Joined
Mar 2, 2019
Messages
1,626
Hello, thank you fresh logs!

Please run DISM in administrator command prompt like this:
PowerShell:
mkdir C:\Scratch
dism /Online /Cleanup-Image /RestoreHealth /ScratchDir:C:\Scratch
If this does not fail and finishes normally then run:
sfc /scannow

Regardless if DISM results in error or not share fresh logs when it's done.

There doesn't seem to be any rouge software installed but that doesn't mean PC is clean of malware.
What antivirus scans did you run so far?
 

Sonicstefan1991

Stefan
Thread Starter
Joined
Jan 24, 2018
Messages
105
Hello, thank you fresh logs!

Please run DISM in administrator command prompt like this:
PowerShell:
mkdir C:\Scratch
dism /Online /Cleanup-Image /RestoreHealth /ScratchDir:C:\Scratch
If this does not fail and finishes normally then run:
sfc /scannow

Regardless if DISM results in error or not share fresh logs when it's done.

There doesn't seem to be any rouge software installed but that doesn't mean PC is clean of malware.
What antivirus scans did you run so far?
I used a full scan of Windows Security from the 30th of November and left it running until the morning of the 1st of December. I did remove the threats. But I might do it again.

I also used Rogue Killer and removed the further threats on there.

Still no luck with the Windows Update, though.

I did the sfc /scannow. It says "Windows Resource Protection did not find any integrity violations."
 

Attachments

Joined
Mar 2, 2019
Messages
1,626
I did the sfc /scannow
for SFC to make sense DISM must succeed first but it didn't.

To make it succeed you'll need to run it with secondary offline image which is not straightforward to do, and is explained here:
https://techguy.org/1235557

In that thread jump to text that says: "If the above DISM does not fix your problem"
But before you do so I would first ensure you get your PC free of known malware.

Malwarebytes Download - Free Virus Scan & Virus Protection Tool
Download free version, install and run antivirus scan for entry C drive.

When done if it finds something let it remove malware then uninstall malwarebytes and finally restart computer.

Next use trial version of Kaspersky antivirus:
Kaspersky Anti-Virus (2021) Free Trial Download | Kaspersky

Activate trial license and run virus scan for entry C drive.
Same as with malwarebytes, if it finds something let it remove malware, uninstall kaspersky and restart computer.

Let us know if these 2 find anything, and try to run DISM again, if it fails see linked thread above to run it with offline image.
 

Sonicstefan1991

Stefan
Thread Starter
Joined
Jan 24, 2018
Messages
105
for SFC to make sense DISM must succeed first but it didn't.

To make it succeed you'll need to run it with secondary offline image which is not straightforward to do, and is explained here:
https://techguy.org/1235557

In that thread jump to text that says: "If the above DISM does not fix your problem"
But before you do so I would first ensure you get your PC free of known malware.

Malwarebytes Download - Free Virus Scan & Virus Protection Tool
Download free version, install and run antivirus scan for entry C drive.

When done if it finds something let it remove malware then uninstall malwarebytes and finally restart computer.

Next use trial version of Kaspersky antivirus:
Kaspersky Anti-Virus (2021) Free Trial Download | Kaspersky

Activate trial license and run virus scan for entry C drive.
Same as with malwarebytes, if it finds something let it remove malware, uninstall kaspersky and restart computer.

Let us know if these 2 find anything, and try to run DISM again, if it fails see linked thread above to run it with offline image.

I hope that I have followed everything correctly with what you explained above.


C:\WINDOWS\system32>DISM /Online /Cleanup-Image /RestoreHealth

Deployment Image Servicing and Management tool
Version: 10.0.19041.572


Error: 2

An error occurred while attempting to start the servicing process for the image located at C:\.
For more information, review the log file.

The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log

C:\WINDOWS\system32>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.




And here is the DISM text file.
 

Attachments

Joined
Mar 2, 2019
Messages
1,626
Hello what was the result of malwarebytes and kaspersky did they find anything?
Scanning for viruses should be done first!

I'm sorry if I was not clear enough but, it looks like you did not follow instructions explained on the link below:
https://techguy.org/1235557

Click on that link and skip to section that says:
If the above DISM does not fix your problem, or reports an error such that it cannot run
Please do NOT run SFC /scannnow because it will not fix anything unless DISM command was successful.

I'm sorry if you find these hard to follow but I'm not sure if there is an easier way to solve your problem.
And if none of this works you might need to reinstall Windows but likely it will be easier to skip reinstalling until we try out these methods.

Let us know if you need help completing the tutorial linked above.
 

blues_harp28

Moderator
Joined
Jan 9, 2005
Messages
19,300
But before you do so I would first ensure you get your PC free of known malware.

Malwarebytes Download - Free Virus Scan & Virus Protection Tool
Download free version, install and run antivirus scan for entry C drive.

When done if it finds something let it remove malware then uninstall malwarebytes and finally restart computer.

Next use trial version of Kaspersky antivirus:
Kaspersky Anti-Virus (2021) Free Trial Download | Kaspersky
Just a reminder that any suspicion of malware on the system - the original poster should be referred to our malware experts, in the virus and other malware forum - see below.
If the system is compromised by malware - that will need to be removed first.

https://forums.techguy.org/forums/virus-other-malware-removal.54/
 
Joined
Mar 2, 2019
Messages
1,626
I'll keep that in mind, but it could be either corrupt system or malware, but unless we get feedback on this I don't really know.
 

blues_harp28

Moderator
Joined
Jan 9, 2005
Messages
19,300
Not knowing what Malwarebytes, Kaspersky, Rogue Killer, has removed, if anything, is not helping the original poster.

Malwarebytes and the other scanners log files, may have pointed to a larger problem that they could not, did not remove, and that may need expert help.

I am not suggesting that you ask for said log files - it is up to our experts here, to ask for and review any malware programs log files.
 
Joined
Mar 2, 2019
Messages
1,626
@Sonicstefan1991
If you would like someone to verify whether malware is preventing Windows update from working properly let us know to redirect you malware support subforum.
 

Sonicstefan1991

Stefan
Thread Starter
Joined
Jan 24, 2018
Messages
105
@Sonicstefan1991
If you would like someone to verify whether malware is preventing Windows update from working properly let us know to redirect you malware support subforum.
Yes, please. I would like to be referred.

I did run Malwarebytes and found 99 threats, but I have no report on that to show you. I also ran Kaspersky and found I think were 8 threats.
 

Attachments

iMacg3

Malware Specialist
Joined
Nov 3, 2018
Messages
972
Hi Sonicstefan1991 , welcome to the TechSupportGuy malware removal forum.

I am iMacg3 and will be helping you with your computer problems.

Please keep the following information in mind before we begin:
  • Back up any important data before we continue.
    • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
  • Do not install any new software or run any fixes/tools on your system unless I request that you do so.
    • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
  • Please read all instructions carefully, and complete them in the order listed.
    • Items that are especially important will be highlighted in bold or red.
  • If your computer seems to start working normally, please don't abandon the topic.
    • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
  • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • Using pirated/cracked software is a significant security risk to your computer. Therefore, please remove any, if present, before we begin the cleanup.
  • If you don't respond to your topic in 5 days, I will have to leave the thread due to lack of response .
    • If your topic is closed and you still need assistance, reply back to the thread.
  • If you have questions at any time during the cleanup, feel free to ask.

---------------------------------------------------

Please download and run the following tool

---------------------------------------------------
Farbar Recovery Scan Tool (FRST)

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.
  • Right-click FRST.exe/FRST64.exe then click "Run as administrator"
  • When the tool opens, click Yes to the disclaimer.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply. Note:If you receive a message that the post is too long, attach the logs to your reply.

---------------------------------------------------

In your next reply, please include the following logs
  • FRST.txt
  • Addition.txt
 

Sonicstefan1991

Stefan
Thread Starter
Joined
Jan 24, 2018
Messages
105
Hi Sonicstefan1991 , welcome to the TechSupportGuy malware removal forum.

I am iMacg3 and will be helping you with your computer problems.

Please keep the following information in mind before we begin:
  • Back up any important data before we continue.
    • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
  • Do not install any new software or run any fixes/tools on your system unless I request that you do so.
    • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
  • Please read all instructions carefully, and complete them in the order listed.
    • Items that are especially important will be highlighted in bold or red.
  • If your computer seems to start working normally, please don't abandon the topic.
    • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
  • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • Using pirated/cracked software is a significant security risk to your computer. Therefore, please remove any, if present, before we begin the cleanup.
  • If you don't respond to your topic in 5 days, I will have to leave the thread due to lack of response .
    • If your topic is closed and you still need assistance, reply back to the thread.
  • If you have questions at any time during the cleanup, feel free to ask.

---------------------------------------------------

Please download and run the following tool

---------------------------------------------------
Farbar Recovery Scan Tool (FRST)

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.
  • Right-click FRST.exe/FRST64.exe then click "Run as administrator"
  • When the tool opens, click Yes to the disclaimer.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply. Note:If you receive a message that the post is too long, attach the logs to your reply.

---------------------------------------------------

In your next reply, please include the following logs
  • FRST.txt
  • Addition.txt
Thank you so much for your reply.
Here is what I got.
 

Attachments

iMacg3

Malware Specialist
Joined
Nov 3, 2018
Messages
972
Do you wish to receive web push notifications from this site?

Code:
mail-notification.info

---------------------------------------------------
Farbar Recovery Scan Tool - Fix
  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Code:
    Start::
    CreateRestorePoint:
    CloseProcesses:
    HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
    HKU\S-1-5-21-4267650490-784776008-909600274-1000\...\Policies\Explorer: [NoSecurityTab] 1
    Task: {07777238-EADD-41B6-90AD-98D52D9F70F7} - System32\Tasks\{04BFD8F4-DA0A-4AF4-8EBF-1F5F2C691C87} => C:\Windows\system32\pcalua.exe -a C:\Users\Stefan\Desktop\Drivers\RIDMSC-00210941-0042.EXE -d C:\Users\Stefan\Desktop\Drivers
    Task: {1596D867-C80E-4351-BBDA-AE8BBAA74A95} - \Driver Booster SkipUAC (Stefan) -> No File <==== ATTENTION
    Task: {6EF3E34D-EB99-466C-B014-0FA87FDEF1E0} - System32\Tasks\{81081029-610E-4526-8103-34D3EDC7457C} => C:\Windows\system32\pcalua.exe -a "E:\REDETH-00269784-0082 (1).EXE" -d E:\
    Task: {E30FF8CC-5530-4672-8E1E-2150FA3182E1} - System32\Tasks\{B9DB2B84-1FE9-44BF-91B3-372FE48BCA86} => C:\Windows\system32\pcalua.exe -a C:\Users\Stefan\Downloads\Shockwave_Installer_Slim.exe -d C:\Users\Stefan\Downloads
    R2 SU10Guard; C:\Windows\USPDSATE\SU10Guard.exe [72776 2020-05-30] (Greatis Software LLC -> Greatis Software, LLC)
    ContextMenuHandlers1: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} =>  -> No File
    ContextMenuHandlers1: [IObitUnstaler] -> [CC]{836AB26C-2DE4-41D3-AC24-4C6C2699B960} =>  -> No File
    ContextMenuHandlers1: [UnLockerMenu] -> [CC]{A6FF0E3A-8437-482C-8E04-4F9E15C57538} =>  -> No File
    ContextMenuHandlers4: [7-Zip] -> [CC]{23170F69-40C1-278A-1000-000100020000} =>  -> No File
    ContextMenuHandlers4: [IObitUnstaler] -> [CC]{836AB26C-2DE4-41D3-AC24-4C6C2699B960} =>  -> No File
    ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    SearchScopes: HKU\S-1-5-21-4267650490-784776008-909600274-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
    Toolbar: HKU\S-1-5-21-4267650490-784776008-909600274-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    FirewallRules: [{4C1E7E44-4595-495A-ADC9-E087FE9DAF6E}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManagerCoreServices.exe => No File
    FirewallRules: [{DC926DBD-0637-478B-AEA4-E3B7CA0CEAF0}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManagerCoreServices.exe => No File
    FirewallRules: [{6BDEA720-84C7-4509-B1E6-693C65BB516F}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManager.exe => No File
    FirewallRules: [{A63BBDBD-E8C8-4B96-B03C-BB079E5D65AA}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManager.exe => No File
    FirewallRules: [{82D85F3C-7E5F-4D34-9C7C-6A09C8D9ADAE}] => (Allow) C:\Users\Stefan\AppData\Roaming\Zoom\bin\airhost.exe => No File
    FirewallRules: [{04A47F91-545C-4FEE-B12C-1948BEB16095}] => (Allow) C:\Users\Stefan\AppData\Roaming\Zoom\bin\airhost.exe => No File
    FirewallRules: [{177557A4-5461-42A0-A10F-F5B9495828AC}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe => No File
    FirewallRules: [{23611FA4-23D9-4B88-8B9D-86DE67C237A7}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe => No File
    FirewallRules: [{1D2A7FDC-7C38-4DB7-8C37-869CE15ECA02}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe => No File
    FirewallRules: [{71629E1A-3BC9-4754-A69D-113700C73140}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe => No File
    FirewallRules: [{463E9390-7797-4107-8D8D-39B7EFE24D4F}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe => No File
    FirewallRules: [{4B810CCA-1924-47B0-8042-84E682305A4E}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe => No File
    FirewallRules: [{2C4AAA8A-8F7F-4F80-951F-B0368FB5226C}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe => No File
    FirewallRules: [{254963B5-B081-49EC-B238-3C4431F84768}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe => No File
    FirewallRules: [{D920E673-BF0E-4248-B4F2-B9A8BC92A954}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe => No File
    FirewallRules: [{677BCC1C-4069-4942-9C07-93B6C49FD26A}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe => No File
    FirewallRules: [{F388162E-EF21-47F7-BF69-9D6EFD223D39}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe => No File
    FirewallRules: [{110D1FA1-8CB1-43FD-8C7C-D31484CB73D0}] => (Allow) C:\Program Files (x86)\iMobie\AnyTrans\xldownload\download\MiniThunderPlatform.exe => No File
    Folder: C:\Users\Public\Thunder Network
    Folder: C:\ProgramData\sib
    VirusTotal: C:\WINDOWS\helpsrv.sys;C:\WINDOWS\system32\Drivers\thavswhc.sys
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right-click FRST and "Run as Administrator"
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.

---------------------------------------------------

In your next reply, please include
  • Fixlog.txt
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top