Windows Update Service Not Running

[devatdi]

Hi, I have read about this issue with other users, saying Windows can not update, please restart. I also ran the Elevated Command Prompt with the following commands

NET START BFE
NET START BITS
NET START WUAUSERV
NET START TRUSTEDINSTALLER

and the results came back as:

C:\Users\Chris>NET START BFE
The Service name is invalid.
More help is available by typing NET HELPMSG 2185.

C:\Users\Chris>NET START BITS
System error 5 has occured.

Access is denied.

C:\Users\Chris>NET START WUAUSERV
The service name is invalid.
More help is available by typing NET HELPMSG 2185.

C:\Users\Chris>NET START TRUSTEDINSTALLER
System error 5 has occured.

Access is denied.

I also looked at Services and its seems that the Windows update is missing entirely
and when i tried to install this update: Update for Windows 7 for x64-based Systems (KB982018)it verified my windows but came back with this i recive an error ''installer encountered an error 0x80070424''

Any help getting my Windows update restarted would be greatly appreciated.

Many thanks and Kind Regards in advance

Chris

 

[devatdi]

Further to my ppost, I just found some rootkits which maybe are causing the problem?

Performing miscellaneous checks:
* ALERT: ZEROACCESS rootkit symptoms found!
* C:\Users\Chris\AppData\Local\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\ [ZA Dir]
* C:\Users\Chris\AppData\Local\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\@ [ZA File]
* C:\Users\Chris\AppData\Local\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\L\ [ZA Dir]
* C:\Users\Chris\AppData\Local\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\U\ [ZA Dir]
* C:\Windows\installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\ [ZA Dir]
* C:\Windows\installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\@ [ZA File]
* C:\Windows\installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\L\ [ZA Dir]
* C:\Windows\installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\U\ [ZA Dir]
Checking Windows Service Integrity:
* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual
* BFE [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]
* SharedAccess [Missing ImagePath]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* No issues found.
Program finished at: 10/21/2013 12:14:54 PM
Execution time: 0 hours(s), 4 minute(s), and 1 seconds(s)

When I run TDSS rootkit removing tool and Malwarebytes it can not find anything to remove... if this is to blame, has anyone got any hints, many thanks Chris

 

[NoelDP]

Please downloadthe Farbar Service Scanner from



http://www.bleepingcomputer.com/download/farbar-service-scanner/



Right-click onthe saved file and select 'Run as Administrator', and tick all the options,then click on the Scan button - copy and paste the report to your response.

 

[devatdi]

Farbar Service Scanner Version: 20-10-2013
Ran by Chris (administrator) on 21-10-2013 at 15:11:33
Running from "C:\Users\Chris\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is offline

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Parameters\FirewallPolicy\FirewallRules" registry key. The key does not exist.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

 

[NoelDP]

I think you'd better make sure the machine is clean before we take steps to repair the current damage.
I'm going to ask a malware specialist to come in and advise...
stay tuned

 

[Jacee]

I see this in the log above: " * ALERT: ZEROACCESS rootkit symptoms found!"

Do you have the log from TDSS rootkit removing tool saved? If not, please run another scan with the tool and post the contents of that log.

 

[devatdi]

Hi, this is the original log that I saved.

kill 2.6.2 by Lawrence Abrams (Grinler)
Bleeping Computer - Technical Support and Computer Help
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
RKill - What it does and What it Doesn't - A brief introduction to the program - Anti-Virus and Anti-Malware Software
Program started at: 10/21/2013 12:10:53 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]
Backup Registry file created at:
C:\Users\Chris\Desktop\rkill\rkill-10-21-2013-12-11-31.reg
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* ALERT: ZEROACCESS rootkit symptoms found!
* C:\Users\Chris\AppData\Local\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\ [ZA Dir]
* C:\Users\Chris\AppData\Local\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\@ [ZA File]
* C:\Users\Chris\AppData\Local\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\L\ [ZA Dir]
* C:\Users\Chris\AppData\Local\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\U\ [ZA Dir]
* C:\Windows\installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\ [ZA Dir]
* C:\Windows\installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\@ [ZA File]
* C:\Windows\installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\L\ [ZA Dir]
* C:\Windows\installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\U\ [ZA Dir]
Checking Windows Service Integrity:
* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual
* BFE [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]
* SharedAccess [Missing ImagePath]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* No issues found.
Program finished at: 10/21/2013 12:14:54 PM
Execution time: 0 hours(s), 4 minute(s), and 1 seconds(s)

 

[Jacee]

Okay, that's an Rkill log.




Download http://www.bleepingcomputer.com/download/tdsskiller/

and save it to your Desktop

• Extract the file and run it.
• Once completed it will create a log in the root directory (usually C:\).
• Please post the contents of that log in your next reply.

 

[devatdi]

So sorry I was rushing, i had already done a TDSSKiller scan but have done a fresh one anyway:

Here Goes the shortened version, I have enclosed the full version as an attachement, as it wouldn't fit on. If you need the full version posting just let me know.

17:19:55.0308 0x189c TDSS rootkit removing tool 3.0.0.14 Oct 15 2013 15:35:38
============================================================
17:19:58.0488 0x189c Current date / time: 2013/10/23 17:19:58.0488
17:19:58.0488 0x189c SystemInfo:
17:19:58.0488 0x189c
17:19:58.0488 0x189c OS Version: 6.1.7601 ServicePack: 1.0
17:19:58.0488 0x189c Product type: Workstation
17:19:58.0488 0x189c ComputerName: CHRIS-PC
17:19:58.0488 0x189c UserName: Chris
17:19:58.0488 0x189c Windows directory: C:\Windows
17:19:58.0488 0x189c System windows directory: C:\Windows
17:19:58.0488 0x189c Running under WOW64
17:19:58.0488 0x189c Processor architecture: Intel x64
17:19:58.0488 0x189c Number of processors: 4
17:19:58.0488 0x189c Page size: 0x1000
17:19:58.0488 0x189c Boot type: Normal boot
17:19:58.0488 0x189c ============================================================
17:20:01.0868 0x189c Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:20:01.0868 0x189c ============================================================
17:20:01.0868 0x189c \Device\Harddisk0\DR0:
17:20:01.0868 0x189c MBR partitions:
17:20:01.0868 0x189c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1388000
17:20:01.0868 0x189c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13BA800, BlocksNum 0x7530000
17:20:01.0888 0x189c \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x88EB000, BlocksNum 0x31A9A800
17:20:01.0888 0x189c ============================================================
17:20:01.0908 0x189c C: <-> \Device\Harddisk0\DR0\Partition2
17:20:01.0938 0x189c D: <-> \Device\Harddisk0\DR0\Partition3
17:20:01.0938 0x189c ============================================================
17:20:01.0938 0x189c Initialize success
17:20:01.0938 0x189c ============================================================
17:20:05.0798 0x0d3c ============================================================
17:20:05.0798 0x0d3c Scan started
17:20:05.0798 0x0d3c Mode: Manual;
17:20:05.0798 0x0d3c ============================================================
17:20:05.0798 0x0d3c KSN ping started
17:20:29.0088 0x0d3c KSN ping finished: true
17:20:29.0698 0x0d3c ================ Scan system memory ========================
17:20:29.0698 0x0d3c System memory - ok
17:20:29.0698 0x0d3c ================ Scan services =============================
============================================================
17:21:17.0248 0x0d3c Scan finished
17:21:17.0248 0x0d3c ============================================================
17:21:17.0258 0x1130 Detected object count: 0
17:21:17.0258 0x1130 Actual detected object count: 0
17:22:02.0878 0x186c Deinitialize success

 

[Jacee]

Well, you have something going on here, but it doesn't appear to be a "Rootkit" at this point.

Download DDS from one of these links:
DDS.com
DDS.pif

• Disable any script blocking protection
• Double click the dds icon to run the tool.
• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt <--- will be minimized in the task tray
• Save both reports to your desktop.

Include the contents of both logs in your next post.
The scan will instruct you to post Attach.txt as an attachment.

 

[devatdi]

Hi, sorry for the delay

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16447 BrowserJavaVersion: 10.45.2
Run by Chris at 17:25:52 on 2013-10-24
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.co.uk/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Spotify Web Helper] "C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{299CE923-2B77-4C1E-B79D-C8631CB38AF7} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{299CE923-2B77-4C1E-B79D-C8631CB38AF7}\05C65737E6564775962756C6563737 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{299CE923-2B77-4C1E-B79D-C8631CB38AF7}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{299CE923-2B77-4C1E-B79D-C8631CB38AF7}\4435C4D22363430325 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{CBF464F5-462A-4478-AA60-5B4B0E66392A} : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: DAPIELoader Class: {FF6C3CF0-4B15-11D1-ABED-709549C10000} -
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2013-10-23 20:29:58 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FF611B25-DE9E-4852-B796-F890115714D7}\mpengine.dll
2013-10-22 17:08:51 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-21 11:44:31 -------- d-----w- C:\Program Files (x86)\ESET
2013-10-21 11:17:07 -------- d-----w- C:\Users\Chris\AppData\Roaming\Malwarebytes
2013-10-21 11:16:21 -------- d-----w- C:\ProgramData\Malwarebytes
2013-10-21 11:16:12 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-10-21 11:16:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-21 11:15:58 -------- d-----w- C:\Users\Chris\AppData\Local\Programs
2013-10-21 10:55:52 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-21 10:00:13 -------- d-----w- C:\Users\Chris\AppData\Roaming\Uniblue
2013-10-21 10:00:13 -------- d-----w- C:\Program Files (x86)\Uniblue
2013-10-21 09:21:50 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-10-21 09:21:48 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-10-21 09:10:58 -------- d-----w- C:\Windows\PCHEALTH
2013-10-21 08:55:39 -------- d-----w- C:\Users\Chris\AppData\Local\{FFCCDA74-8921-49CE-9B5C-B3CC57C5F15E}
2013-10-21 01:40:23 -------- d-----w- C:\Program Files\PeerBlock
.
==================== Find3M ====================
.
.
============= FINISH: 17:26:50.22 ===============

 

[devatdi]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX 64-bit
Adobe Reader 9.1.2
Advanced Audio FX Engine
ATI Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
D-Fend Reloaded 0.9.3 (deinstall)
D3DX10
DAP Plug-in for 64 Bit IE
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Edoc Viewer
Dell Touchpad
Dell Webcam Central
Dell Wireless WLAN Card Utility
DriverScanner
ESET Online Scanner v3
Football Manager 2011
Internet TV for Windows Media Center
Java 7 Update 45
Java Auto Updater
Java(TM) 6 Update 16 (64-bit)
Junk Mail filter update
K-Lite Codec Pack 7.2.0 (Basic)
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee SecurityCenter
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Live Add-in 1.4
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft_VC100_CRT_SP1_x64
Microsoft_VC100_CRT_SP1_x86
MSVC80_x64_v2
MSVC80_x86_v2
MSVC90_x64
MSVC90_x86
MSVCRT
MSVCRT_amd64
Nokia Connectivity Cable Driver
Nokia Suite
OpenOffice.org 3.2
Opera 10.63
PC Connectivity Solution
PeerBlock 1.1 (r518)
Plusnet Assist
PowerDVD DX
Quickset64
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Roxio Burn
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Shared C Run-time for x64
Sierra Utilities
Skins
SopCast 3.2.9
Spotify
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Ultimate Soccer Manager 98
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VLC media player 1.0.5
WIDCOMM Bluetooth Software
Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
Zip Motion Block Video codec (Remove Only)
.
==== End Of File ===========================

 

[NoelDP]

I see bits of both McAfee and AVG still resident?
Java v1.6.x is still installed.
other than those, and a couple of weird entries in the pseudo-hjt area, I see nothing - but Jacee will probably see more, so I'll leave it to her

 

[Jacee]

Download Security Check by screen317 from here http://screen317.spywareinfoforum.org/SecurityCheck.exe or here http://screen317.spywareinfoforum.org/
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

 

[devatdi]

Running the Security Check, at the preparing stage it come back with an AutoIt Error - Line-1 Error: Variable must be of type "Object".

The results:
Results of screen317's Security Check version 0.99.74
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 45
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

[devatdi]

Further to the information provided, I was just wondering if anyone had any idea's about safe removal of whatever has caused this? and how to fix the windows updates?
many thanks chris

 

[NoelDP]

I'm not infringing on Jacee's territory any more than I already have done