Windows 7: Windows Defender 0x80070424 Error

Kbalanis · 04 May 2011

I'm hoping I can finally get this issue resolved. Usually I am able to get everything working again after getting a virus but this is something that I cannot get to work. A few days ago my computer was infected with the Win 7 Total Security 2011 virus. At least I think that's what it was called, there are so many different names of these types of viruses. I was able to find the files associated with this virus through a scan with MBAM, but now my Windows Defender isn't working at all. After I open it up, I get an error message that states: The specified service does not exist as an installed service. (Error Code: 0x80070424). I don't know if I still have a virus that's blocking this program from working or the Win 7 virus did something to the registry, or if some important files got corrupted. I do know that the Windows Defender serivice is not in the services.msc file like it's supposed to be. So I would assume that's why I'm getting the error.

johnnya · 04 May 2011

Hi Kbalanis and welcome to the Forum. Sorry to hear that you are having some issues. Please check out the link below and see if it is of any help. Let us know.

How to Reinstall Windows Defender
Regards
JohnnyA

Kbalanis · 04 May 2011

Thanks for the quick reply. Apparently my WMI repository is consistent so there was nothing wrong with that, plus the defender service isn't in the .msc file. So nothing in that link worked.

johnnya · 04 May 2011

Umm. We will have to look further. We have a ton of very capable people here at the Forum. perhaps one of our Guru's will jump in and lend a hand.
Cheers
JohnnyA

EDIT: Windows Defender has a dependence in services.msi called Remote Proceedure Call (RPC)
that is set to automatic. Is yours set this way?

Another EDIT: Found another post on our Forum - have a look.
Windows Defender services missing?!

Hopalong X · 04 May 2011

To check what johnnya is talking about.

Go to Device Manager> Administrative Tools> Services
Scroll down until you see Windows Defender as in the Snip below I took for you. Highlight Win Defender.
Then you will see the Stop and Restart I circled in yellow towards top-left.

It should be set as mine is after you click Restart. You may need to click Stop if it shows then Restart.

If it doesn't show running after that a Restart of your PC may?? finish turning it on.

Worth a shot to look at least.
Mike

Click the pic to enlarge.

Kbalanis · 05 May 2011

The Remote Procedure Call was already set to automatic so that's not it. Plus I still don't have Windows Defender in my services.msc. I'll check that link out too, thanks.

--EDIT--

I saw that link yesterday so I ran that SecurityCheck program and this is the log from it:

Results of screen317's Security Check version 0.99.10
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
McAfee VirusScan Enterprise
McAfee Agent
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 24
Adobe Flash Player 10.0.2.54
Adobe Reader X (10.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee VirusScan Enterprise x64 EngineServer.exe
McAfee VirusScan Enterprise VsTskMgr.exe
McAfee VirusScan Enterprise x64 McShield.exe
McAfee VirusScan Enterprise x64 mfeann.exe
McAfee VirusScan Enterprise shstat.exe
``````````End of Log````````````

I haven't done a Malwarebytes scan in a couple days. The last time I did it returned with no infections but I can run it again if you'd like me to.

I've attached the DDS.txt and attach.txt files that were generated by the DDS.scr file.

Kbalanis · 05 May 2011

I just finished a full scan with Malwarebytes. Nothing was found but here's the log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6514
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
5/5/2011 10:54:51 AM
mbam-log-2011-05-05 (10-54-51).txt
Scan type: Full scan (C:\|)
Objects scanned: 450446
Time elapsed: 1 hour(s), 16 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

Carolyn · 05 May 2011

From your logs, I see that you've run a multitude of security programs, including ComboFix.

ComboFix should never be used without the supervision of a trained helper.

Do you still have the ComboFix log? C:\ComboFix.txt

If you do, post the contents of that log in your next reply. No attachments please.

Kbalanis · 05 May 2011

Yeah I was kinda in crisis mode as soon as I got infected. I tried a couple different programs to do scans but then I uninstalled them. I was told by somebody else that I should run ComboFix, but he didn't tell me it was best to only do so with the help of a trained pro. Shame on me for that, but like I said, I've been a little frantic about the issue since it's my work computer. Anyway, here's the ComboFix log:

ComboFix 11-05-04.04 - kbalanis 05/05/2011 8:24.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.6548 [GMT -7:00]
Running from: c:\users\kbalanis\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\kbalanis\XobniSetup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-05 to 2011-05-05 )))))))))))))))))))))))))))))))
.
.
2011-05-05 15:31 . 2011-05-05 15:31 -------- d-----w- c:\users\Keith Balanis\AppData\Local\temp
2011-05-05 15:31 . 2011-05-05 15:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-04 23:44 . 2011-05-04 23:44 -------- d-----w- c:\windows\system32\SPReview
2011-05-04 23:42 . 2011-05-04 23:42 -------- d-----w- c:\windows\system32\EventProviders
2011-05-04 23:37 . 2010-11-20 13:34 363392 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2011-05-04 23:36 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2011-05-04 23:36 . 2010-11-20 12:17 209920 ----a-w- c:\windows\SysWow64\PkgMgr.exe
2011-05-04 23:36 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2011-05-04 23:36 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2011-05-04 23:36 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-05-04 23:36 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-05-04 23:34 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-05-04 23:34 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-05-04 23:34 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-05-04 23:34 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-05-04 23:34 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-05-04 23:33 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-05-04 23:33 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-05-04 23:02 . 2011-05-04 23:16 -------- d-----w- C:\8bd29fcf06f28268469d6a56
2011-05-03 00:11 . 2011-05-03 00:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-03 00:04 . 2011-05-03 00:04 -------- d-----w- c:\users\kbalanis\AppData\Local\TuneUpMedic
2011-04-29 16:11 . 2011-04-29 16:11 -------- d-----w- c:\program files (x86)\Xobni
2011-04-29 16:10 . 2011-04-29 16:10 -------- d-----w- c:\users\kbalanis\AppData\Roaming\AVG10
2011-04-29 16:05 . 2011-04-29 16:05 -------- d--h--w- c:\programdata\Common Files
2011-04-29 16:04 . 2011-05-02 17:03 -------- d-----w- c:\programdata\AVG10
2011-04-29 16:04 . 2011-04-29 16:04 -------- d-----w- c:\program files (x86)\AVG
2011-04-29 15:57 . 2011-05-02 17:02 -------- d-----w- c:\programdata\MFAData
2011-04-28 19:26 . 2011-04-28 19:26 -------- d-----w- c:\users\kbalanis\AppData\Local\Threat Expert
2011-04-28 18:06 . 2011-04-28 18:06 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-04-28 15:53 . 2011-04-28 16:47 19528 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-28 15:53 . 2011-04-28 15:53 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-04-28 15:52 . 2011-04-28 15:52 -------- d-----w- c:\programdata\Hitman Pro
2011-04-27 22:18 . 2011-04-29 00:08 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner
2011-04-27 15:01 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2011-04-27 15:01 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2011-04-26 18:34 . 2011-05-02 23:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-25 22:23 . 2011-04-25 22:23 -------- d-----w- c:\users\kbalanis\AppData\Local\Wave Systems Corp
2011-04-25 22:22 . 2011-04-25 22:22 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-04-25 18:08 . 2011-04-25 18:08 -------- d-----w- c:\users\kbalanis\AppData\Roaming\IObit
2011-04-25 17:25 . 2011-04-25 17:25 -------- d-----w- c:\users\kbalanis\AppData\Roaming\ParetoLogic
2011-04-25 17:25 . 2011-04-25 17:25 -------- d-----w- c:\users\kbalanis\AppData\Roaming\DriverCure
2011-04-25 17:25 . 2011-04-26 17:58 -------- d-----w- c:\programdata\ParetoLogic
2011-04-22 00:24 . 2011-04-22 00:24 -------- d-----w- c:\users\kbalanis\AppData\Roaming\Malwarebytes
2011-04-22 00:23 . 2011-04-22 00:23 -------- d-----w- c:\programdata\Malwarebytes
2011-04-22 00:23 . 2010-12-21 01:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-20 23:50 . 2011-04-20 23:50 -------- d-----w- c:\users\kbalanis\AppData\Local\{FC297FF4-13DE-493F-A0FB-D9B79D83B1CD}
2011-04-19 14:22 . 2011-04-11 08:21 8802128 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ACE488A6-8877-4AD8-AFE8-100C60025AD1}\mpengine.dll
2011-04-15 23:55 . 2011-04-15 23:55 -------- d-----w- c:\users\kbalanis\AppData\Local\{B916030E-4E6C-4C9D-8A9E-12C87CF716D6}
2011-04-15 23:53 . 1998-02-13 21:30 143872 ----a-w- c:\windows\SysWow64\iacenc.dll
2011-04-15 23:53 . 1997-11-06 19:53 27648 ----a-w- c:\windows\SysWow64\ir50_lcs.dll
2011-04-15 23:53 . 1997-08-27 16:53 391168 ----a-w- c:\windows\SysWow64\i263_32.drv
2011-04-15 23:53 . 1997-06-13 15:56 56832 ----a-w- c:\windows\SysWow64\Iyvu9_32.dll
2011-04-15 23:53 . 1998-07-30 19:51 305152 ----a-w- c:\windows\IsUninst.exe
2011-04-15 23:04 . 2011-04-15 23:04 -------- d-----w- c:\users\kbalanis\AppData\Roaming\Media Player Classic
2011-04-15 23:02 . 2011-03-02 10:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll
2011-04-15 22:57 . 2011-04-15 22:57 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI. dll
2011-04-15 22:56 . 2011-04-15 22:56 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-15 22:56 . 2011-04-15 22:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-15 22:56 . 2011-04-15 22:56 -------- d-----w- c:\users\kbalanis\AppData\Local\{AF809551-663D-4FCB-B7F2-3963393B2015}
2011-04-15 22:56 . 2011-04-15 22:56 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-15 18:42 . 2011-04-15 18:42 -------- d-----w- c:\users\kbalanis\AppData\Local\{C8CB5FA3-EB69-4EE6-A995-8708C862B5C8}
2011-04-15 18:41 . 2011-04-15 18:41 -------- d-----w- c:\users\kbalanis\AppData\Local\{EB6F81BC-E876-4A38-9B41-F12103101298}
2011-04-15 16:30 . 2011-04-15 16:30 -------- d-----w- c:\users\kbalanis\AppData\Local\{86C5F188-1C3C-4E2D-B30A-EE32C33D0F2E}
2011-04-15 16:04 . 2011-04-15 16:04 -------- d-----w- c:\users\kbalanis\AppData\Local\{3A9D6DA1-5646-4B8B-B389-9D6A0E8A5F9C}
2011-04-14 20:57 . 2011-04-14 20:58 -------- d-----w- c:\users\kbalanis\AppData\Local\{0622E935-683C-45F8-B81C-17261BE92DBC}
2011-04-14 20:55 . 2011-04-14 20:55 -------- d-----w- c:\users\kbalanis\AppData\Local\{F390F25A-942B-4075-B28E-E1278A487295}
2011-04-14 20:53 . 2011-04-14 20:54 -------- d-----w- c:\users\kbalanis\AppData\Local\{8F67EFFB-85FA-4636-8D08-0FF915FC6EA6}
2011-04-14 20:52 . 2011-04-14 20:52 -------- d-----w- c:\users\kbalanis\AppData\Local\{06BD9DBF-CDEE-49EA-8CCE-3529EFA00C6C}
2011-04-14 20:51 . 2011-04-14 20:51 -------- d-----w- c:\users\kbalanis\AppData\Local\{6D6682A6-35A9-40EF-9C8B-87F116457AF3}
2011-04-14 20:50 . 2011-04-14 20:50 -------- d-----w- c:\users\kbalanis\AppData\Local\{BAC6BC2D-E3F6-4067-9E88-B90CD31914CB}
2011-04-13 15:01 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-11 14:51 . 2011-04-11 14:51 -------- d-----w- C:\CTS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-04 23:50 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-05-04 23:50 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-16 14:52 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-04 06:19 . 2011-04-27 15:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-27 15:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-19 12:05 . 2011-03-09 15:03 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-09 15:03 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-09 15:03 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-09 15:03 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-09 15:03 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-04-23 1314816]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-04-30 124240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-11-04 611712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files (x86)\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2010-2-8 1416560]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 185192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-01-04 1436424]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 w4shwdrv;w4shwdrv;c:\users\kbalanis\AppData\Local\Temp\w4s266A.tmp [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2010-02-08 515952]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-04-30 19720]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-10-27 6807656]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\En abledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 18:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Un initializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 18:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-12-03 1712232]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\w4shwdrv]
"ImagePath"="\??\c:\users\kbalanis\AppData\Local\Temp\w4s266A.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1369809732-1291637309-727275192-1616\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1369809732-1291637309-727275192-1616\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-05 08:34:11
ComboFix-quarantined-files.txt 2011-05-05 15:34
.
Pre-Run: 256,822,259,712 bytes free
Post-Run: 256,571,719,680 bytes free
.
- - End Of File - - 0703D1EB62ED721CE00D5E5DEE8C7FFF

Carolyn · 05 May 2011

There is another ComboFix log that I would like to see.

It can be found here C:\qoobox\ComboFix2.txt

You can attach that one (the logs are long)

Windows 7: Windows Defender 0x80070424 Error

Windows Defender 0x80070424 Error problems?