Windows Update / Windows Defender Boot Error

[rossoneri_forever]

Hello guys. I am new to this Hijack this community but i need your help.

My problem is that i think a got a virus/worm/trojan. This seems to be slowing my internet connection + windows update does not update and has error code 80070424 + windows defender reports a threat on boot.

I have performed

- A NOD32 virus scan, which found 1 infiltration and cleaned it

- MalwareBytes Anti-Malware which found 3 and cleaned it

- Spybot Search and Destroy which found 85 possible threats and removed.

- Windows Defender which supposedly fixes the intrusion, but on boot pops up the message

So i downloaded HiJack this since i really think i still have a serious problem and i will upload here for you experienced users to help me out.

HiJackThis log (i couldnt get the upload attachment to work.)

I am looking forward for your help. Many thanks in advance.

[1972vet]

Download "Dial-a-fix" from Here and save it to your Desktop. Right-click on the .zip file and select Extract All...open the folder and double-click the Dial-a-fix.exe icon. Place a check in the box for the option titled "Fix Windows Update" under the heading WU/WUAU, then click the Go button at the bottom. Follow the prompts. When completed, try the Windows Update site again. Post back your results. Thanks!

[rossoneri_forever]

Download "Dial-a-fix" from Here and save it to your Desktop. Right-click on the .zip file and select Extract All...open the folder and double-click the Dial-a-fix.exe icon. Place a check in the box for the option titled "Fix Windows Update" under the heading WU/WUAU, then click the Go button at the bottom. Follow the prompts. When completed, try the Windows Update site again. Post back your results. Thanks!

When i try to run it, it says that is not compatible with Vista.

[JeanInMontana]

You don't upload the HJT log, is that what you mean? You simply copy and past it, into your reply. Also let us see the logs from MBAM please.

[rossoneri_forever]

You don't upload the HJT log, is that what you mean? You simply copy and past it, into your reply. Also let us see the logs from MBAM please.

Ok...here they are:

MBAM

Malwarebytes' Anti-Malware 1.25

Database version: 1062

Windows 6.0.6000

1:00:37 8/24/2008

mbam-log-08-24-2008 (01-00-37).txt

Scan type: Quick Scan

Objects scanned: 40629

Time elapsed: 2 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:01:07 AM, on 8/24/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16711)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\ASUS\AI Remote\AiRc.exe

C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\SoundMAX.exe

C:\Program Files\BUFFALO\Encrdisk\ENCRDLG.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\ASUS\AI Remote\AiRemote.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [Ai Remote Help] "C:\Program Files\ASUS\AI Remote\AiRc.exe"

O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\SoundMAX.exe" /tray

O4 - HKLM\..\Run: [secureLockWare Drive] C:\Program Files\BUFFALO\Encrdisk\ENCRDLG.exe -ClientMode

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [Memeo AutoBackup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe --silent

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagea...en/preview.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...018/flashax.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C1BF6593-DA6B-4262-8104-8B9CF92CFF80}: NameServer = 98.184.192.18,91.184.192.2

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: SecureLockWare ??????? (SecureLockWare_InputPassword) - BUFFALO INC. - C:\Program Files\BUFFALO\Encrdisk\ENCRDLG.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 9267 bytes

[1972vet]

1) click Start, then All programs, then Accessories

2) Right click on Command Promt and select run as Administrator

3) At the command prompt copy and paste the following:

%SYSTEMROOT%\SYSTEM32\REGSVR32.EXE %SYSTEMROOT%\SYSTEM32\WUAUENG.DLL

It should pop up a window saying the .dll registration succeeded. Try Windows Update again. Post back your results. Thanks!

[rossoneri_forever]

1) click Start, then All programs, then Accessories

2) Right click on Command Promt and select run as Administrator

3) At the command prompt copy and paste the following:

%SYSTEMROOT%\SYSTEM32\REGSVR32.EXE %SYSTEMROOT%\SYSTEM32\WUAUENG.DLL

It should pop up a window saying the .dll registration succeeded. Try Windows Update again. Post back your results. Thanks!

It worked. Thanks! Windows Update is working again now. Though the internet connection is still slow, and no problems on the provider side.

[1972vet]

Computer and browser slowness are not always malware related

Poor performance and other problems can be the result of disk fragmentation, disk errors, corrupt system files, too many startup programs, unnecessary services running, not enough RAM, dirty hardware, etc. As your system gets older it becomes filled with more files/programs and has a natural tendency to slow down so cleaning and regular maintenance is essential.

Listed below are a few things you can do to improve speed and system performance. Many of the these suggestions will apply if you're using Windows Vista but may be done a bit differently. Near the bottom of this thread there is a section specifically devoted to Vista Users.

For browser problems, see:

• Its not always malware: How to fix the top 10 Internet Explorer issues
  
• How and Why to Clear Your Cache
  

If your having connectivity issues or errors such as Page cannot be displayed see

• Repair/Reset Winsock settings
  
• Troubleshooting Internet Connection Problems
  

If you're using Vista or Internet Explorer 7, see

• Why is my Internet connection so slow?
  
• Windows Vista - My Internet connection is slow
  
• The Phishing Filter may slow down the PC
  
• Tuning IE7 for Better Performance
  
• How to optimize or reset Internet Explorer 7
  

If you have a lot of toolbars and add-ons attached to Internet Explorer, you could try improving performance by disabling those which are unecessary. See:

[*]Control Internet Explorer Add-ons with Add-on Manager

[*]Troubleshooting and Internet Explorer

[JeanInMontana]

Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.