Group policies preventing AVAST

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by engineerlr, Jun 1, 2014.

  1. engineerlr

    engineerlr Private E-2

    Hi

    Please help.

    The other day I noticed I no longer had the Avast icon in the bottom right hand corner. The laptop was also taking an inordinate time to boot up and was extremely slow. Boot up time was in the minutes - taking some 5 mins before starting.

    When I tried to run avast, I simply got a message "This programme is blocked by group policy. For more information , contact your system administrator."

    This is a home Laptop so I concluded I had some malware or other.

    I ran ccleaner but this did not improve speed.

    So I ran an online scan with Homecall from Trend.

    I then downloaded Mbam and ran that.

    Then I downloaded AVG and ran that.

    They found one Trojan and some other malware. Still no speed improvement and Avast was still being blocked.

    I then came across this website and ahve read the advice here about malware removal.

    By the way my OS is Win 7 and this is a 64bit dual processor system. I use Mozilla.

    In the meantime I did a startup repair on the system and it downloaded 85 updates for windows (through Windows update) and then 77 updates after that. A lot of it was security updates - malicious software remover etc.

    Anyway it now starts up a bit quicker but still avast does not run.

    I have now uninstalled all AVG, Mbam, homecall plugin but cannot uninstall avast.

    So anyways I am following the steps on this forum, the Vista, Win 7 and Win 8 Malware Removal/Cleaning Procedure.

    1. I have downloaded the tools identified:
    RogueKiller (saved on desktop)
    (I already have Malwarebytes)
    TDSSKiller (saved on desktop)
    HitmanPro (saved on desktop)
    MGtools (saved on c:\)

    2. I disabled UAC

    3. I have run RogueKiller and got the following report:

    I am going to run Mbam and post the report too next.
     
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You need to actually ATTACH all of the logs from running our procedures. Please attach all that are required. Thanks.
     
  3. engineerlr

    engineerlr Private E-2

    Hi Kestrel

    Thanks for the info.

    I have run all the tools in the order described in other part of this forum.

    Here are three attachments (logfiles from Hitman Pro, Rogue Killer and TDSS Killer.

    The Mbam did not give me a log file (not any that I can find) but it did remove a few items to quarantine, as below:
    Trojan.Siredef.C
    Adware.Hotbar
    PUP.Optional.Mindspark.A
    Trojan.0Access

    There were multipkle copies of these items.


    MGtools gave me lots of logfiles, which I will attach next.

    Thanks so much for your help.
     

    Attached Files:

  4. engineerlr

    engineerlr Private E-2

    Heres some files from MGtools
     

    Attached Files:

  5. engineerlr

    engineerlr Private E-2

    And more
     

    Attached Files:

  6. engineerlr

    engineerlr Private E-2

    and even more
     

    Attached Files:

  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Just attach the whole zipped file please. The MGLogs.zip. Thanks.
     
  8. engineerlr

    engineerlr Private E-2

    and even more (sorry about this)
     

    Attached Files:

  9. engineerlr

    engineerlr Private E-2

    Thanks (its easy if you know how) here it is
     

    Attached Files:

  10. engineerlr

    engineerlr Private E-2

    Hi

    Also I dont know if it is relevant or not, but windows update is now reporting 68 updates to install. So at first it was 85 updates, then 77 updates and now 68 (mainly all security related), all within a week or so. I am sure this is not normal- maybe something has removed the security updates or something??

    Thanks
     
  11. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    ...All in the instructions. ;)

    Important: Before we continue I would like for you to use MSConfig to put this machine back into normal start up mode, if you haven't done so already.


    You must uninstall immediately one of the below anti virus before we move on:
    • avast! Free Antivirus
    • AVG 2014



    [​IMG] Fix items using RogueKiller.

    Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate these detections:

    • [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
    • [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
    • [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
    • [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND

    Place a checkmark next to each of these items, leave the others unchecked.
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)
    Reboot the machine.



    Download and run OTM.


    Download OTM by Old Timer and save it to your Desktop.

    • Right-click OTM.exe And select " Run as administrator " to run it.
    • Paste the following code under the [​IMG] area. Do not include the word Code.

    Code:
    :Files
    C:\Users\leyton\AppData\Local\BrowserSafeguard
    C:\Users\leyton\AppData\Local\BrowserSafeguard
    
    :reg
    [-HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}]
    [-HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32]
    [-HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS]
    [-HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Browsersafeguard_RASAPI32]
    [-HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Browsersafeguard_RASMANCS]
    [-HKU\S-1-5-21-3075492327-1748370338-1094536480-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    
    
    :Commands
    [emptytemp]
    [Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large [​IMG] button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it into a text file to ATTACH into your next reply.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.





    Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.
    • Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
    • Now select the Start Repairs tab.
    • The click the Start button.
    • Create a System Restore point if prompted.
    • On the next screen, click the Unselect All button to first deselect all repairs.
    • Now select the following repair options:
      • Reset Registry Permissions
      • Reset File Permissions
      • Register System Files
      • Repair WMI
      • Repair Windows Firewall
      • Remove Policies Set By Infections
      • Repair Winsock & DNS Cache
      • Repair Proxy Settings
      • Repair Windows Updates
      • Set Windows Services To Default Startup
    • Now on the lower right side check the box to Restart/Shutdown System When Finished
    • Then make sure the Restart System radio button is enabled.
    • Shutdown any other programs that you are running now before continuing.
    • Now click the Start button.
    • Be patient while the tool repairs the selected items.
    • It should reboot automatically when finished.

    After reboot, check to see if your firewall is working.



    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.



    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

    Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
     
  12. engineerlr

    engineerlr Private E-2

    Hi Kestrel

    Thank you very much for helping.

    I have booted up in normal mode and have uninstalled AVG 204.

    I cant uninstall Avast however as it comes up with a message saying I do not have the necessary privilages (even though I am using the Administrator login)

    I have run Rogue Killer.

    It gives me a message that the software is not the latest version and asks me to update it. However I downloded it from your website within the last few days only. Also the website it redirects me to looks unusual. So I didnt update.

    RG produced another logfile as attached - it wasnt named as you described.

    I am going to reboot the machine and follow the second part of your instructions.

    By the way, I realised that the reason it takes so long to boot up is that the Automatic Security updates are trying to install Bbut then I get a message that the update has been unsuccessful and system is reverting back. I guess something must be blocking windows update from installing security updates.
     

    Attached Files:

  13. engineerlr

    engineerlr Private E-2

    Hi
    I have run OTM but unfortunately got an exception error and the program terminated. I had copied some of the output in the green window and created the attached log. After this, OTM went on to clear quite a lot of temp files before the exception error.

    Had to reboot the machine.

    Anyway will do the tweaking bit of your instruction.
     

    Attached Files:

  14. engineerlr

    engineerlr Private E-2

    Right

    I have followed rest of your instructions.

    Windows firewall wont start - I have tried to start it using the icon in the tray and also through control panel, to no avail.

    I attach JRT.txt

    I tried running GetLogs.bat file but it did not generate a new MGLogs.zip file in the root directory. Infact I searched for all zip files on the drive and found no new zip files created just now.

    As for the system running, there is a noticeable improvement in speed, certainly the boot up time is much quicker. Still notice a few glitchy behaviour and I think there are still some malware there.

    Not least because the rootkits found!!

    thanks
     

    Attached Files:

  15. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    What rootkits???!

    You will need to rerun MGTools.exe to produce another MGLogs.zip please. Thanks.
     
  16. engineerlr

    engineerlr Private E-2

    RKreport_DEL_06032014_224045.log indicates four new rootkits, which were highlighted in red as below:
    Running MGtools now.

    Thanks
     
  17. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Just so you know, those items are not problems at all. They are not rootkits. RogueKiller has had a recent update to include a anti rootkit tab but all that is listed is not necessarily bad, hence you come here, to one of us experts to decide. Just because a tool says something is bad, does not always mean it is so! care has to be taken, and further research done if necessary on file names. Those are fine in your log. :)
     
  18. engineerlr

    engineerlr Private E-2

    Thanks for that, I would have deleted those entries!

    Anyway attached is the new MGTools logfile.
     

    Attached Files:

  19. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You said you ran the Windows Repair? I'd like you to run it again please. It can take a very long time to run so go off and do something else for as while as it does so.

    Next afterwards, I'd like you to rerun Hitman and attach the log.

    Then: run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.
     
  20. engineerlr

    engineerlr Private E-2

    Hi

    I have run windows repair.

    Then ran Hitman - log attached

    Then ran MGTools/Getlogs.bat - zipfile attached

    Still cant run (or uninstall) Avast and although I seem to be able to turn on windows firewall, I cant change any settings.

    However system seems a lot faster, but windows update still not working properly (there is still 68 security patches unable to be installed)
     

    Attached Files:

  21. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Please download these files to your desktop.

    MpsSvc.reg
    BFE.reg

    • Now please click Start, and type regedit into the search box.
    • You should see a regedit.exe and icon appear in the Programs area of the Start Menu.
    • Right click on regedit.exe and select Run As Administrator
    • Then in the Registry Editor menu click File and select Import.
    • Navigate to the BFE.reg file saved to your Desktop and double click it. Allow it to be added to the registry. Repeat this for the MpsSvc.reg file.


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.
     
  22. engineerlr

    engineerlr Private E-2

    Hi
    Couldnt import/install BFE.reg got the follwoing message:
    "cannot import c:\users\leyton\Desktop\BFE.reg: Error accessing the registry"

    However MpsSvc.reg imported all right.

    Attached is the new MGlogs.zip

    I seem to have picked up two copies of MGlogs.zip, one in the root directory and another on the desktop- i might have made a copy on the desktop some time ago. But the strange thing is that both files seem to have been updated. Not sure if that is relevant or not.
     

    Attached Files:

  23. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.






    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.
     
  24. engineerlr

    engineerlr Private E-2

    Hi

    That didnt work!

    I created the fixMe.reg file as per you instructions and double-clicked it.

    I got a message if I wanted to continue and when I okayed that, I got a message as below:
    "cannot import c:\users\leyton\Desktop\fixME.reg: Error accessing the registry"

    Then I ran Getlogs.bat and attached is the MGLogs.zip file

    Thanks, your help so far is very mcuh appreciated
     

    Attached Files:

  25. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Click start > type in services.msc

    Once you see the list of services scroll down to the Base Filtering Engine and let me know what it's start up type and status is.

    Same for the listing for Windows Firewall.
     
  26. engineerlr

    engineerlr Private E-2

    There is no entry for Base Filtering Engine in either the standard or extended tabs.

    The startup for Windows Firewall is Automatic on both tabs but there is no entry of the status column.
     
  27. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You still have the MPsSvc.reg and BFE.reg on your desktop?

    Please try following these instructions to try and import the keys successfully.
     
  28. engineerlr

    engineerlr Private E-2

    Hi

    I tried that still does not work, get the same message about error accessing the registry.

    I just had a thought - I cant uninstall Avast, could that have something to do with not being able to access registry? (Then again, MpsSvc.reg installed okay, so it might not be Avast preventing access)
     
  29. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Try uninstalling avast with Revo Uninstaller and then let's see if you have more luck with my previous instructions. :)
     
  30. engineerlr

    engineerlr Private E-2

    hi tried the uninstaller and I think managed to uninstall avast.

    However BFE.reg still does not import and I keep getting the same message - error accessing the registry.
     
  31. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hang in there I am seeking advice. :)
     
  32. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Very sorry for the delay. My Father's in hospital and I've been running around like a headless chicken.

    Now we will attempt to fix the permissions issue with various registry keys that is stopping some data from being imported and allowing the services to run.

    Please click Start, and type regedit into the search box.
    You should see a regedit.exe and icon appear in the Programs area of the Start Menu.
    Right click on regedit.exe and select Run As Administrator
    Now follow the below instructions for changing permissions for various registry keys using Regedit.


    First navigate to the below registry key and have it selected
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

    Then right click on this key and select Permissions
    Then on the Permissions for Services for click the Add button
    In the Enter the object names to select box type Everyone and click the Check Names button which should cause the Everyone text to be approved and underlined
    Then click the OK button which returns you to the Permissions for Services form
    Make sure you select Everyone from the upper list, and then in the Permissions form Everyone box, select Full Control and see if it allows you to click the Apply button.
    Then click OK to close this Permissions for Services form
    Now repeat the above for the below keys ( one at a time )

    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
    • HKEY_LOCAL_MACHINE\SYSTEM


    Reboot your PC and after reboot continue....

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.
     
  33. engineerlr

    engineerlr Private E-2

    Hi

    Hope you fathers okay. I really do appreciate your help so far.

    I had to go away for work for a few days so only just managed to run the MGLogs today. Zip file attached.

    I couldnt select the full control button as it was greyed out (but already selected) for the first two keys on your list.

    But for HKEY_LOCAL_MACHINE\SYSTEM I could select the full control button for everyone which was also already selected. Anyway I applied it and then rebooted it and ran the MGLogs batch file.

    The Laptop is still trying to install 68 windows updates on shutdown and startup but failes. It then reverts the changes and starts windows.

    Thanks
     

    Attached Files:

  34. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    We need to get this to work. There is no need to get any other logs unless you can get this to work properly.

    First some questions to make sure we are clear:
    1. When you ran the Registry Editor, did you use right click and select Run As Administrator? This is imperative.
    2. Did you actually add an Everyone user to the list on the Permissions for Services form under the Group or user names: area? Do you see this Everyone user name actually show up along with other names like Creator Owner, System, Administrators, Users...etc?
     
  35. engineerlr

    engineerlr Private E-2

    Hi

    Thanks for your help.

    1. yes I did run as administrator.
    2. For this key, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services I added Everyone user to the list and it did appear along with the other names (although I think it was already there before). This was greyed out but selected.

    For the key, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet, the Everyone user was already there and greyed out and selected.

    and for HKEY_LOCAL_MACHINE\SYSTEM, the Everyone user was already there but not greyed out and also selected.

    I just went throught eh whole process again and got same results. Also when I do select Full Control, it also selects Read, but the Special permissions box cannot be selected.
     
  36. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.
    When you say it was greyed out, do you mean in the Group or user names: box area that Everyone was greyed out and that you cannot select it? That is you cannot click on it and have it show what permissions are allowed?

    Also tell me all of the names that you see in the list. Also tell me what permissions each of them shows.

    If you can at least click on the Everyone name then at the bottom area of the form click the Advanced button. Do you see the Everyone user name on this next Advanced Security Settings for Services form? If you see Everyone then from left to right what do you see for the below columns:
    Type,Name, Permission, Inherited From, Apply To
     
  37. engineerlr

    engineerlr Private E-2

    I can select everyone in the group or user names box
    The allow tick boxes under permissions for everyone is greyed out with ticks in Full control and Read options.
    However I have just tried and can actually select the deny tick boxes (which does not change the allow tick boxes). a screenshot is attached.

    Names I see are:
    Everyone - permissions: Full control, Read allow tick boxes but greyed out as described.
    CREATOR OWNER - no permissions selected
    SYSTEM - same as that for Everyone (allow tick boxes greyed out)
    Administrators (josielaptop\Administrators) - same as that for Everyone
    Users(josielaptop\Users) -same as for Everyone
    TrustedInstaller - same again

    Yes I can see Everyone in the advanced Security dialog box, as below:
    Type=allow
    Name=everyone
    Permission=Full Control
    Inherited From= MACHINE\SYSTEM
    Apply To=This key and subkeys
     

    Attached Files:

  38. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay now check for the Everyone user and the same permissions settings and advanced security at the below two keys:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet

    HKEY_LOCAL_MACHINE\SYSTEM
     
  39. engineerlr

    engineerlr Private E-2

    For HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet

    I can select everyone in the group or user names box
    The allow tick boxes under permissions for everyone is greyed out with ticks in Full control and Read options.
    I can select the deny tick boxes (which does not change the allow tick boxes).

    Names I see are:
    Everyone - permissions: Full control, Read allow tick boxes but greyed out as described.
    CREATOR OWNER - Specialpermissions selected and greyed out. I can select the Full Control and Read tick boxes.
    SYSTEM - same as that for Everyone (allow tick boxes greyed out)
    Administrators (josielaptop\Administrators) - same as that for Everyone
    Users(josielaptop\Users) -same as for Everyone
    TrustedInstaller - same again

    I can see Everyone in the advanced Security dialog box, as below:
    Type=allow
    Name=everyone
    Permission=Full Control
    Inherited From= MACHINE\SYSTEM
    Apply To=This key and subkeys

    For HKEY_LOCAL_MACHINE\SYSTEM

    I can select everyone in the group or user names box
    The allow tick boxes under permissions for everyone is has ticks in Full control and Read options. I can unselect these if I want to (i.e. not greyed out)

    Names I see are:
    Everyone - permissions: Full control and Read allow tick boxes are not greyed out as described.
    CREATOR OWNER - Specialpermissions selected and greyed out. I can select the Full Control and Read tick boxes.
    SYSTEM - same as that for Everyone (allow tick boxes can be unselected and not greyed out)
    Administrators (josielaptop\Administrators) - same as that for Everyone
    Users(josielaptop\Users) -same as for Everyone
    TrustedInstaller - same again

    I can see Everyone in the advanced Security dialog box, as below:
    Type=allow
    Name=everyone
    Permission=Full Control
    Inherited From= <not inherited>
    Apply To=This key and subkeys
     
  40. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay let's go back into the below key the same way as before when you checked permissions ( remember to always use Right Click and Run As Administrator to run Regedit ):

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

    then at the bottom area of the form click the Advanced button. Once on the
    Advanced Security Settings for Services form click on Owner tab along the top. Who shows up as the owner? We want Everyone to be the owner so if Everyone is not the owner you need to make it the owner.
    • If Everyone already shows in the Change owner to: list then select it and click Apply. Then okay your way out.
    • If Everyone does not show in the Change owner to: list you need to click the Other users or groups button and on the next form you need to type Everyone ( make sure the E is capital ) and then click OK. Make sure that Everyone now shows as the owner back on the Advanced Security Settings for Services form.
    Let me know when you have this finished and exit out of Regedit and then reopen it back up to make sure the changes really took effect.
     
  41. engineerlr

    engineerlr Private E-2

    Hi Chaslang

    I have done that.

    Everyone did not show in the change owners to list but I added it in and applied the change.

    I have quit regedit and gone back in and can cofirm the change did take place.
     
  42. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay so now does the Everyone user actually show as the current owner of the registry key?
     
  43. engineerlr

    engineerlr Private E-2

    yes it is the current owner
     
  44. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Great!

    Run the C:\MGtools\NetFWfix.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator). This will run very quickly and you may just notice a quick flash of a black command prompt window.

    Now reboot your PC. After reboot continue with the below.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.
     
  45. engineerlr

    engineerlr Private E-2

    Hi

    Done all that. MGlogs.zip file is attached
     

    Attached Files:

  46. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay that was still not able to get the BFE registry key added properly. Let's try a different way.
    • Reboot your PC into safe boot mode
    • Run Regedit.exe again ( make certain that you use Right Click and select Run As Administrator. Your user account is a member of the administrator group but that is not the same thing as "running as the administrator" )
    • Once the Registry Editor opens:
      • Click File -> Import
      • On the Import Registry File form navigate your way to the C:\MGtools\W7 folder.
      • In the above folder locate the BFE.reg file and select it.
      • Then click the Open button at the bottom and approve ( OK ) any prompts that you get to allow this to merge with the registry.
      • Does it import? Or do you get an error message?
      • If it said it imported then in the registry editor navigate to the below registry hive location and select this:
        • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
      • Scroll down under the Services key and see if you find a BFE entry there? If you do see BFE, click on it and then in the right side column of the Registry Editor do you see bunch of data for the BFE key?
    • You can reboot in normal mode now to come back here and explain what happened.
     
  47. engineerlr

    engineerlr Private E-2

    Hi

    That seems to have worked. BFE imported all right and I can see several lines of data for the BFE key.
     
  48. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay then let's check. Do the below from normal boot mode.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.
     
  49. engineerlr

    engineerlr Private E-2

    Here you go.

    Theres still 40 or so updates that gets installed upon shutdown. On startup, it gives the message "configuring windows, please wait" for quite a while.

    Then it says "Configuration failed Reverting changes"

    It then shuts down and finally restarts.

    All this takes over 30 mins to shut down and similar time to start up
     

    Attached Files:

  50. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay we have gotten your Windows Firewall services fixed now.
    These remaining issues with Windows Update will most likely have to be addressed in the Software Forum. However you can try the below two things first.

    Rerun the Windows Repair program I gave you awhile back. I will repeat instructions here so that you do not have to search back to them.


    Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.
    • Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
    • Now select the Start Repairs tab.
    • The click the Start button.
    • Create a System Restore point if prompted.
    • On the next screen, click the Unselect All button to first deselect all repairs.
    • Now select the following repair options:
      • Reset Registry Permissions
      • Reset File Permissions
      • Register System Files
      • Repair WMI
      • Remove Policies Set By Infections
      • Repair Windows Updates
      • Repair MSI (Windows Installer)
    • Now on the lower right side check the box to Restart/Shutdown System When Finished
    • Then make sure the Restart System radio button is enabled.
    • Shutdown any other programs that you are running now before continuing.
    • Now click the Start button.
    • Be patient while the tool repairs the selected items.
    • It should reboot automatically when finished. If it does not then reboot it yourself.
    Now run the below MS FixIt tool and try a repair for Windows Update

    http://support.microsoft.com/fixit/

    See the selection in box # 2 labeled Install or upgrade software or hardware
    After you select this the third box will now have a selection to Fix the progblem with Microsoft Windows Update that is not working.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds