Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MSE svc disabled repeatedly during scan


  • Please log in to reply
3 replies to this topic

#1 Andalyn

Andalyn

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 01 November 2013 - 08:52 PM

Good evening, and thank you so much for taking the time to read this!
 
TLDR:
 
MSE: During scan receive error that service was disabled and can be re-enabled manually or by rebooting. Happens at random points in scan.
Previously ran Mbam - Removed 7 files, 2 classified as vundo trojans. Mbam executable had to be renamed to get it to successfully update definitions without errors.
Booted into safemode and ran scan, halfway through received a page_fault_in_nonpaged_area bsod.
Computer Info:
XP SP3 Home Edition
Version 5.1 (Build 2600)
Unsure what other info you may need from me.
 
I'm having some issues with an older computer I've just resurrected from my mother's closet and am concerned that I'm potentially dealing with a nasty virus that she encountered on it in ~2009/2010 and am looking for some sage advice. I have a little bit of experience troubleshooting computers, but certainly nothing in-depth!
 
The main problem is that when I run a full scan with Microsoft Security Essentials, at some point during the scan I'll receive an error message that the scan could not be completed as the MSE service has been disabled, and that I can restart the service manually or by rebooting the computer. This does not seem to happen at the same point in the scan each time.
 
I have attempted to boot into safe mode w/ networking, and was able to start the scan. However I eventually received a BSOD for page_fault_in_nonpaged_area. I don't have any personal experience with troubleshooting BSOD's, and I'm unsure if that's related to a potential virus, or possibly bad RAM or other software/hardware issues.
 
As stated this computer is rather old (2003), and was known for having viruses on it before it was replaced. When I started working on it, the first step I took was to do all 122 windows updates on it, and then to download mbam and run it. Mbam gave me several errors when I tried to update the virus definitions, so I changed the name of the executable file to something random and was able to get it successfully updated, running and scanning. It removed 7 objects, 5 relatively harmless, and 2 files it called vundo trojans.
 
Now trying to run MSE to make sure Mbam didn't miss anything, and I'm receiving said error.
 
I apologize, I'm not sure what other computer info you might need, and I'm specifically not listing logs per the advice stickies.
 
Please let me know what else you might need, thank you so much!

Edited by Andalyn, 01 November 2013 - 08:53 PM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:35 AM

Posted 06 November 2013 - 10:58 PM

Hello and Welcome - (Sorry we missed your post) -

 

I would like to dig out a few old scans and create some new ones -

 

"Previously ran Mbam - Removed 7 files, 2 classified as vundo trojans." <= Are you able to open Malwarebytes Anti-Malware > Look along the top for Logs > Open that tab and find the dated one that mentions these infections > Copy and Paste that log back Here ??

Please ask if you require further help with this.

 

Now are you able to run a new Full Scan with Malwarebytes, and also post that log back here.

 

Next -

Please download and run RKill by Grinler. A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.
If a log is produced, save it, or post it back here -

Important: Do not reboot your computer until you complete the next step.

 

Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Click on the Clean button. (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

Next - Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

 

Finally - Download MiniToolBox, Save it to your desktop and run it.
Checkmark the following boxes:
• List content of Hosts
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
 Click Go and copy / paste the result (Result.txt).

 

 

Please take your time, and just Copy / Paste these in order from the top as they are done -

 

Thank You -



#3 Andalyn

Andalyn
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 07 November 2013 - 05:59 AM

Hello Noknojon!

Thanks so much for helping me out!

 

I went ahead and ran the scans as requested, and the logs follow:

(Also my computer thinks it's a day behind due to a freeze, and the time has never updated so ignore the dates listed, I promise they were all done after your response!).

 

Original Mbam Scan

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.31.08
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Owner :: SHERRYCOMP [administrator]
 
10/31/2013 7:35:49 PM
mbam-log-2013-10-31 (19-35-49).txt
 
Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 373658
Time elapsed: 1 hour(s), 52 minute(s), 2 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 6
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\DOWNLOADER.DownloaderCtrl.1 (Adware.2020search) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\FunWebProducts\Installer (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search| (Adware.Hotbar) -> Data: http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm694YYUS -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
Most Recent Mbam Scan
 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.31.08
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Owner :: SHERRYCOMP [administrator]
 
11/6/2013 1:47:02 AM
mbam-log-2013-11-06 (01-47-02).txt
 
Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 356046
Time elapsed: 2 hour(s), 41 minute(s), 52 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
RKill
 
I attempted to run RKill twice, and both times as soon as the black box closed I immediately received a BSOD I've never encountered before.
 
"A process or thread crucial to system operation has unexpectedly exited or been terminated."
I don't know if the stop codes will help but if so they are in order:
 
STOP: 0x000000F4 ( 0x00000003, 0x87161D50, 0x87161EC4, 0x805FBOE4 )
The OS is set to create minidump files for BSODs, but at the moment I'm having a hard time locating them, which I'll be investigating while I await your response. If you need this file definitely let me know, and I should have pinned it down by then!
 
AdwCleaner
 

# AdwCleaner v3.011 - Report created 06/11/2013 at 04:39:21
# Updated 03/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - SHERRYCOMP
# Running from : C:\Documents and Settings\Owner.SHERRYCOMP\My Documents\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\WINXP\Downloaded Program Files\popcaploader.inf
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Deleted : HKCU\Software\Fun Web Products
Key Deleted : HKCU\Software\FunWebProducts
Key Deleted : HKCU\Software\MyWebSearch
Key Deleted : HKLM\Software\Fun Web Products
Key Deleted : HKLM\Software\FunWebProducts
Key Deleted : HKLM\Software\MyWebSearch
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v7.0.6000.21357
 
 
-\\ Mozilla Firefox v
 
-\\ Google Chrome v30.0.1599.101
 
*************************
 
AdwCleaner[R0].txt - [4223 octets] - [06/11/2013 04:35:05]
AdwCleaner[S0].txt - [4224 octets] - [06/11/2013 04:39:21]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4284 octets] ##########
 
 
Security Check
 

 Results of screen317's Security Check version 0.99.76  
 Windows XP Service Pack 3 x86   
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 Microsoft Security Essentials    
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 10  
 Java 7 Update 45  
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader 8 Adobe Reader out of Date!
 Google Chrome 30.0.1599.101  
````````Process Check: objlist.exe by Laurent````````
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 12% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 
(looks like I need to defrag!)
 
MiniToolBox
 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Owner (administrator) on 06-11-2013 at 04:46:28
Running from "C:\Documents and Settings\Owner.SHERRYCOMP\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================
 
 
127.0.0.1       localhost
 
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (11/05/2013 00:17:24 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.3.219.0, P3 timeout, P4 1.1.10003.0, P5 fixed, P6 1 _ 1024, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
Error: (11/05/2013 00:17:21 PM) (Source: Application Error) (User: )
Description: Faulting application MsMpEng.exe, version 4.3.219.0, faulting module mpengine.dll, version 1.1.10003.0, fault address 0x002399c8.
Processing media-specific event for [MsMpEng.exe!ws!]
 
Error: (11/04/2013 08:11:49 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 7.0.6000.21357, faulting module unknown, version 0.0.0.0, fault address 0x4a458314.
Processing media-specific event for [iexplore.exe!ws!]
 
Error: (11/04/2013 07:25:12 AM) (Source: ESENT) (User: )
Description: wuauclt (5004) The database page read from the file "C:\WINXP\SoftwareDistribution\DataStore\DataStore.edb" at offset 1306624 (0x000000000013f000) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was 1086967796 (0x40c9cff4) and the actual checksum was 1087098868 (0x40cbcff4).  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.
 
Error: (11/04/2013 02:39:29 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x8050800c, P2 mpupdateengine, P3 am bdd, P4 11.1.4406.0, P5 mpsigstub.exe, P6 4.3.219.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
Error: (11/03/2013 02:34:55 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 7.0.6000.21357, faulting module jscript.dll, version 5.7.6002.22589, fault address 0x00005d49.
Processing media-specific event for [iexplore.exe!ws!]
 
Error: (11/02/2013 06:19:22 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 7.0.6000.21357, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00011689.
Processing media-specific event for [iexplore.exe!ws!]
 
Error: (11/02/2013 09:23:58 PM) (Source: Application Hang) (User: )
Description: Hanging application Anesis.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (11/02/2013 07:34:25 PM) (Source: Application Error) (User: )
Description: Faulting application skype.exe, version 6.10.0.104, faulting module unknown, version 0.0.0.0, fault address 0x00000200.
Processing media-specific event for [skype.exe!ws!]
 
Error: (11/02/2013 00:40:26 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80096010, P2 mpupdateengine, P3 am fe, P4 11.1.4406.0, P5 mpsigstub.exe, P6 4.3.219.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
 
System errors:
=============
Error: (11/06/2013 04:40:47 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/06/2013 04:33:02 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/06/2013 02:29:17 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D
 
Error: (11/06/2013 02:29:13 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D
 
Error: (11/06/2013 02:29:09 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D
 
Error: (11/06/2013 02:29:05 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D
 
Error: (11/06/2013 02:29:01 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D
 
Error: (11/06/2013 02:28:57 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D
 
Error: (11/06/2013 02:11:35 AM) (Source: 0) (User: )
Description: \Device\Harddisk1\D
 
Error: (11/06/2013 02:11:35 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0
 
 
Microsoft Office Sessions:
=========================
Error: (11/05/2013 00:17:24 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.3.219.0timeout1.1.10003.0fixed1 _ 10245 _ not bootNILNILNIL
 
Error: (11/05/2013 00:17:21 PM) (Source: Application Error)(User: )
Description: MsMpEng.exe4.3.219.0mpengine.dll1.1.10003.0002399c8
 
Error: (11/04/2013 08:11:49 AM) (Source: Application Error)(User: )
Description: iexplore.exe7.0.6000.21357unknown0.0.0.04a458314
 
Error: (11/04/2013 07:25:12 AM) (Source: ESENT)(User: )
Description: wuauclt5004C:\WINXP\SoftwareDistribution\DataStore\DataStore.edb1306624 (0x000000000013f000)4096 (0x00001000)-1018 (0xfffffc06)1086967796 (0x40c9cff4)1087098868 (0x40cbcff4)
 
Error: (11/04/2013 02:39:29 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x8050800cmpupdateengineam bdd11.1.4406.0mpsigstub.exe4.3.219.0microsoft security essentialsNILNILNIL
 
Error: (11/03/2013 02:34:55 AM) (Source: Application Error)(User: )
Description: iexplore.exe7.0.6000.21357jscript.dll5.7.6002.2258900005d49
 
Error: (11/02/2013 06:19:22 PM) (Source: Application Error)(User: )
Description: iexplore.exe7.0.6000.21357ntdll.dll5.1.2600.605500011689
 
Error: (11/02/2013 09:23:58 PM) (Source: Application Hang)(User: )
Description: Anesis.exe0.0.0.0hungapp0.0.0.000000000
 
Error: (11/02/2013 07:34:25 PM) (Source: Application Error)(User: )
Description: skype.exe6.10.0.104unknown0.0.0.000000200
 
Error: (11/02/2013 00:40:26 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80096010mpupdateengineam fe11.1.4406.0mpsigstub.exe4.3.219.0microsoft security essentialsNILNILNIL
 
 
=========================== Installed Programs ============================
 
4 Elements
Adobe Download Manager (Version: 1.6.2.44)
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 10 Plugin (Version: 10.0.32.18)
Adobe Reader 8.1.5 (Version: 8.1.5)
Adobe Shockwave Player (Version: 11)
Adobe® Photoshop® Album Starter Edition 3.2 (Version: 3.2.0)
Ancient Secrets
AnesisRO version 1.0 (Version: 1.0)
Bonjour (Version: 1.0.106)
Book of Legends
Broadcom 440x 10/100 Integrated Controller (Version: 3.29)
Conexant D850 56K V.9x DFVc Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Inkjet Printer J740
Escape Rosecliff Island™
Google Chrome (Version: 30.0.1599.101)
Google Update Helper (Version: 1.3.21.165)
Indeo® Software
Intel® Extreme Graphics Driver
InterActual Player
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Java™ 6 Update 10 (Version: 6.0.100)
Jewel Quest Mysteries
Jewel Quest Solitaire II
Jewel Quest Solitaire III
KB408682
Mad Caps
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mortimer Beckett and the Time Paradox
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)
NVIDIA Drivers
QuickTime (Version: 7.60.92.0)
RealArcade
Shape Shifter
Skype Click to Call (Version: 6.13.13771)
Skype™ 6.10 (Version: 6.10.104)
SoundMAX
Sparkle
The Mystery of the Crystal Portal
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.6513)
Wik & The Fable Of Souls
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Live installer (Version: 12.0.1471.1025)
Windows Live Mail (Version: 12.0.1606.1023)
Windows Live Photo Gallery (Version: 12.0.1347.0718)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Writer (Version: 12.0.1370.0325)
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
XML Paper Specification Shared Components Pack 1.0
 
========================= Memory info: ===================================
 
Percentage of memory in use: 59%
Total physical RAM: 1022 MB
Available physical RAM: 412.06 MB
Total Pagefile: 2461.07 MB
Available Pagefile: 1910.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.25 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:74.47 GB) (Free:54.04 GB) NTFS
3 Drive e: () (Fixed) (Total:27.93 GB) (Free:26.24 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\SHERRYCOMP
 
Administrator            ASPNET                   DLBJ_SHERRYCOMP          
Guest                    HelpAssistant            Owner                    
SUPPORT_388945a0         
 
 
**** End of log ****
 
A lot of the programs in here (specifically the Real Arcade games) I've attempted to uninstall, however there were no uninstall files in their respective folders, and the control panel simply did nothing when I attempted to uninstall them from there. It also never prevented me from uninstalling other programs afterwards, which seems like the computer simply didn't "realize" I was attempting to uninstall them.
 
I'm kind of starting to get the impression that a full reformat/reinstall may be in order for this computer?
 
Thanks!

Edited by Andalyn, 07 November 2013 - 06:02 AM.


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:35 AM

Posted 07 November 2013 - 04:04 PM

Not a lot left to find, but here are the basics -

 

Java™ 6 Update 10 < Delete from Add / Remove

Adobe Reader 8 Adobe Reader out of Date! > Version XI (11.0.04)

Adobe Flash Player 10 Flash Player out of Date! > Version 11.9.900.117
Do Not accept any Add-ons or toolbars as they are not Adobe related

Always make sure old versions are removed (or overwritten) from Add / Remove

 

You noticed > Total Fragmentation on Drive C:: 12% Defragment your hard drive soon!

Next go - Control Panel > Time and Date >  Reset them both now -

 

I run MSE on my XP SP3 and I do need to uninstall / reinstall it about once every month lately (no idea why), but then it scans and updates every day without a problem ....... Must be that our XPs are getting older -

 

Your BSOD (page_fault_in_nonpaged_area) pointed to faulty Memory, but do nothing if this is a once only problem.

 

These were the 2 problems I wanted out (vundo trojans) and they are not in the latest scans.
Update Malwarebytes and rescan again in a day to be sure they are gone .........

 

Run a Disk Check on your C: drive in Windows XP:
• Click Start and open My Computer
• Right-click on C: (or your hard drive letter) and select Properties
• Click on the Tools tab
• Under Error-checking click the Check Now... button
• Mark the 2 boxes next to Automatically fix file system errors and Scan for and attempt recovery of bad sectors
• Click on the Start button
• When the message box pops up, click the Schedule disk check button and Restart your computer
• Once your computer restarts it will check the drive, don't press any keys so that it is allowed to do so -
This will take (on average) 1 to 2 hours depending on your system, so please let it finish.
DO NOT force a reboot once started a you will lose data and may damage the computer
NOTE - If this is a Laptop please plug it into a reliable power source, as batteries may fail.
The computer will reboot to normal mode once it has completed all 5 stages -

 

Do the bits above and post back tomorrow if there is still ANY problems -

 

Thank You -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users