Over 1 million tech questions and answers.

Microsoft Security Essentials disabled & canít restart service

Q: Microsoft Security Essentials disabled & canít restart service

Greetings.  I am new to the forums and do greatly appreciate any help that can be offered with an MSE problem. 
 
First off - the computer belongs to a family member and is running Windows XP Service Pack 3.
 
The main symptoms revolve around Microsoft Security Essentials.  The service is stopped and when I attempt to restart (the Start Now button) I get the following error message:
 
            The service couldn’t be started.
                        The system cannot find the path specified.
                        Click Help for more information about this problem.
                        Error code: 0x80070003
 
In addition, all of the other tabs in Microsoft Security Essentials are disabled.
 
Chronological Account:
1)  On startup a folder opened onto the desktop.  The folder (with path) is C:\Documents and Settings\John\Local\Packages.  I took a deeper look into the folder along this path: …windows_ie_ac_001\AC\Dashlane and then a few subfolders containing what I presume to be Dashlane data.  I updated Malwarebytes and then scanned the “Packages” folder with no malicious file detections.
 
2) I opened Microsoft Security Essentials and tried to restart service and received the error message (see above).  Tested other buttons and found MSE unresponsive.
 
3) I downloaded the Microsoft Security Essentials (on another computer), transferred the file from a USB drive, and then attempted an install.  I received an error message informing me that “…mseinstall.exe is not a valid win32 application”.  I wondered if maybe I had downloaded a 64-bit version, so I attempted to the download again, on the computer with the problem, but the MSE still wouldn’t install.  (Though the download file this time was 400 or 500 KB, instead of the approximately 12 MB downloaded via the other computer….)
 
4) At this point, I ran a full scan with Malwarebytes.  There were some detections. 
 
Here is the Malwarebyes log file:
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.10.01
 
Windows XP Service Pack 3 x86 FAT
Internet Explorer 8.0.6001.18702
John :: JOHN-I691FFBXS1 [administrator]
 
12/9/2013 10:57:58 PM
MBAM-log-2013-12-10 (06-19-20).txt
 
Scan type: Full scan (C:\|L:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 427776
Time elapsed: 1 hour(s), 33 minute(s), 10 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKCU\Software\Datamngr (PUP.Optional.DataMngr.A) -> No action taken.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 8
C:\RECYCLER\S-1-5-21-1454471165-1844237615-1801674531-1004\Dc227.exe (PUP.Optional.Softonic.A) -> No action taken.
C:\RECYCLER\S-1-5-21-1454471165-1844237615-1801674531-1004\Dc228.exe (PUP.Optional.Softonic.A) -> No action taken.
C:\RECYCLER\S-1-5-21-1454471165-1844237615-1801674531-1004\Dc265.exe (PUP.Optional.InstallIQ.A) -> No action taken.
C:\RECYCLER\S-1-5-21-1454471165-1844237615-1801674531-1004\Dc342.exe (PUP.Optional.AdBundle) -> No action taken.
C:\RECYCLER\S-1-5-21-1454471165-1844237615-1801674531-1004\Dc360.exe (PUP.Optional.Inbox) -> No action taken.
C:\Documents and Settings\John\Desktop\Downloads\SoftonicDownloader_for_simple-sudoku(2).exe (PUP.Optional.Softonic.A) -> No action taken.
C:\Documents and Settings\John\Desktop\Downloads\AxCrypt-1.7.2931.0-Setup.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Documents and Settings\John\Local Settings\Temp\4jrWBDxx.exe.part (PUP.Optional.AdBundle) -> No action taken.
 
(end)
 
 
5) I instructed Malwarebytes to remove all.  Malwarebytes informed me that I would need to restart the system to make the changes, so I agreed and rebooted through the Malwarebytes dialogue box.
 
6) Once the system restarted, I investigated the Malwarebytes quarantine. All the selected files appeared to be successfully quarantined. 
 
7) I attempted to restart the service in Microsoft Security Essentials and got the same error message.  I attempted to install MSE again (with the larger 12 MB installer) and got the same error message.
 
Also, after I rebooted I got a WinPatrol New Program Alert – “A new auto Startup Program has been detected” for a “Watson Subscriber for SENS Network Notifications.”  I mention this as an aside now, because the computer’s owner could not recall for sure if this was new occurrence or if they had just declined the installation in the past (I can provide more text from the alert if needed).
 
8) After reading the Preparation Guide I have run DDS (and will see to file backup, firewall, etc.)
 
Here is the DDS log file:
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_22
Run by John at 10:36:59 on 2013-12-10
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2015.1455 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Documents and Settings\John\Application Data\Dashlane\Dashlane.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Linksys\CIT200\cit200.exe
C:\Program Files\Ditto\Ditto.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://vshare.toolbarhome.com/default_vltv2.aspx?hp=df
mSearch Bar = hxxp://home.netscape.com/home/winsearch200.html
uURLSearchHooks: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Dashlane BHO: {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - c:\documents and settings\john\application data\dashlane\ie\Dashlanei.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program files\canon\easy-webprint\Toolband.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
uRun: [LightShot] c:\documents and settings\john\local settings\application data\skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
uRun: [Dashlane] "c:\documents and settings\john\application data\dashlane\Dashlane.exe" autoLaunchAtStartup
uRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [SnoopFreeUI] SnoopFreeUI.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\john\startm~1\programs\startup\cit200.lnk - c:\program files\linksys\cit200\cit200.exe
StartupFolder: c:\docume~1\john\startm~1\programs\startup\ditto.lnk - c:\program files\ditto\Ditto.exe
StartupFolder: c:\docume~1\john\startm~1\programs\startup\~disab~1\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: _NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Local Website Archive - c:\documents and settings\john\application data\aignes\local website archive\config\iearc.htm
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37858.6700694444
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\john\application data\mozilla\firefox\profiles\v1wz0o5u.default\
FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?hl=en&gl=us|http://www.nytimes.com/|http://feeds.feedburner.com/GizmosFreewareTopWindowsArticles?format=xml|http://portland.craigslist.org/wsc/tls/|http://www.technologyreview.com/|http://www.nytimes.com/pages/technology/personaltech/index.html|http://liliputing.com/
FF - prefs.js: keyword.URL - hxxp://search.fantastigames.com/web?src=ffb&appid=102&systemid=455&sr=0&q=
FF - component: c:\documents and settings\john\application data\mozilla\firefox\profiles\v1wz0o5u.default\extensions\[email protected]\components\KeyScramblerIE.dll
FF - plugin: c:\documents and settings\john\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\nitro\reader 3\npdf.dll
FF - plugin: c:\program files\nitro\reader 3\npnitroie.dll
FF - plugin: c:\program files\nitro\reader 3\npnitromozilla.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\wordweb\wcapturemoz\plugins\npWCX.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [2009-3-25 36752]
R0 csdf;cdsf;c:\windows\system32\drivers\csdf.sys [2009-3-25 39440]
R0 SnoopFree;SnoopFree Driver;c:\windows\system32\drivers\SnopFree.sys [2012-12-9 9472]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-11-19 195296]
R2 BT848;AVerDVD EZMaker WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2003-12-19 261696]
R2 BTTUNER;BtTuner, WDM TV Tuner;c:\windows\system32\drivers\Bttuner.sys [2003-9-20 21824]
R2 BTXBAR;AVerDVD EZMaker WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [2003-12-19 13312]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\nitro\reader 3\NitroPDFReaderDriverService3.exe [2013-3-26 196624]
R2 SnoopFreeSvc;Snoop Free Service;System32\SnoopFreeSvc.exe --> System32\SnoopFreeSvc.exe [?]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-10-1 208920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\all users\application data\spyware terminator\fileobjinfo.sys --> c:\documents and settings\all users\application data\spyware terminator\FileObjInfo.sys [?]
S3 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-1-12 68928]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-12-16 157776]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-5-30 3048136]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~3\office\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2013-12-10 14:30:45   --------  d-----w-           c:\documents and settings\john\local settings\application data\PCHealth
2013-12-10 01:47:09   --------  d-----w-           c:\documents and settings\john\Local
2013-11-20 03:15:02   7772552          ----a-w-            c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d4874fed-c773-443b-bdb1-81ba2322e135}\mpengine.dll
2013-11-20 03:00:48   195296            ----a-w-            c:\windows\system32\drivers\MpFilter.sys
.
==================== Find3M  ====================
.
2013-11-19 10:21:30   230048            ------w- c:\windows\system32\MpSigStub.exe
2013-10-13 07:25:38   920064            ----a-w-            c:\windows\system32\wininet.dll
2013-10-13 07:25:08   43520  ------w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25:02   1469440          ------w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24:17   18944  ------w- c:\windows\system32\corpol.dll
2013-10-13 06:57:59   385024            ------w- c:\windows\system32\html.iec
2013-10-12 15:56:19   278528            ----a-w-            c:\windows\system32\oakley.dll
2013-10-11 16:31:26   71048  ----a-w-            c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-11 16:31:26   692616            ----a-w-            c:\windows\system32\FlashPlayerApp.exe
2013-10-09 13:12:48   287744            ----a-w-            c:\windows\system32\gdi32.dll
2013-10-07 10:59:21   603136            ----a-w-            c:\windows\system32\crypt32.dll
2013-10-05 01:14:01   7168    ----a-w-            c:\windows\system32\xpsp4res.dll
2007-08-26 05:26:56   1384560          ----a-w-            c:\program files\dopdf.exe
.
============= FINISH: 10:37:53.50 ===============
 
 
I have also attached the attach.txt file.  I would greatly appreciate any advice on what I can do to fix this problem.
 
Many thanks,
Cuprum

RELEVANCY SCORE 200
Preferred Solution: Microsoft Security Essentials disabled & canít restart service

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Microsoft Security Essentials disabled & canít restart service

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/517059 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.
Thank you for your patience, and again sorry for the delay.
***************************************************
We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.DDS.com Download LinkDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control can be found HERE.As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

Read other 2 answers
RELEVANCY SCORE 89.2

I've just noticed this today as I turned on my computer, but MSE seems to have been disabled. Whenever I try to start it up, I get an error message that says "The specified service does not exist as an installed service." I have no idea how it got to this state and am thinking that I might've been infected. I've ran TDSSKiller and Malwarebytes to see if it could find anything and it did see some items, though I'm not sure if it got everything. Even after running those two, MSE still refuses to start up. I don't know if I need to reinstall it or if there are more viruses left.

Also, I don't know if this is relevant, but I seem to disconnect with my router fairly frequently when using this machine.

Here is my DDS log and the attach.txt as well:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by JISET at 18:36:24 on 2012-08-16
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.3062.1512 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\... Read more

A:Microsoft Security Essentials Disabled

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/465507 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 89.2

I have a client computer that I have been trying to determine what virus or trojan may have infected it. It has been running Microsoft Security Essentials. Now it has a red X and then disappears from the task bar. When I check to see if the service is running it shows Disabled. I enable the service but then it goes to disabled again. I have downloaded and installed Malwarebytes and was able to complete a full scan with no infections found. I ran tdsskiller and it showed no infected files. When I looked in the running processes I found rundll32.exe running. I ended the process and was then able to start the MSE service and run a full scan but no infections found. When I reboot the rundll32.exe file is running again and the same symptoms. I have also noticed that my google searches are being redirected to various sites.

Could this be a trojan or hijack of some sort?

A:Microsoft Security Essentials keeps getting disabled

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next t... Read more

Read other 1 answers
RELEVANCY SCORE 87.6

Problems:While googling it redirects me to sites - "http://directagain.net/in.php?source=7777&q=&suid=1101&rnd=3xz%2B1mgzFz9AZ7RtJ0%2Bx2w%3D%3D"and"http://www.ihavenet.com/?search=&n=1355828587"(there are some more redirections, but at the moment these are the most frequent)After copying "http://www.ihavenet.com/" from address bar or search bar it pastes "google.com" (I'm using Firefox atm).Bigger problems:Microsoft Security Essentials starts only for the moment on the boot-up and after that is gone.I can't turn on Windows Security Center Service.I tried:Starting WSCS from services.msc and setting it to "Automatic (Delayed)" and after restarting PC..same.Reinstalling MSE didn't work.I used CCleaner. And please tell me is cleanpcguide.com valid site?Did the scan with AdwCleaner and deleted all the threats.Did the scan with Malwarebytes Anti-Malware and deleted all the threats.Did the scan with TDSSKiller and deleted all the threats.I've made "Windows Defender Offline" Bootable USB and did the scan. It only found keygen that I've never used. Deleted it.I did a little "house cleaning" (nice, yeah) but the problem is still there!If someone have an idea what's the problem, please help. Thanks in advance.Sorry for this big post, and I appreciate for you time.

A:Can't turn on Windows Security Center Service, Microsoft Security Essentials is also off

[delete this post]

Read other 21 answers
RELEVANCY SCORE 87.6

Hi
I'm new here so don't know if I'm posting in the right place or even if I have a problem. So perhaps some kind person will set me right.
The Laptop I am concerned about runs Vista Home Edition and for security I was using Superantispyware Professional and Microsoft Security Essentials (MSE). Recently MSE stopped working. I was invited to restart it but was unable to do so. I was also unable to uninstall in order to reinstall even though I followed Microsoft's own intructions. Worried that an infection might have disabled my virus protection I iperformed a full Superantispyeware scan. Result only the usual tracking cookies. I then installed Avast free edition because I had no virus protection. When I tried to scan with Avast it started but soon hung and froze. It did this twice.The only way I could perform the scan was to go into Safe Mode. The scan showed one infection "Java:Agent-CLW[Expl]". I removed this with Avast.
The computer is now running ok but I still cannot restart Microsoft Security Essentials.
Do I have something to worry about and what should I do about it?
Would someone be kind enough to advise please?
Thanks
Allan

A:Microsoft Security Essentials won't restart or uninstall

Have a read here: http://support.microsoft.com/kb/2435760

Read other 8 answers
RELEVANCY SCORE 87.6

Hi
I'm new here so don't know if I'm posting in the right place or even if I have a problem. So perhaps some kind person will set me right.
The Laptop I am concerned about runs Vista Home Edition and for security I was using Superantispyware Professional and Microsoft Security Essentials (MSE). Recently MSE stopped working. I was invited to restart it but was unable to do so. I was also unable to uninstall in order to reinstall even though I followed Microsoft's own intructions. Worried that an infection might have disabled my virus protection I iperformed a full Superantispyeware scan. Result only the usual tracking cookies. I then installed Avast free edition because I had no virus protection. When I tried to scan with Avast it started but soon hung and froze. It did this twice.The only way I could perform the scan was to go into Safe Mode. The scan showed one infection "Java:Agent-CLW[Expl]". I removed this with Avast.
The computer is now running ok but I still cannot restart Microsoft Security Essentials.
Do I have something to worry about and what should I do about it?
Would someone be kind enough to advise please?
Thanks
Allan

A:Microsoft Security Essentials won't restart or uninstall

What instructions did you follow for removing MSE? Was it this? Uninstalling Microsoft Security Essentials by Stephen Boots, MVPSometimes removal via Add/Remove or Programs and Features does not work properly if you have not terminated msseces.exe in task manager and stopped and disabled the Microsoft Security Essentials service. You can run the Microsoft Security Essentials Removal Tool, reboot and then try reinstalling.Troubleshooting resources:I can't start the Microsoft Security Essentials serviceMicrosoft Security Essentials - Installation Checklist and Frequently Asked Questions Common issues that can affect MSE and FAQsDid you remove avast? Having two anti-virus programs installed can cause various issues so it needs to be removed before attempting to fix MSE.If avast! does not fully uninstall, then you need to download and use the avast! Uninstall Utility (aswclear.exe) for complete uninstallation. Be sure to print out and follow the instructions provided on that same page and uninstall in SAFE MODE.

Read other 5 answers
RELEVANCY SCORE 87.6

Good day,
 
My problem started yesterday after I found that it isn't possible to start microsoft security essentials anymore.
During that time, MBAM scan found pum.disabled.securitycenter and pup.blabbers on several registry data and keys - all of them were checked for removal - but till now I'm not able to start security essentials yet and It seems that I can't follow some of the links in google search regarding the problem as I get redirected to blank page.
 
I've included logs from MBAM, MBAR, tdsskiller, adwcleaner, OTL AND FSS.
 
Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org
Database version: v2013.06.19.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: ZAI [administrator]
11/08/1434 03:00:56 م
mbam-log-2013-06-19 (15-00-56).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218905
Time elapsed: 15 minute(s), 45 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Quarantined and deleted succes... Read more

A:Advice is really appreciated, disabled microsoft security essentials

adwcleaner, OTL and FSS logs are here
 
# AdwCleaner v2.303 - Logfile created 06/20/2013 at 10:23:54
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - ZAI
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Linkury
Folder Deleted : C:\Program Files\BrowserCompanion
Folder Deleted : C:\Program Files\Linkury
***** [Registry] *****
Key Deleted : HKCU\Software\Blabbers
Key Deleted : HKCU\Software\BrowserCompanion
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows... Read more

Read other 24 answers
RELEVANCY SCORE 86.4

Hello,
 
From post: http://www.bleepingcomputer.com/forums/t/498328/suspected-sirefef-infection/
 
It started from when Windows notified me that my antivirus, firewall and a driver was disabled.
I cannot run, change, uninstall or download* Microsoft Security Essentials. The warning prompt says I do not have permission or the application/file was not found. I checked acct permission, all OK. I checked file/application location, all OK. Googling lead me to suspect Sirefef infection.
 
*Using my default Internet Explorer 10 browser, I am unable to download anything that merely resembles a program. This even includes photo's or videos from a browser-Email program (Hotmail). The download notice says the file was a virus and has been deleted, and I think deletes the file from the computer (I've tried looking). I tried saving as a filename that looked innocent - to no avail. I believe I have found a workaround by using Firefox to (as of this post) download and run Rkill and DDS from a USB stick. I expect to be able to download and run any necessary tool/application that I need via Firefox.
 
I've shut-down and started the computer once, and also did a restart. There seems to be no other noticeable activity - no change in boot times, no changes in windows activity (weird system tray icons etc), no other notifications, PC is running at regular speed, no noticeable changes in browser activity or redirections. Everything seems fine, other than my AV disabled.
 
... Read more

A:Sirefef/ZeroAccess-Infected-Microsoft Security Essentials Disabled

Hello and welcome.  Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.   Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Read other 20 answers
RELEVANCY SCORE 85.6

Hi,
 
I would be honoured to have some assistance regarding a possible infection on my computer.
 
Unfortunately, I believe my computer has been infected with a possible Rootkit\Backdoor Trojan Virus, which has disabled both Windows Defender and Microsoft Security Essentials. When attempting to launch Windows Defender & MSE, I receive an error regarding: "Specified location path not found". I decided to look into the directory of both WD (%WINDIR%Program Files\Windows Defender) and MSE (%WINDIR%Program Files\Microsoft Security Client) and some of the icons have changed to shortcuts that point directly to "C:\Windows\system32\config." Even as an Administrator,  I'm unable to make even add write permissions to the folder as my access is denied.
 
I was able to uninstall Microsoft Security Essentials but my Windows Defender will not launch. My issue is practically identical to the following topic in this forum:
 
http://www.bleepingcomputer.com/forums/t/494835/lost-access-to-microsoft-security-essentials-directory-and-application/page-10?hl=%2Blost+%2Baccess#entry3059425
 
Would anyone be able to assist me in this issue? Your help will be greatly appreciated.

A:Access is denied and disabled: Windows Defender & Microsoft Security Essentials

Hi asoft, Welcome to the forum. Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.   

Read other 10 answers
RELEVANCY SCORE 84.8

Every time I start my laptop I get get "restart required"  warning from Microsoft Security Essentials to "complete the cleanup".   I also get a pop up asking to send the questionable file path for further analysis, The last part of the file path is baadu\tygy.exe. 
 
 
 
 
 
 

A:Microsoft security essentials "restart required" every time I start my laptop

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and ... Read more

Read other 14 answers
RELEVANCY SCORE 84.8

Here's the link to the topic in the "Am I infected?" forum that I posted up: http://www.bleepingcomputer.com/forums/topic460619.html

As stated in the topic above, Google redirects to other sites when I use their search engine. I also hear random audio advertisements with no visible browser and Microsoft Security Essentials is disabled for some reason. I ran a Malwarebytes scan, removed a few malware, then restarted my computer. Promptly after booting up again, my computer again played audio ads after about an hour or so. In addition, all of the other problems continued to happen.

Currently, all my programs still work correctly, including all browsers and games. My computer runs Windows 7 32-bit Professional.

Any and all help is appreciated!
DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Telesis at 0:25:27 on 2012-07-16
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3068.1761 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C... Read more

A:Google redirect, random audio ads playing, Microsoft Security Essentials disabled

Hi,Please run the followingRefer to the ComboFix User's Guide Download ComboFix from the following location:

Link

* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Read other 12 answers
RELEVANCY SCORE 84.8

Hello,I've been having a problem with Google searching (it keeps redirecting me to sites other than where I want to go) and random audio ads playing in the background with no open browser window. I tried running a Malwarebytes scan and got rid of several malware. However, I re-scanned right after I restarted my system (to finish the scan) to be sure I got rid of everything and, to my surprise, it still picked up one malicious item: Rootkit.0Access. I tried to quarantine this again, but the ads kept playing, Google kept redirecting to the wrong sites, and the virus kept showing up in recurring scans. As of now, all programs work fine such as my video games (I'm a gamer at heart) and Firefox, IE, Malwarebytes, etc., but I'm still having these problems. I should note that I am running Windows 7 Professional as well. I also noticed that Microsoft Security Essentials was disabled - I tried to restart it but said it wasn't an installed service. Scans show that I did have Security Essentials at one point but is now disabled. Any help/ideas? This problem has been happening for a while now (it might have been infected 2-3 weeks ago, but I've recently been on vacation so I couldn't fix it)P.S. I should also mention that I had the Live Security Platinum virus on my system as well, which I removed successfully by using the self-guide on this site. I'm not sure if I was too late in removing it, and if it left some trace of it on my computer.

A:Google Redirect and Random Audio ads playing, Microsoft Security Essentials disabled

Welcome aboard Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Read other 1 answers
RELEVANCY SCORE 82.8

I used bleepingcomputer.com for the directions to remove the FAKE microsoft security essentials virus/trojan. I ran RKILL and used (after updating) malwarebytes. It takes almost 3 hours to run a full scan, and I've ran it three times, and it's running now. I got the message and pop up talked about here first... http://www.bleepingcomputer.com/virus-remo...ssentials-alert - and I took care of it following the instructions.Then I started to get the pop up about explorer had crashed and will restart. My windows bar with the time and start menu button dissipated and came back over and over again. Then it just stopped. This is after running rkill, following the instructions, malwarebytes and restarting. I log in from the login screen and everything appears normal for a second, then I get the explorer has stopped working or crashed message and my screen goes completely black. I can pull up task manager to get to chrome browser and my stuff on the pc, but windows explore (not internet explorer, but the one that runs windows) just isn't working.After I ran it, it seemed to work just fine, for one sitting, then this happened. What can I do now? I hard drive wipe is not an option as someone stole my external, and I have almost all of my hd on here saving my music and video until I can by another one.Also, on a side note... there are two users on this pc. The other one is notorious for downloading and being stupid with my machine...HOWEVER this time, it looks like me. As... Read more

Read other answers
RELEVANCY SCORE 81.6

QUOTE(ewu @ Oct 14 2010, 05:25 PM) I am running XP and it seems to function well with the exception of multiple mshta.exe incidences. I fell victim to the security essentials trojan but Avast was able to catch it before my system was substantially compromised. It seems like most items have been removed aside from the mshta.exe issue.Exactly every hour, Avast alerts to mshta.exe accessing a location and blocks it. When I check the task manager it sometimes comes up many times. I have taken to ending mshta.exe whenever I see it.I have run quick and full scans with Avast, Malwarebytes, SuperAntiSpyware, and Spybot. I booted up into safe mode and ran quick scans with all four. I also ran a boot-time scan with Avast. All these scans have come up with no infected files.I also downloaded and ran panda anti-rootkit both regularly and in safe mode.Please advise as to how I can resolve this issue.Thanksas per boopme instructed:DDS (Ver_10-10-10.03) - NTFSx86 Run by Eric at 10:11:55.64 on Fri 10/15/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_19Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.782 [GMT -7:00]AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.ex... Read more

A:driver/service protection of malware - mshta.exe and "Microsoft Security Essentials Alert" attack

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The ... Read more

Read other 14 answers
RELEVANCY SCORE 72.8

Greetings,

This morning my pc got hit with this awful trojan called "Security Shield"...which has led to browser / search hijacks, Microsoft Security Essentials being disabled and unavailable to restart, and even an annoying flashing Windows login screen that prevents me from putting in my login password if I lock my pc.

Here is the DDS log and I've attached ark.txt and attach.txt.

Thank you for your help!

art_vandelay
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by glindholm at 9:53:50 on 2012-08-07
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3977.1251 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\... Read more

A:Security Shield trojan - browser/web hijacking, MS Security Essentials being disabled, etc

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 9 answers
RELEVANCY SCORE 70.8

I am running windows 7 home and using security essential. but yesterday i found my security essentials not working and showing red alarm. When i take the pointer to show it ............ the program close and the security
center service disabled........ and i went to see the security center service to run it and make it automatically run this message appear to me " Windows could not start the security center service on local computer.
Error 1058: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it"
And i removed security Essentials and tried to run the security center service ......but the problem still exists the service runs only 2 minutes and disabled again.
Please help QUICKLY ................ because i am working without
ANTI-VIRUS      

A:Security Center service for Windows 7 cannot start & Security Essentials not working

Hi,
 
The Security Center service cannot be started due to virus destruction.
 
Have you tried the repair for Windows? If not, you can go to following SkyDrive to load the registry and import it to check the result.
 
http://cid-9fb18a384ebfc662.office.live.com/self.aspx/.Documents/wscsvc%5E564%5E6.zip
 
Before importing it, please back up the following registry key first. Just find the key and right click it, choose export and save to desktop.
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
 
After importing the correct registry, please go to services Windows to check if Security Center starts properly.
 
Best Regards,
NikiPlease remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Read other 44 answers
RELEVANCY SCORE 70

Hello,
About 2 days ago my computer started acting strange. I believe it was after an update was installed but I do not recall. It has a BSOD episode and I was able to get it working after messing around with the command line with the restore dvd. Yesterday or the day before my computer completely became unresponsive and the windows explorer crashed. I could not open a run window, alt + ctrl + del also did nothing. I had to do a hard reset but it seemed to work after that. Just today when I started my computer microsoft security essentials was disabled and I know for a fact I did not do that. I scanned with MBAM and nothing came up. I am not scanning with MS Security essentials but I doubt it will show anything either. I am suspicious that I somehow have gotten something but I really have no idea how. I know my apartment complex was recently setting up the wifi and I had to call some tech support number and a guy added my computer to the network and I don't know if he could have done something or if maybe the fact that the wifi was unsecured when they first had it up could have done anything but I would really like to have this resolved. 
 
OS: WIndows 7 64 bit
 
I wanted to make sure it was't the RAM that caused the crash as I was having crashes on arma 3 due to memory issues but memtest completed 4 times with not one fail so I don't think it is related to that.
The primary errors in the application logs is just this error "Event filter with query "SELECT * FR... Read more

A:MS Security Essentials Disabled and Other odd Behavior

This just happened while scanning with Microsoft Security Essentials.
 
http://tinypic.com/r/rko6qb/8

Read other 2 answers
RELEVANCY SCORE 70

Hello
 
I have discovered tonight (using Malwarebytes) that I had the Trojan Fake.MS on my Win7 64bit laptop which has disabled MS Security Essentials and Windows defender so with a bit Googling I arrived here and read up on other peoples problems with similar events...
 
As the first thing they are told is to download and run FRST I downloaded FRST64 and ran the scan and have attached my TXT files showing the results.
 
I understand you may not be able to provide the fix straight away so I have disconnected it from the internet and reset all my important passwords and will use a tablet for access in the meantime.
 
This is the first time I've been caught out in over 35 years of using computers (I started out using mainframes back in 1976) so this is embarassing but we all have to be grateful for guys like yourselves in this instance.
 
Thanks for any help you can provide
Peter

A:MS Security Essentials and Defender disabled

Hello peterg1955 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the sam... Read more

Read other 19 answers
RELEVANCY SCORE 70

While surfing, contracted virus. Disabled keyboard and touch pad. Used USB mouse to regain some control. Reinstalled keyboard and touchpad drivers with apparent success. Ran Norton Antivirus and came up empty. Cannot run Spybot or Microsoft Security Essentials. Can download Spybot but it will not allow it to run. Will not allow MSE to download definition files. Also, will not allow saving of GMER file. Scan will run but then simply closes down upon completion. Thank you for your help.DDS TXT LOG:.DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21Run by pdb at 12:58:04 on 2011-07-10Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3036.1666 [GMT -4:00].AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}.============== Running Processes ===============."\\.\globalroot\Device\svchost.exe\svchost.exe"C:\WINDOWS\System32\svchost.exe -k Cognizancec:\Program Files\Fingerprint Sensor\AtService.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchc:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exesvchost.exeC:\WINDOWS\System32\svc... Read more

A:Disabled keyboard, touchpad, Spybot and Microsoft Sec. Essentials

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:***************************************************First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/408772 and follow the instructions there. If you do not still need help, this is all you need to do. If you do need help please continue below.***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have p... Read more

Read other 23 answers
RELEVANCY SCORE 69.2

MS Security Essentials comes up disabled. The only user (who has admin priv) can not start service because of permissions.I can't run HJT even in safe mode - it just stops. Same with Malwarebytes.In safe mode, I see a process called something like 4007435508:30078589.exeYahoo searches get redirected.Running Win7.DDS log.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22Run by Farrell at 19:56:41 on 2011-09-18Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1547 [GMT -4:00].AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\407323933:3803887847.exeC:\WINDOWS\system32\userinit.exeC:\WINDOWS\Explorer.EXEsvchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\DRIVERS\o2flash.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\system32\SearchIndexer.exeC:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exeC:\Pr... Read more

A:MS Security Essentials Disabled & browser hijacked

I tried running gmer but it too stopped prematurely. I tried to re-run and I again got the "Windows can not access the file. You may not have the apprpriate permissions to access the items." error. I extracted gmer.exe and called it gmer2.exe , re-ran but it stopped before I could save. I did see it flag imapi.sys as suspicious PE.

Read other 22 answers
RELEVANCY SCORE 68.8

Following on from http://www.bleepingcomputer.com/forums/ind...p;#entry1928024. C:\Windows\Temp\reoD7D.tmp (Rootkit.Dropper) shown by MBAM, along with some trojan results. I think the trojans have gone after telling MBAM to remove them, but apparently the rootkit is still there.GMER crashed a few times and caused some blue screens, managed to get it to finish eventually but only in safe mode.Thanks for any help.DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Andy at 22:00:20.77 on 15/09/2010Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_06Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.44.1033.18.2046.1357 [GMT 1:00]AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe ... Read more

A:Trying to recover from rootkit , Security Suite and Fake Microsoft Security Essentials

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open wit... Read more

Read other 2 answers
RELEVANCY SCORE 68.8

Rogue security product claims to be Microsoft Security Essentials.

F-secure reports:
This malware is distributed via drive-by-download attacks as hotfix.exe or mstsc.exe (md5: 0a2582f71b1aab672ada496074f9ce46).Click to expand...

-- Tom
 

A:Rogue security product claims to be Microsoft Security Essentials - Oct 22, 2010

Thanks for sharing.
 

Read other 2 answers
RELEVANCY SCORE 68.8

Platform: Win 7 Ultimate. 2.5 GHz QuadCore. Well, I somehow caught the Google redirect virus. When I click a link from a Google results page, I get redirected to spam/adware crap, such as hxxp://www.scour.com/search/web/Google%20Redirect%20Virus/a51/rs4-4876_19377/v3. I have run a superantispyware quickscan and quarantined all results. I have done a MBAM full scan and removed all results. I have run TDSKiller, which found nothing. I am running a superantispyware full scan, which so far has detected 48 files.

Here's a HijackThis logfile:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:19:40, on 5/3/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Users\dcw\Adobe CS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.e... Read more

A:Google Redirect Problem/MS Security Essentials Disabled

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 68.8

Hi, I think my computer caught some kind of malware, I couldn´t run security essentials or uninstall it, after some tweaking I´ve managed to uninstall it but I cannot install it again the installation stops with error code 0x80070643. Also I can´t open windows defender it seems like its folder permissions have changed, any suggestions? I´m running windows 7 64bit
 
pd: the issue is similar to the one in this posthttp://www.bleepingcomputer.com/forums/t/496263/access-is-denied-and-disabled-windows-defender-microsoft-security-essentials/
 
 

A:Security Essentials and Windows Defender Disabled after malware

Hi there,my name is Marius and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    Scan with DDSDownload DDS and save it to your desktop from here or here orhere.Disable any script blocker, and then double click dds.scr to run the tool.When done, DDS will open two (2) logsDDS.txtAttach.txtSave both reports to your desktop.   Sca... Read more

Read other 2 answers
RELEVANCY SCORE 68.4

hey guys, i just heard about this recently after reading another thread and it sounds great.

main points:

- free
- low system use
- created by microsoft (good or bad i guess)
- updated regularly

what do you guys think? i heard it only uses 5 or 6mb of memory and isn't plagued with the bloat and slowdowns other AV software create.

i'm just worried about giving MS too much information on my PC.

right now i'm running avast and this has been pretty decent for me so far, but this MSE sounds like it has promise.

edit: i'll be formatting soon so i thought i'd try it out with a clean system. im considering trying it out soon though.
 

A:Opinions of Microsoft's free 'Microsoft Security Essentials'?

Read other 16 answers
RELEVANCY SCORE 68.4

hey guys, i have some sensitive information on my machine regarding work.

does anyone know if it's possible for Microsoft Security Essentials to report data back to Microsoft on filenames etc?

it just seems like i'm giving microsoft a lot of control. i'm using a microsoft firewall, OS and now, their AV.

thanks guys
 

A:Microsoft Security Essentials: Can it report back to Microsoft?

Read other 11 answers
RELEVANCY SCORE 68.4

Hello guys (and girls),I don't give up very easy, that's not really my thing.But this here, is really out of my league.I feel like giving up at this point and leave the Digital Western World to go live in a cave.I am trying over a week now to get rid of Microsoft Security Essentials.I even suspect that there are two different Trojans/Programs running (Security Tool & Microsoft Security Essentials.I think I really tried everything. Running Rkill.exe to stop processes. Ran malwarebytes at least 50 times, threw the outcome away, but it will pop up right after restart. Ran Spybot S&D, threw stuff out of the registry. Nothing seems to help What the programs do is that everthing is considered a virus by one of them (MSE/ST), the Pop-up will say: "firefox.exe is a virus", ctrl+alt+delete+ a virus, etc;* Websites as: Trendmicro Housecall and SuperAntiSpyware are being bloked;* Programs like Ad-Aware and TweakXp are impossible to install;I read a lot of post from people that said that after they ran MalwareBytes, everything was nice and clean again... IMPOSSIBLE! It keeps on popping up, no matter what I throw away. I really am out of possibilities right now.I really am thinking about ditching my laptop (even though I am very attached to it).Especially when I read some scary stuff.When I tried to run Combofix.exe (without helper, figured I have nothing to lose) the .exe removed itself from my desktop saying:"maybe you have some sort of Virut-Virus?&... Read more

A:Microsoft Security Essentials / Security Tool = Mission Impossible!

have you tried Superfreeantispyware you can get it at download.com.when scan is finished and you press next (eg 57 items found)make sure all boxes are ticked.

Read other 20 answers
RELEVANCY SCORE 68

Thanks ahead of time guys!

I have a Dell PC running Vista.

I'm looking for files that GMER says are currently disabled.

IN XP it's easy: The file name in GMER is the exact same file name found under SERVICES so I can just locate and restart.

BUT in VISTA, the file names are not exactly the same. Under SERVICES I seem to be looking at program names. I'm not a tech and unless they are exactly the same file name (udfs, sfloppy, flpydisk, fdc, etc), I'm not touching anything.

I know these files are in there somewhere - the files that affect my floppy drive, disc format reader/writer, etc have all been disabled and I need to restart them.

BTW - thanks so much for linking to the GMER program. I found what ATT tech support and an IT 'expert' couldn't find to get my work pc back online: the fact that my DHCP Client was DISABLED!!! So I fixed the problem myself and the IT tech wants $500 for the 6 hours he spent trying to figure out the problem!!!

Rebecca
 

A:Need to restart disabled service/Vista

See the table on this site: http://www.blackviper.com/2009/05/3...s-vista-service-pack-2-service-configurations

It lists the service display name, and name in the registry (which frequently resembles the file name).
 

Read other 2 answers
RELEVANCY SCORE 68

Is the above enough security or should I be going for an anti-virus program as well?

A:Is Microsoft Security Essentials and Windows Firewall enough Security?

MSE is fine.
If you need extra security, Malware Bytes works well with MSE.

Read other 9 answers
RELEVANCY SCORE 66.4

Which is better? I have AVG 9 til 2018, full version, but I'm considering MSE. Which is better? Which do you use?

A:AVG 9 Internet Security v Microsoft Security Essentials

If it's working for you, it doesn't matter too much what everyone uses

Personally I use MSE as on access, with MBAM and Hitman Pro for on demand.
AV comparatives has some good info...

Read other 8 answers
RELEVANCY SCORE 66.4

Well about a week ago I caught a virus which falsely identified itself as Microsoft Security Essentials and also called itself Thinkpoint. The virus hijacked my computer and eventually made it so that when I started the computer I would get nothing but a black screen. So at this point I used my Computer's system recovery CD's to wipe the C Drive and restore my computer to factory settings while still keeping all my files on the D Drive. This worked and allowed me to access windows again and I haven't seen the Thinkpoint interface since then either but there were still several problems with my computer such as: whenever I click on a google search results link I am redirected to a different unrelated site, Not being able to install Antivirus software such as Malwarebytes and AVG, the soundcard being disabled, and occasionally getting popups and warnings from the Micorsoft Security Essentials. Also, my taskbar will always turn gray for some reason. At this point I downloaded the AVG Rescue CD from another computer, put it on a CD, and then ran it on my computer. The AVG Rescue CD identified several trojans, malware, and adware and I then deleted eveything it identified. But once I restarted the computer it was still plagued by the same problems as before (Google redirects, sound disabled, unable to install certain programs, security alerts etc.) I've tried a number of proposed solutions that I've found on the net but nothing has worked. Can anybody help me?

A:Fake Micorsoft Security Essentials Alert, Google Redirects, Soundcard Disabled etc.

Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKillerDouble-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.When the program opens, click the Start Scan button.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process. <- Important!!
Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.Please download and scan with the Kaspersky Virus Removal Tool from one of the links provided below and save it to your desktop.Link 1Link 2Be sure to print out and read the instructions provided in:How to Install Kaspersky Virus Removal ToolHow to use the Kaspersky Virus Removal ToolDouble-click ... Read more

Read other 12 answers
RELEVANCY SCORE 66.4

i'm using windows vista home basic 32bit. i am using norton 360 v 4 and now microsoft security essentials also my question don't they do the same thing and which one is better and how do i get rid of microsoft security essentialsl?
 

A:microsoft security essentials

Read other 8 answers
RELEVANCY SCORE 66.4

it starts trying to update around 11am, that's when i'm using my computer: can i change/control/stop this ? thanks

A:security essentials (microsoft)

Hi Little, yes you can set MSE to update at whatever time you want. Just go to start - control panel. Double click on the security center icon. You should be able to change the settings from there. Let me know if you need anymore assistance.

Reguards
Patmark

Read other 2 answers
RELEVANCY SCORE 66.4

Do I need both Microsoft Security Essentials and another antivirus software program? - Security Tips & Talk - Site Home - MSDN Blogs

A:Do Ii Need Both Microsoft Security Essentials and another AV

... and yet how many people run more than one av?

Read other 9 answers
RELEVANCY SCORE 66.4

Windows Update just offered 2 optional updates for MSE today, both are labeled identically as:
KB2310138 (1.235.1069.0) (198 KB)
So why two offers of what appears to be the same update?
Should I accept both or just one? 
Anybody else get two offers for this MSE update?

Read other answers
RELEVANCY SCORE 66.4

Hi all, what a great site this is. Hard to beleive the knowledge that is floating around in this forum. To my point, I installed Microsoft security essential recently and now I want to run a malware scan on my pc. To run the scan it is recommended to disable any and all live protection you have on your pc. I have poked around trying to see how to disable MS Security Essential but no luck, only option is to uninstall for the scan and then reinstall MS Security Essential. So, is there a way to disable this software or do I just uninstall it?

Thank for your help in advance!

A:Microsoft Security Essentials

Not sure why you'd want to disable it, but there are instructions on temporarily doing so here.

Read other 2 answers
RELEVANCY SCORE 66.4

I have it and is it trustworthy for anti-virus? I just downloaded Comodo firewall.

A:Microsoft Security Essentials

  
Quote: Originally Posted by Hrydopanda


I have it and is it trustworthy for anti-virus? I just downloaded Comodo firewall.


MSE is pretty good. Just remember that no AV can really prevent infections. They are more of a band-aid than anything else. If you surf the Internet with a healthy sense of paranoia you can avoid most problems yourself.

Read other 4 answers
RELEVANCY SCORE 66.4

I have loaded Microsoft Security Essentials onto my main Vista PC, I have removed (I think I have) all other AV programs.
When the PC boots up it hogs the processor (both cores) for some considerable time (can be up to 5 minutes)
I have run bot the quick and full scans from MSE and both have come up clean.

Does anyone have any suggestions please?
 

A:Microsoft Security Essentials

Read other 14 answers
RELEVANCY SCORE 66.4

My license for Nod 32 has recently run out.

I'm looking for a new security solution. My laptop is a few years old at this stage but it's been running nod 32 excellently for years and it hasn't got terrible specs. Its a toshiba equium with 2 GB of RAM with 1.6Ghz Intel Centrino Duo with a 250GB HDD running Win xp SP3.

I've tried avast and removed it after a day. I found it slowed down my laptop an awful lot. I was onlt running itunes and firefox and the thing was hanging like crazy.

I've installed Microsoft Security Essentials and it appears to be running fine at the moment. So basically should I trust micrsoft security essentials as my antivirus software. It comes recommended from a website I've always trusted with reviews howtogeek.com but I'd like to hear peoples oppinions and suggestions.

Should I just go back to Nod 32.

A:Microsoft Security Essentials

If I were you I would either get Avast, AVG or Avira. (when were talking about free versions).Microsoft Security Essentials is good, however its lacking some features. You might want to check the reviews as well.http://www.pcworld.com/reviews/collection/5928/2011_free_av.htmlhttp://anti-virus-software-review.toptenreviews.com/And you can google some other reviews out there.

Read other 22 answers
RELEVANCY SCORE 66.4

update properly, it gets to a third of the bar then stops forever !!

Anyone?
 

A:Microsoft Security Essentials won't...

Read other 12 answers
RELEVANCY SCORE 66.4

I had it installed, although I could never get it to update so I tried to reinstall it and it would not install. Can someone please help me get this installed again.

Thanks
Snowbre
 

Read other answers
RELEVANCY SCORE 66.4

i was wondering how good this program is and how it compares to norton...thx

A:microsoft security essentials

Use the search function. There are heaps of threads on this. We don't need another one

Read other 2 answers
RELEVANCY SCORE 66.4

I have just found this article relating valuable information about MSE; installation, features and a review. It should be of interest to all who use MSE and those thinking about switching.
http://www.techradar.com/reviews/pc-...-640587/review

A:Microsoft Security Essentials

Thanks Rich, didn't have time to read it all but it certainly looks interesting, I use MSE and I'm happy with it and I know it works.

Read other 1 answers
RELEVANCY SCORE 66.4

Hi all just noticed Microsoft security essentials was enabled, just disabled, because im running Kaspersky 2016 about 100 days left, read they could conflict cancel each other out ??? should only run one or other ?? is this true ?

Any help advise welcome

A:Microsoft security essentials

Hi,
Any 2 antivirus programs will conflict sooner than later
Best to uninstall it asap through uninstall a program then run the uninstaller here
http://support.microsoft.com/en-us/kb/2483120

Read other 2 answers
RELEVANCY SCORE 66.4

The past couple of days all of the updates to Microsoft Security Essentials fail to install ... anybody know why or when they are going to fix it?

Read other answers
RELEVANCY SCORE 66.4

If I have Microsoft Security do I need another malware remover?

A:Microsoft Security Essentials

There's no harm in occasional scans with MalwareBytes and / or Super AntiSpyware. You should also install SpywareBlaster and update the definitions weekly. It is passive protection (does not use any resources) and blocks certain websites from your browser(s).

Read other 4 answers