Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win7x86 turned crazy after deinstallation of antivirus program (svc, EXE..)


  • Please log in to reply
10 replies to this topic

#1 Minimalist1

Minimalist1

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 29 January 2018 - 09:04 AM

The PC ran fine for years.

When trying to install a new software package (German tax program) AVGfree (2015?) complained about a (legit) component, some splash screen. As I could not stop AVG from blocking it; i decided to remove the AVG package.

Bad idea!

Now I am facing hell, right after the reboot:

- Windows defender cannot be started

- many programs (eg CC Cleaner) can not be installed or started, the processes 'die' in the task manager

- The security service cannot start due to "1068" error, apparently dependencies are missing

 

What I have done:

- AVG cleanup tool to remove possible residues of its hooks to the Windows security system

- Windows Repair tool, several of these antimailware tools won't run, several scanners do not find a virus at all

- a unique and comprehensive 43 'repair tool' package; it ran happily without error, without fixing anything

- combofix will unpack itself but fail to start as well

- some weird WER* .temp files are found in AppData whenever certain program fails to install correctly, yet not always.

I may find some and share them if helpful

 

 

I ran the "Farbar Service Scanner" and attaching its output for reference here; it is eerily empty, few services run.

When trying to start the Windows Security Handler service I get an immediate 1068, is seems to miss dependencies?

 

For now I see two possiilities:

- something infected my PC within seconds after the (online) reboot when taking AVG off, through the firewall of my router

- AVG somehow completely hosed the Windows security services and built-in tools when being removed

 

Before I rebuild the entire machine (about 50 programs installed..) I am asking for help here.

Any ideas WHAT happened and HOW to get this machine back as it was just days ago?

 

Thanks!

m

Farbar Service Scanner Version: 27-01-2016
Ran by xxxxxxxxx (administrator) on 29-01-2018 at 14:30:43
Running from "D:\Downloads"
Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt: "%systemroot%\system32\svchost.exe -k netsvcs".
The ServiceDll of winmgmt service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****

Attached Files

  • Attached File  FSS.txt   3KB   1 downloads


BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 24,291 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 AM

Posted 29 January 2018 - 09:32 AM

Do you have a System Restore Point before the problem?

 

If you create a new user profile do you get the same problems?



#3 joseibarra

joseibarra

  • Members
  • 1,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:03:47 AM

Posted 30 January 2018 - 04:51 AM

Never used the Farbar Service Scanner before but my report doesn't look much different than yours (not much in it).

 

When starting Services 1068 errors usually mean some other Service that needs to be running is not and in the case of WinDefend the only dependency is the Remote Procedure Call (RPC) Service:

 

 

So if you check the Remote Procedure Call (RPC) Service if it does not look like this adjust it so it does and see if it will Start:

 

 

That RPC Service also has dependencies that need to be running so you can check them too:

 

 

As you can see there are lots of other Services that depend on the RPC Service to be running so if the RPC Service is afflicted (not running) then those lots of other Services will not be running either.

 

Click here to see a list of the Services that depend on the RPC Service to be running

 

 

 

 


The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#4 Minimalist1

Minimalist1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 31 January 2018 - 06:43 AM

When looking at the dependencies of the Defender Service I receive the error:

"Win32: The executable program that this service is configured to run in does not implement the service".

Whatever.. I have no clue what this cryptic message is supposed to tell me. A long way to say "Cannot run".

Odd enough the service IS running when manually invoking it.

 

The main issues remain:

e.g. when trying to install AdwCleaner I see the process lingering in the process list, about 870kB used, no CPU load, no write or read, just a few I/Os, then quietly disppearing without errors. Same for many, yet not all applications I start.

 

This is spooky.

 

The few virus checkers I could try did not see any issues at all.

All since removing the AVG tool that was so stubborn about a legitimate software (tax program)  I want to install.

 

Any ideas what options I have left to rescue this machine?

Thanks1



#5 Minimalist1

Minimalist1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 31 January 2018 - 07:09 AM

Forgot to mention:

RPC and also RPC Locator services ARE running.

 

The "Defender" Service IS running but the "Security Center" will not (1068, also the Win32 error when looking into the Dependency pane of its properties.

 

What did AVG destroy when removing itself from this machine? It must be an essential component, link, registry entry or permission setting  AFAIK.



#6 joseibarra

joseibarra

  • Members
  • 1,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:03:47 AM

Posted 31 January 2018 - 07:56 AM

Before you said:

 

Now I am facing hell, right after the reboot:

- Windows defender cannot be started  (I thought you were getting 1068 on Windows Defender)

Now you say Defender is running?

 

Now you report this previously unreported message:

 

Win32: The executable program that this service is configured to run in does not implement the service

 

To me, that is not a long way to say "Cannot run".

 

And now it's the Security Center Service reporting a 1068 error and also you get a Win32 error when clicking the Dependencies tab?

 

Is there an error 1083 anywhere?

 

Were you able to use a System Restore point to restore the system to a date/time prior to this incident?

 

You might need to post some screen shots because I am too mixed up now to help at the moment.


Edited by joseibarra, 31 January 2018 - 08:31 AM.

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#7 Minimalist1

Minimalist1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 01 February 2018 - 07:51 AM

Thanks for the continued interest and willingness to help!

 

Summary of observations after deinstalling AVGfree from Win7x86:
 
- crucial services like "Security Center" do not start (1068), Defender Service is running now 
- Dependency pane of ALL services throws same error, upon acknowledging it the dependency list is empty
- many, yet not all, programs do no longer run; when started they appear in Task Manager as process, but vanish within seconds
 
Example: 
- tdsskiller.exe starts, in parallel another process "WerFault.EXE" as well, both close after 3sec
- AdwCleaner: same issue
- CCleaner installation: same issue
- VipreRescueSanneer: DOES run fine..
- Windows Repair AIO; runs but does not fix the issues
 
Conclusion:
the root cause is NOT by a virus or other malware; the AV software removal caused the havoc inside the 
Windows kernel, security, service settings etc
 
Attached. 
screen shots of Service related errors
WER log info of faling app starts
screen shots of Windows event logs
 
Thank you!

Attached Files



#8 Minimalist1

Minimalist1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 05 February 2018 - 06:58 AM

Really, nobody?

Too trivial, or too obscure and difficult to solve?

 

I was hoping to find an explanation and solution; otherwise a complete rebuild will be my only remaining option.



#9 hamluis

hamluis

    Moderator


  • Moderator
  • 56,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:47 AM

Posted 05 February 2018 - 07:08 AM

Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 
Click Go and paste the content into your next post.
 
Also...please Publish a Snapshot using Speccy taking care to post the link of the snapshot in your next post.

   Go to Piriform's website, and download the free version on the left.  Click Download from Piriform.com (the FileHippo link requires an extra click). Or if you want to use a portable version of Speccy (which doesn't require installation), click the builds page link and download the portable version. You will now be asked where you want to save the file. The best place to put it is the Desktop, as it will be easy to find later.

    After the file finishes downloading, you are ready to run Speccy. If you downloaded the installer, simply double-click on it and follow the prompts until installation is complete. If you downloaded the portable version, you will need to unzip it before use. Right-click the ZIP file and click Extract all. Click Next. Open up the extracted folder and double-click on Speccy.
 
     Once inside Speccy, it will look similar to this (with your computer's specifications, of course):
 
post-33068-0-86653600-1480692866_thumb.j

     Now, at the top, click File > Publish Snapshot.

     Click Yes > then Copy to Clipboard

Now, once you are back in the forum topic you are posting in, click the ADD REPLY or REPLY TO THIS TOPIC button. Right-click in the empty space of the Reply box and click Paste. Then, click Add Reply below the Reply box.

Louis



#10 Minimalist1

Minimalist1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 05 February 2018 - 11:39 AM

Thank you for the reply!
Attached the requested MTB.txt file for inspection.
 
"Speccy" will not run, even if started with Admin privileges:
- an installation will be finished, but the app behaves like many (not all!) other programs: sitting in the task manager and dying after a few seconds, without warning; no splash screen, window etc.
- using the portable version exhibits the same behavior
 
Attached:
- screenshot of speccy 'sitting' in Task Manager before disappearing
- MTB file (username XXXed), alse embedded below

MiniToolBox by Farbar Version: 17-06-2016
Ran by xxxxxxxx (administrator) on 05-02-2018 at 17:11:09
Running from "D:\Downloads"
Windows 7 Ultimate Service Pack 1 (X86)
Model: Manufacturer:

Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/05/2018 05:09:27 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_WinDefend, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x0003224d
Faulting process id: 0x954
Faulting application start time: 0xsvchost.exe_WinDefend0
Faulting application path: svchost.exe_WinDefend1
Faulting module path: svchost.exe_WinDefend2
Report Id: svchost.exe_WinDefend3

Error: (02/01/2018 12:43:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: a2emergencykit.exe, version: 2017.12.0.8334, time stamp: 0x5a4b83a3
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x00047112
Faulting process id: 0x3b8
Faulting application start time: 0xa2emergencykit.exe0
Faulting application path: a2emergencykit.exe1
Faulting module path: a2emergencykit.exe2
Report Id: a2emergencykit.exe3

Error: (02/01/2018 12:42:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: a2emergencykit.exe, version: 2017.12.0.8334, time stamp: 0x5a4b83a3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00000000
Faulting process id: 0x3b8
Faulting application start time: 0xa2emergencykit.exe0
Faulting application path: a2emergencykit.exe1
Faulting module path: a2emergencykit.exe2
Report Id: a2emergencykit.exe3

Error: (02/01/2018 12:37:11 PM) (Source: Application Error) (User: )
Description: Faulting application name: msert.exe, version: 1.261.430.0, time stamp: 0x5a6ede46
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x0001f9bb
Faulting process id: 0xfc4
Faulting application start time: 0xmsert.exe0
Faulting application path: msert.exe1
Faulting module path: msert.exe2
Report Id: msert.exe3

Error: (02/01/2018 12:36:20 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.  Windows closed the program TDSS rootkit removing tool because of this error.
Program: TDSS rootkit removing tool
File:
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: 00000000
Disk type: 0

Error: (02/01/2018 12:36:20 PM) (Source: Application Error) (User: )
Description: Faulting application name: tdsskiller.exe, version: 3.1.0.16, time stamp: 0x566b123a
Faulting module name: tdsskiller.exe, version: 3.1.0.16, time stamp: 0x566b123a
Exception code: 0xc000001d
Fault offset: 0x00001b66
Faulting process id: 0x9a8
Faulting application start time: 0xtdsskiller.exe0
Faulting application path: tdsskiller.exe1
Faulting module path: tdsskiller.exe2
Report Id: tdsskiller.exe3

Error: (02/01/2018 12:36:02 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.Windows closed the program TDSS rootkit removing tool because of this error.
Program: TDSS rootkit removing tool
File:
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: 00000000
Disk type: 0

Error: (02/01/2018 12:36:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: tdsskiller.exe, version: 3.1.0.16, time stamp: 0x566b123a
Faulting module name: tdsskiller.exe, version: 3.1.0.16, time stamp: 0x566b123a
Exception code: 0xc000001d
Fault offset: 0x00001b66
Faulting process id: 0x894
Faulting application start time: 0xtdsskiller.exe0
Faulting application path: tdsskiller.exe1
Faulting module path: tdsskiller.exe2
Report Id: tdsskiller.exe3

Error: (02/01/2018 12:26:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (02/01/2018 12:25:58 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",public KeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.  Please use sxstrace  .exe for detailed diagnosis.

System errors:
=============
Error: (02/05/2018 05:11:10 PM) (Source: DCOM) (User: )
Description: 1083winmgmt{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (02/05/2018 05:10:09 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/05/2018 05:04:55 PM) (Source: DCOM) (User: )
Description: 1083winmgmt{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (10/28/2004 12:01:50 AM) (Source: DCOM) (User: )
Description: 1083winmgmt{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (10/28/2004 12:01:45 AM) (Source: DCOM) (User: )
Description: 1083winmgmt{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (10/28/2004 12:01:40 AM) (Source: WMPNetworkSvc) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (10/28/2004 12:01:28 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
DummyDisk
SASDIFSV
SASKUTIL

Error: (10/28/2004 12:01:21 AM) (Source: Service Control Manager) (User: )
Description: The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error:
%%1083 = The executable program that this service is configured to run in does not implement the service.

Error: (10/28/2004 12:01:20 AM) (Source: Service Control Manager) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error:
%%1083 = The executable program that this service is configured to run in does not implement the service.

Error: (02/01/2018 01:15:45 PM) (Source: DCOM) (User: )
Description: 1083winmgmt{8BC3F05E-D86B-11D0-A075-00C04FB68820}


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}) (Version: - Microsoft) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.11 Beta1 - Michael Tippach)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1014 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.221-060124a1-030152C-ATI - )
Audacity 2.0.6 (HKLM\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AutoShutdown Pro v4.3 (HKLM\...\AutoShutdown Pro v4.3) (Version: - )
Benutzerhandbuch EPSON BX635FWD Series (HKLM\...\EPSON BX635FWD Series Useg) (Version: - )
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
CloneCD (HKLM\...\CloneCD) (Version: - SlySoft)
C-Media WDM Audio Driver (HKLM\...\C-Media Audio Driver) (Version: - )
Download Navigator (HKLM\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
Dr. Hardware 2009 9.9.5 (HKLM\...\Dr. Hardware 2009_is1) (Version: - Peter A. Gebhard)
EPSON BX635FWD Series Printer Uninstall (HKLM\...\EPSON BX635FWD Series) (Version: - SEIKO EPSON Corporation)
Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM\...\{FFF841F3-9A15-4F61-BD16-C19F132E5A27}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
FormatFactory 2.60 (HKLM\...\FormatFactory) (Version: 2.60 - Free Time)
Forté Agent (HKLM\...\Forte Agent) (Version: 5.00 - Forté Internet Software, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 30.0.1599.101 - Google Inc.)
Google Earth (HKLM\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
Hardware sensors monitor 4.1 (HKLM\...\Hardware sensors monitor 4.1_is1) (Version: 4.1.4.5 - AB Software)
HashTools 2.2.0 (HKLM\...\c190f852-0f93-401c-8fc7-23596e389fa3_is1) (Version: 2.2.0.0 - Binary Fortress Software)
HiJackThis (HKLM\...\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}) (Version: 1.0.0 - Trend Micro)
HyperSnap-DX (HKLM\...\HyperSnap-DX) (Version: - )
IconRestorer 1.0.8.1 SR1 (HKLM\...\IconRestorer Free_is1) (Version: - FSL - FreeSoftLand)
Magic ISO Maker v5.5 (build 0281) (HKLM\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
MasterSplitter Program (HKLM\...\MasterSplitter) (Version: - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual Basic 6.0 Enterprise Edition (HKLM\...\Visual Basic 6.0 Enterprise Edition) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.53 (HKLM\...\WebPost) (Version: - )
MidiIllustrator v2.01 (HKLM\...\MidiIllustrator_is1) (Version: - )
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 17.0.8 - Mozilla)
Mozilla Thunderbird 17.0.8 (x86 de) (HKLM\...\Mozilla Thunderbird 17.0.8 (x86 de)) (Version: 17.0.8 - Mozilla)
Mp3Split V1.31 (HKLM\...\Mp3Split_is1) (Version: 1.31 - © Copyright by Christian Punz 2006-2010)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.8 - F.J. Wechselberger)
Nero 12 (HKLM\...\{80836C86-1305-40C9-B7C9-F3A75266070D}) (Version: 12.5.01900 - Nero AG)
Nero Audio Pack 1 (HKLM\...\{A7A0BF2E-31CC-49E3-9913-52C503EB969D}) (Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero BackItUp (HKLM\...\{DA2D3078-A58C-45E8-8EE0-18B8BE6B34F7}) (Version: 12.5.1000 - Nero AG) Hidden
Nero BackItUp Help (CHM) (HKLM\...\{EF0D1292-8FC1-41BE-9740-DBC134F66415}) (Version: 12.0.13000 - Nero AG) Hidden
Nero Blu-ray Player (HKLM\...\{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}) (Version: 12.0.20014 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (HKLM\...\{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}) (Version: 12.0.9000 - Nero AG) Hidden
Nero Burning ROM (HKLM\...\{CF508721-0E1E-4F99-A359-59E4EA8DAEC1}) (Version: 12.5.5001 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (HKLM\...\{2890E324-6F3B-4975-8B95-E7D6D80E0226}) (Version: 12.0.3000 - Nero AG) Hidden
Nero ControlCenter (HKLM\...\{ABC88553-8770-4B97-B43E-5A90647A5B63}) (Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (HKLM\...\{C994C746-C6D0-4EBA-B09E-DF7B18381B69}) (Version: 12.0.12000 - Nero AG) Hidden
Nero Core Components (HKLM\...\{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}) (Version: 11.0.20200 - Nero AG) Hidden
Nero Disc Menus Basic (HKLM\...\{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}) (Version: 12.0.11500 - Nero AG) Hidden
Nero Effects Basic (HKLM\...\{29F67D84-3A70-456E-806A-52301B02070B}) (Version: 12.0.11500 - Nero AG) Hidden
Nero Express (HKLM\...\{5CD2E27A-F2C9-4A87-9A06-DFAF9A182481}) (Version: 12.5.5002 - Nero AG) Hidden
Nero Express Help (CHM) (HKLM\...\{0708FF30-78C0-47B0-81F0-C84604DC769C}) (Version: 12.0.13000 - Nero AG) Hidden
Nero Kwik Media (HKLM\...\{052A1E34-A54B-458C-A4E3-24C3E054754A}) (Version: 1.18.20100 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (HKLM\...\{1F16820E-D0E7-4636-939E-45CBFEFB06E1}) (Version: 12.0.12000 - Nero AG) Hidden
Nero Kwik Themes Basic (HKLM\...\{1B6F5E51-575E-4693-BCA2-7543570D076D}) (Version: 12.0.11500 - Nero AG) Hidden
Nero PiP Effects Basic (HKLM\...\{ACE49D50-19CD-44A6-B192-46F985283B26}) (Version: 12.0.11500 - Nero AG) Hidden
Nero Recode (HKLM\...\{1943C3BD-4462-4612-92C3-D36DD917C447}) (Version: 12.5.6000 - Nero AG) Hidden
Nero Recode Help (CHM) (HKLM\...\{86847081-B387-4F49-AED1-C9B0A090D66C}) (Version: 12.0.12000 - Nero AG) Hidden
Nero RescueAgent (HKLM\...\{B953732D-B623-4E84-B369-CFFF7B1AE06F}) (Version: 12.0.10002 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (HKLM\...\{0B311221-05A5-4766-8D03-7A6446794156}) (Version: 12.0.7000 - Nero AG) Hidden
Nero SharedVideoCodecs (HKLM\...\{2432E589-6256-4513-B0BF-EFA8E325D5F0}) (Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero Update (HKLM\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 11.0.11800.31.0 - Nero AG) Hidden
Nero Video (HKLM\...\{83FCCFCD-46E3-43FB-A397-78BFD5A8980A}) (Version: 12.5.2001 - Nero AG) Hidden
Nero Video Help (CHM) (HKLM\...\{B128179D-A5E1-43AC-9422-12A109ECD2A0}) (Version: 12.0.12000 - Nero AG) Hidden
neroxml (HKLM\...\{56C049BE-79E9-4502-BEA7-9754A3E60F9B}) (Version: 1.0.0 - Nero AG) Hidden
Netzwerkhandbuch EPSON BX635FWD Series (HKLM\...\EPSON BX635FWD Series Netg) (Version: - )
NVOCX version 2.14.09.29 (HKLM\...\{984AF15E-F5FA-4E87-9874-BD28454541FE}_is1) (Version: 2.14.09.29 - )
NVWEBOCX version 1.15.8.28 (HKLM\...\{D8D35337-108D-49a6-8F7B-489D4C69FAE0}}_is1) (Version: 1.15.8.28 - )
PeerBlock 1.0+ (r484) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.0.0.484 - PeerBlock, LLC)
Pegasus Imaging Corp. "The JPEG Wizard2" (HKLM\...\The JPEG Wizard2) (Version: - )
Pianissimo (HKLM\...\Pianissimo) (Version: - Acoustica)
Prerequisite installer (HKLM\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0003 - Nero AG) Hidden
Restorer2000 Pro 3.3 (HKLM\...\Restorer2000 Pro_is1) (Version: 3.3 - Bitmart Inc.)
Sandboxie 3.56 (32-bit) (HKLM\...\Sandboxie) (Version: - )
SiS 900 PCI Fast Ethernet Adapter Driver (HKLM\...\SiSLan) (Version: - )
SMI USB Grabber (HKLM\...\{B03B98E3-2795-48F6-BA33-793BBF5DF685}) (Version: 1.0.0.02 - Somagic Inc)
Smileys We Love Toolbar for IE (HKLM\...\{DD36B76E-AAC3-4BB7-9946-A5FBBE121C33}) (Version: 3.0.19 - SqueekyChocolate, LLC)
Steinberg The Grand VSTi DXi v2.1.0 (HKLM\...\Steinberg The Grand VSTi DXi_is1) (Version: - )
SUPER © Version 2010.bld.38 (May 2, 2010) (HKLM\...\SUPER ©) (Version: Version 2010.bld.38 (May 2, 2010) - eRightSoft)
SyncroSoft Emu (Remove only) (HKLM\...\SyncroSoft Emu) (Version: - )
Syncrosofts Lizenz Kontrolle (HKLM\...\Syncrosoft's License Control) (Version: - Syncrosoft Hard- Und Software GmbH)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: - )
TotalAudioConverter (HKLM\...\Total Audio Converter_is1) (Version: - Helmsman, Inc.)
Transcribe! 8.21 (HKLM\...\Transcribe!_is1) (Version: 8.21 - Seventh String Software)
TruePianos 1.5.0 (HKLM\...\TruePianos_is1) (Version: - 4Front Technologies)
TruePianos: Amber Module 1.4.0 (HKLM\...\TruePianos: Amber Module_is1) (Version: - 4Front Technologies)
TruePianos: Diamond Module 1.4.0 (HKLM\...\TruePianos: Diamond Module_is1) (Version: - 4Front Technologies)
TruePianos: Emerald Module 1.4.0 (HKLM\...\TruePianos: Emerald Module_is1) (Version: - 4Front Technologies)
TruePianos: Sapphire Module 1.4.0 (HKLM\...\TruePianos: Sapphire Module (Pedal sounds included)_is1) (Version: - 4Front Technologies)
TruePianos: Sapphire Module 1.4.0 (HKLM\...\TruePianos: Sapphire Module_is1) (Version: - 4Front Technologies)
UBitMenuDE (HKLM\...\{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1) (Version: 01.04 - UBit Schweiz AG)
Ulead VideoStudio SE DVD (HKLM\...\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}) (Version: 10.0 - Ulead Systems)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.1.9.3 - uvnc bvba)
USB Floppy Emulator V2 (HKLM\...\E372AE01-79B6-44E0-96AC-8AB0AE1E738D_is1) (Version: 1.40 - ipcas GmbH)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
WebDrive (HKLM\...\{F08E87FD-F62B-4BAC-A2D6-A94755653F30}) (Version: 9.10.2273 - South River Technologies)
Welcome App (Start-up experience) (HKLM\...\{828175FA-7307-4DBF-95AD-9CEE086B6F45}) (Version: 12.0.15000 - Nero AG) Hidden
WinCDEmu (HKLM\...\WinCDEmu) (Version: 3.6 - Bazis)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
Windows Repair Toolbox version 2.0.0.4 (HKLM\...\{A8D7DA31-9E70-437D-97C4-C4887752E029}_is1) (Version: 2.0.0.4 - Alexandre Coelho)
WinZip (HKLM\...\WinZip) (Version: 11.0 (7313) - WinZip Computing LP)
XXClone ver 0.58.0 (HKLM\...\XXClone) (Version: 0.58.0 - Pixelab, Inc.)
XXConsole: Super Console Generator ver 0.96 (HKLM\...\XXConsole) (Version: 0.96 - Pixelab, Inc.)

========================= Memory info: ===================================
Percentage of memory in use: 56%
Total physical RAM: 2047.55 MB
Available physical RAM: 889.59 MB
Total Virtual: 4095.11 MB
Available Virtual: 3057.43 MB

========================= Partitions: =====================================
2 Drive c: () (Fixed) (Total:29.29 GB) (Free:2.28 GB) NTFS
3 Drive d: (NewD60_cln) (Fixed) (Total:58.59 GB) (Free:7.03 GB) NTFS
4 Drive e: (NewE20_clon) (Fixed) (Total:19.53 GB) (Free:9.25 GB) NTFS
5 Drive f: (NewF126) (Fixed) (Total:126.34 GB) (Free:84.8 GB) NTFS
8 Drive y: () (Network) (Total:1.91 GB) (Free:1.88 GB)
9 Drive z: () (Network) (Total:3845.29 GB) (Free:863.68 GB)

========================= Users: ========================================
User accounts for \\MWBS2013

Administrator Guest xxxxxxx
VUSR_MWBS2013


**** End of log ****

Attached Files


Edited by hamluis, 05 February 2018 - 01:29 PM.


#11 Minimalist1

Minimalist1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 09 February 2018 - 04:49 AM

I was hoping to:

- find a solution

- learn about the root cause and how AVG could destroy my Windows operating system

 

I provided as much info as I possibly could, yet nobody seems to be wiling/capable to help.

I have successfully fixed systems, virus attacks and Windows/Registry errors before on my own, have 30+ years of PC experience under my belt

Had it been trivial (for me) I would not have asked for help. 

 

Trying the Windows UPDATE function failed: dozens of updates were pulled, installed and then 'revoked' after rebooting

Trying to do a Windows UPGRADE (same Win32 x86, hoping to keep personal settings and programs) ran for hours, finished, but the same problems remained, even with the revoking updates. The PC remains unusable.

 

The OS was obviously completely ruined when AVG was deinstalled. I have to rebuild the machine from scratch.

WITHOUT any 3rd party virus software this time, as it may damage a PC more than any real virus can ever do.

That lesson I DID learn ouf of this experience!

 

Thanks for trying!

 

This topic can be closed.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users