Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

win 7 and MSSE won't update - was asked to check for malware

This is a discussion on win 7 and MSSE won't update - was asked to check for malware within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hi, I'm using a loaned win 7 machine. See win update and msse won't update in Win 7 forum. https://www.techsupportforum.com/forums/f217/win-update-and-msse-wont-update-1064130.html


Closed Thread
 
Thread Tools Search this Thread
Old 11-12-2015, 05:47 AM   #1
TSF Enthusiast
 
Join Date: Nov 2007
Location: Seattle, Washington, USA
Posts: 1,087
OS: Windows 10 home premium 64-bit



Hi,

I'm using a loaned win 7 machine. See win update and msse won't update in Win 7 forum.

https://www.techsupportforum.com/forums/f217/win-update-and-msse-wont-update-1064130.html

I'm sure I was the last person to use and the dates of win updates match then. I also ran ESET online before cleaning out my files 2 years ago (but haven't since I set this up yesterday).

Now both win 7 and MSSE won't update and I even uninstalled and reinstalled MSSE.

I thought it may be hardware as it's very old, refurbished from a computer charity (however, it turned out the charity was illegal).

So, am following the advice of spunk.funk and posting here. I should have my usual computer back in a couple weeks, but this is the only alternative.

Also, I plugged in one of my thumb drives to get my book marks, but nothing else - do you think if the computer is infected it infected my thumb drive?

Also, when they wouldn't update I updated some of the very few programs on this computer like Malwarebytes, Sandboxie, Firefox, and SpywareBlaster and no problem.

Thank you very much.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 11.65.2
Run by owner at 5:36:56 on 2015-11-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.824 [GMT -8:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\owner\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k HPService
.
============== Pseudo HJT Report ===============
.
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_65\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_65\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [f.lux] "c:\users\owner\appdata\local\fluxsoftware\flux\flux.exe" /noshow
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{C104F7FB-8E7E-4089-9B12-27C3DBE482B5} : DHCPNameServer = 192.168.0.1 205.171.2.25
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\szg800i6.default\
FF - plugin: c:\program files\adobe\acrobat reader dc\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre1.8.0_65\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_65\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_19_0_0_245.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - ExtSQL: !HIDDEN! 2013-11-01 14:42; [email protected]; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2015-3-4 245096]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-10-5 23256]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2013-10-16 159840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2015-11-11 1135416]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2013-6-24 49664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2013-2-5 1512448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-11-13 108032]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-11-11 51928]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2015-3-4 95408]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2015-4-30 284504]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-6-24 14848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-6-24 24064]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-11-13 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-6-24 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-6-23 1343400]
.
=============== Created Last 30 ================
.
2015-11-12 13:28:38 912000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{812e9c41-4f7b-46a9-b3eb-ca2d3b266ed2}\gapaengine.dll
2015-11-12 13:28:21 8985080 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{06d6ce56-ee80-47e9-a2a9-2566e9651888}\mpengine.dll
2015-11-12 00:28:49 -------- d-----w- c:\program files\Microsoft Security Client
2015-11-11 22:12:59 -------- d-----w- c:\users\owner\appdata\local\FluxSoftware
2015-11-11 2250 -------- d-----w- c:\users\owner\appdata\local\Adobe
2015-11-11 18:24:39 -------- d-----w- c:\users\owner\.oracle_jre_usage
2015-11-11 17:52:56 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-11 17:52:17 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-11-11 17:52:16 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-11-11 17:52:16 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-11-11 17:48:19 2425856 ----a-w- c:\windows\system32\wucltux.dll
2015-11-11 17:48:05 92672 ----a-w- c:\windows\system32\wudriver.dll
2015-11-11 17:47:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2015-11-11 17:47:44 179656 ----a-w- c:\windows\system32\wuwebv.dll
.
==================== Find3M ====================
.
2015-11-11 21:52:44 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-11-11 21:52:44 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-11-11 18:23:59 97888 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-10-05 17:50:04 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 5:37:45.78 ===============
Attached Files
File Type: txt attach.txt (6.4 KB, 21 views)
tierra is offline  
Sponsored Links
Advertisement
 
Old 11-15-2015, 06:38 AM   #2
TSF Enthusiast
 
Join Date: Nov 2007
Location: Seattle, Washington, USA
Posts: 1,087
OS: Windows 10 home premium 64-bit



"BUMP, please"
tierra is offline  
Old 11-15-2015, 03:59 PM   #3
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Hi tierra,

I'd like to get more detail. This next scanner will not make any changes to your machine on its own, nor will it divulge any personal information that may compromise your security.

Please download Farbar Recovery Scan Tool from here Farbar Recovery Scan Tool Download and save it to your desktop.

Note: You need to run the version compatible with your system

**After you click the Download Now 64-bit, or the Download Now 32-bit, another page will open -- DO NOT CLICK ANY ADDITIONAL 'download now' buttons, just wait and look toward the bottom of your browser for the option to Run or Save. Click Save.

•Double-click to run it. When the tool opens click Yes to the disclaimer.

•Click the Scan button.

•When the scan has finished, it will make a log (FRST.txt) in the same directory the tool is run. Please attach the FRST.txt in your reply.

•The first time the tool is run, it also creates another log named Addition.txt. Please attach that to your next reply as well.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Sponsored Links
Advertisement
 
Old 11-15-2015, 04:13 PM   #4
TSF Enthusiast
 
Join Date: Nov 2007
Location: Seattle, Washington, USA
Posts: 1,087
OS: Windows 10 home premium 64-bit



Thank you - Ried!

I've attached the files.
Attached Files
File Type: txt FRST.txt (41.7 KB, 18 views)
File Type: txt Addition.txt (25.6 KB, 17 views)
tierra is offline  
Old 11-15-2015, 06:45 PM   #5
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



You're welcome. :-)

I do not see any malware in the logs. Return to your Windows topic and show them these Event Viewer messages in your Addition.txt

==================== Event log errors: =========================

Application errors:
==================
Error: (11/15/2015 03:56:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Error: (11/15/2015 11:15:20 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2957509).
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 11-16-2015, 04:48 AM   #6
TSF Enthusiast
 
Join Date: Nov 2007
Location: Seattle, Washington, USA
Posts: 1,087
OS: Windows 10 home premium 64-bit



Thank you - Ried!

Can I just delete the FRST stuff from the desktop?
tierra is offline  
Old 11-16-2015, 03:14 PM   #7
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Yes, you certainly can.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 11-17-2015, 05:35 AM   #8
TSF Enthusiast
 
Join Date: Nov 2007
Location: Seattle, Washington, USA
Posts: 1,087
OS: Windows 10 home premium 64-bit



Thank you very much - Ried!
tierra is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] win update and msse won't update
I'm using a borrowed extremely old computer win 7 professional service pack 1 and 32 bit) while mine is in the shop. It hasn't been used in 2 years and windows update and MSSE won't update. It is activated, I checked. I did uninstall and reinstall MSSE; hoping it would update easily after...
tierra Windows 7 , Windows Vista Support 9 11-14-2015 10:17 AM
[SOLVED] routine eset online found problem and BSD on running GMER
I've run MSSE full scan and Malwarbytes Threat scan and both don't find anything. However, last night on a routine on-line scan with ESET (I do about monthly just to be sure), it found a threat (see attachments). No visible toolbar on FF, IE or Chrome. Nothing in add/remove programs. ...
tierra Resolved HJT Threads 28 06-25-2014 06:21 PM
MSSE won't update - even manually
I've manually updated MSSE 10 times this morning before it updated (the last update was 3:21am). Every update until just now didn't find that update and had last night's update - so it took ~8 hours before it would load the lastest update. It won't load updates automatically, and now it's...
tierra General Computer Security 7 12-18-2013 09:54 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:05 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts