Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Windows update keeps failing

Solved 
12K views 91 replies 5 participants last post by  DR.M 
#1 ·
I have been running into this problem for about a week, but the computer seems to be running fine otherwise. The Net Framework 3.5 & 4.8 21Hi x64 #KB5004331 keeps ending up as a failure with the error 0x80073712. I have retried this over and over and it does the same thing. It gave me an alternative to use KB5004296, but that also ended up as a failure. I attached screen shots of the notices


Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 10 Home, 64 bit, Build 19043, Installed 20200807213151.000000-480
Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz, Intel64 Family 6 Model 58 Stepping 9, CPU Count: 8
Total Physical RAM: 16 GB
Graphics Card: NVIDIA GeForce GTX 1660
Hard Drives: C: 465 GB (76 GB Free); D: 931 GB (363 GB Free); F: 230 GB (226 GB Free);
Motherboard: Gigabyte Technology Co., Ltd. Z68A-D3H-B3
System: Award Software International, Inc., ver GBT - 42302e31
Antivirus: Norton Security Online, Enabled and Updated
 

Attachments

See less See more
4
#40 ·
Thanks, rhoag.

It seems that I asked you a lot of things at a time. But you do a great job. (y)

The next step is a final cleaning step, an online scan to ensure that everything is clean. Then, we are going to deal with everything else.

ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
 
#41 ·
Dr.M: Okay, it's running. Your directions have been pretty amazing, hence, the "Professor" acknowledgement... I really appreciate all of your help and knowledge; I'm learning a lot from you. If you are ever out this way I owe you a dinner at our favorite restaurant in town! Will get back when the scan is done.
 
#43 ·
Once we get this cleaned up do you recommend buying and keeping the Malewarebytes program (or?) running as protection when I also have the Windows Security system giving virus/firewall/etc. protection along with the Comcast Xfinity protection online supplying my cable service for the internet, wifi and TV?
 
#44 ·
Buying the Premium version of Malwarebytes or stay with the free one, is up to you. With the Premium version, you have real time protection. This feature doesn't exist in free version. Instead, you have to scan your computer every now and then by your self, depending on how often you use your computer. Malwarebytes and Windows Security work well together, and both can keep you safe.
 
#45 ·
Okay, Esetonline results:

8/5/2021 12:22:01 PM
Files scanned: 696141
Detected files: 4
Cleaned files: 4
Total scan time 02:07:16
Scan status: Finished


C:\FRST\Quarantine\D\Documents\Computer Related\Media\Video Downloaders\Freemake\FreemakeVideoDownloaderSetup.exe.xBAD a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application cleaned by deleting
D:\Documents\Computer Related\Graphics\PDF Forge creator\Installer free\PDFCreator-2_3_0-Setup.exe a variant of Win32/LuluSoftware.A potentially unwanted application,Win32/InstallMonetizer.AQ potentially unwanted application cleaned by deleting
D:\Documents\Computer Related\Problems\Restoro registry fix\Restoro.exe Win32/ReImageRepair.T potentially unwanted application cleaned by deleting
D:\Documents\Games\Grand Theft Auto V\Mods\Lingon Trainer\1025_GrandTheftAutoV\GrandTheftAutoV+24Tr-LNG_v1.0.1290.1.exe a variant of MSIL/GameHack.SZ potentially unsafe application cleaned by deleting
++++++++++++++++++++++++++++++

Programs/Files deleted by Esetonline:

FreemakeVideoDownloader - Very useful, what can I use instead?
PDF Forge creator - Don't know how I even got that, no problem.
Restoro - Good riddence!
GTA Trainer - This was a free mod for the game I bought on Steam, didn't know it was harmful?
 
#46 · (Edited)
Hi, rhoag.

I'm sure you noticed that when we scan the computer with Malwarebytes and AdwCleaner, we first saw the detected items and then ran the tools again to remove them. ESET doesn't give us this opportunity, to check and choose what to delete, especially if the detected items are marked as "potentially unwanted/unsafe applications".

About Freemake: it seems that the program itself is fine. BUT: When you launch the installer it will also offer other software in addition to Freemake Video Converter. Unnecessary toolbars, adware etc. These "optional" programs are almost always pre-checked, the users get caught unaware and end up with unwanted software on their system. If you want to download it again, you can, but be very careful not to download anything else which indeed is a malware.

GTA Trainer: I don't have an opinion here, and perhaps you are right. But when I tried to find it, at least 2 pages were blocked by Malwarebytes (Premium), which warned me about a trojan.

A good technique is to send files (including exe/setup files) to VirusTotal for check. That way, you know what is the case about almost anything.

I will be back to you tomorrow morning (Just saw that it is already tomorrow, so... good night from me). :)
 
#48 ·
Hi, rhoag.

Let's see if this will remove Norton's remnants.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
C:\Windows\System32\Tasks_Migrated\Norton WSC Integration
C:\Windows\System32\Tasks_Migrated\Norton Security with Backup
C:\ProgramData\Norton

StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Norton Security\Engine\22.20.2.57\NortonSecurity.exe"=-
"C:\Program Files\Norton Security\Engine\22.20.4.57\NortonSecurity.exe"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\Compatibility\NortonSystemInfo]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\NortonSecurity.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{1122B19A-E671-38EC-8EAC-87048FD4528D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{1122B19A-E671-38EC-8EAC-87048FD4528D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{1122B19A-E671-38EC-8EAC-87048FD4528D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{A2708B76-6835-6565-CB96-694212954A75}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{A2708B76-6835-6565-CB96-694212954A75}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{A2708B76-6835-6565-CB96-694212954A75}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{291930BF-AC1E-39B4-A5F3-2E31710715F6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{291930BF-AC1E-39B4-A5F3-2E31710715F6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{291930BF-AC1E-39B4-A5F3-2E31710715F6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{9A4B0A53-225A-643D-E0C9-C077EC460D0E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{9A4B0A53-225A-643D-E0C9-C077EC460D0E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{9A4B0A53-225A-643D-E0C9-C077EC460D0E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\DirectDraw\Compatibility\NortonSystemInfo]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\BHDrvx64]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\IDSVia64]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\NortonSecurity]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\nsWscSvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\SymEvnt]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\wpCtrlDrv_NGC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C8954E9B-6679-41F6-81F4-D22081EBF299}"=-
"{3FAB3107-82D9-49BF-8F71-93F80C850127}"=-
"{832B25A8-367B-4E02-9C39-8AAD7DC64209}"=-
"{6B00653A-C1D0-41E3-86A5-30E8653EECEF}"=-
[-HKEY_USERS\.DEFAULT\Software\Norton]
[-HKEY_USERS\.DEFAULT\Software\Norton\NortonInstaller]
[-HKEY_USERS\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\AppDataLow\Software\Norton]
[-HKEY_USERS\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Microsoft\DirectInput\NORTONSECURITY.EXE5EC58F39000542B8]
[-HKEY_USERS\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Microsoft\IntelliType Pro\AppSpecific\NSBUDownloader.exe]
[-HKEY_USERS\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\norton.com]
[-HKEY_USERS\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchsafe.norton.com]
[-HKEY_USERS\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}]
[-HKEY_USERS\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}]
[-HKEY_USERS\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}]
[-HKEY_USERS\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Microsoft\Office\Outlook\AddIns\MsouPlug.OutlookPlug]
[HKEY_USERS\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated]
"Symantec.Norton Security"=-
"NortonLifeLock.Norton Security"=-
[-HKEY_USERS\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.com/search?q=norton+safe+web+exe&form=WNSGPH&qs=AS&cvid=37599aab4dbc4664a39ba4b496dd0dff&pq=norton+safe+web&cc=US&setlang=en-US&nclid%]
[-HKEY_USERS\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Norton]
[HKEY_USERS\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\VS Revo Group\Revo Uninstaller\Junk Files\Exclude]
"*/norton antivirus/quarantine/"=-
[-HKEY_USERS\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\norton.com]
[-HKEY_USERS\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\norton.com]
[HKEY_USERS\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Norton Security\Engine\22.20.5.39\uiStub.exe.FriendlyAppName"=-
"C:\Program Files\Norton Security\Engine\22.20.5.39\uiStub.exe.ApplicationCompany"=-
Endregedit:
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.
 
#52 ·
Hi, rhoag.

Registry access was denied. Although I have my doubts that something will change, let's try the same fix (with some changes) in Safe mode.

1. Restart with Safe mode
  • Press the Windows icon on the keyboard together with the letter I, to get into the Settings.
  • Choose Update and Security.
  • From the menu at the left, choose Recovery.
  • Under the title Advanced startup at the right, choose Restart now.
  • From the window that will appear choose Troubleshoot and then Advanced options.
  • Choose Startup Settings and then Restart.
  • Press number 5, for choosing Safe mode with networking.
  • You will know that you are in Safe mode, if the background is black and Safe mode is written at the four corners of the screen.

2. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
DeleteValue: HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Norton Security\Engine\22.20.2.57\NortonSecurity.exe
DeleteValue: HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Norton Security\Engine\22.20.4.57\NortonSecurity.exe
DeleteKey: HKLM\SOFTWARE\Microsoft\DirectDraw\Compatibility\NortonSystemInfo
DeleteKey: HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\NortonSecurity.exe
DeleteKey: HKLM\SOFTWARE\Microsoft\Security Center\Provider\Av\{1122B19A-E671-38EC-8EAC-87048FD4528D}
DeleteKey: HKLM\SOFTWARE\Microsoft\Security Center\Provider\Av\{1122B19A-E671-38EC-8EAC-87048FD4528D}
DeleteKey: HKLM\SOFTWARE\Microsoft\Security Center\Provider\Av\{1122B19A-E671-38EC-8EAC-87048FD4528D}
DeleteKey: HKLM\SOFTWARE\Microsoft\Security Center\Provider\Av\{A2708B76-6835-6565-CB96-694212954A75}
DeleteKey: HKLM\SOFTWARE\Microsoft\Security Center\Provider\Av\{A2708B76-6835-6565-CB96-694212954A75}
DeleteKey: HKLM\SOFTWARE\Microsoft\Security Center\Provider\Av\{A2708B76-6835-6565-CB96-694212954A75}
DeleteKey: HKLM\SOFTWARE\Microsoft\Security Center\Provider\Fw\{291930BF-AC1E-39B4-A5F3-2E31710715F6}
DeleteKey: HKLM\SOFTWARE\Microsoft\Security Center\Provider\Fw\{291930BF-AC1E-39B4-A5F3-2E31710715F6}
DeleteKey: HKLM\SOFTWARE\Microsoft\Security Center\Provider\Fw\{291930BF-AC1E-39B4-A5F3-2E31710715F6}
DeleteKey: HKLM\SOFTWARE\Microsoft\Security Center\Provider\Fw\{9A4B0A53-225A-643D-E0C9-C077EC460D0E}
DeleteKey: HKLM\SOFTWARE\Microsoft\Security Center\Provider\Fw\{9A4B0A53-225A-643D-E0C9-C077EC460D0E}
DeleteKey: HKLM\SOFTWARE\Microsoft\Security Center\Provider\Fw\{9A4B0A53-225A-643D-E0C9-C077EC460D0E}
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\DirectDraw\Compatibility\NortonSystemInfo
DeleteKey: HKLM\SYSTEM\Setup\FirstBoot\Services\BHDrvx64
DeleteKey: HKLM\SYSTEM\Setup\FirstBoot\Services\IDSVia64
DeleteKey: HKLM\SYSTEM\Setup\FirstBoot\Services\NortonSecurity
DeleteKey: HKLM\SYSTEM\Setup\FirstBoot\Services\nsWscSvc
DeleteKey: HKLM\SYSTEM\Setup\FirstBoot\Services\SymEvnt
DeleteKey: HKLM\SYSTEM\Setup\FirstBoot\Services\wpCtrlDrv_NGC
DeleteValue: HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C8954E9B-6679-41F6-81F4-D22081EBF299}
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3FAB3107-82D9-49BF-8F71-93F80C850127}
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{832B25A8-367B-4E02-9C39-8AAD7DC64209}
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6B00653A-C1D0-41E3-86A5-30E8653EECEF}
DeleteKey: HKU\.DEFAULT\Software\Norton
DeleteKey: HKU\.DEFAULT\Software\Norton\NortonInstaller
DeleteKey: HKU\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\AppDataLow\Software\Norton
DeleteKey: HKU\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Microsoft\DirectInput\NORTONSECURITY.EXE5EC58F39000542B8
DeleteKey: HKU\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Microsoft\IntelliType Pro\AppSpecific\NSBUDownloader.exe
DeleteKey: HKU\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\norton.com
DeleteKey: HKU\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchsafe.norton.com
DeleteKey: HKU\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
DeleteKey: HKU\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
DeleteKey: HKU\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
DeleteKey: HKU\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Microsoft\Office\Outlook\AddIns\MsouPlug.OutlookPlug
DeleteValue: HKU\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated|Symantec.Norton Security
DeleteValue: HKU\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated|NortonLifeLock.Norton Security
DeleteKey: HKU\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.com/search?q=norton+safe+web+exe&form=WNSGPH&qs=AS&cvid=37599aab4dbc4664a39ba4b496dd0dff&pq=norton+safe+web&cc=US&setlang=en-US&nclid%
DeleteKey: HKU\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Norton
DeleteValue: HKU\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\VS Revo Group\Revo Uninstaller\Junk Files\Exclude|*/norton antivirus/quarantine/
DeleteKey: HKU\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\norton.com
DeleteKey: HKU\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\norton.com
DeleteValue: HKU\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Norton Security\Engine\22.20.5.39\uiStub.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-2159283933-1585630817-402555402-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Norton Security\Engine\22.20.5.39\uiStub.exe.ApplicationCompany
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.
 
#56 ·
This is better.

Let's check the services now:
  • Please download Farbar Service Scanner and save it on your Desktop.
  • Right click on the tool icon and run it as administrator.
  • Make sure all the options are checked.
  • Click on the Scan button.
  • It will create a log (FSS.txt) on your Desktop.
  • Copy and paste the log's content to your next reply.
 
#59 ·
Okay, here you go

Farbar Service Scanner Version: 23-12-2020
Ran by doane (administrator) on 07-08-2021 at 11:11:59
Running from "C:\Users\doane\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Windows Security:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top