MSE error stops all downloading and cannot be turned off.

Page 1 of 3 123 LastLast

  1. mgadams
    Posts : 14
    Windows 7 Prof
       New #1

    MSE error stops all downloading and cannot be turned off.


    I was hit by a virus which has now been removed using Kaspersky virus removal.
    The scan now shows clean both with that software and with malwarebytes.
    Unfortunately the cleanup seems to have done something to my system and I am not able to access MSE in any way. The icon looks like a sheet of paper. I tried deleting through control panel programs and features but get an error
    "You do not have sufficient access to uninstall Microsoft security essentials. Please contact your system administrator."

    I am the administrator on this computer the only other user is guest.
    Also, I cannot download any software or pdf files. When I try it deletes the file telling me Failed, Virus scan failed.

    Can anyone help please???
      My Computer
    Quote Quote

  3. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #2

    mgadams,

    Welcome to the forum!

    Can you tell us the name of the virus removed, and the exact name of the Kaspersky program used for removal? If you have a report, that will help.

    On the damage, also download Farbar Service Scanner

    Save to the Desktop
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press: Scan
    • FSS creates a log, FSS.txt, on the Desktop.
    Please provide the FSS.txt in your reply.
      My Computer
    Quote Quote

  4. mgadams
    Posts : 14
    Windows 7 Prof
    Thread Starter
       New #3

    I do not know the name of the virus. I had a computer guy help me with it. I do know it came from an email one of our people received that was labled xerox scan. It changed all the files to applications.

    It was the Kaspersky virus removal tool.

    As far as running the farbar service scanner I downloaded it to a usb then moved to my computer and ran it? I am not able to download anything to this computer. When I try it deletes the file telling me
    "Failed, Virus scan failed"
    Last edited by mgadams; 18 Sep 2013 at 07:38.
      My Computer
    Quote Quote

  6. mgadams
    Posts : 14
    Windows 7 Prof
    Thread Starter
       New #4

    Farbar Service Scanner Version: 13-09-2013
    Ran by Tina Adams (administrator) on 18-09-2013 at 08:37:33
    Running from "C:\Users\Tina Adams\Desktop"
    Microsoft Windows 7 Professional Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.

    MpsSvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

    bfe Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


    Firewall Disabled Policy:
    ==================
    "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    wscsvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

    Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============
    Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
    Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
    Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

    Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
    Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
    Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
    Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
    Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
    Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
    Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.

    Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
    Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
    Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.



    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys
    [2013-08-14 08:06] - [2013-07-06 01:05] - 1293760 ____A (Microsoft Corporation) 4E8B9BE71B807B3BAEDB7F4243F85E3C

    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll
    [2013-08-14 08:06] - [2013-07-09 00:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9


    ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll Reparse point on file detected.

    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
      My Computer
    Quote Quote

  7. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #5

    You can attach the reports, if you like.

    The above report shows several services in need of repair.

    To make sure the virus is really gone, please do the following:

    Please go to the Farbar Recovery Scan Tool Download
    Select the version that applies to your system.

    Save it to your Desktop.

    Double-click the downloaded file to run it.

    When the tool opens click Yes to the disclaimer.
    Press the Scan button.

    FRST64 makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).

    Please provide the FRST.txt in your reply. <<---

    The first time the tool is run, it also makes another log: Addition.txt
    Also post the: Addition.txtin your reply.<<---
      My Computer
    Quote Quote

  8. mgadams
    Posts : 14
    Windows 7 Prof
    Thread Starter
       New #6

    I have downloaded frst.exe in the email I received it said use 64 bit version. but here it says select the version that applies. I believe it is the 32bit but I am not positive. How can I confirm this?
      My Computer
    Quote Quote

  10. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #7

    The previous FSS report says it is 32 bit (x86)

    To be sure...

    Please go to Start > All Programs > Accessories > Command Prompt
    At the Command prompt, type (or copy/paste with the mouse}:

    echo %PROCESSOR_ARCHITECTURE%

    Press: Enter

    It provides the info as to whether the system is 32 bit (x86), or 64 bit.
      My Computer
    Quote Quote

  11. mgadams
    Posts : 14
    Windows 7 Prof
    Thread Starter
       New #8

    Hear you go. Thank you for all your help.
    MSE error stops all downloading and cannot be turned off. Attached Files
      My Computer
    Quote Quote

  12. cottonball
    Posts : 2,470
    Windows 7 Home Premium
       New #9

    mgadams,

    Pressing on with FRST...

    Please open Notepad (Start > All Programs > Accessories > Notepad)
    Copy the entire contents of the code box below
    Save it on the Desktop, and name it: fixlist.txt

    Code:
    start
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
MountPoints2: {0abd8d5c-5e46-11e2-8c56-e89a8f68d47a} - F:\setup.exe -a
MountPoints2: {b0fdca7b-f97f-11e0-a201-e89a8f68d47a} - F:\setup.exe -a
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = 
SearchScopes: HKCU - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
Toolbar: HKLM - Upromise RewardU Toolbar - {BCB2559D-DE26-E8F4-D552-AE05CE2BAC69} - C:\Program Files\Upromise RewardU Toolbar\Toolbar.dll ()
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU -Upromise RewardU Toolbar - {BCB2559D-DE26-E8F4-D552-AE05CE2BAC69} - C:\Program Files\Upromise RewardU Toolbar\Toolbar.dll ()
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Tina Adams\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
C:\Users\Tina Adams\AppData\Local\Google\Desktop\Install
C:\Program Files\Google\Desktop\Install
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
end
    Note: This script is written specifically for use only on this computer.
    Running this on another computer may cause damage to the Operating System!!

    Run FRST, and press the Fix button, just once, and wait.
    The tool creates a report on the pen drive called: Fixlog.txt
    Please post the Fixlog.txt in your reply.


    Please go to the TDSSKiller Download, and select the .exe version
    Double-click on TDSSKiller.exe to run the program.
    When the TDSSKiller console opens, click on: Change Parameters
    Under Additional Options, place a check in the box next to: Detect TDLFS File System
    Click: OK

    Press: Start Scan

    •If a suspicious object is detected by this program, the default action is Skip. Leave this action as is, and click on: Continue
    •If malicious objects are found, they show in the Scan results.
    •Ensure Cure (the default action) is selected, then click: Continue > Reboot now, to finish the cleaning process.

    (Note: If Cure is not available, select Skip, >>Do not select: Delete<<)

    When done, the tool creates a log on the disk with the Windows Operating System, normally C:\
    Logs have a name like:
    C:\TDSSKiller.X.X.X_08.30.2013_15.31.43_log.txt
    Please attach the TDSSKiller log in your reply.

    Let's get the results from these programs, and take it from there. There are still more repairs to be done.
      My Computer
    Quote Quote

  13. mgadams
    Posts : 14
    Windows 7 Prof
    Thread Starter
       New #10

    Here is the fixlog.txt file.
    I am rebooting the computer then I will run the tdsskiller as instructed.
    MSE error stops all downloading and cannot be turned off. Attached Files
      My Computer
    Quote Quote

 
Page 1 of 3 123 LastLast

  Related Discussions
Hey peeps, im having this really annoying problem when i download something or skyping someone the internet stops and i get the yellow exclamation symbol on the signal strength bar in the bottom right,it lasts for about 30 seconds and then it starts working again.Sometimes it doesn't even show the...
Hello guys. I have got a problem a couple of months with my internet connection. My modem router is a Netgear DGN1000 and it is connected with my desktop pc through ethernet and with my brother's laptop with wireless. I do not have any problems when i download something from my desktop. But...
My windows 7 laptop stops downloading unless the mouse is continuously moved. If the mouse stops, so does the downloading.
Stops Downloading
in Network & Sharing

So, i got a new windows seven computer, its very fast compared to my old one, but everytime i try to download a large file (Maps for a certain game), in the middle of downloading, it stops. It doesnt freeze or crash it just stops downloading. This happens also when i try to download the maps using...
40181 It stops right there, and doesn't download further. It isn't just this .application installer it is also apps like Seesmic which did this. :(
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 07:00.
Find Us