Windows defender error 0x80070424

ajadepoju · Sep 6, 2012

I got hit by a virus a while back. Now ive done what i can to fix things for months but to no avail, so hopefully someone with more knowledge can help. When i try to run defender that happens.
I have found a lot of similar stories to mine but with minor differences to my own issues so its hard to know what to do. Most of the support pages say to go to services and edit. But things are missing. I was instructed to create a binary path but which i did. But i dont think its connected to anything? I cant update my computer because of this and its taking its toll.

Golden · Sep 6, 2012

Hi,

0x80070424 is often caused by a system that is not updated, sometimes due to existing malware on the system. Is your current Windows installation up-to-date?

If there is malware present on your system, I suggest scanning from outside the Windows environment. Please follow this tutorial to do that, and remove any threats. Make a note of the threats it finds, if any, and post back the names here.

http://www.sevenforums.com/tutorials/166445-windows-defender-offline.html

Regards,
Golden

ajadepoju · Sep 6, 2012

This is the only computer i have access to im afraid. I dont think i can do that.

Golden · Sep 6, 2012

Thats not good - you need to access another known safe computer to burn the DVD/ISO, then boot from it on the infected computer.

ajadepoju · Sep 6, 2012

No, i havent been able to update for a while. After a virus a while back i havent been able to.

Golden · Sep 6, 2012

OK. See my advice above^ until you do that, there isn't much else we can do.

Do you know which virus you were infected with?

ajadepoju · Sep 6, 2012

It was more than a month or two ago. I dont recall the virus im afraid. In regards to your suggestion without access to another computer am i basically stuck?

Golden · Sep 6, 2012

Mmmm. Lets try something:

1. Download and try to install the FREE version of Malwarebytes
2. Run a FULL scan if possible
3. If it finds threats, make a note of them for posting back here, and delete them if you get the option.
4. After scanning and removal is complete, reboot your system and log in as normal
5. Scan with Malwarebytes again.
6. If nothing is found, try and update Windows - if it can't update, post the error code here.

ajadepoju · Sep 6, 2012

i have the paid version of malwarebytes i scan frequently, ill start a new scan now

Golden · Sep 6, 2012

shawn77 · Sep 6, 2012

please download Downloading Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

ajadepoju · Sep 6, 2012

malwarebytes is still scanning dunno if that affects it but. this came up when i clicked scan. http://puu.sh/12xJe

ajadepoju · Sep 6, 2012

Golden said:
Mmmm. Lets try something:

1. Download and try to install the FREE version of Malwarebytes
2. Run a FULL scan if possible
3. If it finds threats, make a note of them for posting back here, and delete them if you get the option.
4. After scanning and removal is complete, reboot your system and log in as normal
5. Scan with Malwarebytes again.
6. If nothing is found, try and update Windows - if it can't update, post the error code here.

Ive done the scan. Now funnily enough this one seems to come up every scan. I dont know if im getting the same bug or if its just not removing it. http://puu.sh/12xLk

Golden · Sep 6, 2012

Yep - thats the problem. Follow shawn77's suggestions.

ajadepoju · Sep 6, 2012

shawn77 said:
please download Downloading Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

But when i do this and click "scan" http://puu.sh/12xLk that happens

shawn77 · Sep 6, 2012

Download & SAVE to your Desktop RogueKiller or from here
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Click on Report and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller

ajadepoju · Sep 7, 2012

shawn77 said:
Download & SAVE to your Desktop RogueKiller or from here

Quit all programs that you may have started.

Please disconnect any USB or external drives from the computer before you run this scan!

For Vista or Windows 7, right-click and select "Run as Administrator to start"

For Windows XP, double-click to start.

Wait until Prescan has finished ...

Then Click on "Scan" button

Wait until the Status box shows "Scan Finished"

Click on Report and copy/paste the content of the Notepad into your next reply.

The log should be found in RKreport[1].txt on your Desktop

Exit/Close RogueKiller

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: RogueKiller - Geeks to Go Forums
Blog: tigzy-RK

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Aarron [Admin rights]
Mode : Scan -- Date : 09/07/2012 09:31:49

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-3364007784-3991715225-2710952795-1000\$1939de08022f29099ec554d1f6c40f43\n.) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$1939de08022f29099ec554d1f6c40f43\n.) -> FOUND
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$1939de08022f29099ec554d1f6c40f43\n.) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{1939de08-022f-2909-9ec5-54d1f6c40f43}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{1939de08-022f-2909-9ec5-54d1f6c40f43}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{1939de08-022f-2909-9ec5-54d1f6c40f43}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$1939de08022f29099ec554d1f6c40f43\@ --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3364007784-3991715225-2710952795-1000\$1939de08022f29099ec554d1f6c40f43\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$1939de08022f29099ec554d1f6c40f43\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3364007784-3991715225-2710952795-1000\$1939de08022f29099ec554d1f6c40f43\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$1939de08022f29099ec554d1f6c40f43\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3364007784-3991715225-2710952795-1000\$1939de08022f29099ec554d1f6c40f43\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 Registration
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 125.252.224.90
127.0.0.1 125.252.224.91
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9750420AS ATA Device +++++
--- User ---
[MBR] 9a981f34d080484c3cd7bc255c8f7455
[BSP] 64a9930d5d65a8994b3e7890bf33f9f9 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 715302 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

shawn77 · Sep 7, 2012

Press the DELETE option

Copy the log and paste it here

ajadepoju · Sep 7, 2012

shawn77 said:
Press the DELETE option

Copy the log and paste it here

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: RogueKiller - Geeks to Go Forums
Blog: tigzy-RK

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Aarron [Admin rights]
Mode : Remove -- Date : 09/07/2012 16:43:04

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-3364007784-3991715225-2710952795-1000\$1939de08022f29099ec554d1f6c40f43\n.) -> REPLACED (C:\Windows\system32\shell32.dll)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$1939de08022f29099ec554d1f6c40f43\n.) -> REPLACED (C:\Windows\system32\wbem\fastprox.dll)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{1939de08-022f-2909-9ec5-54d1f6c40f43}\@ --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{1939de08-022f-2909-9ec5-54d1f6c40f43}\U\00000004.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{1939de08-022f-2909-9ec5-54d1f6c40f43}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{1939de08-022f-2909-9ec5-54d1f6c40f43}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\Windows\Installer\{1939de08-022f-2909-9ec5-54d1f6c40f43}\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{1939de08-022f-2909-9ec5-54d1f6c40f43}\L --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$1939de08022f29099ec554d1f6c40f43\@ --> REMOVED
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3364007784-3991715225-2710952795-1000\$1939de08022f29099ec554d1f6c40f43\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$1939de08022f29099ec554d1f6c40f43\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3364007784-3991715225-2710952795-1000\$1939de08022f29099ec554d1f6c40f43\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-18\$1939de08022f29099ec554d1f6c40f43\L\00000004.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$1939de08022f29099ec554d1f6c40f43\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3364007784-3991715225-2710952795-1000\$1939de08022f29099ec554d1f6c40f43\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 Registration
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 125.252.224.90
127.0.0.1 125.252.224.91
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9750420AS ATA Device +++++
--- User ---
[MBR] 9a981f34d080484c3cd7bc255c8f7455
[BSP] 64a9930d5d65a8994b3e7890bf33f9f9 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 715302 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

ajadepoju · Sep 8, 2012

is there a next step?

Windows defender error 0x80070424

New member

My Computer

000

My Computer

New member

My Computer

000

My Computer

New member

My Computer

000

My Computer

New member

My Computer

000

My Computer

New member

My Computer

000

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

000

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

New member

My Computer

Similar threads