=====
:
Perhaps CCleaner is the cause for the PIDs showing. It would be wise to
set CCleaner to NOT delete the mrt.log. Then you can see if the PIDs
show up again.
BSODs *may* be related to malware but usually are caused by drivers or
failing hardware, Alice. Suggest you check the Event Viewer.
*Right* click My Computer either on the Desktop or on the Start Menu and
choose Manage
Click the plus sign next to Event Viewer and then click on System
Look for Error in the right frame
Double click on any Error listed for a more detailed view and check to
see if any are related to the display adapter or other hardware
If there are none, then I'd suspect that there may be some well hidden
malware resident on the system.
MowGreen [MVP 2003-2007]
===============
*-343-* FDNY
Never Forgotten
===============
AliceZ wrote:
Thanks.
Funny thing. My son said he forgot to look at the mrt.log and did a
CCleaner, and when he tried to look at the log (notepad
%\windir%\debug\mrt.log), it said it was not availabe (having been deleted by
CCleaner). When he remembered, he ran the mrt.exe and then looked at the
mrt.log and he saw all those PIDs (error scans) related to NAV.
For an experiment, we went to my neighbor and had them download the KB890830
and when that finished, the mrt.log only said "no infection found." However,
we did a CCleaner on that machine and then tried to look at the mrt.log, it
reported it could not be found (having been deleted by the CCleaner - same as
happned to my son's computer).
When we then ran the mrt.exe and looked at the log (on my neighbor's
computer), it not only reported "no infection found," but also reported the
'identical' PIDs errors that were reported on my son's mrt.log (after he ran
it after the CCleaner deleted original mrt.log).
Does any of this son make sense? It seems that if we look at the log right
after we log off from the web, we get "no infection found." But, if we run
the CCleaner BEFORE looking at the log and then run mrt.exe and look at the
log, it prints all those NAV PIDs.
(By the way the original laptop we used has gone BSOD. I had gotten the BSOD
a few times in the past months, so it wasn't a big surprise. That is the one
with ZA. My son is letting me use his laptop which has NAV.)
Alice
=============
:
I'd bet that those errors contained in both logs indicate that Symantec
[Norton] and ZoneAlarm are the cause.
For your system you could try Enabling the native XP Firewall from
within the Control Panel and then Disable ZA
Then do a scan with the MRT and check for further errors
Your son can temporarily disable whichever Norton software is installed
by, hopefully, reading the Help file for directions to do so .
If it's a security suite and includes a Firewall then have him Enable
the native XP one before Disabling Norton's.
Then scan with MRT, check for any errors
BTW, one can just type in
mrt
in the Run line, click OK, and it will open.
I'd be curious to see the MRT log with the system booted to Safe Mode.
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx
MowGreen [MVP 2003-2007]
===============
*-343-* FDNY
Never Forgotten
===============
AliceZ wrote:
Just an add-on to my previous post. My son just paid a visit and brought
along a sheet of paper he printed out after he ran the Kb890830 Malicious
tool on his computer and then looking at the mrt.log. This is what he shows
(all of the pid refer to Symantec (Norton), which he has on his computer.
Does anyone know what is going on?...
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v1.30, June 2007
Started On Wed Jun 13 21:49:40 2007
->Scan ERROR: resource process://pid:1292 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:1404 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:1456 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:1484 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:1532 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:1600 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:144 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:208 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:580 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:2504 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:144 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:1600 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:1292 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:1404 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:1456 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:208 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:1484 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:1532 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:580 (code 0x0000054F (1359))
Results Summary:
----------------
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 13
21:50:26 2007
:
Thanks for the help. I did run the full scan and nothing was detected.
I looked at the log and it did show different PIDs = 168 and 440. I then
opened the Process Explorer and saw that both were related to:
168 vsmon.exe True Vector Service Zone Labs
440 zlclient.exe True Vector Service Zone Labs
The previous PIDs were not listed (but think maybe they were also related to
ZA.)
I am using ZoneAlarm, and wonder if ZA is causing these "scan ERRORs."
I ran AdAware and nothing showing. I am hoping my computer is not
"compromised."
Living on small monthly income and, as I said, cannot afford any unnecessary
expenses.
Alice
=================
:
Those errors may be related to the 'Iomega Activity Disk2'
To determine if that's the case, disconnect it from the system and then
manually start the MRT by going to Start > Run > and type in
mrt.exe
Click OK or press Enter
The Malicious Software Removal Tool window will appear
It should show June 2007 at the very top
If so, click Next
Put a tick next to ' Full scan '
Click Next
When the scan is done a new page will open with the result
If nothing is detected then open the mrt.log once more.
Do the errors still appear ?
As stated in the prior thread covering this :
Windows Error 0x0000054F - 1359
The security account database contains an internal inconsistency.
ERROR_INTERNAL_ERROR
To determine just which programs are pid 212, 464, and 128 are, you can
download and SAVE Process Explorer :
http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx
*Instructions for it's use are on that web page*
The download is in a .zip format
You MUST first extract or decompress the .zip file
Suggest you do so to the My Documents folder
There IS one more error showing in this log then the one you posted last
month and the PIDs differ. That is not a good sign. The MRT does not
target all malware and the system *may* be compromised.
If this is too difficult, then STRONGLY SUGGEST you either bring the
system to a reputable PC tech or have a technically adept acquaintance
check it.
MowGreen [MVP 2003-2007]
===============
*-343-* FDNY
Never Forgotten
===============
AliceZ wrote:
I downloaded the KB890830 (Malicious Tool) Critical Update tonight and when I
did the RUN "for notepage %windir%\debug\mrt.log," I got the following:
===================================
Microsoft Windows Malicious Software Removal Tool v1.30, June 2007
Started On Tue Jun 12 19:24:35 2007
->Scan ERROR: resource process://pid:212 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:464 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:128 (code 0x0000054F (1359))
->Scan ERROR: resource service://Iomega Activity Disk2 (code 0x0000054F
(1359))
->Scan ERROR: resource process://pid:212 (code 0x0000054F (1359))
Results Summary:
----------------
No infection found.
Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Jun 12
19:25:38 2007
=========================================
I manually went to: Winint/system32/mrt.exe
and clicked on that and it only stated: "No malicious software was detected."
(Last month I had approximately the same results, which were:
May 2007 Microsoft Windows Malicious Software Removal Tool v1.29, May 2007
Started On Tue May 08 19:57:36 2007
->Scan ERROR: resource process://pid:976 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:2272 (code 0x0000054F (1359))
->Scan ERROR: resource service://Iomega Activity Disk2 (code 0x0000054F
