Troubleshoot Rare service after windows 10 anniversary update

darko999

Level 17
Thread author
Verified
Well-known
Oct 2, 2014
805
After installing windows 10 Anniversary update I got this Service which I can't disable neither set to manual start.

EDIT: NVM I'm not the only one so I'm kinda happy about it

What is the CDPUsersvc for ?

serv.png


Anyone has similar issue? should I downgrade to previos version?

Thanks in advance.
 
Last edited:

Logethica

Level 13
Verified
Top Poster
Well-known
Jun 24, 2016
636
@darko999 ..

C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup:

FROM: answers.microsoft.com

This issue might occur, when some of the system files got corrupted or due to any third party application conflict.

I would suggest you to try the below methods and check if it helps.

Method 1:

Perform System File Checker (sfc) scan.

System File Checker is a utility in Windows that allows users to scan for corruptions in Windows system files and restore corrupted files.

To perform SFC Scan, refer to the below link:
https://support.microsoft.com/en-us/kb/929833

Note: Steps mentioned for Windows 8/8.1, will work fine with Windows 10.

Method 2: Clean boot.

A clean boot is performed to start Windows by using a minimal set of drivers and startup programs. This helps eliminate software conflicts that occur when you install a program.
https://support.microsoft.com/en-us/kb/929135

Note: Steps mentioned for Windows 8/8.1, will work fine with Windows 10.

Disclaimer: Please go through the section: How to reset the computer to start as usual after troubleshooting with clean boot of the Kb article to boot the computer in normal startup after fixing the issue.
 
Upvote 0

darko999

Level 17
Thread author
Verified
Well-known
Oct 2, 2014
805
The main problem is that Microsoft added hidden services on Windows 10 and you can't query the signature for those services.

Services created by the "UnistackSvcGroup" do not have any associated DLL or executable and can't be verified, these include:
Sync Host_<random string>
Contact Data_<random string>
MessagingService_<random string>
CDPUserSvc_<random string>
Service_<random string>

Makes sense
 
Upvote 0

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Accessing Email & App Accounts is a no go too, it closes as soon as it is clicked on.
I was trouble shooting to see if I could help find a solution for you guys and now
realize I am bugged too lol :confused:
It wasn't like this before the AU
:: EDIT ::
I got in, I restarted explorer with Process Lasso and it fixed my being locked out of that area
When you guys create a new acct. when you go back to it, is it visiable in the accounts menu ?
 
Last edited:
Upvote 0

SpartacusSystem

Level 7
Verified
Well-known
Aug 6, 2015
306
Accessing Email & App Accounts is a no go too, it closes as soon as it is clicked on.
I was trouble shooting to see if I could help find a solution for you guys and now
realize I am bugged too lol :confused:
It wasn't like this before the AU
:: EDIT ::
I got in, I restarted explorer with Process Lasso and it fixed my being locked out of that area
When you guys create a new acct. when you go back to it, is it visiable in the accounts menu ?

Yes, but when I try to sign into it, it signs me straight back out or it says there's a problem, we couldn't sign you in...
 
Upvote 0

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Yes, but when I try to sign into it, it signs me straight back out or it says there's a problem, we couldn't sign you in...
Delete the accounts you have created, all of them except your main acct you login with.
Then reboot, and after all has loaded run the sfc /scannow tool. allow that to finish.
If it finds errors and repairs them "Reboot" and run it again untill no errors are found.
After that post back here. I am looking for some things that may help with the creation issue.
 
Upvote 0

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
This is the only viable solution I can find other than a fresh install of win10, which i know is a pain in the azz.
Its quoted from the MS site I will link to the original post.
QUOTE I also had this problem and couldn't find any solution to this, I have tried all the suggested solutions on the internet (which didn't apply), but the solution is fairly simple (found it on reddit):

Just copy the Default folder (in C:\Users) from another windows 10 computer and, after you rename your problematic Default folder to something like DefaultOLD (just to keep it for safety reasons), paste it in your Users folder. To make sure that you won't have problems with permissions of the "implant" folder, just transfer it via a FAT/FAT32 formatted usb stick (those filesystems don't have permissions).

If it worked for you, please share because I almost had a headache trying to fix this and I imagine you do. END
3 posts down in the link below its the post by stratisgeo
Link: http://answers.microsoft.com/en-us/...r/b71eb998-3a61-4958-b40b-bcc22e19dfe9?page=1

This seemed to work for many and I hope it helps you brother, if not you may want to try a clean install of Windows 10 to fix the corruption issue.
PeAcE
 
Upvote 0

SpartacusSystem

Level 7
Verified
Well-known
Aug 6, 2015
306
This is the only viable solution I can find other than a fresh install of win10, which i know is a pain in the azz.
Its quoted from the MS site I will link to the original post.
QUOTE I also had this problem and couldn't find any solution to this, I have tried all the suggested solutions on the internet (which didn't apply), but the solution is fairly simple (found it on reddit):

Just copy the Default folder (in C:\Users) from another windows 10 computer and, after you rename your problematic Default folder to something like DefaultOLD (just to keep it for safety reasons), paste it in your Users folder. To make sure that you won't have problems with permissions of the "implant" folder, just transfer it via a FAT/FAT32 formatted usb stick (those filesystems don't have permissions).

If it worked for you, please share because I almost had a headache trying to fix this and I imagine you do. END
3 posts down in the link below its the post by stratisgeo
Link: http://answers.microsoft.com/en-us/...r/b71eb998-3a61-4958-b40b-bcc22e19dfe9?page=1

This seemed to work for many and I hope it helps you brother, if not you may want to try a clean install of Windows 10 to fix the corruption issue.
PeAcE

I'll be trying this. Keep you posted. Tried sfc tool after deleting all accounts, didn't help.
 
Upvote 0

SpartacusSystem

Level 7
Verified
Well-known
Aug 6, 2015
306
Deleted all accounts except my own. Performed an sfc/scannow, showed there was errors in the cbs log but they couldn't be fixed. Then I used my fresh Windows 10 Pro ISO DVD to perform a DISM repair which was successful. I restarted the computer and then performed an sfc /scannow the errors found were fixed! So I restarted the computer (at this point in time i was running around the front room thinking I might have just pulled it off!).

Tried to create a new local account entitled 'Visitor'. Went over to lusermgr.msc to affix it to the Guests' group. I actually got logged into the account so I made some progress compared to before where it was pretending to sign me in then out. I was defeated by that horrible blue box which says there was a problem and we couldn't sign you into your account.

I dismissed the message and yet it behaves like a normal guest account just like in build 10586? I can save items, log out and they're still there upon restart of the laptop. Everytime I log into that account it seems to keep showing me that blue box and all I do is dismiss it.

I have some more options to perform. Make a local account and leave it in the users group and see how it works; make a local account and assign it to the administrator's group and if it's successful (I don't see a blue box) then see how it behaves when I will re-assign it to the guests' group.

The blue box message could just be a bug?

I performed a computer repair job today. I did a clean Install of Windows 10 yet those wierd services are still present. I made a guest account on that freshly installed OS and guess what? The dreaded blue box had came back to haunt me once again.

P.S. on a good note: Remember how the DISM tool used to be stuck for AGES on 20%? Well... That's not the case anymore! It actually progresses through from 0.0 to 100.0 (I have screenshots for proof which I will upload in this post the minute I transfer over to the other machine.) :D

I have persistence! ;) I will not be defeated by the dreaded "clean install".

Still yet to update when I'm out of juice.
 
Upvote 0

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Nice work Spartacus,
It could be that, that blue box is a bug, just keep an eye on it so you don't end
up on the short end of the stick. If indeed it is a bug being patient will be the
best course of action, as MS will most likely patch it in the near future.
Thanks for keeping us informed ;)
 
Upvote 0

SpartacusSystem

Level 7
Verified
Well-known
Aug 6, 2015
306
Nice work Spartacus,
It could be that, that blue box is a bug, just keep an eye on it so you don't end
up on the short end of the stick. If indeed it is a bug being patient will be the
best course of action, as MS will most likely patch it in the near future.
Thanks for keeping us informed ;)

No problem! Yeah I've been following this blue box bug since build 14393.0. I'm thinking now there can literally be nothing wrong with my upgrade at all, even after nourishing it with a DISM fix and sfc? But yeah I'll keep going till this is sorted. I remember sending a message to @BoraMurdar as I discovered he was one of the first with me to try out the new rtm sign-off build which was 14393 at the time. He was using a local account whereas I was using a Microsoft account, so he really couldn't carry out my issue.
 
Upvote 0

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
No problem! Yeah I've been following this blue box bug since build 14393.0. I'm thinking now there can literally be nothing wrong with my upgrade at all, even after nourishing it with a DISM fix and sfc? But yeah I'll keep going till this is sorted. I remember sending a message to @BoraMurdar as I discovered he was one of the first with me to try out the new rtm sign-off build which was 14393 at the time. He was using a local account whereas I was using a Microsoft account, so he really couldn't carry out my issue.
I too am on a MS acct, I once created a local acct, had it for a few days and realized how limited I was and moved back to a MS acct. and here I have stayed.
I never had the "Blue Box Bug" but I have seen many instances of folks that have since trying to help with this thread. I had no idea it was so wide spread.
 
Upvote 0

SpartacusSystem

Level 7
Verified
Well-known
Aug 6, 2015
306
I too am on a MS acct, I once created a local acct, had it for a few days and realized how limited I was and moved back to a MS acct. and here I have stayed.
I never had the "Blue Box Bug" but I have seen many instances of folks that have since trying to help with this thread. I had no idea it was so wide spread.

Try making a local account (first with Guests' group, then User's group through lusrmgr.msc) alongside your MS account, see if it happens to you.

Well what a surprise! The minute I assigned the local account 'Visitor' from the Guests' group to the User's group through lusrmgr, no blue box. :cool:

So now I am thinking that there seems to be a problem with the Guests' membership area within this build. Are they trying to kill of Guest accounts? We've heard of this before from builds 101xxx about the guest account being disabled by default.

The guests' group is so so so useful especially in my household. Say I am not at home, someone from the family wants to grab a laptop or a visitor, the fact that they cannot browse through my user, see my history (not like a hormone raging teen has anything to hide, ahem Incognito is my best friend. *cough*...) try to install apps/programs or even open Windows apps is peace of mind for me. A guest account with UAC at max level is robust and I have been doing this trick since the days of Windows 7! It's a shame I may not be able to replicate it now, or I'll still carry on doing it with the blue box bug. I just want visitors to do what they want without harming the system and this blue box isn't that obtrusive.
 
Last edited:
Upvote 0

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top