[SOLVED] Problems with Sfc.exe

I use Microsoft Security Essentials and have MalWareBytes only doing manual scans (it does however have two processes running). Also, I am seeing now that Glary Utilites also has a process running called MalwareHunter.exe. Should I uninstall all three ? Maybe one at a time to find the offender ?
 
Step#1 - FRST Scan
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please attach the log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also attach that along with the FRST.txt to your reply.
 
Please remove the following:

AVG Web TuneUp
Folder Size 2.9.0.0
Folder Size for Windows
Glary Utilities 5.90
Malware Hunter
Malwarebytes version 3.0.6.1469
MatSpoon FileSearch 0.3.1
MyDefrag v4.3.1
Prio
Q-Dir
UltraExplorer
ZoneAlarm Firewall
ZoneAlarm Free Firewall
ZoneAlarm Security
 
I uninstalled all of the programs you listed. Prior to that I had uninstalled Microsoft Security Essentials. I then proceeded to uninstall the following:
Copernic Desktop Search
Desktop Destroyer (screensaver)
Fences by Stardock (desktop enhancer)
Agent Ransack
JRiver Media Center
AVG Antivirus
I got the same result with the sfc scan after each uninstall. Attached is the cbs log from the last time I ran the scan.
I did notice that Windows Indexing is off (not installed). I understood it to be a legacy feature and had turned it off some time back to improve performance. The thing is, I have tried several times, but it will now not install. I have reinstalled MSE.
 

Attachments

I also had uninstalled BOINC (client for shared resources). At this point ZoneAlarm refuses to reinstall, am using MS firewall for now.
Additional point - When I uninstalled Fences (early free version from Stardock) it appeared to be completely uninstalled - Bulk Crap Uninstaller saw no vestiges of it, CCcleaner had removed all registry keys (and files) and yet after a reboot, a Fences wizard popped up prompting me to set it back up. Which I did after again checking fBCU & CCcleaner - they still don't see it, but it has files under C:\Program Files (x86) and runs normally (on bootup). There is a checkbox to enable/disable Fences....I will try that and run sfc one more time.
 
Go to Control Panel, then Administrative Tools, and then click on Services. The service should be called Windows Search. Double click on the service and click Stop. Afterwards, reboot the computer.


 
Go to C:\ProgramData (It is hidden by default) and please take screenshots of the following:

Security Tab with all users visible on these folders:

ProgramData
Microsoft (within ProgramData)
Search (within Microsoft).
 
see next post for more screen caps
 

Attachments

  • MS_4.JPG
    MS_4.JPG
    56.2 KB · Views: 1
  • Search1.JPG
    Search1.JPG
    49.5 KB · Views: 3
  • Search2.JPG
    Search2.JPG
    50 KB · Views: 3
  • Search3.JPG
    Search3.JPG
    50.5 KB · Views: 3
  • Search4.JPG
    Search4.JPG
    48.5 KB · Views: 4
  • PD_1.JPG
    PD_1.JPG
    51.5 KB · Views: 2
  • PD_2.JPG
    PD_2.JPG
    56.5 KB · Views: 2
  • PD_3.JPG
    PD_3.JPG
    53.2 KB · Views: 3
You may already be aware of this...I went into Windows Repair and ran a scan and it said reparse points were missing:
Scanning Reparse Points.
│ Started at (5/14/2018 5:05:40 PM)

│ Missing Default Reparse Point: (Original Path: C:\Users\Temp1\AppData\Local\Application Data) (Target Path: C:\Users\Temp1\AppData\Local)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Temp1\AppData\Local\History) (Target Path: C:\Users\Temp1\AppData\Local\Microsoft\Windows\History)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Temp1\AppData\Local\Temporary Internet Files) (Target Path: C:\Users\Temp1\AppData\Local\Microsoft\Windows\Temporary Internet Files)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Temp1\Cookies) (Target Path: C:\Users\Temp1\AppData\Roaming\Microsoft\Windows\Cookies)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Temp1\Application Data) (Target Path: C:\Users\Temp1\AppData\Roaming)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Temp1\Documents\My Music) (Target Path: C:\Users\Temp1\Music)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Temp1\Documents\My Pictures) (Target Path: C:\Users\Temp1\Pictures)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Temp1\Documents\My Videos) (Target Path: C:\Users\Temp1\Videos)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Temp1\Local Settings) (Target Path: C:\Users\Temp1\AppData\Local)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Temp1\My Documents) (Target Path: C:\Users\Temp1\Documents)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Temp1\NetHood) (Target Path: C:\Users\Temp1\AppData\Roaming\Microsoft\Windows\Network Shortcuts)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Temp1\PrintHood) (Target Path: C:\Users\Temp1\AppData\Roaming\Microsoft\Windows\Printer Shortcuts)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Temp1\Recent) (Target Path: C:\Users\Temp1\AppData\Roaming\Microsoft\Windows\Recent)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Temp1\SendTo) (Target Path: C:\Users\Temp1\AppData\Roaming\Microsoft\Windows\SendTo)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Temp1\Start Menu) (Target Path: C:\Users\Temp1\AppData\Roaming\Microsoft\Windows\Start Menu)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Temp1\Templates) (Target Path: C:\Users\Temp1\AppData\Roaming\Microsoft\Windows\Templates)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Problems were found with the Reparse Points.
│ You can use the Repair Reparse Points Tool at the bottom of this Window to try and fix these problems.

│ Files & Folders Searched: 343,540
│ Reparse Points Found: 111

and that default folders are missing:
Checking Environment Variables.
│ Started at (5/14/2018 5:08:23 PM)

│ Missing default folder in 'Path' variable: %SystemRoot%\System32

│ Missing default folder in 'Path' variable: %SystemRoot%

│ Missing default folder in 'Path' variable: %SystemRoot%\System32\Wbem

│ Missing default folder in 'Path' variable: %SystemRoot%\System32\WindowsPowerShell\v1.0\

│ Problems were found with the Environment Variables.
│ You can use the Repair Environment Variables Tool at the bottom of this Window to try and fix these problems.

│ Done Checking Environment Variables. (5/14/2018 5:08:23 PM)

│ Done Scanning Reparse Points.(5/14/2018 5:08:23 PM)

I haven't run the relevant repairs - should I ? It did say all the Windows package files were OK....
 
I wouldn't go there yet:

1. Click your start button and type cmd in the search box.
2. Right-click on cmd that comes up in the search results and select Run as administrator. Answer Yes to the UAC prompt if it appears.
3. Copy/Paste the following into the command-prompt window and hit enter.
reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WSearch /s >1.txt && notepad 1.txt

4. Notepad will open showing the WU info. Can you copy and paste this into your next reply?
 
Ooops, I didn't wait - I already ran the reparse repair and the environment repair......here is the text from the registry query:

Code: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WSearch
    DisplayName    REG_SZ    Windows Search
    ErrorControl    REG_DWORD    0x0
    ImagePath    REG_EXPAND_SZ    %systemroot%\system32\SearchIndexer.exe /Embedding
    Start    REG_DWORD    0x4
    Type    REG_DWORD    0x10
    Description    REG_SZ    @%systemroot%\system32\SearchIndexer.exe,-104
    DependOnService    REG_MULTI_SZ    RPCSS
    ObjectName    REG_SZ    LocalSystem
    ServiceSidType    REG_DWORD    0x1
    RequiredPrivileges    REG_MULTI_SZ    SeChangeNotifyPrivilege\0SeManageVolumePrivilege\0SeImpersonatePrivilege\0SeAssignPrimaryTokenPrivilege\0SeIncreaseQuotaPrivilege\0SeTcbPrivilege
    FailureActionsOnNonCrashFailures    REG_DWORD    0x1
    DelayedAutoStart    REG_DWORD    0x1
    FailureActions    REG_BINARY    8051010000000000000000000300000014000000010000003075000001000000307500000000000000000000
[CODE/]

Is there supposed to be another key under 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\    called [B]WSearchIdxPi ?[/B]
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top