Author Topic: [Resolved] Microsoft security client starts with error 0x80073b01  (Read 27961 times)

0 Members and 1 Guest are viewing this topic.

Offline awmoeder

  • Bronze Member
  • Posts: 6
Hello everyone,

I have a vista machine with a problem. When I start my computer or manualy start Microsoft Security Essentials a dialog box pops up from Microsoft Security Client with an error 0x80073b01.
I googled for this error and the only solution to this problem could be to reinstall Microsoft Security Essentials. I tried to remove this program but an other problem rises with the following message: can't find files necessary to complete the installation. When I tried to remove the files of Microsoft Security Essentials in the program files I don't have the rights although I am administrator.

Can someone give me a solution to my problem or give me some tips?

Kind regards,
Wannes


Here are the required dds logs

dds.txt
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16470
Run by familie snoeys at 19:34:36 on 2013-03-22
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.32.1043.18.2037.927 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\system32\lxbkcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Launch Manager\WisLMSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_15\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\familie snoeys\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\Explorer.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.be/
uSearch Page = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://nl.intl.acer.yahoo.com
mDefault_Page_URL = hxxp://nl.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.5.0_15\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [eRecoveryService] <no file>
StartupFolder: c:\users\famili~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\familie snoeys\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\famili~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_15\bin\npjpi150_15.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab
TCP: NameServer = 195.130.130.4 195.130.131.4
TCP: Interfaces\{0B445639-B454-43BF-A2FB-49D9E835E9DB} : DHCPNameServer = 195.130.130.4 195.130.131.4
TCP: Interfaces\{87CDB746-7FC6-42CC-BC6F-C8519F038937} : DHCPNameServer = 192.168.2.1
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\familie snoeys\appdata\roaming\mozilla\firefox\profiles\7d5i2lxj.default\
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: keyword.URL - hxxp://www3.searchonthego.net/search.php?q=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - ExtSQL: !HIDDEN! 2013-03-22 19:36; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-3 21504]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2013-1-25 375144]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2013-3-22 47640]
R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328]
R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
R3 WisLMSvc;WisLMSvc;c:\program files\launch manager\WisLMSvc.exe [2007-11-3 118784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-3-22 30616]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-3-22 40776]
S3 msiserver-org;Windows Installer;c:\windows\system32\msiexec /v --> c:\windows\system32\msiexec  [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-03-22 19:30:24   30616   ----a-w-   c:\windows\system32\drivers\hitmanpro37.sys
2013-03-22 19:08:01   7108640   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{bb471abc-327c-4d0a-835c-0bc31443dc73}\mpengine.dll
2013-03-22 19:07:07   --------   d-----w-   c:\users\familie snoeys\appdata\roaming\Malwarebytes
2013-03-22 19:06:50   --------   d-----w-   c:\programdata\Malwarebytes
2013-03-22 19:06:47   21104   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-03-22 19:06:47   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2013-03-22 19:03:56   768000   ----a-w-   c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-03-22 18:59:19   --------   d-----w-   c:\program files\WinDirStat
2013-03-22 18:58:30   --------   d-----w-   c:\windows\system32\x64
2013-03-22 18:55:19   7108640   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{725212da-0947-4b67-a8c3-bc2282bfd6a5}\mpengine.dll
2013-03-22 18:54:33   9728   ----a-w-   c:\windows\system32\Wdfres.dll
2013-03-22 18:54:19   155136   ----a-w-   c:\windows\system32\drivers\WUDFRd.sys
2013-03-22 18:54:18   66560   ----a-w-   c:\windows\system32\drivers\WUDFPf.sys
2013-03-22 18:54:17   16896   ----a-w-   c:\windows\system32\winusb.dll
2013-03-22 18:54:15   73216   ----a-w-   c:\windows\system32\WUDFSvc.dll
2013-03-22 18:54:15   172032   ----a-w-   c:\windows\system32\WUDFPlatform.dll
2013-03-22 18:54:13   526952   ----a-w-   c:\windows\system32\drivers\Wdf01000.sys
2013-03-22 18:54:13   47720   ----a-w-   c:\windows\system32\drivers\WdfLdr.sys
2013-03-22 18:54:12   613888   ----a-w-   c:\windows\system32\WUDFx.dll
2013-03-22 18:54:12   38912   ----a-w-   c:\windows\system32\WUDFCoinstaller.dll
2013-03-22 18:54:12   196608   ----a-w-   c:\windows\system32\WUDFHost.exe
2013-03-22 18:53:20   293376   ----a-w-   c:\windows\system32\atmfd.dll
2013-03-22 18:53:19   34304   ----a-w-   c:\windows\system32\atmlib.dll
2013-03-22 18:52:12   53096   ----a-w-   c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2013-03-22 18:52:12   31592   ----a-w-   c:\windows\system32\LMIport.dll
2013-03-22 18:52:10   84352   ----a-w-   c:\windows\system32\LMIRfsClientNP.dll
2013-03-22 18:52:10   47640   ----a-w-   c:\windows\system32\drivers\LMIRfsDriver.sys
2013-03-22 18:52:02   92520   ----a-w-   c:\windows\system32\LMIinit.dll
2013-03-22 18:51:55   --------   d-----w-   c:\programdata\LogMeIn
2013-03-22 18:51:44   2048512   ----a-w-   c:\windows\system32\win32k.sys
2013-03-22 18:51:26   204288   ----a-w-   c:\windows\system32\ncrypt.dll
2013-03-22 18:51:25   --------   d-----w-   c:\program files\LogMeIn
2013-03-22 18:51:24   1400832   ----a-w-   c:\windows\system32\msxml6.dll
2013-03-22 18:50:53   376320   ----a-w-   c:\windows\system32\dpnet.dll
2013-03-22 18:50:53   23040   ----a-w-   c:\windows\system32\dpnsvr.exe
2013-03-22 18:50:52   224640   ----a-w-   c:\windows\system32\drivers\volsnap.sys
2013-03-22 18:50:50   75776   ----a-w-   c:\windows\system32\synceng.dll
2013-03-22 18:49:51   --------   d-----w-   c:\users\familie snoeys\appdata\local\Apps
2013-03-22 18:49:50   --------   d-----w-   c:\users\familie snoeys\appdata\local\Deployment
2013-03-22 18:48:40   --------   d-----w-   c:\program files\Microsoft Security Client
2013-03-22 18:48:39   914792   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-03-22 18:48:39   31232   ----a-w-   c:\windows\system32\drivers\tcpipreg.sys
2013-03-22 18:47:43   --------   d-----w-   c:\programdata\HitmanPro
2013-03-22 18:46:24   49265   ----a-w-   c:\windows\system32\jpicpl32.cpl
2013-03-22 18:45:15   985088   ----a-w-   c:\windows\system32\crypt32.dll
2013-03-22 18:45:15   98304   ----a-w-   c:\windows\system32\cryptnet.dll
2013-03-22 18:45:15   133120   ----a-w-   c:\windows\system32\cryptsvc.dll
2013-03-22 18:45:06   2048   ----a-w-   c:\windows\system32\tzres.dll
2013-03-22 18:45:02   172544   ----a-w-   c:\windows\system32\wintrust.dll
2013-03-22 18:45:01   1314816   ----a-w-   c:\windows\system32\quartz.dll
2013-03-22 18:44:26   3550072   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-03-22 18:44:24   3602808   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2013-03-22 18:43:28   69464   ----a-w-   c:\windows\system32\XAPOFX1_3.dll
2013-03-22 18:43:28   515416   ----a-w-   c:\windows\system32\XAudio2_5.dll
2013-03-22 18:43:28   453456   ----a-w-   c:\windows\system32\d3dx10_42.dll
2013-03-22 18:43:25   89944   ----a-w-   c:\program files\common files\windows live\.cache\2224cde01ce272d04\DSETUP.dll
2013-03-22 18:43:25   537432   ----a-w-   c:\program files\common files\windows live\.cache\2224cde01ce272d04\DXSETUP.exe
2013-03-22 18:43:25   1801048   ----a-w-   c:\program files\common files\windows live\.cache\2224cde01ce272d04\dsetup32.dll
2013-03-22 18:43:03   3426072   ----a-w-   c:\windows\system32\d3dx9_32.dll
2013-03-22 18:42:54   94040   ----a-w-   c:\program files\common files\windows live\.cache\ed727601ce272d03\DSETUP.dll
2013-03-22 18:42:54   525656   ----a-w-   c:\program files\common files\windows live\.cache\ed727601ce272d03\DXSETUP.exe
2013-03-22 18:42:54   1691480   ----a-w-   c:\program files\common files\windows live\.cache\ed727601ce272d03\dsetup32.dll
2013-03-22 18:42:23   7108640   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-03-22 18:41:05   --------   d-----w-   c:\users\familie snoeys\appdata\local\Windows Live
2013-03-22 18:41:02   --------   d-----w-   c:\program files\common files\Windows Live
2013-03-22 18:40:19   754688   ----a-w-   c:\windows\system32\webservices.dll
2013-03-22 18:38:48   740840   ------w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{06eba585-368d-41e0-a354-8fbef68b32a5}\gapaengine.dll
2013-03-22 18:38:45   --------   d-----w-   c:\users\familie snoeys\appdata\local\ElevatedDiagnostics
2013-03-22 18:37:15   15872   ----a-w-   c:\windows\system32\drivers\usb8023.sys
2013-03-22 18:35:33   102   ----a-w-   c:\windows\DeleteOnReboot.bat
2013-03-22 18:34:05   40776   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2013-03-22 18:31:07   60872   ----a-w-   c:\programdata\microsoft\microsoft antimalware\definition updates\{725212da-0947-4b67-a8c3-bc2282bfd6a5}\offreg.dll
.
==================== Find3M  ====================
.
2013-02-02 03:38:35   1800704   ----a-w-   c:\windows\system32\jscript9.dll
2013-02-02 03:30:32   1427968   ----a-w-   c:\windows\system32\inetcpl.cpl
2013-02-02 03:30:21   1129472   ----a-w-   c:\windows\system32\wininet.dll
2013-02-02 03:26:47   142848   ----a-w-   c:\windows\system32\ieUnatt.exe
2013-02-02 03:26:21   420864   ----a-w-   c:\windows\system32\vbscript.dll
2013-02-02 03:23:28   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2013-01-30 10:53:21   232336   ------w-   c:\windows\system32\MpSigStub.exe
2013-01-20 14:59:04   195296   ----a-w-   c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59:04   100328   ----a-w-   c:\windows\system32\drivers\NisDrvWFP.sys
.
============= FINISH: 19:36:01,17 ===============




attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/11/2007 16:06:33
System Uptime: 22/03/2013 15:30:27 (4 hours ago)
.
Motherboard: Acer |  | Myall2                         
Processor: Genuine Intel(R) CPU           T2080  @ 1.73GHz | U2E1 | 1733/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 32 GiB total, 3,791 GiB free.
D: is FIXED (NTFS) - 32 GiB total, 29,895 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0006
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #5
PNP Device ID: ROOT\*ISATAP\0006
Service: tunnel
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: Cd-rom-station
Device ID: IDE\CDROMTSSTCORP_CD/DVDW_TS-L632D_______________AC00____\5&214DC5BE&0&1.1.0
Manufacturer: (Standaard cd-rom-stations)
Name: TSSTcorp CD/DVDW TS-L632D ATA Device
PNP Device ID: IDE\CDROMTSSTCORP_CD/DVDW_TS-L632D_______________AC00____\5&214DC5BE&0&1.1.0
Service: cdrom
.
==== System Restore Points ===================
.
RP1102: 22/03/2013 19:41:00 - Windows Update
RP1103: 22/03/2013 19:50:33 - Installed LogMeIn
.
==== Installed Programs ======================
.
1·2·Build
7-Zip 9.20
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.3
Adobe Shockwave Player
Agere Systems HDA Modem
D3DX10
Dropbox
Google SketchUp 6
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
J2SE Runtime Environment 5.0 Update 15
Launch Manager V1.1.1.4
Lexmark X1100 Series
LightScribe  1.4.136.1
LogMeIn
Malwarebytes Anti-Malware versie 1.70.0.1100
Microsoft .NET Framework 3.5 Language Pack SP1 - nld
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 15.0.1 (x86 nl)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Security Scan
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
OGA Notifier 1.7.0105.35.0
OpenOffice.org 3.3
QuickTime
Realtek High Definition Audio Driver
RedistSysFiles
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Segoe UI
Shockwave
Synaptics Pointing Device Driver
Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VBA (2627.01)
VideoLAN VLC media player 0.8.6c
WinDirStat 1.1.2
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
Worms2
.
==== End Of File ===========================
« Last Edit: April 15, 2013, 12:36:25 pm by Maurice Naggar »



Offline Maurice Naggar

  • Malware Removal Staff
  • Silver Member
  • Posts: 1150
Re: [In Progress] Microsoft security client starts with error 0x80073b01
« Reply #1 on: March 28, 2013, 07:17:16 am »
Hello Wannes,

I'll be guiding you to see & cure the issue, if possible. Please follow my guidance, and in the meantime, do not make any changes to the system without checking with me first.
If you have questions about the procedure(s), please stop and ask.


Task 1
Do this batch run  and advise me after it is completed.

Windows services
This will be a batch-fix .
  • Press the Windows-key on keyboard.
  • In the box, type notepad and press Enter.

    Start NOTEPAD. Check and make sure "word wrap" is off.
    From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.
    IF it -is- checkmarked, click that one time so that it is un-checked.


  • Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
Code: [Select]
@Echo off
sc stop msiserver
sc config msiserver start= manual
sc start msiserver
sc config dcomlaunch start= auto
sc config nsi start= auto
sc config dhcp start= auto
sc config rpcss start= auto
sc config winmgmt start= auto
sc config wscsvc start= delayed-auto
sc config bits start= delayed-auto
sc config wuauserv start= delayed-auto
sc config sdrsvc start= manual
sc config vss start= auto
sc config eventlog start= auto
sc config bfe start= auto
sc start mpsdrv
sc start mpssvc
sc start bfe
shutdown -r -t 1
del %0
  • Select File -> Save AS.
  • Press the Desktop button on the left side of the save dialog.
  • In the box, type in Fix.bat.
  • Press .
  • Close Notepad.
  • Right click Fix.bat on your desktop, and choose .
  • Press Yes if prompted by User Account Control.
This procedure will do its tasks and then it will Restart Windows.

Task 2
Download  >> Farbar's Service Scanner utility << and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other services
Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

Task 3
Let's have you use NOTEPAD & do some research in the Windows Update log (using Notepad)
usually at C:\Windows\Windowsupdate.log  or C:\WINNT\Windowsupdate.log

Copy and Paste here the last 70 lines out of that log, for review.
Go to near end of the log for latest entries and look for error notations.
You can use CTRL+END keyboard keys to get to the end of the file. Then get the last 70 lines & copy & paste here, in reply

See Microsoft KnowledgeBase article
KB 902093 How to read the Windowsupdate.log file
http://support.microsoft.com/kb/902093
~Maurice Naggar
MS-MVP (October 2002 - September 2010)

Offline awmoeder

  • Bronze Member
  • Posts: 6
Re: [In Progress] Microsoft security client starts with error 0x80073b01
« Reply #2 on: March 28, 2013, 12:13:17 pm »
Hello Maurice,

thank you very much for trying to help me out with this problem.
I executed everything exactly as you asked me to do. You can find the results in de logs below.
One extra thing to mention: I think the battery in my motherboard is empty because the date and time are always reset when i reboot. So the times in te logs won't be normal. I executed everything today 27/03/2013 and not on 22/03/2013

FSS.txt
Farbar Service Scanner Version: 03-03-2013
Ran by familie snoeys (administrator) on 22-03-2013 at 19:34:15
Running from "C:\Users\familie snoeys\Desktop"
Windows Vista (TM) Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-03-22 19:48] - [2013-01-04 12:28] - 0914792 ____A (Microsoft Corporation) 3535CD93F944C00F098E73E12EE7FEB6

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



windowsupdatelog
2013-03-22   19:30:43:084   1188   448   Report   CWERReporter finishing event handling. (00000000)
2013-03-22   19:31:17:089   1188   448   Report   CWERReporter finishing event handling. (00000000)
2013-03-22   19:31:20:458   1568   aec   COMAPI   -------------
2013-03-22   19:31:20:458   1568   aec   COMAPI   -- START --  COMAPI: Search [ClientId = <NULL>]
2013-03-22   19:31:20:458   1568   aec   COMAPI   ---------
2013-03-22   19:31:20:474   1568   aec   COMAPI   <<-- SUBMITTED -- COMAPI: Search [ClientId = <NULL>]
2013-03-22   19:31:20:474   1188   448   Agent   *************
2013-03-22   19:31:20:474   1188   448   Agent   ** START **  Agent: Finding updates [CallerId = ]
2013-03-22   19:31:20:474   1188   448   Agent   *********
2013-03-22   19:31:20:474   1188   448   Agent     * Online = Yes; Ignore download priority = No
2013-03-22   19:31:20:474   1188   448   Agent     * Criteria = "IsInstalled = 0 AND IsHidden = 0"
2013-03-22   19:31:20:474   1188   448   Agent     * ServiceID = {00000000-0000-0000-0000-000000000000} Third party service
2013-03-22   19:31:20:474   1188   448   Agent     * Search Scope = {Machine}
2013-03-22   19:31:20:474   1188   448   Misc   Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-22   19:31:20:489   1188   448   Misc    Microsoft signed: Yes
2013-03-22   19:31:23:391   1188   448   Misc   WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80190194
2013-03-22   19:31:23:391   1188   448   Misc   WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2013-03-22   19:31:23:391   1188   448   Misc   WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-22   19:31:23:391   1188   448   Misc   Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-22   19:31:23:407   1188   448   Misc    Microsoft signed: Yes
2013-03-22   19:31:25:809   1188   448   Misc   WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80190194
2013-03-22   19:31:25:809   1188   448   Misc   WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2013-03-22   19:31:25:809   1188   448   Misc   WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-22   19:31:25:809   1188   448   Misc   Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-22   19:31:25:825   1188   448   Misc    Microsoft signed: Yes
2013-03-22   19:31:28:352   1188   448   Misc   Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-22   19:31:28:367   1188   448   Misc    Microsoft signed: Yes
2013-03-22   19:31:28:383   1188   448   Agent   Checking for updated auth cab for service 7971f918-a847-4430-9279-4a52d1efe18d at http://ds.download.windowsupdate.com/v10/1/microsoftupdate/redir/muauth.cab
2013-03-22   19:31:28:383   1188   448   Misc   Validating signature for C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab:
2013-03-22   19:31:28:399   1188   448   Misc    Microsoft signed: Yes
2013-03-22   19:31:31:051   1188   448   Misc   Validating signature for C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab:
2013-03-22   19:31:31:066   1188   448   Misc    Microsoft signed: Yes
2013-03-22   19:32:05:651   1188   448   Misc   Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2013-03-22   19:32:05:651   1188   448   Misc    Microsoft signed: Yes
2013-03-22   19:32:05:667   1188   448   Misc   Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2013-03-22   19:32:05:683   1188   448   Misc    Microsoft signed: Yes
2013-03-22   19:32:05:698   1188   448   PT   +++++++++++  PT: Synchronizing server updates  +++++++++++
2013-03-22   19:32:05:698   1188   448   PT     + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://update.microsoft.com/v6/ClientWebService/client.asmx
2013-03-22   19:33:04:659   1188   448   Handler   FATAL: UH: 0x80070490: EvaluateApplicability failed in CCbs::EvaluateApplicability
2013-03-22   19:33:09:995   1188   448   Handler   FATAL: UH: 0x80070490: EvaluateApplicability failed in CCbs::EvaluateApplicability
2013-03-22   19:33:14:129   1188   448   Misc   Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2013-03-22   19:33:14:144   1188   448   Misc    Microsoft signed: Yes
2013-03-22   19:33:22:241   1188   448   Misc   Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2013-03-22   19:33:22:256   1188   448   Misc    Microsoft signed: Yes
2013-03-22   19:33:22:272   1188   448   PT   +++++++++++  PT: Synchronizing extended update info  +++++++++++
2013-03-22   19:33:22:272   1188   448   PT     + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://update.microsoft.com/v6/ClientWebService/client.asmx
2013-03-22   19:34:12:355   1188   e80   Shutdwn   user declined update at shutdown
2013-03-22   19:34:12:370   1188   e80   AU   AU initiates service shutdown
2013-03-22   19:34:12:370   1188   e80   AU   ###########  AU: Uninitializing Automatic Updates  ###########
2013-03-22   19:34:17:440   1188   448   Agent     * WARNING: Exit code = 0x8024000B
2013-03-22   19:34:17:440   1188   448   Agent   *********
2013-03-22   19:34:17:440   1188   448   Agent   **  END  **  Agent: Finding updates [CallerId = ]
2013-03-22   19:34:17:440   1188   448   Agent   *************
2013-03-22   19:34:17:440   1188   448   Agent   WARNING: WU client failed Searching for update with error 0x8024000b
2013-03-22   19:34:17:471   1568   174c   COMAPI   >>--  RESUMED  -- COMAPI: Search [ClientId = <NULL>]
2013-03-22   19:34:17:471   1188   e80   Agent   Sending shutdown notification to client
2013-03-22   19:34:17:471   1568   aa8   COMAPI   WARNING: Received service shutdown/self-update notification.
2013-03-22   19:34:17:471   1568   174c   COMAPI     - Updates found = 0
2013-03-22   19:34:17:471   1568   174c   COMAPI     - WARNING: Exit code = 0x00000000, Result code = 0x8024001E
2013-03-22   19:34:17:471   1568   174c   COMAPI   ---------
2013-03-22   19:34:17:471   1568   174c   COMAPI   --  END  --  COMAPI: Search [ClientId = <NULL>]
2013-03-22   19:34:17:471   1568   174c   COMAPI   -------------
2013-03-22   19:34:17:471   1568   aec   COMAPI   WARNING: Operation failed due to earlier error, hr=8024001E
2013-03-22   19:34:17:471   1568   aec   COMAPI   FATAL: Unable to complete asynchronous search. (hr=8024001E)
2013-03-22   19:34:17:471   1188   e80   Report   CWERReporter finishing event handling. (00000000)
2013-03-22   19:34:17:471   1188   e80   Report   CWERReporter finishing event handling. (00000000)
2013-03-22   19:34:18:579   1188   e80   Service   *********
2013-03-22   19:34:18:579   1188   e80   Service   **  END  **  Service: Service exit [Exit code = 0x240001]
2013-03-22   19:34:18:579   1188   e80   Service   *************
2013-03-22   19:31:32:459   1200   d88   Misc   ===========  Logging initialized (build: 7.6.7600.256, tz: +0100)  ===========
2013-03-22   19:31:32:459   1200   d88   Misc     = Process: C:\Windows\system32\svchost.exe
2013-03-22   19:31:32:459   1200   d88   Misc     = Module: c:\windows\system32\wuaueng.dll
2013-03-22   19:31:32:459   1200   d88   Service   *************
2013-03-22   19:31:32:459   1200   d88   Service   ** START **  Service: Service startup
2013-03-22   19:31:32:459   1200   d88   Service   *********
2013-03-22   19:31:32:818   1200   d88   Agent     * WU client version 7.6.7600.256
2013-03-22   19:31:32:818   1200   d88   Agent     * Base directory: C:\Windows\SoftwareDistribution
2013-03-22   19:31:32:818   1200   d88   Agent     * Access type: No proxy
2013-03-22   19:31:32:818   1200   d88   Agent     * Network state: Connected
2013-03-22   19:31:33:676   1200   c08   Report   CWERReporter::Init succeeded
2013-03-22   19:31:33:676   1200   c08   Agent   ***********  Agent: Initializing Windows Update Agent  ***********
2013-03-22   19:31:33:676   1200   c08   Agent   ***********  Agent: Initializing global settings cache  ***********
2013-03-22   19:31:33:676   1200   c08   Agent     * WSUS server: <NULL>
2013-03-22   19:31:33:676   1200   c08   Agent     * WSUS status server: <NULL>
2013-03-22   19:31:33:676   1200   c08   Agent     * Target group: (Unassigned Computers)
2013-03-22   19:31:33:676   1200   c08   Agent     * Windows Update access disabled: No
2013-03-22   19:31:33:676   1200   c08   DnldMgr   Download manager restoring 0 downloads
2013-03-22   19:31:33:676   1544   938   Misc   ===========  Logging initialized (build: 7.6.7600.256, tz: +0100)  ===========
2013-03-22   19:31:33:676   1544   938   Misc     = Process: C:\Program Files\LogMeIn\x86\LogMeIn.exe
2013-03-22   19:31:33:676   1544   938   Misc     = Module: C:\Windows\system32\wuapi.dll
2013-03-22   19:31:33:676   1544   938   COMAPI   -------------
2013-03-22   19:31:33:676   1544   938   COMAPI   -- START --  COMAPI: Search [ClientId = <NULL>]
2013-03-22   19:31:33:676   1544   938   COMAPI   ---------
2013-03-22   19:31:33:691   1544   938   COMAPI   <<-- SUBMITTED -- COMAPI: Search [ClientId = <NULL>]
2013-03-22   19:31:35:314   1200   d88   Report   ***********  Report: Initializing static reporting data  ***********
2013-03-22   19:31:35:314   1200   d88   Report     * OS Version = 6.0.6002.2.0.66304
2013-03-22   19:31:35:314   1200   d88   Report     * OS Product Type = 0x00000003
2013-03-22   19:31:35:377   1200   d88   Report     * Computer Brand = Acer
2013-03-22   19:31:35:377   1200   d88   Report     * Computer Model = Aspire 9410
2013-03-22   19:31:35:377   1200   d88   Report     * Bios Revision = V1.23     
2013-03-22   19:31:35:377   1200   d88   Report     * Bios Name = Ver 1.00PARTTBL1
2013-03-22   19:31:35:377   1200   d88   Report     * Bios Release Date = 2007-05-29T00:00:00
2013-03-22   19:31:35:377   1200   d88   Report     * Locale ID = 2067
2013-03-22   19:31:35:377   1200   ea4   Agent   *************
2013-03-22   19:31:35:377   1200   ea4   Agent   ** START **  Agent: Finding updates [CallerId = ]
2013-03-22   19:31:35:377   1200   ea4   Agent   *********
2013-03-22   19:31:35:377   1200   ea4   Agent     * Online = Yes; Ignore download priority = No
2013-03-22   19:31:35:377   1200   ea4   Agent     * Criteria = "IsInstalled = 0 AND IsHidden = 0"
2013-03-22   19:31:35:377   1200   ea4   Agent     * ServiceID = {00000000-0000-0000-0000-000000000000} Third party service
2013-03-22   19:31:35:377   1200   ea4   Agent     * Search Scope = {Machine}
2013-03-22   19:31:35:408   1200   ea4   Misc   Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-22   19:31:35:501   1200   ea4   Misc    Microsoft signed: Yes
2013-03-22   19:31:37:919   1200   ea4   Misc   WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80190194
2013-03-22   19:31:37:919   1200   ea4   Misc   WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2013-03-22   19:31:37:919   1200   ea4   Misc   WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-22   19:31:37:919   1200   ea4   Misc   Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-22   19:31:37:966   1200   ea4   Misc    Microsoft signed: Yes
2013-03-22   19:31:40:337   1200   ea4   Misc   WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80190194
2013-03-22   19:31:40:337   1200   ea4   Misc   WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2013-03-22   19:31:40:337   1200   ea4   Misc   WARNING: DownloadFileInternal failed for http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80190194
2013-03-22   19:31:40:337   1200   ea4   Misc   Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-22   19:31:40:353   1200   ea4   Misc    Microsoft signed: Yes
2013-03-22   19:31:42:880   1200   ea4   Misc   Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2013-03-22   19:31:42:896   1200   ea4   Misc    Microsoft signed: Yes
2013-03-22   19:31:42:911   1200   ea4   Agent   Checking for updated auth cab for service 7971f918-a847-4430-9279-4a52d1efe18d at http://ds.download.windowsupdate.com/v10/1/microsoftupdate/redir/muauth.cab
2013-03-22   19:31:42:911   1200   ea4   Misc   Validating signature for C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab:
2013-03-22   19:31:42:927   1200   ea4   Misc    Microsoft signed: Yes
2013-03-22   19:31:45:276   1200   ea4   Misc   Validating signature for C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab:
2013-03-22   19:31:45:292   1200   ea4   Misc    Microsoft signed: Yes
2013-03-22   19:32:18:629   1200   d88   AU   ###########  AU: Initializing Automatic Updates  ###########
2013-03-22   19:32:18:769   1200   d88   AU     # Approval type: Scheduled (User preference)
2013-03-22   19:32:18:769   1200   d88   AU     # Scheduled install day/time: Every day at 3:00
2013-03-22   19:32:18:769   1200   d88   AU     # Auto-install minor updates: Yes (User preference)
2013-03-22   19:32:18:800   1200   d88   AU   Setting AU scheduled install time to 2013-03-23 02:00:00
2013-03-22   19:32:18:800   1200   d88   AU   Initializing featured updates
2013-03-22   19:32:18:800   1200   d88   AU   Found 0 cached featured updates
2013-03-22   19:32:18:800   1200   d88   AU   AU finished delayed initialization
2013-03-22   19:32:18:800   1200   d88   AU   #############
2013-03-22   19:32:18:800   1200   d88   AU   ## START ##  AU: Search for updates
2013-03-22   19:32:18:800   1200   d88   AU   #########
2013-03-22   19:32:18:816   1200   d88   AU   <<## SUBMITTED ## AU: Search for updates [CallId = {74FE4E31-9FCA-4CFB-B6E7-4F888CCD5040}]
2013-03-22   19:33:18:205   1200   ea4   Misc   Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2013-03-22   19:33:18:236   1200   ea4   Misc    Microsoft signed: Yes
2013-03-22   19:33:21:622   1200   ea4   Misc   Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2013-03-22   19:33:21:637   1200   ea4   Misc    Microsoft signed: Yes
2013-03-22   19:33:21:715   1200   ea4   PT   +++++++++++  PT: Synchronizing server updates  +++++++++++
2013-03-22   19:33:21:715   1200   ea4   PT     + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://update.microsoft.com/v6/ClientWebService/client.asmx
2013-03-22   19:37:04:908   1200   ea4   Handler   FATAL: UH: 0x80070490: EvaluateApplicability failed in CCbs::EvaluateApplicability
2013-03-22   19:37:21:257   1200   ea4   Handler   FATAL: UH: 0x80070490: EvaluateApplicability failed in CCbs::EvaluateApplicability
2013-03-22   19:37:23:753   1200   ea4   Misc   Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2013-03-22   19:37:23:753   1200   ea4   Misc    Microsoft signed: Yes
2013-03-22   19:37:23:815   1200   ea4   Misc   Validating signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
2013-03-22   19:37:23:831   1200   ea4   Misc    Microsoft signed: Yes
2013-03-22   19:37:23:831   1200   ea4   PT   +++++++++++  PT: Synchronizing extended update info  +++++++++++
2013-03-22   19:37:23:831   1200   ea4   PT     + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://update.microsoft.com/v6/ClientWebService/client.asmx

Offline Maurice Naggar

  • Malware Removal Staff
  • Silver Member
  • Posts: 1150
Re: [In Progress] Microsoft security client starts with error 0x80073b01
« Reply #3 on: March 28, 2013, 12:41:35 pm »
Read all of these instructions.  If you do not understand something, stop and ask.

Go to this Microssoft article http://support.microsoft.com/kb/2483120

Scroll down and use the Fix It for me section
Click on the Fix it 50692 link-button

Save the download file onto your system.  Then RUN it
That will remove remains of MS Security Essentials.

When that completes, Logoff and restart Windows.

Then go back to the article http://support.microsoft.com/kb/2483120

Scroll down to the bottom section to STEP 3 Reinstall Microsoft Security Essentials
Do the new download, Save, then RUN  to install a new MS Security Essentials.

That should result in a decent install of MS Security Essentials.  We are looking just for a good install.

After the install has completed, do these next steps.

Close and exit any open work documents or program windows you opened.

Then do a Logoff and Restart for a new fresh start.

Next:

Open Internet Explorer (only!) & go to http://support.microsoft.com/kb/923737
[ignore any DOES NOT APPLY warnings as well as the APPLIES TO section] & run the Fix It.

    Note=> For optimal results, check the Delete personal settings option.

Now, Open Internet Explorer (only!) & go to http://support.microsoft.com/kb/910336
[ignore the title & Symptoms].

Dismiss/close the "automated troubleshooter" pop-up! - then...

Ignoring any "Not recommended" or similar warnings, run Fix It 50202 in DEFAULT and then again a 2nd time in  AGGRESSIVE modes. [1]

2. Reboot & then run a manual check for updates at Windows Update, etc., etc...
When you reach Windows Update, do a Custom scan for updates.  Take (accept) only items marked Important or Critical.

Have infinite patience while it scans and does it's work.

When it prompts you to Restart Windows, please do that.  Allow it to restart.


IF and only if you get an "error" or "exception/failure" message, I will need the complete so called "failure code" and description (if you see it).

[1]Agressive mode will result in your not being able to see prior updates when doing View Update history. However, it does not affect already installed updates on your system.
The latter are still viewable in Control Panel (Programs and Features or Add-or-Remove Programs).

credit Robear Dyer for the 'secret sauce'.
~Maurice Naggar
MS-MVP (October 2002 - September 2010)

Offline awmoeder

  • Bronze Member
  • Posts: 6
Re: [In Progress] Microsoft security client starts with error 0x80073b01
« Reply #4 on: March 28, 2013, 01:25:32 pm »
Maurice,

the cleanup tools runs without a problem, but when I tried to reinstall Microsoft Security Essentials I get the following exception code 0x80070643.
The description is in dutch because it is a dutch operating system. "De installatie van Security Essentials kan niet worden voltooid. Door een fout kan de installatiewizard vna Security Essentials niet worden voltooid. Start de computer opnieuw op en probeer het opnieuw. Foutcode 0x80070643".

What to do now?

Offline Maurice Naggar

  • Malware Removal Staff
  • Silver Member
  • Posts: 1150
Re: [In Progress] Microsoft security client starts with error 0x80073b01
« Reply #5 on: March 28, 2013, 04:40:59 pm »
Did you at any recent time run any sort of registry cleaner tool?  if so, which one?

My guess would be a missing Windows Installer Service.

Check for missing or disabled Windows services, by doing the following, and post detailed results when done !!

From Start button, select RUN  (or Win-key +R) and in the run-text-box type in MSCONFIG and press OK or Enter.
On Vista or Windows 7, press Windows-key on keybooard, and type in MSCONFIG

 You should see the General tab. Click the General tab.  It should have Normal startup selected (in the radio-box=selection)
IF it does not, then you click on Normal startup.

Click on Services tab.  To get it's display of services.

Keep a written list of any changes from my list of services below. That way you and I have a reference document.

Look at the bottom line Hide all Microsoft services
IF and only IF its is checkmarked, then un-check it.

the list of servies may be shown in non-alphabetical order, so ....
Look at the heading titled "Service". Click on it as needed so the list is sorted and top of list starts with the "A" services.
You can toggle as needed to get the desired order.


IF any of below services are NOT shown, don't panic & do not stop, just write down the info for me and proceed with the others !


Then using the scroll-bar scroll down the list

Look for COM+ Event System.  Is it shown?  Is it checked?  If not, click on that checkbox to checkmark.

Look for COM+ System Application.  Is it shown?  Is it checked?  If not, click on that checkbox to checkmark.

Look for Ipsec Policy Agent.  Is it shown?  Is it checked?  If not, click on that checkbox to checkmark.

Look for Remote Procedure Call (RPC) Locator.  Is it shown ?  Is it checked? If not, click on that checkbox to checkmark.

Look for RPC Endpoint Mapper.  Is it shown ?  Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Firewall.  Is it shown ?  Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Management Instrumentation.  Is it shown ?  Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Installer.  Is it shown ?  Is it checked? If not, click on that checkbox to checkmark.
 
Look for Windows Update.  Is it shown ?  Is it checked? If not, click on that checkbox to checkmark.


When done, press the Apply button, and the OK button.

You're likely to be prompted to Restart Windows, do so.

If not prompted, you do a Logoff and Restart of Windows.

Then report back here with details.

If any of the services are not shown, just let me know which.
~Maurice Naggar
MS-MVP (October 2002 - September 2010)

Offline Maurice Naggar

  • Malware Removal Staff
  • Silver Member
  • Posts: 1150
Re: [In Progress] Microsoft security client starts with error 0x80073b01
« Reply #6 on: April 01, 2013, 07:20:28 am »
How is it going ?
~Maurice Naggar
MS-MVP (October 2002 - September 2010)

Offline awmoeder

  • Bronze Member
  • Posts: 6
Re: [In Progress] Microsoft security client starts with error 0x80073b01
« Reply #7 on: April 03, 2013, 02:46:46 pm »
Hey Maurice,

sorry I waited so long to answer you, but I have been very busy. Below are my results:


Look for COM+ Event System.  Is it shown?  Is it checked?  If not, click on that checkbox to checkmark.
=> It is shown and checked

Look for COM+ System Application.  Is it shown?  Is it checked?  If not, click on that checkbox to checkmark.
=> It is shown and checked

Look for Ipsec Policy Agent.  Is it shown?  Is it checked?  If not, click on that checkbox to checkmark.
=> It is shown and checked

Look for Remote Procedure Call (RPC) Locator.  Is it shown ?  Is it checked? If not, click on that checkbox to checkmark.
=> It is shown and checked

Look for RPC Endpoint Mapper.  Is it shown ?  Is it checked? If not, click on that checkbox to checkmark.
=> It is not shown

Look for Windows Firewall.  Is it shown ?  Is it checked? If not, click on that checkbox to checkmark.
=> It is shown and checked

Look for Windows Management Instrumentation.  Is it shown ?  Is it checked? If not, click on that checkbox to checkmark.
=> It is shown and checked

Look for Windows Installer.  Is it shown ?  Is it checked? If not, click on that checkbox to checkmark.
=> I have two entries with the name "Windows Installer" Both are checked
 
Look for Windows Update.  Is it shown ?  Is it checked? If not, click on that checkbox to checkmark.
=> It is shown and checked


Actually all the services in this list are checked.

Hope this will help you. Looking forward to your answer.

Offline Maurice Naggar

  • Malware Removal Staff
  • Silver Member
  • Posts: 1150
Re: [In Progress] Microsoft security client starts with error 0x80073b01
« Reply #8 on: April 04, 2013, 09:11:04 am »
You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start  >> Internet Explorer >> Right-Click and select Run As Administrator.
Using Internet Explorer browser only, go to ESET Online Scanner website:
http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;

  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.

  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.
    Look at contents of this file using Notepad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here
    http://go.eset.com/us/online-scanner/faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)   

    • If you use Firefox, you have to install IETab, an add-on.  This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break 
Re-enable the antivirus program.

Reply with copy of the Eset scan log
~Maurice Naggar
MS-MVP (October 2002 - September 2010)

Offline awmoeder

  • Bronze Member
  • Posts: 6
Re: [In Progress] Microsoft security client starts with error 0x80073b01
« Reply #9 on: April 06, 2013, 02:15:19 am »
Hey Maurice,

I did everyting as you described. After the test has completed the dialog said there were no threats found.
However there is no log file in the program files directory. The directory of Eset/EsetOnlineScanner is created.

greetings,
Wannes

Offline Maurice Naggar

  • Malware Removal Staff
  • Silver Member
  • Posts: 1150
Re: [In Progress] Microsoft security client starts with error 0x80073b01
« Reply #10 on: April 06, 2013, 08:34:25 am »
Hello Wannes,

Download, & save & then run the MS Safety scanner
http://www.microsoft.com/security/scanner/en-us/default.aspx
Let me know the result.

Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.
 
Note: Any data files that are infected may only be cleaned by deleting the file entirely, which means there is a potential for data loss.
~Maurice Naggar
MS-MVP (October 2002 - September 2010)

Offline Maurice Naggar

  • Malware Removal Staff
  • Silver Member
  • Posts: 1150
Re: [In Progress] Microsoft security client starts with error 0x80073b01
« Reply #11 on: April 15, 2013, 09:49:13 am »
Hello,
How's it going?  Have you completed the MS Safety scanner?

Do you still need help?  It has been 9 days since my last reply to you.   :(
~Maurice Naggar
MS-MVP (October 2002 - September 2010)

Offline awmoeder

  • Bronze Member
  • Posts: 6
Re: [In Progress] Microsoft security client starts with error 0x80073b01
« Reply #12 on: April 15, 2013, 11:52:10 am »
 Hi Maurice,

I gave up: I backed up all my data and did a clean install of my vista machine, reinstalled all the programs and placed the data back in place.

However, I would like to thank you for all the effort you did in an attempt the fix my machine. Thanks!!

kind regards
Wannes

Offline Maurice Naggar

  • Malware Removal Staff
  • Silver Member
  • Posts: 1150
Re: [Resolved] Microsoft security client starts with error 0x80073b01
« Reply #13 on: April 15, 2013, 12:35:46 pm »
I appreciate your status update.  I will leave you with a list of safer pc practices, and will then close this.
DO print out this list for your future reference.

Safer practices & malware prevention
  • Have a hardware router between the incoming internet-modem and your computer.
  • Use a Standard user account rather than an administrator-rights account when "surfing" the web.
  • Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
  • Check in at Windows Update and install any Important Updates offered.

  • Make certain that Automatic Updates is enabled.

How to configure and use Automatic Updates in Windows
http://support.microsoft.com/kb/306525


  • Check on other update issues as well, by getting, installing and using Secunia Personal Software Inspector (OSI) on a monthly basis.

See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
 
 

Don't plug in an unknown flash/thumb drive into your PC.
IF you must do so, hold down the SHIFT-key when you insert the drive.
Scan any file with your Antivirus prior to opening or using.

On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:

ESET Online Scanner

BitDefender Quickscan

Trend Micro Housecall

F-Secure Online Scanner
[/url]

Microsoft Safety Scanner

Panda ActiveScan
 
[/b]
We are finished here. Best regards.
~Maurice Naggar
MS-MVP (October 2002 - September 2010)