mikeymikec
New Member
- Messages
- 3
I'm having trouble with a computer at work; I believe it was infected with malware at some point as the registry entries for mpssvc (the windows firewall service) and wscsvc (windows security centre service) had been removed (ie. in HKLM > SYSTEM > CCS > services). I've reinstated those registry entries from a working Win8.1 machine (both the 64-bit version). Windows Security Centre is up and running again but the Windows Firewall service fails to start, error code 2, "the system cannot find the file specified". Other services like mpsdrv and bfe are fine. Windows Update is also working.
After multiple reboots, the registry entries for the mpssvc service remain as expected (the main thing I've been checking is the file name run by the service). So far I've tried:
dism /online /cleanup-image /restorehealth
sfc /scannow
chkdsk /f /v /r (the disk has some slightly iffy SMART readings, some successfully reallocated sectors)
TDSSkiller (it was mentioned when I was googling for the problem in a similar-ish context)
All of these ended on a positive note. I might try running the dism command again as I think it said it found some things wrong and corrected them. Chkdsk's results only fixed minor file system issues, no further bad sectors found or read failures. TDSSkiller didn't find anything.
I'm running a scan with malwarebytes, but it's already past the file scanning, rootkit check, and registry scanning stages so I doubt that's going to turn up anything relevant. The computer is running Windows Defender for antivirus (always has done).
The machine isn't currently showing any active signs of infection (eg. dodgy processes running, pop-ups, other odd things happening during browsing), just this. I wonder whether Defender found an infection at some point after the fact and dealt with it already, but the damage was already done.
After multiple reboots, the registry entries for the mpssvc service remain as expected (the main thing I've been checking is the file name run by the service). So far I've tried:
dism /online /cleanup-image /restorehealth
sfc /scannow
chkdsk /f /v /r (the disk has some slightly iffy SMART readings, some successfully reallocated sectors)
TDSSkiller (it was mentioned when I was googling for the problem in a similar-ish context)
All of these ended on a positive note. I might try running the dism command again as I think it said it found some things wrong and corrected them. Chkdsk's results only fixed minor file system issues, no further bad sectors found or read failures. TDSSkiller didn't find anything.
I'm running a scan with malwarebytes, but it's already past the file scanning, rootkit check, and registry scanning stages so I doubt that's going to turn up anything relevant. The computer is running Windows Defender for antivirus (always has done).
The machine isn't currently showing any active signs of infection (eg. dodgy processes running, pop-ups, other odd things happening during browsing), just this. I wonder whether Defender found an infection at some point after the fact and dealt with it already, but the damage was already done.
My Computer
System One
-
- OS
- Windows 8.1