Cant Update Mse

BigDan · Apr 19, 2011

About 10 days ago I had a virus that now appears to be gone. Though I cant be 100% sure since I haven't been able to run a comprehensive virus scan. I think its clean because of some random tests I ran for a specialist on another forum, who said it is. I posted all sorts of complicated logs, so I trust what he said is true.

With that said, I haven't been able to update MSE since. I don't know if these 2 matters are related or not. When I tell MSE to update it says it couldn't check for one due to an internet or connectivity issue.

I dont know why this would be, I'm on it fine. Can anyone advise?

I'm using Win XP btw, I believe home edition though cant swear to it.

Btw as a side note, my computer has been functioning really slowly last few days / weeks. My C: has 149 GB space, of which 19 GB is free, so a decent amount. There's 2 GB RAM.

Best,
Dan

DSTM (Dougie) · Apr 19, 2011

Hi BigDan. Welcome to CHF.

Have you tried updating MSE in Safe Mode with Networking?

BeeCeeBee · Apr 20, 2011

I think its clean because of some random tests I ran for a specialist on another forum
Click to expand...

Can you please provide us with a link to the other forum?

PseFrank · Apr 20, 2011

I'm using Win XP btw, I believe home edition though cant swear to it.
Click to expand...

Press the Start/Flag key + Pause/Break key...This will show which operating system is installed.

My C: has 149 GB space, of which 19 GB is free, so a decent amount.
Click to expand...

Maybe nothing to do with your problem here, but it is generally thought that you should have a minimum of 15% free/empty space on your HDD for things to work at their best. 19GB may seem like alot...but you should really have at least 22.5GB free space.

BigDan · Apr 22, 2011

hi guys. thanks for so many replies

i have not updated in safe mode, no. will try shortly.

the link to the other forum is
My link

im running XP but not sure which type. sorry im not at my desktop right now so cant really tell. i imagine it doesnt really matter tho?

starbuck · Apr 22, 2011

im running XP but not sure which type
Click to expand...

You are running:

Microsoft Windows XP Pro Service Pack 3
Click to expand...

I was a bit surprised that you were given the all clear before being asked how your system was running.
But then again the person helping you is not a member of UNITE or ASAP.

First thing i'd try is to uninstall MSSE and download and install a fresh copy from here:

MS Security Essentials

let me know how it goes and if it updates ok.

BeeCeeBee · Apr 22, 2011

I have been quiet about this BigDan because despite the fact that it is not in Malware Removal, I figured Starbuck would catch on to it eventually. Now the choice is yours. If you continue here we will be leaving this in Starbuck's hands until such time as HE declares the system to be clean and seeks help from others on the forum.

You have an absolute right to post anywhere you please but experience indicates that it is counterproductive to have two malware posts running simultaneously. One thing I wondered is why you did not post this issue on the other forum?

Anyhow you are welcome here but it has to be our way when it comes to malware.

BigDan · Apr 22, 2011

I uninstalled MSE but now cant reinstall it. Tried downloading and installing three times. Each time I get an error message: "The operation completed successfully." That sounds like good news but its an error alert.

BeeCeeBee said: ↑

I have been quiet about this BigDan because despite the fact that it is not in Malware Removal, I figured Starbuck would catch on to it eventually. Now the choice is yours. If you continue here we will be leaving this in Starbuck's hands until such time as HE declares the system to be clean and seeks help from others on the forum.

You have an absolute right to post anywhere you please but experience indicates that it is counterproductive to have two malware posts running simultaneously. One thing I wondered is why you did not post this issue on the other forum?

Anyhow you are welcome here but it has to be our way when it comes to malware.
Click to expand...

Not exactly sure what you're asking BCB? Are u saying i shouldve posted this in the other forum or the malware section here? Either way, I dint post there b/c altho they're good in the ICU unit they're not in otrher sections. Posted here in this section b/c MSE not updating didnt seem malware related. If you'd like to move the thread thats fine w/ me.

BeeCeeBee · Apr 22, 2011

Not exactly sure what you're asking BCB? Are u saying i shouldve posted this in the other forum
Click to expand...

Nope what I am suggesting that we have ultimate faith in Starbuck, his training and his record of success. If he is not satisfied that your computer is clean then we are not prepared to proceed as if it is.

Besides, MSE is so inherently linked to Windows that my first inclination was that you were still infected. However I am not anyway near proficient on the subject to second guess anyone.

All that taken into account you can proceed here or there but if it is here you may have to post logs again. Have a look at our malware removal preparation instructions. http://computerhelpforums.net/topic/13814-preparation-for-malware-removal-help/

BigDan · Apr 22, 2011

i've looked at the instruction site. i ran a MBAM log a couple days ago, removed 2 threats. am doing so again.

tried running OTL but cant. gives an error. same happened when i had a virus and was trying to download it then. i just cant install it, no idea why.

starbuck · Feb 4, 2014

Hi BigDan,

I've moved the thread to the malware removal forum, but the link will remain the same.

i ran a MBAM log a couple days ago, removed 2 threats. am doing so again.
Click to expand...

Start Malwarebytes AntiMalware.
Click on the logs tab.
The logs are date stamped ... double click on the log that showed the infection items.

.

It'll open in notepad.

Please copy/paste the report in your next reply.

Thanks

BigDan · Apr 23, 2011

Seems MBAM is completely clean.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6401

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/23/2011 1:23:04 AM
mbam-log-2011-04-23 (01-23-04).txt

Scan type: Full scan (C:\|)
Objects scanned: 319384
Time elapsed: 3 hour(s), 11 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DSTM (Dougie) · Apr 23, 2011

Hi Dan. Starbuck wanted a copy of the Log which contained the Infections from a couple of days ago.

Starbuck wants to identify what those infections were.

I think you misread Starbuck's post.

starbuck · Apr 23, 2011

Starbuck wanted a copy of the Log which contained the Infections from a couple of days ago.
Click to expand...

Yes, that's right.

Also when you run a scan with mbam ALWAYS make sure it's updated first.

from your report:

Database version: 6401
Click to expand...

todays update:

Database version: 6424
Click to expand...

BigDan · Apr 23, 2011

ahhh gotcha! sorry.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6401

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/20/2011 8:31:53 AM
mbam-log-2011-04-20 (08-31-53).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 366829
Time elapsed: 3 hour(s), 10 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\_OTL\movedfiles\04082011_195249\c_documents and settings\user\local settings\application data\ifa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\04082011_195249\c_documents and settings\user\local settings\application data\lfy.exe (Trojan.Agent) -> Quarantined and deleted successfully.

starbuck · Apr 23, 2011

Hi BigDan

Those items shouldn't have been on your system if OTL had been removed.
Let's start with a clean slate here and work our way through.

Step 1
Restart MBAM.
Click on the Quarantine tab
If there are items in quarantine.....
Make sure everything is selected and then click Delete All.
Close MBAM.

Step 2
Download OTC and save it your Desktop.
Double click the OTC icon to run the program.
Click the 'CleanUp' button.

This utility will cleanup an assortment of tools used during malware removal, plus itself

Step 3
Let's check for any rogue processes first.

Download RogueKiller and save it to your desktop.

Close all the running processes

Double click RogueKiller icon to run the program
Vista/Win7 users should right click the icon and select Run as Administrator.

When prompted, type 1 (SCAN) and then press Enter

A report will open, please copy and paste this report in your next reply.

A copy of the RKreport.txt can be found on your desktop.

Note:
If RogueKiller is blocked, do not hesitate to try running it again.
If it still fails to run, right click on the downloaded icon and select 'Rename'.....rename it to winlogon and try again.

In your next reply, please submit:
RogueKiller report
and confirm that OTC was run.

Thanks.

BigDan · Apr 23, 2011

Hi Starbuck

MBAM Done.
OTC Done.

Rogue Killer done, log below. FYI your link to it didn't work, you may want to update that

RogueKiller V4.3.9 [04/16/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: user [Admin rights]
Mode: Scan -- Date : 04/23/2011 13:20:10

Bad processes: 0

Registry Entries: 3
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (socks=127.0.0.1:4021) -> FOUND
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command : (C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe) -> FOUND
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command : ("C:\Program Files\Intern") -> FOUND

HOSTS File:
127.0.0.1 localhost

Finished : << RKreport[1].txt >>
RKreport[1].txt

starbuck · Feb 4, 2014

Hi BigDan

FYI your link to it didn't work, you may want to update tha
Click to expand...

Thanks for that.
Seems the download link has now been changed for some reason.
I've changed the link for my speech.

Step 1

Close all the running processes

Double click RogueKiller icon to run the program
Vista/Win7 users should right click the icon and select Run as Administrator.

When prompted, type 2 (DELETE) and then press Enter

A report will open, please copy and paste this report in your next reply.

A copy of the RKreport.txt can be found on your desktop.

Note:
if you get a notification about a proxy .... let it remove it.

Step 2

Download TDSSKiller and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

Vista/Win7 users should right-click and select Run As Administrator.

.

If an infected file is detected, the default action will be Cure, click on Continue.

.

If a suspicious file is detected, the default action will be Skip, click on Continue.

.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file in your next reply.

Step 3
You couldn't download and install OTL last time, try these links ( they are for a different file extension)

Download OTL to your desktop.
right click on the link and select 'Save Link/Target As'.

if you have problems, try this download link:
OTL
right click on the link and select 'Save Link/Target As'.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

When the window appears, underneath Output at the top change it to Minimal Output.

Check the boxes beside LOP Check and Purity Check

.

.
.

Now copy the lines in bold below.

netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

.
.

Click the Run Scan button.

In your next reply, please submit:
RogueKiller.txt
TDSSKiler report
Both reports from OTL

Thanks.

BigDan · Apr 24, 2011

OTL still didnt work. Its not a problem downloading it, the install part doesnt work. Just says encountered an error. Tried it on both.

The other 2 logs below:

RogueKiller V4.3.9 [04/16/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: user [Admin rights]
Mode: Remove -- Date : 04/24/2011 11:25:00

Bad processes: 0

Registry Entries: 3
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (socks=127.0.0.1:4021) -> NOT REMOVED, USE PROXYFIX
[FILE ASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command : (C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe) -> REPLACED : ("")
[FILE ASSO] HKLM\[...]Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command : ("C:\Program Files\Intern") -> REPLACED : ("C:\Program Files\internet explorer\iexplore.exe")

HOSTS File:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

2011/04/24 11:25:19.0921 3364 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/24 11:25:20.0218 3364 ================================================================================
2011/04/24 11:25:20.0218 3364 SystemInfo:
2011/04/24 11:25:20.0218 3364
2011/04/24 11:25:20.0218 3364 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/24 11:25:20.0218 3364 Product type: Workstation
2011/04/24 11:25:20.0218 3364 ComputerName: WINXP-A6795C19E
2011/04/24 11:25:20.0218 3364 UserName: user
2011/04/24 11:25:20.0218 3364 Windows directory: C:\WINDOWS
2011/04/24 11:25:20.0218 3364 System windows directory: C:\WINDOWS
2011/04/24 11:25:20.0218 3364 Processor architecture: Intel x86
2011/04/24 11:25:20.0218 3364 Number of processors: 1
2011/04/24 11:25:20.0218 3364 Page size: 0x1000
2011/04/24 11:25:20.0218 3364 Boot type: Normal boot
2011/04/24 11:25:20.0218 3364 ================================================================================
2011/04/24 11:25:20.0750 3364 Initialize success
2011/04/24 11:25:23.0312 3952 ================================================================================
2011/04/24 11:25:23.0312 3952 Scan started
2011/04/24 11:25:23.0312 3952 Mode: Manual;
2011/04/24 11:25:23.0312 3952 ================================================================================
2011/04/24 11:25:25.0562 3952 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/24 11:25:26.0000 3952 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/24 11:25:26.0515 3952 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/24 11:25:26.0796 3952 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/04/24 11:25:27.0093 3952 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/24 11:25:27.0390 3952 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/04/24 11:25:29.0687 3952 ALCXWDM (8a8909fdd548d84a3e02e04f699ee705) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/04/24 11:25:32.0500 3952 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/24 11:25:32.0796 3952 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/24 11:25:34.0359 3952 ati2mtag (c06659ff381423d6cb19a91c2a2f80ad) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/04/24 11:25:35.0703 3952 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/24 11:25:35.0968 3952 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/24 11:25:36.0234 3952 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/24 11:25:36.0468 3952 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/24 11:25:36.0796 3952 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/24 11:25:37.0250 3952 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/24 11:25:37.0500 3952 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/24 11:25:37.0765 3952 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/24 11:25:39.0140 3952 dc3d (91c1736e77cff029302728b431d0eedb) C:\WINDOWS\system32\DRIVERS\dc3d.sys
2011/04/24 11:25:39.0421 3952 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/24 11:25:39.0921 3952 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/24 11:25:40.0468 3952 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/24 11:25:40.0718 3952 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/24 11:25:40.0984 3952 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/24 11:25:41.0437 3952 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/24 11:25:41.0781 3952 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/24 11:25:42.0031 3952 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/24 11:25:42.0281 3952 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/24 11:25:42.0531 3952 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/04/24 11:25:42.0828 3952 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/04/24 11:25:43.0156 3952 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/24 11:25:43.0406 3952 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/24 11:25:43.0687 3952 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/04/24 11:25:43.0953 3952 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/24 11:25:44.0234 3952 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/24 11:25:44.0812 3952 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/24 11:25:45.0578 3952 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/24 11:25:45.0843 3952 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/24 11:25:46.0531 3952 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/24 11:25:46.0796 3952 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/04/24 11:25:47.0031 3952 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/24 11:25:47.0281 3952 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/24 11:25:47.0578 3952 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/24 11:25:47.0906 3952 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/24 11:25:48.0171 3952 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/24 11:25:48.0421 3952 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/24 11:25:48.0687 3952 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/24 11:25:49.0000 3952 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/24 11:25:49.0328 3952 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/24 11:25:50.0062 3952 lgmdbus (54fec13b60914784aa06685f352aed70) C:\WINDOWS\system32\DRIVERS\lgmdbus.sys
2011/04/24 11:25:50.0343 3952 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/04/24 11:25:50.0656 3952 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
2011/04/24 11:25:50.0890 3952 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/24 11:25:51.0156 3952 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/24 11:25:51.0406 3952 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/24 11:25:51.0640 3952 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/24 11:25:52.0218 3952 mrtRate (a7566da7aa8b74f1cebc18afd6b6cfa0) C:\WINDOWS\system32\drivers\mrtRate.sys
2011/04/24 11:25:52.0500 3952 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/24 11:25:52.0937 3952 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/24 11:25:53.0312 3952 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/24 11:25:53.0546 3952 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/24 11:25:53.0828 3952 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/24 11:25:54.0062 3952 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/24 11:25:54.0296 3952 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/24 11:25:54.0562 3952 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/24 11:25:54.0828 3952 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/24 11:25:55.0109 3952 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/24 11:25:55.0437 3952 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/24 11:25:55.0687 3952 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/24 11:25:55.0937 3952 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/24 11:25:56.0187 3952 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/24 11:25:56.0437 3952 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/24 11:25:56.0703 3952 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/24 11:25:56.0968 3952 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/24 11:25:57.0250 3952 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/24 11:25:57.0593 3952 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/04/24 11:25:57.0859 3952 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/24 11:25:58.0265 3952 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/24 11:25:58.0687 3952 NuidFltr (ef2b9a14ec5dd74ade3417faf1b45e16) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/04/24 11:25:58.0968 3952 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/24 11:25:59.0218 3952 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/24 11:25:59.0453 3952 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/24 11:25:59.0796 3952 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/24 11:26:00.0187 3952 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/24 11:26:00.0421 3952 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/24 11:26:00.0687 3952 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/24 11:26:01.0187 3952 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/24 11:26:01.0453 3952 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/24 11:26:01.0828 3952 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys
2011/04/24 11:26:03.0593 3952 PID_0928 (d2d2fa02b722336960eeae0ae7107891) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
2011/04/24 11:26:04.0031 3952 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/24 11:26:04.0312 3952 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/24 11:26:04.0562 3952 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/24 11:26:04.0828 3952 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/24 11:26:06.0109 3952 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/24 11:26:06.0359 3952 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/24 11:26:06.0625 3952 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/24 11:26:06.0890 3952 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/24 11:26:07.0171 3952 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/24 11:26:07.0453 3952 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/24 11:26:07.0734 3952 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/24 11:26:08.0078 3952 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/24 11:26:08.0453 3952 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/24 11:26:09.0031 3952 RTL8023xp (e10f6c9bd09d8dae26e29d52c65e6e0f) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/04/24 11:26:09.0406 3952 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/24 11:26:09.0671 3952 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/24 11:26:09.0937 3952 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/24 11:26:10.0203 3952 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/24 11:26:10.0671 3952 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/24 11:26:10.0906 3952 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/04/24 11:26:11.0343 3952 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/24 11:26:11.0843 3952 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/04/24 11:26:11.0843 3952 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/24 11:26:11.0859 3952 sptd - detected Locked file (1)
2011/04/24 11:26:12.0125 3952 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/24 11:26:12.0500 3952 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/24 11:26:12.0875 3952 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/24 11:26:13.0125 3952 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/24 11:26:13.0421 3952 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/24 11:26:14.0531 3952 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/24 11:26:14.0937 3952 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/24 11:26:15.0312 3952 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/24 11:26:15.0546 3952 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/24 11:26:15.0812 3952 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/24 11:26:16.0312 3952 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/24 11:26:16.0921 3952 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/24 11:26:17.0531 3952 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/24 11:26:17.0796 3952 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/24 11:26:18.0078 3952 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/24 11:26:18.0359 3952 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/24 11:26:18.0609 3952 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/24 11:26:18.0859 3952 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/24 11:26:19.0109 3952 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/24 11:26:19.0421 3952 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/24 11:26:19.0671 3952 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/24 11:26:20.0156 3952 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/24 11:26:20.0406 3952 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/24 11:26:20.0812 3952 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/04/24 11:26:21.0437 3952 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/24 11:26:21.0765 3952 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/04/24 11:26:22.0046 3952 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/24 11:26:22.0375 3952 ================================================================================
2011/04/24 11:26:22.0375 3952 Scan finished
2011/04/24 11:26:22.0375 3952 ================================================================================
2011/04/24 11:26:22.0390 3852 Detected object count: 1
2011/04/24 11:41:50.0187 3852 Locked file(sptd) - User select action: Skip

starbuck · Apr 24, 2011

Hi BigDan

OTL still didnt work. Its not a problem downloading it, the install part doesnt work. Just says encountered an error.
Click to expand...

Does it say what sort of error?
Does it start to scan at all?

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (socks=127.0.0.1:4021) -> NOT REMOVED, USE PROXYFIX
Click to expand...

Ok, let's sort this out then.

Step 1

Close all the running processes

Double click RogueKiller icon to run the program
Vista/Win7 users should right click the icon and select Run as Administrator.

When prompted, type 4 (PROXY FIX) and then press Enter

A report will open, please copy and paste this report in your next reply.

A copy of the RKreport.txt can be found on your desktop.

Step 2
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

This is an example, you may rename ComboFix to anything you want.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
For more information read:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Then:

Double click on Combo-Fix.exe & follow the prompts.

Vista/Win7 users should right click on the icon and select Run as Administrator.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If running Vista/Win7, you may not see this screen

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

In your next reply, please submit:
RogueKiller report
Combofix.txt

Thanks.

Log in or Sign up

Cant Update Mse

BigDan Registered Members

DSTM (Dougie) Registered Members

BeeCeeBee ADMINISTRATOR IN MEMORY

PseFrank Registered Members

BigDan Registered Members

starbuck Rest In Peace Pete Administrator

BeeCeeBee ADMINISTRATOR IN MEMORY

BigDan Registered Members

BeeCeeBee ADMINISTRATOR IN MEMORY

BigDan Registered Members

starbuck Rest In Peace Pete Administrator

BigDan Registered Members

DSTM (Dougie) Registered Members

starbuck Rest In Peace Pete Administrator

BigDan Registered Members

starbuck Rest In Peace Pete Administrator

BigDan Registered Members

starbuck Rest In Peace Pete Administrator

BigDan Registered Members

starbuck Rest In Peace Pete Administrator

Share This Page

Log in or Sign up

Cant Update Mse

BigDan Registered Members

DSTM (Dougie) Registered Members

BeeCeeBee ADMINISTRATOR IN MEMORY

PseFrank Registered Members

BigDan Registered Members

starbuck Rest In Peace Pete Administrator

BeeCeeBee ADMINISTRATOR IN MEMORY

BigDan Registered Members

BeeCeeBee ADMINISTRATOR IN MEMORY

BigDan Registered Members

starbuck Rest In Peace Pete Administrator

BigDan Registered Members

DSTM (Dougie) Registered Members

starbuck Rest In Peace Pete Administrator

BigDan Registered Members

starbuck Rest In Peace Pete Administrator

BigDan Registered Members

starbuck Rest In Peace Pete Administrator

BigDan Registered Members

starbuck Rest In Peace Pete Administrator

Share This Page

Useful Searches