Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I also have 0x80070424, should I...


  • Please log in to reply
21 replies to this topic

#1 kapakris

kapakris

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 10 September 2012 - 01:57 PM

I also have error code 0x80070424. I am unable to run defender, turn on my firewall, and update MSE (though I understand now that MSE and Defender shouldn't both be run, but as of now, I am having issues with both). I followed all the forum directions available on Microsoft. I was then instructed to come here for assistance.

I noted at least two other recent posters who had same issue. They were given directions, which I could follow, but I noticed that the directions included them posting the results of their scans, so I am asking for the same help. The directions that were given them are as follows (should I follow these steps as well, including posting results?)--thanks for your reply and assistance:


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:22 PM

Posted 10 September 2012 - 09:49 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 kapakris

kapakris
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 11 September 2012 - 01:15 PM

Got warning message regarding downloading and running the first step, the Security Check. I opted not to run. I am very gun shy at the moment since my firewall is not working and I have been struggling with so many viruses.

Any help I can get will be great. Obviously, I also need to get my firewall up and running, as well. Thanks for your help!


Ran Farbar. Results:


Farbar Service Scanner Version: 06-08-2012
Ran by Allens (administrator) on 11-09-2012 at 14:14:42
Running from "C:\Users\Allens\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Edited by kapakris, 11 September 2012 - 02:02 PM.


#4 kapakris

kapakris
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 11 September 2012 - 01:20 PM

Ran MiniToolBox. Results:


MiniToolBox by Farbar Version: 23-07-2012
Ran by Allens (administrator) on 11-09-2012 at 14:18:00
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Allens-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : zoominternet.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : zoominternet.net
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-23-54-76-66-BF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::4898:62e1:aa77:947c%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, September 11, 2012 2:02:55 PM
Lease Expires . . . . . . . . . . : Wednesday, September 12, 2012 2:02:55 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 167781204
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-60-1E-9F-00-23-54-76-66-BF
DNS Servers . . . . . . . . . . . : 192.168.1.1
24.154.1.8
24.154.1.67
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.zoominternet.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com.zoominternet.net
Addresses: 198.105.251.14
66.152.109.102



Pinging google.com [74.125.228.9] with 32 bytes of data:

Reply from 74.125.228.9: bytes=32 time=29ms TTL=54

Reply from 74.125.228.9: bytes=32 time=23ms TTL=54



Ping statistics for 74.125.228.9:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 23ms, Maximum = 29ms, Average = 26ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com.zoominternet.net
Addresses: 198.105.251.14
66.152.109.102



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:

Reply from 72.30.38.140: bytes=32 time=1216ms TTL=49

Reply from 72.30.38.140: bytes=32 time=1527ms TTL=49



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 1216ms, Maximum = 1527ms, Average = 1371ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com.zoominternet.net
Addresses: 198.105.251.14
66.152.109.102



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
10 ...00 23 54 76 66 bf ...... Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
12 ...00 00 00 00 00 00 00 e0 isatap.zoominternet.net
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.103 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.103 276
192.168.1.103 255.255.255.255 On-link 192.168.1.103 276
192.168.1.255 255.255.255.255 On-link 192.168.1.103 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.103 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.103 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::4898:62e1:aa77:947c/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/11/2012 02:04:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/11/2012 10:46:58 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2012 01:59:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5070

Error: (09/10/2012 01:59:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5070

Error: (09/10/2012 01:59:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/10/2012 01:59:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1919

Error: (09/10/2012 01:59:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1919

Error: (09/10/2012 01:59:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/09/2012 11:11:49 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16448 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 998
Start Time: 01cd8f01e68d540d
Termination Time: 0

Error: (09/09/2012 11:11:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/11/2012 02:14:05 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.135.860.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/11/2012 02:14:05 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.135.860.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/11/2012 02:04:34 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (09/11/2012 02:04:34 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (09/11/2012 02:04:34 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (09/11/2012 10:55:35 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.135.860.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/11/2012 10:55:35 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.135.860.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/11/2012 10:46:58 AM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (09/11/2012 10:46:58 AM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (09/11/2012 10:46:58 AM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060


Microsoft Office Sessions:
=========================
Error: (09/11/2012 02:04:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/11/2012 10:46:58 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2012 01:59:17 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5070

Error: (09/10/2012 01:59:17 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5070

Error: (09/10/2012 01:59:17 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/10/2012 01:59:14 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1919

Error: (09/10/2012 01:59:14 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1919

Error: (09/10/2012 01:59:14 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/09/2012 11:11:49 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.1644899801cd8f01e68d540d0

Error: (09/09/2012 11:11:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Bing Bar (Version: 7.1.391.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Bonjour (Version: 3.0.0.10)
Coupon Printer for Windows (Version: 5.0.0.0)
HP Deskjet 3050 J610 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 3050 J610 series Help (Version: 140.0.63.63)
HP Deskjet 3050 J610 series Product Improvement Study (Version: 22.50.231.0)
HP Photo Creations (Version: 1.0.0.3781)
HP Update (Version: 5.002.006.003)
Intel® Graphics Media Accelerator Driver
iTunes (Version: 10.6.3.25)
Java™ 7 Update 4 (Version: 7.0.40)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Works 6-9 Converter (Version: 14.0.6120.5002)
Realtek High Definition Audio Driver (Version: 6.0.1.5789)
Soft Data Fax Modem with SmartCP (Version: 7.74.00)
swMSM (Version: 12.0.0.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Watchtower Library 2011 - English (Version: 13.0)

========================= Devices: ================================

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 40%
Total physical RAM: 3317.33 MB
Available physical RAM: 1981.74 MB
Total Pagefile: 6870.67 MB
Available Pagefile: 5474.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.73 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:452.72 GB) (Free:278.69 GB) NTFS
2 Drive d: () (Fixed) (Total:13.04 GB) (Free:12.95 GB) NTFS

========================= Users: ========================================

User accounts for \\ALLENS-PC

Administrator Allen Family Allens
Guest


**** End of log ****

#5 kapakris

kapakris
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 11 September 2012 - 01:32 PM

Ran Malware. Results below. Also ran full scan earlier today...found three trojans at that time.


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.11.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Allens :: ALLENS-PC [administrator]

9/11/2012 2:26:28 PM
mbam-log-2012-09-11 (14-26-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207546
Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 kapakris

kapakris
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 11 September 2012 - 01:58 PM

Ran aswMBR.

No MBR.dat file on desktop or anywhere. Just a aswMBR page,which identifies OS, windows service pack 2, number of processors, computer and username, AVAST engine defs: 1209110, and verification that the log file was saved successfully to c drive.

Also, no mention of pressing the fixMBR button, so I did not.

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:22 PM

Posted 11 September 2012 - 06:36 PM

You didn't give aswMBR enough time.
Re-run it. If still same issue run it from safe mode.

Got warning message regarding downloading and running the first step, the Security Check

It's perfectly safe file. You don't think I try to infect your computer, do you? :)
Disregard the warning and run the scan.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:22 PM

Posted 12 September 2012 - 03:02 AM

Very sorry to interrupt Broni while you are being helped -

This is just a partial profile of screen 317 from his Malwarebytes Forum identity details -
Chris Fistonich
Consumer Support Specialist
screen317
Moderators
18,700 posts
Gender:Male
Location:New Haven, CT

Broni can have this removed if preferred -

#9 kapakris

kapakris
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 12 September 2012 - 09:33 AM

New here, no offense inteded, I hope that is understood.


Ran 317 Security check. Results:

Results of screen317's Security Check version 0.99.50
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Java™ 7 Update 4
Java version out of Date!
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

#10 kapakris

kapakris
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 12 September 2012 - 09:57 AM

Ran aswMBR again. Has long pauses, thought it was done the other day. Today, ran it once and it stopped with an "AVAST! There is a antivirus or malware..." message (closed it before writing it down, and I can't remember accurately now). I ran it again to write down the message, but it ran completely through the second time.


Results:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-11 14:34:54
-----------------------------
14:34:54.346 OS Version: Windows 6.0.6002 Service Pack 2
14:34:54.346 Number of processors: 2 586 0x1706
14:34:54.346 ComputerName: ALLENS-PC UserName: Allens
14:34:56.358 Initialize success
14:45:22.774 AVAST engine defs: 12091100
14:51:57.986 The log file has been saved successfully to "C:\Users\Allens\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-12 10:37:42
-----------------------------
10:37:42.914 OS Version: Windows 6.0.6002 Service Pack 2
10:37:42.914 Number of processors: 2 586 0x1706
10:37:42.914 ComputerName: ALLENS-PC UserName: Allens
10:37:44.848 Initialize success
10:37:52.165 AVAST engine defs: 12091100
10:37:57.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:37:57.671 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA57A Size: 476940MB BusType: 3
10:37:57.687 Disk 0 MBR read successfully
10:37:57.687 Disk 0 MBR scan
10:37:57.703 Disk 0 Windows VISTA default MBR code
10:37:57.703 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 463586 MB offset 63
10:37:57.749 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13350 MB offset 949425435
10:37:57.781 Disk 0 scanning sectors +976768065
10:37:57.921 Disk 0 scanning C:\Windows\system32\drivers
10:38:21.368 Service scanning
10:38:34.534 Service MpKsl48221521 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3E55E1CF-6F3E-4999-AED3-3C3288C549B7}\MpKsl48221521.sys **LOCKED** 32
10:38:54.315 Modules scanning
10:39:00.274 Disk 0 trace - called modules:
10:39:00.805 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
10:39:00.820 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a7d738]
10:39:00.836 3 CLASSPNP.SYS[8abbf8b3] -> nt!IofCallDriver -> [0x84939f08]
10:39:00.851 5 acpi.sys[8069f6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x852e5b98]
10:39:02.521 AVAST engine scan C:\Windows
10:39:06.171 AVAST engine scan C:\Windows\system32
10:43:39.785 AVAST engine scan C:\Windows\system32\drivers
10:44:18.075 AVAST engine scan C:\Users\Allens
10:51:44.325 AVAST engine scan C:\ProgramData
10:52:53.373 Scan finished successfully
10:53:58.583 Disk 0 MBR has been saved successfully to "C:\Users\Allens\Desktop\MBR.dat"
10:53:58.598 The log file has been saved successfully to "C:\Users\Allens\Desktop\aswMBR.txt"

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:22 PM

Posted 12 September 2012 - 06:29 PM

So far I don't see anything malicious but you have a number of registry keys missing.
Before we fix it one more scan...

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#12 kapakris

kapakris
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 15 September 2012 - 10:34 AM

Ran the first Rkill. Please note, when I clicked to download, my options were to run or save...I selected save, but I do not know where it was put. When it was done saving, I was presented with a RUN button. I tried to right click for the administrator option (VISTA), but I didn't have the option available. So I ran it anyways.

Results:

Rkill 2.3.15 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/15/2012 11:30:38 AM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* BFE [Missing Service]
* BITS [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/15/2012 11:30:44 AM
Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s)

#13 kapakris

kapakris
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 15 September 2012 - 10:39 AM

By the way, aside from being unable to turn on firewall and run defender, my parental controls options are unavailable to me.

Should I just run my recovery disks and reload everything? I backed up personal files, just in case. Earlier in the summer, my hard drive was compromised by a power surge (power line knocked down...plugged into surge protecter, but didn't help). Frankly, due to light summer work and other issues, I haven't gotten around to reloading everything anyways.

Would reloading everything reset it and clean out any lingering viruses?


Thanks for all of your help, by the way, I greatly appreciate it.

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:22 PM

Posted 15 September 2012 - 12:40 PM

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Posted Image



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Posted Image


Go to Step 4 and under "System Restore" click on Create button:

Posted Image


Go to Start Repairs tab and click Start button.

Posted Image


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

Posted Image

Click on box next to the Restart System when Finished. Then click on Start.

Post new FSS log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#15 kapakris

kapakris
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 17 September 2012 - 04:05 PM

Ran Windows Repair, following steps recommended. Below is FSS, but note, there was an FSS log on computer desktop while it was running. Not sure if this is an updated version of it.

Nonetheless, I can turn my firewall on. : )

Should I run Microsoft Security Essentials instead of Defender? (got idea from somewhere that they are not compatible) Or, what is best recommendation at this point, for all out computer protection? (not that I think either of them serve as all out protection).




FSS Log (by the way, it says it ran on 11-09-2012, but I checked my control panel and time and date are correct):

Farbar Service Scanner Version: 06-08-2012
Ran by Allens (administrator) on 11-09-2012 at 14:14:42
Running from "C:\Users\Allens\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users