Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Microsoft Security Essentials disabled & canít restart service

  • This topic is locked This topic is locked
2 replies to this topic

#1 Cuprum


  • Members
  • 2 posts
  • Local time:03:31 AM

Posted 10 December 2013 - 02:07 PM

Greetings.  I am new to the forums and do greatly appreciate any help that can be offered with an MSE problem. 


First off - the computer belongs to a family member and is running Windows XP Service Pack 3.


The main symptoms revolve around Microsoft Security Essentials.  The service is stopped and when I attempt to restart (the Start Now button) I get the following error message:


            The service couldn’t be started.

                        The system cannot find the path specified.

                        Click Help for more information about this problem.

                        Error code: 0x80070003


In addition, all of the other tabs in Microsoft Security Essentials are disabled.


Chronological Account:

1)  On startup a folder opened onto the desktop.  The folder (with path) is C:\Documents and Settings\John\Local\Packages.  I took a deeper look into the folder along this path: …windows_ie_ac_001\AC\Dashlane and then a few subfolders containing what I presume to be Dashlane data.  I updated Malwarebytes and then scanned the “Packages” folder with no malicious file detections.


2) I opened Microsoft Security Essentials and tried to restart service and received the error message (see above).  Tested other buttons and found MSE unresponsive.


3) I downloaded the Microsoft Security Essentials (on another computer), transferred the file from a USB drive, and then attempted an install.  I received an error message informing me that “…mseinstall.exe is not a valid win32 application”.  I wondered if maybe I had downloaded a 64-bit version, so I attempted to the download again, on the computer with the problem, but the MSE still wouldn’t install.  (Though the download file this time was 400 or 500 KB, instead of the approximately 12 MB downloaded via the other computer….)


4) At this point, I ran a full scan with Malwarebytes.  There were some detections. 


Here is the Malwarebyes log file:


Malwarebytes Anti-Malware



Database version: v2013.12.10.01


Windows XP Service Pack 3 x86 FAT

Internet Explorer 8.0.6001.18702

John :: JOHN-I691FFBXS1 [administrator]


12/9/2013 10:57:58 PM

MBAM-log-2013-12-10 (06-19-20).txt


Scan type: Full scan (C:\|L:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 427776

Time elapsed: 1 hour(s), 33 minute(s), 10 second(s)


Memory Processes Detected: 0

(No malicious items detected)


Memory Modules Detected: 0

(No malicious items detected)


Registry Keys Detected: 1

HKCU\Software\Datamngr (PUP.Optional.DataMngr.A) -> No action taken.


Registry Values Detected: 0

(No malicious items detected)


Registry Data Items Detected: 0

(No malicious items detected)


Folders Detected: 0

(No malicious items detected)


Files Detected: 8

C:\RECYCLER\S-1-5-21-1454471165-1844237615-1801674531-1004\Dc227.exe (PUP.Optional.Softonic.A) -> No action taken.

C:\RECYCLER\S-1-5-21-1454471165-1844237615-1801674531-1004\Dc228.exe (PUP.Optional.Softonic.A) -> No action taken.

C:\RECYCLER\S-1-5-21-1454471165-1844237615-1801674531-1004\Dc265.exe (PUP.Optional.InstallIQ.A) -> No action taken.

C:\RECYCLER\S-1-5-21-1454471165-1844237615-1801674531-1004\Dc342.exe (PUP.Optional.AdBundle) -> No action taken.

C:\RECYCLER\S-1-5-21-1454471165-1844237615-1801674531-1004\Dc360.exe (PUP.Optional.Inbox) -> No action taken.

C:\Documents and Settings\John\Desktop\Downloads\SoftonicDownloader_for_simple-sudoku(2).exe (PUP.Optional.Softonic.A) -> No action taken.

C:\Documents and Settings\John\Desktop\Downloads\AxCrypt-1.7.2931.0-Setup.exe (PUP.Optional.OpenCandy) -> No action taken.

C:\Documents and Settings\John\Local Settings\Temp\4jrWBDxx.exe.part (PUP.Optional.AdBundle) -> No action taken.





5) I instructed Malwarebytes to remove all.  Malwarebytes informed me that I would need to restart the system to make the changes, so I agreed and rebooted through the Malwarebytes dialogue box.


6) Once the system restarted, I investigated the Malwarebytes quarantine. All the selected files appeared to be successfully quarantined. 


7) I attempted to restart the service in Microsoft Security Essentials and got the same error message.  I attempted to install MSE again (with the larger 12 MB installer) and got the same error message.


Also, after I rebooted I got a WinPatrol New Program Alert – “A new auto Startup Program has been detected” for a “Watson Subscriber for SENS Network Notifications.”  I mention this as an aside now, because the computer’s owner could not recall for sure if this was new occurrence or if they had just declined the installation in the past (I can provide more text from the alert if needed).


8) After reading the Preparation Guide I have run DDS (and will see to file backup, firewall, etc.)


Here is the DDS log file:


DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_22

Run by John at 10:36:59 on 2013-12-10

Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2015.1455 [GMT -8:00]


AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}


============== Running Processes ================




C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe

C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe


C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe


C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Rainlendar2\Rainlendar2.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Documents and Settings\John\Application Data\Dashlane\Dashlane.exe

C:\Program Files\WordWeb\wweb32.exe

C:\Program Files\Linksys\CIT200\cit200.exe

C:\Program Files\Ditto\Ditto.exe


C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Microsoft Security Client\msseces.exe


C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k NetworkService

C:\WINDOWS\System32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k imgsvc


============== Pseudo HJT Report ===============


uStart Page = hxxp://vshare.toolbarhome.com/default_vltv2.aspx?hp=df

mSearch Bar = hxxp://home.netscape.com/home/winsearch200.html

uURLSearchHooks: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - <orphaned>

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Dashlane BHO: {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - c:\documents and settings\john\application data\dashlane\ie\Dashlanei.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program files\canon\easy-webprint\Toolband.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>

EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll

uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe

uRun: [LightShot] c:\documents and settings\john\local settings\application data\skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue

uRun: [Dashlane] "c:\documents and settings\john\application data\dashlane\Dashlane.exe" autoLaunchAtStartup

uRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

mRun: [SnoopFreeUI] SnoopFreeUI.exe

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\john\startm~1\programs\startup\cit200.lnk - c:\program files\linksys\cit200\cit200.exe

StartupFolder: c:\docume~1\john\startm~1\programs\startup\ditto.lnk - c:\program files\ditto\Ditto.exe

StartupFolder: c:\docume~1\john\startm~1\programs\startup\~disab~1\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:255

uPolicies-Explorer: _NoDriveTypeAutoRun = dword:145

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: Add to Local Website Archive - c:\documents and settings\john\application data\aignes\local website archive\config\iearc.htm

IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe


INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.


DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37858.6700694444

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll


================= FIREFOX ===================


FF - ProfilePath - c:\documents and settings\john\application data\mozilla\firefox\profiles\v1wz0o5u.default\

FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS

FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?hl=en&gl=us|http://www.nytimes.com/|http://feeds.feedburner.com/GizmosFreewareTopWindowsArticles?format=xml|http://portland.craigslist.org/wsc/tls/|http://www.technologyreview.com/|http://www.nytimes.com/pages/technology/personaltech/index.html|http://liliputing.com/

FF - prefs.js: keyword.URL - hxxp://search.fantastigames.com/web?src=ffb&appid=102&systemid=455&sr=0&q=

FF - component: c:\documents and settings\john\application data\mozilla\firefox\profiles\v1wz0o5u.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll

FF - plugin: c:\documents and settings\john\local settings\application data\google\update\\npGoogleOneClick8.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll

FF - plugin: c:\program files\nitro\reader 3\npdf.dll

FF - plugin: c:\program files\nitro\reader 3\npnitroie.dll

FF - plugin: c:\program files\nitro\reader 3\npnitromozilla.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - plugin: c:\program files\wordweb\wcapturemoz\plugins\npWCX.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll


============= SERVICES / DRIVERS ===============


R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [2009-3-25 36752]

R0 csdf;cdsf;c:\windows\system32\drivers\csdf.sys [2009-3-25 39440]

R0 SnoopFree;SnoopFree Driver;c:\windows\system32\drivers\SnopFree.sys [2012-12-9 9472]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-11-19 195296]

R2 BT848;AVerDVD EZMaker WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2003-12-19 261696]

R2 BTTUNER;BtTuner, WDM TV Tuner;c:\windows\system32\drivers\Bttuner.sys [2003-9-20 21824]

R2 BTXBAR;AVerDVD EZMaker WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [2003-12-19 13312]

R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\nitro\reader 3\NitroPDFReaderDriverService3.exe [2013-3-26 196624]

R2 SnoopFreeSvc;Snoop Free Service;System32\SnoopFreeSvc.exe --> System32\SnoopFreeSvc.exe [?]

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-10-1 208920]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]

S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\all users\application data\spyware terminator\fileobjinfo.sys --> c:\documents and settings\all users\application data\spyware terminator\FileObjInfo.sys [?]

S3 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-1-12 68928]

S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-12-16 157776]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]

S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-5-30 3048136]

S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]


=============== File Associations ===============


ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~3\office\FRONTPG.EXE


=============== Created Last 30 ================


2013-12-10 14:30:45   --------  d-----w-           c:\documents and settings\john\local settings\application data\PCHealth

2013-12-10 01:47:09   --------  d-----w-           c:\documents and settings\john\Local

2013-11-20 03:15:02   7772552          ----a-w-            c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d4874fed-c773-443b-bdb1-81ba2322e135}\mpengine.dll

2013-11-20 03:00:48   195296            ----a-w-            c:\windows\system32\drivers\MpFilter.sys


==================== Find3M  ====================


2013-11-19 10:21:30   230048            ------w- c:\windows\system32\MpSigStub.exe

2013-10-13 07:25:38   920064            ----a-w-            c:\windows\system32\wininet.dll

2013-10-13 07:25:08   43520  ------w- c:\windows\system32\licmgr10.dll

2013-10-13 07:25:02   1469440          ------w- c:\windows\system32\inetcpl.cpl

2013-10-13 07:24:17   18944  ------w- c:\windows\system32\corpol.dll

2013-10-13 06:57:59   385024            ------w- c:\windows\system32\html.iec

2013-10-12 15:56:19   278528            ----a-w-            c:\windows\system32\oakley.dll

2013-10-11 16:31:26   71048  ----a-w-            c:\windows\system32\FlashPlayerCPLApp.cpl

2013-10-11 16:31:26   692616            ----a-w-            c:\windows\system32\FlashPlayerApp.exe

2013-10-09 13:12:48   287744            ----a-w-            c:\windows\system32\gdi32.dll

2013-10-07 10:59:21   603136            ----a-w-            c:\windows\system32\crypt32.dll

2013-10-05 01:14:01   7168    ----a-w-            c:\windows\system32\xpsp4res.dll

2007-08-26 05:26:56   1384560          ----a-w-            c:\program files\dopdf.exe


============= FINISH: 10:37:53.50 ===============



I have also attached the attach.txt file.  I would greatly appreciate any advice on what I can do to fix this problem.


Many thanks,


Attached Files

BC AdBot (Login to Remove)


#2 HelpBot


    Bleepin' Binary Bot

  • Bots
  • 12,760 posts
  • Gender:Male
  • Local time:06:31 AM

Posted 15 December 2013 - 02:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:


step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/517059 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.


step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.


We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot


    Bleepin' Binary Bot

  • Bots
  • 12,760 posts
  • Gender:Male
  • Local time:06:31 AM

Posted 15 December 2013 - 03:36 PM

You have stated that you no longer need help with this issue, therefore I am closing this topic. If that is not the case and you need or wish to continue with this topic, please send any Moderator a Personal Message (PM) that you would like this topic re-opened.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users