system cannot find the file specified.
Done (12/08/2013 17:02:33)
Repair CD/DVD Missing/Not Working
Start (12/08/2013 17:02:33)
Done (12/08/2013 17:02:33)
Repair Volume Shadow Copy Service
Start (12/08/2013 17:02:33)
Running Repair Under Current User Account
The Volume Shadow Copy service is not started.
More help is available by typing NET HELPMSG 3521.
Running Repair Under System Account
The Volume Shadow Copy service is not started.
More help is available by typing NET HELPMSG 3521.
The Microsoft Software Shadow Copy Provider service is not started.
More help is available by typing NET HELPMSG 3521.
Done (12/08/2013 17:02:44)
Repair MSI (Windows Installer)
Start (12/08/2013 17:02:44)
Running Repair Under Current User Account
Running Repair Under System Account
Done (12/08/2013 17:02:53)
Repair bat Association
Start (12/08/2013 17:02:53)
Running Repair Under Current User Account
Running Repair Under System Account
Done (12/08/2013 17:02:57)
Repair cmd Association
Start (12/08/2013 17:02:57)
Running Repair Under Current User Account
Running Repair Under System Account
Done (12/08/2013 17:03:02)
Repair com Association
Start (12/08/2013 17:03:02)
Running Repair Under Current User Account
Running Repair Under System Account
Done (12/08/2013 17:03:07)
Repair Directory Association
Start (12/08/2013 17:03:07)
Running Repair Under Current User Account
Running Repair Under System Account
Done (12/08/2013 17:03:11)
Repair Drive Association
Start (12/08/2013 17:03:11)
Running Repair Under Current User Account
Running Repair Under System Account
Done (12/08/2013 17:03:16)
Repair exe Association
Start (12/08/2013 17:03:16)
Running Repair Under Current User Account
Running Repair Under System Account
Done (12/08/2013 17:03:21)
Repair Folder Association
Start (12/08/2013 17:03:21)
Running Repair Under Current User Account
Running Repair Under System Account
Done (12/08/2013 17:03:25)
Repair inf Association
Start (12/08/2013 17:03:25)
Running Repair Under Current User Account
Running Repair Under System Account
Done (12/08/2013 17:03:30)
Repair lnk (Shortcuts) Association
Start (12/08/2013 17:03:30)
Running Repair Under Current User Account
Running Repair Under System Account
Done (12/08/2013 17:03:35)
Repair msc Association
Start (12/08/2013 17:03:35)
Running Repair Under Current User Account
Running Repair Under System Account
Done (12/08/2013 17:03:39)
Repair reg Association
Start (12/08/2013 17:03:39)
Running Repair Under Current User Account
Running Repair Under System Account
Done (12/08/2013 17:03:44)
Repair scr Association
Start (12/08/2013 17:03:44)
Running Repair Under Current User Account
Running Repair Under System Account
Done (12/08/2013 17:03:48)
Repair Windows Safe Mode
Start (12/08/2013 17:03:48)
Running Repair Under Current User Account
Running Repair Under System Account
Done (12/08/2013 17:03:53)
Repair Print Spooler
Start (12/08/2013 17:03:53)
Running Repair Under Current User Account
Running Repair Under System Account
Done (12/08/2013 17:04:06)
Restore Important Windows Services
Start (12/08/2013 17:04:06)
Running Repair Under Current User Account
Running Repair Under System Account
Done (12/08/2013 17:04:11)
Set Windows Services To Default Startup
Start (12/08/2013 17:04:11)
Running Repair Under Current User Account
Running Repair Under System Account
Done (12/08/2013 17:04:15)
Cleaning up empty logs...
All Selected Repairs Done.
Done (12/08/2013 17:04:15)
Total Repair Time: 00:06:37
...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under System Account
Running Repair Under System Account
Starting Repairs...
Start (12/08/2013 22:57:33)
Register System Files
Start (12/08/2013 22:57:33)
Running Repair Under Current User Account
Running Repair Under System Account
Done (12/08/2013 22:57:58)
Repair WMI
Start (12/08/2013 22:57:58)
Running Repair Under Current User Account
Invalid Global Switch.
Invalid Global Switch.
Running Repair Under System Account
Invalid Global Switch.
Invalid Global Switch.
Done (12/08/2013 23:01:06)
Repair Windows Firewall
Start (12/08/2013 23:01:06)
Running Repair Under Current User Account
The Windows Firewall service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service could not be started.
The service did not report an error.
More help is available by typing NET HELPMSG 3534.
The Windows Firewall service could not be started.
A service specific error occurred: 5.
More help is available by typing NET HELPMSG 3547.
Running Repair Under System Account
The Windows Firewall service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service is not started.
More help is available by typing NET HELPMSG 3521.
The Internet Connection Sharing (ICS) service could not be started.
The service did not report an error.
More help is available by typing NET HELPMSG 3534.
The Windows Firewall service could not be started.
A service specific error occurred: 5.
More help is available by typing NET HELPMSG 3547.
Done (12/08/2013 23:01:30)
Repair Internet Explorer
Start (12/08/2013 23:01:30)
Running Repair Under Current User Account
Running Repair Under System Account
Done (12/08/2013 23:01:53)
Repair MDAC/MS Jet
Start (12/08/2013 23:01:54)
Running Repair Under Current User Account
Running Repair Under System Account
Done (12/08/2013 23:02:02)
Repair Hosts File
Start (12/08/2013 23:02:02)
Running Repair Under System Account
Done (12/08/2013 23:02:04)
Remove Policies Set By Infections
Start (12/08/2013 23:02:04)
Running Repair Under Current User Account
Running Repair Under System Account
Done (12/08/2013 23:02:09)
Repair Icons
Start (12/08/2013 23:02:09)
Running Repair Under System Account
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db
Done (12/08/2013 23:02:11)
Repair Winsock & DNS Cache
Start (12/08/2013 23:02:11)
Running Repair Under Current User Account
Running Repair Under System Account
Done (12/08/2013 23:02:24)
Repair Proxy Settings
Start (12/08/2013
-
Check your system date & time. It seems they're not set to the proper value(s).
It seems the Trojan has removed the ICS service. Because there're 3 ICS related errors. "ICS isn't started", "ICS could not be started" & "the service didn't report an error". It seems the Trojan also has taken out Windows Update. I made a new *.zip file (see attachment), try it out like the previous one. It resets the appropriate permissions for a number of services.
Then delete the old WR logfile, run WR with only "Restore Important Services" selected. Reboot, then run WR with only "Repair Firewall" & "Repair Windows Update" selected. If you want to post the WR log file then add it as an attachment.
-
You want to change the permissions on the bits and shared access services.
Give system, administrators and everyone full access control to it and have it apply those to all subkeys as well. You may also want to see about changing the owner to administrators as well. Depending what the virus changed.
Shane
-
I see what you mean about the time - but in the bottom right of the screen the clock and date are fine but in the log its all over the place with different dates and stuff. Actually the windows update is working ok but ill try your reccomendations now anyway
-
right here is the log attached. one thing - i didnt delete the old files from the last zip file you sent, they wernt overidden because they had a slightly different name so they all ended up together in the folder - i don tknow if this makes a difference or not. i did run the new bat file though. anyway ill try changing the permissions now.
thanks
-
Ive changed the permissions - still no luck! I noticed that in the users/groups box on the share access service sevices there was an entry with a figure of a person (not 2) with a red question mark and it was called s-1-5-32-547 this seems strange because ive never created a user with that name. in fact i should only have 1 user and 1 admin.
-
- the latest logfile shows the Windows Firewall caused error #5 (=Access Denied). Odd. because the content of the *.zip file was meant to reset the reg permissions. Did you turn off Norton before running the *.bat file ?
- I am curious what the content is of the registry for a number of services. Download the FARBAR service tool.
http://www.bleepingcomputer.com/download/farbar-service-scanner/
1. Tick the boxes "Internet Services", "Windows Firewall", "Security Center" and hit "Scan". Perhaps some of the driver files are missing.
2. Type "SharedAccess", "Mpssvc", "Wscsvc" in the "Search:" box and hit "Export Service".
Then post both results in the attachment of your next post.
-
Hi,
I have attached those files below. Im going to try the *bat file again because i cant be sure i didn turn off norton - i think i did
-
tried the *bat file - no luck
-
Ive changed the permissions - still no luck! I noticed that in the users/groups box on the share access service sevices there was an entry with a figure of a person (not 2) with a red question mark and it was called s-1-5-32-547 this seems strange because ive never created a user with that name. in fact i should only have 1 user and 1 admin.
That normally shows the sid of an account that is no longer on the system, something the virus may have done. You can remove it. Also did you take owner ship of the keys as well?
Shane
-
Hi,
How do I take ownership?
thanks
-
Same way you take permissions, you will see another tab at the top :wink:
Shane
-
no you got me on that one - i cant see any tab.
-
Sorry, forgot to say you have to click the advanced button :-)
That is also where you can tell it to apply the permissions to all sub keys :wink:
Shane
-
hi,
i can see the advanced button, but in that screen i dont know what im doing - i dont really have that much know how in these things
-
Hi,
I have attached those files below. Im going to try the *bat file again because i cant be sure i didn turn off norton - i think i did
I took a look at the FSS files and it seems to be OK. It also shows that the Firewall isn't running.
-
The firewall isnt running because of permissions error.
On Windows 8 my reset reg permissions is disabled because of the DRM in Windows 8 and if you touch certain reg keys the app store will break.
I am going to be updating the Windows repair tool to run the reg permissions on just the keys the firewall uses (This will be part of the Repair Firewall) and then that way this will still work for Windows 8 users.
Shane
-
When im in the advanced tab how do i take owndership? Or will this be in the updated WR tool?
thanks
-
I will have it int he update to the Windows repair tool, hoping to have an update out in a week or so. Right now working on an update to the reg backup, and then to the Windows repair.
Shane
-
ok ill wait for it and try it out and ill let you know what happens later on. thanks for the time you spent on this
-
Always happy to help :-)
Shane
-
hi,
ive got the new release but i cant remember which boxes need to be checked cos its only got three boxes checked at the moment
-
Delete the old log file, run WR with only two boxes ticked: "Repair Firewall" & "Restore Important Services". And post the new log file.
-
ive attached the log below
-
Windows firewall also uses WMI, just do all the repairs, make sure to do a reg backup first and see how it goes.
Make sure to use the new version 1.9.16
Shane
-
done all the repairs here's the log
-
@Pablo204: I see you ran all the repairs.
- Does your firewall work again like it did before ? Is the problem solved ?
- Open the folder with the WR log files. Are there're any *.txt files with "hkey_local_machine_services_" in the name of the file(s) ? If yes, then post them in this thread. The content of those files will show which permissions of what reg keys weren't reset.
-
hi,
Im not sure I know what you mean. Do you mean the log file that is created after doing the repairs (the one attached to the previous email). If so there is no mention of HKEY in there.
Thanks
-
There're a number of files in the WR log file folder. There's always the usual WR log file. (That's the one you attached to a previous post) But when some commands, used by WR, generate one or more other errors then those errors will show up in other, additional log files, located in that folder as well. These errors won't show up in the standard WR log file.
Do you have one or more of those additional files ? If so, then take all the files that have "_services_" in the name (!!!) of the files and attach them to your next post.
If you don't have two or more files, as described above, then I would assume your Firewall is back to normal. Is your Firewall, after running "Repair WMI", "Repair Firewall" & "Restore Important Services" now back to normal ?
-
yeah theres no other file there. I downloaded Skype for Windows 8 in the store and it works fine. Thanks very much the problem seems to be resolved. Thanks for you time and help. However there does seem to be a problem with some other apps downloaded from the store but they are non-essential things like a journey planner or something like that. When I load them it just goes off the screen and back to the Windows App panel, if I click on it again the same thing happens the load page sflashes up but the automaticlly changes back to the app page. But these things are not important things to me - maybe it is a different problem. The main thing is that the firewall seems to be fixed and its allowing Skype to run. Thanks
-
Good to hear the firewall is working again.
Was it the new version of the Windows repair or something else that got it working?
Shane
-
It was the new version of Windows Repair. Thanks very much for that!
-
Excellent :-)
Shane