Windows Defender 0x80070424 Error

[Kbalanis]

I'm hoping I can finally get this issue resolved. Usually I am able to get everything working again after getting a virus but this is something that I cannot get to work. A few days ago my computer was infected with the Win 7 Total Security 2011 virus. At least I think that's what it was called, there are so many different names of these types of viruses. I was able to find the files associated with this virus through a scan with MBAM, but now my Windows Defender isn't working at all. After I open it up, I get an error message that states: The specified service does not exist as an installed service. (Error Code: 0x80070424). I don't know if I still have a virus that's blocking this program from working or the Win 7 virus did something to the registry, or if some important files got corrupted. I do know that the Windows Defender serivice is not in the services.msc file like it's supposed to be. So I would assume that's why I'm getting the error.

 

[johnnya]

Hi Kbalanis and welcome to the Forum. Sorry to hear that you are having some issues. Please check out the link below and see if it is of any help. Let us know.

How to Reinstall Windows Defender
Regards
JohnnyA

 

[Kbalanis]

Thanks for the quick reply. Apparently my WMI repository is consistent so there was nothing wrong with that, plus the defender service isn't in the .msc file. So nothing in that link worked.

 

[johnnya]

Umm. We will have to look further. We have a ton of very capable people here at the Forum. perhaps one of our Guru's will jump in and lend a hand.
Cheers
JohnnyA

EDIT: Windows Defender has a dependence in services.msi called Remote Proceedure Call (RPC)
that is set to automatic. Is yours set this way?

Another EDIT: Found another post on our Forum - have a look.
http://www.sevenforums.com/software/155437-windows-defender-services-missing.html

 

[Hopalong X]

To check what johnnya is talking about.

Go to Device Manager> Administrative Tools> Services
Scroll down until you see Windows Defender as in the Snip below I took for you. Highlight Win Defender.
Then you will see the Stop and Restart I circled in yellow towards top-left.

It should be set as mine is after you click Restart. You may need to click Stop if it shows then Restart.

If it doesn't show running after that a Restart of your PC may?? finish turning it on.

Worth a shot to look at least.
Mike

Click the pic to enlarge.

 

[Kbalanis]

The Remote Procedure Call was already set to automatic so that's not it. Plus I still don't have Windows Defender in my services.msc. I'll check that link out too, thanks.


--EDIT--

I saw that link yesterday so I ran that SecurityCheck program and this is the log from it:

Results of screen317's Security Check version 0.99.10
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
McAfee VirusScan Enterprise
McAfee Agent
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 24
Adobe Flash Player 10.0.2.54
Adobe Reader X (10.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee VirusScan Enterprise x64 EngineServer.exe
McAfee VirusScan Enterprise VsTskMgr.exe
McAfee VirusScan Enterprise x64 McShield.exe
McAfee VirusScan Enterprise x64 mfeann.exe
McAfee VirusScan Enterprise shstat.exe
``````````End of Log````````````

I haven't done a Malwarebytes scan in a couple days. The last time I did it returned with no infections but I can run it again if you'd like me to.

I've attached the DDS.txt and attach.txt files that were generated by the DDS.scr file.

 

[Kbalanis]

I just finished a full scan with Malwarebytes. Nothing was found but here's the log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6514
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
5/5/2011 10:54:51 AM
mbam-log-2011-05-05 (10-54-51).txt
Scan type: Full scan (C:\|)
Objects scanned: 450446
Time elapsed: 1 hour(s), 16 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

 

[Carolyn]

From your logs, I see that you've run a multitude of security programs, including ComboFix.

ComboFix should never be used without the supervision of a trained helper.

Do you still have the ComboFix log? C:\ComboFix.txt

If you do, post the contents of that log in your next reply. No attachments please.

 

[Kbalanis]

Yeah I was kinda in crisis mode as soon as I got infected. I tried a couple different programs to do scans but then I uninstalled them. I was told by somebody else that I should run ComboFix, but he didn't tell me it was best to only do so with the help of a trained pro. Shame on me for that, but like I said, I've been a little frantic about the issue since it's my work computer. Anyway, here's the ComboFix log:

ComboFix 11-05-04.04 - kbalanis 05/05/2011 8:24.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.6548 [GMT -7:00]
Running from: c:\users\kbalanis\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\kbalanis\XobniSetup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-05 to 2011-05-05 )))))))))))))))))))))))))))))))
.
.
2011-05-05 15:31 . 2011-05-05 15:31 -------- d-----w- c:\users\Keith Balanis\AppData\Local\temp
2011-05-05 15:31 . 2011-05-05 15:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-04 23:44 . 2011-05-04 23:44 -------- d-----w- c:\windows\system32\SPReview
2011-05-04 23:42 . 2011-05-04 23:42 -------- d-----w- c:\windows\system32\EventProviders
2011-05-04 23:37 . 2010-11-20 13:34 363392 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2011-05-04 23:36 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2011-05-04 23:36 . 2010-11-20 12:17 209920 ----a-w- c:\windows\SysWow64\PkgMgr.exe
2011-05-04 23:36 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2011-05-04 23:36 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2011-05-04 23:36 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-05-04 23:36 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-05-04 23:34 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-05-04 23:34 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-05-04 23:34 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-05-04 23:34 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-05-04 23:34 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-05-04 23:33 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-05-04 23:33 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-05-04 23:02 . 2011-05-04 23:16 -------- d-----w- C:\8bd29fcf06f28268469d6a56
2011-05-03 00:11 . 2011-05-03 00:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-03 00:04 . 2011-05-03 00:04 -------- d-----w- c:\users\kbalanis\AppData\Local\TuneUpMedic
2011-04-29 16:11 . 2011-04-29 16:11 -------- d-----w- c:\program files (x86)\Xobni
2011-04-29 16:10 . 2011-04-29 16:10 -------- d-----w- c:\users\kbalanis\AppData\Roaming\AVG10
2011-04-29 16:05 . 2011-04-29 16:05 -------- d--h--w- c:\programdata\Common Files
2011-04-29 16:04 . 2011-05-02 17:03 -------- d-----w- c:\programdata\AVG10
2011-04-29 16:04 . 2011-04-29 16:04 -------- d-----w- c:\program files (x86)\AVG
2011-04-29 15:57 . 2011-05-02 17:02 -------- d-----w- c:\programdata\MFAData
2011-04-28 19:26 . 2011-04-28 19:26 -------- d-----w- c:\users\kbalanis\AppData\Local\Threat Expert
2011-04-28 18:06 . 2011-04-28 18:06 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-04-28 15:53 . 2011-04-28 16:47 19528 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-28 15:53 . 2011-04-28 15:53 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-04-28 15:52 . 2011-04-28 15:52 -------- d-----w- c:\programdata\Hitman Pro
2011-04-27 22:18 . 2011-04-29 00:08 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner
2011-04-27 15:01 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2011-04-27 15:01 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2011-04-26 18:34 . 2011-05-02 23:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-25 22:23 . 2011-04-25 22:23 -------- d-----w- c:\users\kbalanis\AppData\Local\Wave Systems Corp
2011-04-25 22:22 . 2011-04-25 22:22 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-04-25 18:08 . 2011-04-25 18:08 -------- d-----w- c:\users\kbalanis\AppData\Roaming\IObit
2011-04-25 17:25 . 2011-04-25 17:25 -------- d-----w- c:\users\kbalanis\AppData\Roaming\ParetoLogic
2011-04-25 17:25 . 2011-04-25 17:25 -------- d-----w- c:\users\kbalanis\AppData\Roaming\DriverCure
2011-04-25 17:25 . 2011-04-26 17:58 -------- d-----w- c:\programdata\ParetoLogic
2011-04-22 00:24 . 2011-04-22 00:24 -------- d-----w- c:\users\kbalanis\AppData\Roaming\Malwarebytes
2011-04-22 00:23 . 2011-04-22 00:23 -------- d-----w- c:\programdata\Malwarebytes
2011-04-22 00:23 . 2010-12-21 01:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-20 23:50 . 2011-04-20 23:50 -------- d-----w- c:\users\kbalanis\AppData\Local\{FC297FF4-13DE-493F-A0FB-D9B79D83B1CD}
2011-04-19 14:22 . 2011-04-11 08:21 8802128 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ACE488A6-8877-4AD8-AFE8-100C60025AD1}\mpengine.dll
2011-04-15 23:55 . 2011-04-15 23:55 -------- d-----w- c:\users\kbalanis\AppData\Local\{B916030E-4E6C-4C9D-8A9E-12C87CF716D6}
2011-04-15 23:53 . 1998-02-13 21:30 143872 ----a-w- c:\windows\SysWow64\iacenc.dll
2011-04-15 23:53 . 1997-11-06 19:53 27648 ----a-w- c:\windows\SysWow64\ir50_lcs.dll
2011-04-15 23:53 . 1997-08-27 16:53 391168 ----a-w- c:\windows\SysWow64\i263_32.drv
2011-04-15 23:53 . 1997-06-13 15:56 56832 ----a-w- c:\windows\SysWow64\Iyvu9_32.dll
2011-04-15 23:53 . 1998-07-30 19:51 305152 ----a-w- c:\windows\IsUninst.exe
2011-04-15 23:04 . 2011-04-15 23:04 -------- d-----w- c:\users\kbalanis\AppData\Roaming\Media Player Classic
2011-04-15 23:02 . 2011-03-02 10:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll
2011-04-15 22:57 . 2011-04-15 22:57 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-04-15 22:56 . 2011-04-15 22:56 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-15 22:56 . 2011-04-15 22:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-15 22:56 . 2011-04-15 22:56 -------- d-----w- c:\users\kbalanis\AppData\Local\{AF809551-663D-4FCB-B7F2-3963393B2015}
2011-04-15 22:56 . 2011-04-15 22:56 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-15 18:42 . 2011-04-15 18:42 -------- d-----w- c:\users\kbalanis\AppData\Local\{C8CB5FA3-EB69-4EE6-A995-8708C862B5C8}
2011-04-15 18:41 . 2011-04-15 18:41 -------- d-----w- c:\users\kbalanis\AppData\Local\{EB6F81BC-E876-4A38-9B41-F12103101298}
2011-04-15 16:30 . 2011-04-15 16:30 -------- d-----w- c:\users\kbalanis\AppData\Local\{86C5F188-1C3C-4E2D-B30A-EE32C33D0F2E}
2011-04-15 16:04 . 2011-04-15 16:04 -------- d-----w- c:\users\kbalanis\AppData\Local\{3A9D6DA1-5646-4B8B-B389-9D6A0E8A5F9C}
2011-04-14 20:57 . 2011-04-14 20:58 -------- d-----w- c:\users\kbalanis\AppData\Local\{0622E935-683C-45F8-B81C-17261BE92DBC}
2011-04-14 20:55 . 2011-04-14 20:55 -------- d-----w- c:\users\kbalanis\AppData\Local\{F390F25A-942B-4075-B28E-E1278A487295}
2011-04-14 20:53 . 2011-04-14 20:54 -------- d-----w- c:\users\kbalanis\AppData\Local\{8F67EFFB-85FA-4636-8D08-0FF915FC6EA6}
2011-04-14 20:52 . 2011-04-14 20:52 -------- d-----w- c:\users\kbalanis\AppData\Local\{06BD9DBF-CDEE-49EA-8CCE-3529EFA00C6C}
2011-04-14 20:51 . 2011-04-14 20:51 -------- d-----w- c:\users\kbalanis\AppData\Local\{6D6682A6-35A9-40EF-9C8B-87F116457AF3}
2011-04-14 20:50 . 2011-04-14 20:50 -------- d-----w- c:\users\kbalanis\AppData\Local\{BAC6BC2D-E3F6-4067-9E88-B90CD31914CB}
2011-04-13 15:01 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-11 14:51 . 2011-04-11 14:51 -------- d-----w- C:\CTS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-04 23:50 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-05-04 23:50 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-16 14:52 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-04 06:19 . 2011-04-27 15:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-27 15:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-19 12:05 . 2011-03-09 15:03 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-09 15:03 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-09 15:03 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-09 15:03 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-09 15:03 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-04-23 1314816]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-04-30 124240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-11-04 611712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files (x86)\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2010-2-8 1416560]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 185192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-01-04 1436424]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 w4shwdrv;w4shwdrv;c:\users\kbalanis\AppData\Local\Temp\w4s266A.tmp [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2010-02-08 515952]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-04-30 19720]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-10-27 6807656]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 18:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 18:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-12-03 1712232]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\w4shwdrv]
"ImagePath"="\??\c:\users\kbalanis\AppData\Local\Temp\w4s266A.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1369809732-1291637309-727275192-1616\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1369809732-1291637309-727275192-1616\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-05 08:34:11
ComboFix-quarantined-files.txt 2011-05-05 15:34
.
Pre-Run: 256,822,259,712 bytes free
Post-Run: 256,571,719,680 bytes free
.
- - End Of File - - 0703D1EB62ED721CE00D5E5DEE8C7FFF

 

[Carolyn]

There is another ComboFix log that I would like to see.

It can be found here C:\qoobox\ComboFix2.txt

You can attach that one (the logs are long)

 

[Kbalanis]

I looked but I didn't find a ComboFix2.txt file in the qoobox folder.I attached a screenshot of what is located in that folder:

 

[Carolyn]

Okay, please post the contents of C:\Qoobox\ComboFix-quarantined-files.txt

 

[Kbalanis]

Here it is:

2011-04-29 16:11:42 . 2011-04-29 16:12:26 6,533,152 ----a-w- C:\Qoobox\Quarantine\C\Users\kbalanis\XobniSetup.exe.vir
2011-04-28 18:47:36 . 2011-04-28 18:47:36 500 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-CodInstl.reg.dat
2011-04-28 18:47:26 . 2011-04-28 18:47:26 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2011-04-28 18:46:59 . 2011-05-05 15:32:53 197 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat
2011-04-28 18:41:10 . 2011-05-05 15:29:04 5,966 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-04-28 18:36:42 . 2011-05-05 15:22:55 102 ----a-w- C:\Qoobox\Quarantine\catchme.log

 

[Carolyn]

I'm very sorry, but your best option is to backup any important files and folders, format the harddrive and reinstall Windows. After running 5 or 6 different anti-virus/anti-malware programs and a registry cleaner, your lucky that this computer boots up.

Usually I am able to get everything working again after getting a virus but this is something that I cannot get to work

You should not be getting reinfected on a regular basis.

Prevention

http://www.sevenforums.com/tutorials/1649-clean-install-windows-7-a.html

Since this is no longer a malware issue, I think you should close your topic at the Malwarebytes' forum as well.

Windows Defender Error 0x80070424 - Malwarebytes Forum

 

[Kbalanis]

Generally speaking, I've been able to get rid of viruses with no problem. I haven't had any virus problems on this computer until this one that's disabled my Defender. In the past, on other computers, I've been able to get rid of viruses. That's basically what I meant. I contacted Malwarebytes about it first because I thought I could get help from them if it was still malware or a virus. But they were taking too long to get back to me, I know they're busy so I understand. It's just that I had to get this resolved as soon as possible.

So I have to format the harddrive? Or can I just reinstall windows?

Would a system restore back to before I got the virus work as a possible option?

 

[Carolyn]

Would a system restore back to before I got the virus work as a possible option?

If this was my computer, I would format and reinstall.

If you want to try system restore, please backup your important files first.

 

[Kbalanis]

Ok, thanks for all your help.

 

[Kbalanis]

One more thing, this may sound like a stupid question but I don't want to further damage anything. My computer is connected through an ethernet cable to a network of drives, 4 or 5 of them. Not quite sure exactly how many. On these drives are many files, created by others where I work, and some created by myself. So I guess my question is, If I was going to do a system restore, would that affect any of these other drives on the network? I wouldn't think it would but I just want to be careful. For extra precaution I can unplug the ethernet cable so I'm not connected to the network at all. Thank you for the help again.

 

[Carolyn]

I wouldn't think it would but I just want to be careful. For extra precaution I can unplug the ethernet cable so I'm not connected to the network at all.

Its a good idea to disconnect from the network. You should also advise the IT person at work that your computer was infected. Measures need to be taken to determine if other computers on the network have been infected as well.

 

[Kbalanis]

Ok, thank you.