What could be keeping my antivirus program from working?

[kuurt]

I normally use Microsoft Security Essentials for my antivirus program. But the other day when I tried to update the definitions it would not update. It kept freezing up. I tried uninstalling the program and reinstalling it, but it still wouldn't update the definitions.

So I uninstalled it again and installed Avast and it wouldn't scan. It also froze up during the scan and wouldn't go past 0%.

Thinking I might have an infection, I scanned my computer with malewarebytes, superantispyware, esetonlinescanner, and housecalllauncher. They don't find anything. And I haven't noticed any other computer problems so I'm thinking it's probably not an infection.

Someone also told me to try creating another administrator account on my computer (windows 7) an running my antivirus program from there. But, it still wouldn't work.

Any ideas what could be keeping my antivirus programs from working? (I only have one of them installed at a time).

 

[samuria]

Please download and save FRST 64bit or FRST 32 bit to your Desktop see what this tells us.

http://download.bleepingcomputer.com/farbar/FRST.exe

http://download.bleepingcomputer.com/farbar/FRST64.exe

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Make sure that Addition option is checked.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back .
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe).

 

[torchwood]

Hi Kuurt,

Malwarebytes and Eset are pretty good at finding infections.
you could try Farbar
Farbar Recovery Scan Tool Download

I'd be more inclined to run, from an elevated command mode,
sfc /scannow
And
KB947821 (SURT)

post the logs from them please, in built zip (compressed)
(c >> windows >> logs >> CBS ....top text file and SURT at the bottom)

Roy

 

[torchwood]

Rats you beat me Samuria

 

[kuurt]

Here's the FRST and Addition files.

 

[torchwood]

Hi Kuurt,

please run this tool copy/paste the output, you appear to be missing essential MS files

http://go.microsoft.com/fwlink/?LinkID=52012

Roy

 

[kuurt]

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-2RTFY-YBP87-7XCB2
Windows Product Key Hash: tUibrN/ov6wRuOuQ9Ad3VYaI6+Y=
Windows Product ID: 00359-OEM-8702936-49286
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {073BAE0D-8379-46DE-8937-83729A11460F}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_ldr.160408-2045
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{073BAE0D-8379-46DE-8937-83729A11460F}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-7XCB2</PKey><PID>00359-OEM-8702936-49286</PID><PIDType>3</PIDType><SID>S-1-5-21-2672882776-3512545915-2231265231</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>ASUS M2N SLI ACPI BIOS Revision 0201</Version><SMBIOSVersion major="2" minor="4"/><Date>20070907000000.000000+000</Date></BIOS><HWID>BC643A07018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>US Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Activation ID: 586bc076-c93d-429a-afe5-a69fbc644e88
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00174-029-349286-02-1033-7600.0000-1062014
Installation ID: 014444195580583404828006302844411540778216590670269473
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 7XCB2
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 7/16/2017 9:02:41 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: OAAAAAEABgABAAEAAAADAAAAAQABAAEA6GEaRFoj3pN06n4IAIfq1D6OujVIZOjbnDyjKKD/yPQ=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC Nvidia ASUSACPI
FACP Nvidia ASUSACPI
HPET Nvidia ASUSACPI
MCFG Nvidia ASUSACPI

 

[torchwood]

Hi Kuurt,

Thanks for that i was hoping to see a vbs script error, but its clear

Do you still have your original install discs??
(not a problem if you dont)

please run/post the results of the other 2 progs i mentioned earlier.
They may clear your problem, if not they may point me in the right direction.

Not sure if the torrents you have are causng the problem!!,
but you do appear to have some strange firewall rules as well.

I can see its a pretty old system but i DONT think its a hardware problem

If the 2 progs fail to clear the problem we may be looking at a repair install -- NO LOSS of personal data.


Roy

2.30AM here bed time

 

[kuurt]

I don't have the install disk, my brothers got it at the moment.

What other 2 progs are you talking about? The ones I already posted?

 

[torchwood]

Hi Kuurt,

in post no 3

sfc /scannow
KB947821.

Has this machine previously been infected??

Roy

 

[kuurt]

I'm sure I've had a virus here and there. My virus scans usually turn up nothing, but on occasion it finds something. But my system has been running pretty good for over a year now without any serious issues.

I did the sfc/scannow and it says it didn't find any integrity violations.

I'm not sure why you wrote KB947821 - am I suppose to do something with that?

 

[Layback Bear]

KB947821

Recommend reading this.

Download System Update Readiness Tool for Windows 7 (KB947821) [October 2014] from Official Microsoft Download Center

Jack

 

[torchwood]

Hi Kuurt,
that KB is a repair tool.
Hopefully it will reinstall the MS folders.

Classic Malware operation to remove certain files so that you cant update/run AV's
thats why i asked.

note
allthough as and when the offending files are removed by antimalware programs
THEY DO NOT replace/reinstall legitimate entries removed by it.
Thats why a asked about the disc, get it back.

Roy

 

[kuurt]

I've been running KB repair tool for over an hour now and it doesn't seem to be doing anything either. It just says "searching for updates on this computer". I wouldn't think it would take this long surely.

Are sure I'm missing important windows files? the sfc/scannow said it didn't find any integrity violations.

And if I do need to get the windows 7 disk, would I just do a repair install?

 

[torchwood]

Hi Kuurt,

The Additions.txt file from farbar was showing the missing files.

That KB will try and restore them, sometimes actually takes 2/3 hrs depending on whats missing..

and yes if that KB doesn't/can't restore them it would be a repair install.


Roy

 

[kuurt]

Ok, I let the KB run for several hours but it doesn't seem to be doing any good.

I got the Windows 7 disk back from my brother but I forgot that my disk drive wasn't working. Is there anyway I can download it from Microsoft or as a torrent? I have my product key.

 

[torchwood]

Hi Kuurt,

download link for
HP SP1 English X64

https://software-download.microsoft.com/pr/Win7_HomePrem_SP1_English_x64.iso?t=2ac56f59-9093-45b9-b56f-b56aec79003c&e=1500804876&h=ae23e2efba6ab19276466e5f643626bc


ONLY VALID for 24hrs 11.15 am here in blighty

notes
Assuming USB ports are OK,
Change boot order in Bios to load from USB
min 4GB USB stick
download this little MS program
Windows USB/DVD Download Tool - Microsoft Store

download tool
download OS
run tool import OS
Re-install.


ROy

 

[kuurt]

I did a system restore to an earlier date. And now my antivirus (MSE) is working again. Earlier in this post I did a Farbar scan and Torchwood told me the Addition.txt was showing missing files probably due to maleware. So now that my antivirus is working again, I figured I would do another farbar scan to make sure the missing files have returned. If someone could tell me, I don't know what to look for.

The previous Addition.txt is in #5 of this post.

And here is the latest Farbar scan results: