Inactive Viruses on Windows Vista PC

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\Fxdrv.sys -- (FXDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2:  File not found
FF - HKCU\Software\MozillaPlugins\[USER=324148]Facebook[/USER].com/FBPlugin,version=1.0.3: C:\Users\GRAHAM\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:D507B5A8
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:A819A132
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:843E98D0
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F0EDC13A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:DE875C30
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:872B86AD
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:F156EE59
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:B1381B34
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:E71141D2
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:2DF54B62
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5084131D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:DF32B227
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:33DB8278
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:E7172B7A

:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
Last scans....

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Suzie]

OTL output

All processes killed
========== OTL ==========
Service MRENDIS5 stopped successfully!
Service MRENDIS5 deleted successfully!
File C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS not found.
Service MREMPR5 stopped successfully!
Service MREMPR5 deleted successfully!
File C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS not found.
Service FXDRV stopped successfully!
Service FXDRV deleted successfully!
File E:\Fxdrv.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\Facebook.com/FBPlugin,version=1.0.3\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
ADS C:\ProgramData\TEMP507B5A8 deleted successfully.
ADS C:\ProgramData\TEMP:A819A132 deleted successfully.
ADS C:\ProgramData\TEMP:843E98D0 deleted successfully.
ADS C:\ProgramData\TEMP:F0EDC13A deleted successfully.
ADS C:\ProgramData\TEMPE875C30 deleted successfully.
ADS C:\ProgramData\TEMP:872B86AD deleted successfully.
ADS C:\ProgramData\TEMP:F156EE59 deleted successfully.
ADS C:\ProgramData\TEMP:B1381B34 deleted successfully.
ADS C:\ProgramData\TEMP:E71141D2 deleted successfully.
ADS C:\ProgramData\TEMP:2DF54B62 deleted successfully.
ADS C:\ProgramData\TEMP:5084131D deleted successfully.
ADS C:\ProgramData\TEMP:5311B0B8 deleted successfully.
ADS C:\ProgramData\TEMPF32B227 deleted successfully.
ADS C:\ProgramData\TEMP:33DB8278 deleted successfully.
ADS C:\ProgramData\TEMP:E7172B7A deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives\Users\00000002 folder moved successfully.
C:\FRST\Hives\Users\00000001 folder moved successfully.
C:\FRST\Hives\Users folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: GRAHAM
->Temp folder emptied: 4821765 bytes
->Temporary Internet Files folder emptied: 15934872 bytes
->Java cache emptied: 7707760 bytes
->Google Chrome cache emptied: 222906838 bytes
->Flash cache emptied: 42494 bytes

User: KIDS
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 237774255 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 51492 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49623 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 6447298 bytes
RecycleBin emptied: 916 bytes

Total Files Cleaned = 473.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: GRAHAM
->Java cache emptied: 0 bytes

User: KIDS

User: Public

User: TEMP

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: GRAHAM
->Flash cache emptied: 0 bytes

User: KIDS

User: Public

User: TEMP

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08232013_235201

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[Suzie]

Checkup.txt

Results of screen317's Security Check version 0.99.72
Windows Vista Service Pack 1 x86 (UAC is disabled!)
Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 25
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.8.800.94
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader XI (KB403742..)
Google Chrome 26.0.1410.43
Google Chrome 28.0.1500.95
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 8 % Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

 

[Suzie]

The link you gave for FSS is giving me:

[FONT=arial]Oops! Google Chrome could not connect to www.bleepingcomputer.com[/FONT]


Should I search for it elsewhere? Or do you have a different link I could try?

Cheers,
Suzie

 

[Suzie]

Managed to download FSS.exe from http://malwaretips.com/Thread-Windows-Security-Service-can-t-be-started
Going ahead with it now.

 

[Suzie]

FSS.txt:

Farbar Service Scanner Version: 18-08-2013
Ran by GRAHAM (administrator) on 24-08-2013 at 00:30:48
Running from "C:\Users\GRAHAM\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

ATTENTION!=====> local policy on IP:
Key: "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local"
Value: "ActivePolicy"
Data: "SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{b4f9004c-904c-45a5-8711-3501b4a3f465}"


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-08-14 20:40] - [2010-06-16 16:55] - 0902032 ____A (Microsoft Corporation) 6216A954ED7045B62880A92D6C9B9FC7

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll
[2008-07-19 18:30] - [2008-01-19 08:34] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2010-08-14 20:40] - [2010-06-16 16:09] - 0328704 ____A (Microsoft Corporation) D3E6D78285529962349A7F1617035938

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-07-19 18:32] - [2008-01-19 08:33] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll
[2008-07-19 18:29] - [2008-01-19 08:37] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll
[2008-07-19 18:29] - [2008-01-19 08:36] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-07-19 18:31] - [2008-01-19 08:36] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll
[2008-08-14 19:25] - [2008-04-18 06:48] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll
[2008-07-19 18:28] - [2008-01-19 08:34] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll
[2010-04-15 10:57] - [2010-02-18 15:11] - 0190464 ____A (Microsoft Corporation) 6A35D233693EDC29A12742049BC5E37F

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-04-17 19:43] - [2009-03-03 05:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



**** End of log ****

 

[Suzie]

Hi,
I'm not managing to run the ESET online scanner. I get the message:
[FONT=arial]Oops! Google Chrome could not connect to www.eset.com[/FONT]

[FONT=arial]Try reloading: www.eset.com/online-scanner-popup/ [/FONT]
[FONT=arial] [/FONT]
[FONT=arial] [/FONT]
[FONT=arial]I've tried getting it from a couple of other places, but no joy so far.[/FONT]
[FONT=arial] [/FONT]
[FONT=arial]Suzie[/FONT]

 

[Suzie]

Hi Broni,

Sorry but I'm failing to get the eset thing to run. I've downloaded a couple of things that said they were it, but think I may just have undone some of your good work and picked up new viruses - Chrome is defaulting to a home page of Delta search again. It's late here now so I've asked MSE to do a full scan and will check it, and for messages from you , in the morning.

Thanks for all your help
Suzie

 

[Broni]

When done....

Reset Chrome...
Click on "Customize and control Google Chrome":

http://i1.ifrm.com/228/109/upload/p22003758.gif][/url]

Click "Settings" then "Show advanced settings" at the bottom of the screen.

Click "Reset browser settings" button.

Restart Chrome.
See if Chrome is better.

 

[Suzie]

Hi,

I reset the Chrome settings as you have instructed above, but it's still going to Delta Search.

MSE still looks healthy, but Windows updates failing to install, including a load of security updates. I read up a bit on this and it said that space might cause an issue with this. My hard drive was partitioned by the system builder and the C: drive is pretty full. A while ago I managed to delete the other partition but it's now just showing as free space and I can't extend C: into it. Anyway, I defragmented C:, then spent some time deleting stuff on C:, emptied the recycle bin and tried the Windows updates again - still no joy. I have also noticed that I have 'Browser Defender' which I can't uninstall.

I've got IE installed and opened that -it also goes to Delta Search, and fails to get to hotmail.

I will wait now till I get instruction from you - I hope that what I've been trying has been helpful to the process rather than hindering it.

Thank you
Suzie

 

[Suzie]

Hi again,

Just to say that Chrome is not going to Delta Search today!

Suzie

 

[Broni]

Good news

We have to fix one issue....

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/


Go Start>Run, type in:
regedit
Click OK.

In registry editor navigate to the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local
In right pane you'll see following key:
"ActivePolicy"
Right click on it, click "Delete".

Restart computer, check on internet connection and post new FSS log.

 

[Suzie]

Hi,

Did the regedit, restarted. Checked the following:

- Chrome - no longer goes to Delta Search, and I can now get to hotmail OK
- IE - no longer goes to Delta Search
- Windows Updates - these are still failing (with 6 important and 4 optional updates outstanding)
- Browser defender - has disappeared
- MSE - looks healthy, updated the virus definitions
- FSS - downloaded afresh and ran a scan, with all boxes ticked

FSS output:

Farbar Service Scanner Version: 18-08-2013
Ran by GRAHAM (administrator) on 25-08-2013 at 21:21:03
Running from "C:\Users\GRAHAM\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-08-14 20:40] - [2010-06-16 16:55] - 0902032 ____A (Microsoft Corporation) 6216A954ED7045B62880A92D6C9B9FC7

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll
[2008-07-19 18:30] - [2008-01-19 08:34] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2010-08-14 20:40] - [2010-06-16 16:09] - 0328704 ____A (Microsoft Corporation) D3E6D78285529962349A7F1617035938

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-07-19 18:32] - [2008-01-19 08:33] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll
[2008-07-19 18:29] - [2008-01-19 08:37] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll
[2008-07-19 18:29] - [2008-01-19 08:36] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-07-19 18:31] - [2008-01-19 08:36] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll
[2008-08-14 19:25] - [2008-04-18 06:48] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll
[2008-07-19 18:28] - [2008-01-19 08:34] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll
[2010-04-15 10:57] - [2010-02-18 15:11] - 0190464 ____A (Microsoft Corporation) 6A35D233693EDC29A12742049BC5E37F

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-04-17 19:43] - [2009-03-03 05:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



**** End of log ****

 

[Broni]

Good job

I still need Eset scan results.

 

[Suzie]

Hi again,

I've had a problem with MSE again, in that it wouldn't let me turn off real-time protection (I could untick the box, but the 'save changes' button was still greyed out). So here's what I did:

1. Downloaded the ESET file
2. Exited MBAR
3. Uninstalled MSE
4. Ran ESET (it didn't find any threats)
5. Re-installed MSE (this updated virus definitions and did a quick scan - it seems to have connection problems sometimes when updating it's definitions)
6. Turned on MBAR again

Windows Update is now saying that there are 15 important and 4 optional updates available.
Checked MSE to see if turning off real-time protection is now possible but it's the same as before - I left it ticked on.

Thanks
Suzie

 

[Broni]

I'm not sure if I understand.
Are you having any current issues?

Surely your Windows updates are not current.
Service Pack 2, for instance is not installed.

 

[Suzie]

Hi Broni, Yes, despite ESET finding nothing, I still have the following issues (that I'm aware of): 1. Windows updates will not install - there are loads of updates outstanding - I don't think an update has been applied for ages. 2. I'm unable to turn off real-time protection in MSE (I only notice this cos of trying to disable it to run things like ESET) Thanks Suzie

 

[Broni]

What happens when you try try to install Windows updates?
Getting any errors?
Do all updates fail?
Did you try to install one update at a time?

 

[Suzie]

Hi Broni,

Here's my notes re installing Windows Updates

Control Panel -> Windows Update ->

It says 7 important updates are available and 4 optional udpates are available. There were more yesterday, so maybe it has been installing stuff??

I click on 'Install Updates'. - It starts to download 7 updates. Installing update 1 of 1.
View Update History - some have been successful but loads have failed, especially Windows Vista Security ones. Some others (e.g. Office ones) have worked ok.
I've uploaded a JPG of the screen showing the details of the most recently failed Vista security update.

Thanks
Suzie

 

[Suzie]

Hi - I just noticed that it tried to do the Vista Service Pack 2 yesterday and it failed. I also noticed I could copy the details without creating a screen dump, so here they are:

Windows Vista Service Pack 2 (KB948465)

Installation date: ‎27/‎08/‎2013 18:40

Installation status: Failed

Error details: Code 80070490

Update type: Important

Windows Vista Service Pack 2 is an update to Windows Vista that includes all of the updates that have been delivered since Service Pack 1, as well as support for new types of hardware and emerging hardware standards. After you install this item, you may have to restart your computer. This update is provided to you and licensed under the Windows Vista License Terms.

More information:
http://support.microsoft.com/kb/948465

Help and Support:
http://technet.microsoft.com/en-us/windows/dd767387.aspx

 

[Broni]

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Go to Step 4 and under "System Restore" click on Create button:

Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

 

[Suzie]

Here it is:

Running Repair Under System Account
Starting Repairs...
Start (27/08/2013 21:46:22)

Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (27/08/2013 21:46:22)
Running Repair Under Current User Account
Done (27/08/2013 21:46:32)

Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (27/08/2013 21:46:32)
Running Repair Under System Account
Done (27/08/2013 21:49:53)

Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (27/08/2013 21:49:53)
Running Repair Under System Account
Done (27/08/2013 21:50:20)

Register System Files
Start (27/08/2013 21:50:21)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27/08/2013 21:50:53)

Repair WMI
Start (27/08/2013 21:50:53)
Running Repair Under Current User Account
The system cannot find the path specified.
Invalid Global Switch.

Running Repair Under System Account
The system cannot find the path specified.
Invalid Global Switch.

Done (27/08/2013 21:53:05)

Repair Windows Firewall
Start (27/08/2013 21:53:05)
Running Repair Under Current User Account
The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

Running Repair Under System Account
The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

Done (27/08/2013 21:53:38)

Repair Internet Explorer
Start (27/08/2013 21:53:38)
Running Repair Under Current User Account
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
Running Repair Under System Account
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
Done (27/08/2013 21:54:02)

Repair MDAC/MS Jet
Start (27/08/2013 21:54:02)
Running Repair Under Current User Account
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
Running Repair Under System Account
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
Done (27/08/2013 21:54:21)

Repair Hosts File
Start (27/08/2013 21:54:21)
Running Repair Under System Account
Done (27/08/2013 21:54:23)

Remove Policies Set By Infections
Start (27/08/2013 21:54:23)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27/08/2013 21:54:28)

Repair Icons
Start (27/08/2013 21:54:28)
Running Repair Under System Account
Could Not Find C:\Users\GRAHAM\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\GRAHAM\AppData\Local\IconCache.db
Done (27/08/2013 21:54:30)

Repair Winsock & DNS Cache
Start (27/08/2013 21:54:30)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27/08/2013 21:54:41)

Repair Proxy Settings
Start (27/08/2013 21:54:41)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27/08/2013 21:54:45)

Repair Windows Updates
Start (27/08/2013 21:54:45)
Running Repair Under Current User Account
The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
Running Repair Under System Account
The Cryptographic Services service is not started.

More help is available by typing NET HELPMSG 3521.

The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
Done (27/08/2013 21:55:46)

Repair CD/DVD Missing/Not Working
Start (27/08/2013 21:55:46)
Done (27/08/2013 21:55:46)

Repair Volume Shadow Copy Service
Start (27/08/2013 21:55:46)
Running Repair Under Current User Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

Running Repair Under System Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

Done (27/08/2013 21:55:50)

Repair MSI (Windows Installer)
Start (27/08/2013 21:55:50)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27/08/2013 21:56:01)

Repair bat Association
Start (27/08/2013 21:56:01)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27/08/2013 21:56:06)

Repair cmd Association
Start (27/08/2013 21:56:06)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27/08/2013 21:56:11)

Repair com Association
Start (27/08/2013 21:56:11)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27/08/2013 21:56:16)

Repair Directory Association
Start (27/08/2013 21:56:16)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27/08/2013 21:56:20)

Repair Drive Association
Start (27/08/2013 21:56:20)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27/08/2013 21:56:25)

Repair exe Association
Start (27/08/2013 21:56:25)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27/08/2013 21:56:30)

Repair Folder Association
Start (27/08/2013 21:56:30)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27/08/2013 21:56:35)

Repair inf Association
Start (27/08/2013 21:56:35)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27/08/2013 21:56:39)

Repair lnk (Shortcuts) Association
Start (27/08/2013 21:56:39)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27/08/2013 21:56:44)

Repair msc Association
Start (27/08/2013 21:56:44)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27/08/2013 21:56:49)

Repair reg Association
Start (27/08/2013 21:56:49)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27/08/2013 21:56:54)

Repair scr Association
Start (27/08/2013 21:56:54)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27/08/2013 21:56:58)

Repair Windows Safe Mode
Start (27/08/2013 21:56:58)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27/08/2013 21:57:03)

Repair Print Spooler
Start (27/08/2013 21:57:03)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27/08/2013 21:57:16)

Restore Important Windows Services
Start (27/08/2013 21:57:16)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27/08/2013 21:57:21)

Set Windows Services To Default Startup
Start (27/08/2013 21:57:21)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27/08/2013 21:57:29)

Cleaning up empty logs...

All Selected Repairs Done.
Done (27/08/2013 21:57:30)
Total Repair Time: 00:11:08


...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under System Account

 

[Broni]

Try updates now.

 

[Suzie]

Hi,

I reinstalled MSE and scanned then restarted.

Then I tried installing Windows Updates again - failed. Selected a single update (the smallest one) and tried that. It failed too. Message was:

Security Update for Windows Vista (KB2485376)

Installation date: ‎28/‎08/‎2013 04:25

Installation status: Failed

Error details: Code 80070490

Update type: Important

A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.

More information:
http://go.microsoft.com/fwlink/?LinkId=208059

Help and Support:
http://support.microsoft.com/


I also checked if the weird MSE behaviour is still there (I.e. not being able to turn off real-time protection) and it is.

Thanks
Suzie

 

[Broni]

The very last option I can suggest is repair installation: http://www.vistax64.com/tutorials/88236-repair-install-vista.html