Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Attack from Tracur.Y and two other viruses


  • This topic is locked This topic is locked
26 replies to this topic

#1 agentrx

agentrx

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 25 July 2011 - 12:48 AM

I started up Microsoft Security Essentials and it found and deleted a virus called tracur.Y, yet it keeps showing up after rebooting the computer. I am running Windows XP Home Edition

MSE also detected \system32\atl32.exe and \system32\odpdx3232.exe that have not been classified as risks and wanted me to submit them to be analyzed.

Running malwarebytes atm...

Any help would be greatly appreciated!

Edited by agentrx, 25 July 2011 - 12:50 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:46 AM

Posted 25 July 2011 - 08:41 AM

Please post the complete results of your MBAM scan for review.

To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.
  • Click the Logs Tab at the top.
  • The log will be named by the date of scan in the following format: mbam-log-date(time).txt
    -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log should automatically open in notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Logs are saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 agentrx

agentrx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 25 July 2011 - 08:42 AM

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7269

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

7/25/2011 9:41:34 AM
mbam-log-2011-07-25 (09-41-34).txt

Scan type: Quick scan
Objects scanned: 167097
Time elapsed: 6 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-------

Thanks quietman7 for such a speedy response!

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:46 AM

Posted 25 July 2011 - 09:07 AM

Please perform a scan with Eset Online Anti-virus Scanner.
  • If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
  • Vista/Windows 7 users need to run Internet Explorer/Firefox as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check Posted Image and make sure that the option Remove found threats is NOT checked.
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.

In regards to the two files found by MSE, did you submit them?

You can also get a second opinion by submitting each to one of the following online services that analyzes suspicious files:In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze file now.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 agentrx

agentrx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 25 July 2011 - 12:44 PM

With MSE, yes I did submit them.


Here is my ESETScan report:


C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s77v57ld.default\extensions\{8c8cde75-ad33-4d67-a85a-592d9b5801d8}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s77v57ld.default\extensions\{8c8cde75-ad33-4d67-a85a-592d9b5801d8}\chrome\xulcache.jar JS/Agent.NDJ trojan
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\21\5ac853d5-798c7138 Java/Exploit.Bytverify trojan
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\48\7c21a4b0-33523770 multiple threats
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\eakppdjfpfpdmgjofedfjalmafphioig\contentscript.js Win32/TrojanDownloader.Tracur.F trojan
C:\WINDOWS\CameraFixer2.exe probably a variant of Win32/KillProc.A application
C:\WINDOWS\system32\atl32.dll a variant of Win32/Kryptik.QSR trojan
C:\WINDOWS\system32\atl32.exe a variant of Win32/Kryptik.QSR trojan
C:\WINDOWS\system32\odpdx3232.exe a variant of Win32/Kryptik.QSR trojan

Edited by agentrx, 25 July 2011 - 12:46 PM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:46 AM

Posted 25 July 2011 - 01:05 PM

Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders (temp, IE temp, Java, FF, Opera, Chrome, Safari) for all user accounts, including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
-- Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.

Rerun Eset Online Anti-virus Scanner again, but this time under scan settings, be sure to check the option to Remove found threats. Save the log as before and copy and paste the contents in your next reply.

Note: If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 agentrx

agentrx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 25 July 2011 - 03:46 PM

I ran TFC and rebooted.
Here is the 2nd Eset log with "Remove found threats" checked:


C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s77v57ld.default\extensions\{8c8cde75-ad33-4d67-a85a-592d9b5801d8}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s77v57ld.default\extensions\{8c8cde75-ad33-4d67-a85a-592d9b5801d8}\chrome\xulcache.jar JS/Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s77v57ld.default\extensions\{ae688789-32ee-47d1-9794-fc82400b33c3}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s77v57ld.default\extensions\{ae688789-32ee-47d1-9794-fc82400b33c3}\chrome\xulcache.jar JS/Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\eakppdjfpfpdmgjofedfjalmafphioig\contentscript.js Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\WINDOWS\CameraFixer2.exe probably a variant of Win32/KillProc.A application cleaned by deleting - quarantined
C:\WINDOWS\system32\atl32.dll a variant of Win32/Kryptik.QSR trojan cleaned by deleting (after the next restart) - quarantined
C:\WINDOWS\system32\atl32.exe a variant of Win32/Kryptik.QSR trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\odpdx3232.exe a variant of Win32/Kryptik.QSR trojan cleaned by deleting - quarantined

#8 agentrx

agentrx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 25 July 2011 - 06:25 PM

Quick update:

After the Eset scan, Microsoft Security Essentials stopped working with error code: 0x80070005, then as I clicked on the first link for Microsoft Security Essentials, I was redirected to a different site with a really long link. It is also affecting google chrome. I have uninstalled my current Microsoft Security Essentials and am currently installing it again. I hope this computer is able to be fixed. Thanks quietman7 for your help so far. Hopefully this issue will resolve soon. If I do get MSE to run again, I will verify to see if Tracur.Y is showing up. I'll try to solve this redirecting link by following another forum I found on bleepingcomputer...

Edited by agentrx, 25 July 2011 - 07:04 PM.


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:46 AM

Posted 25 July 2011 - 08:47 PM

I'll try to solve this redirecting link by following another forum I found on bleepingcomputer...

That may cause confusion...it's best we continue in this thread.


Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
Be sure to print out and follow the instructions for performing a scan. Alternate instructions can be found here.

  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
  • Alternatively, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.

    Posted Image
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

    Posted Image
  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

    Posted Image
  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 agentrx

agentrx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 25 July 2011 - 11:18 PM

I'm sorry quietman7, I did not use the option skip and accidentally chose to delete them. There was no quarantine option for the suspicious objects. I hope this does not impede the progression of the solution or hinders a crucial step. Thank you for all the help you've given and I'm once again really sorry if deleting these suspicious files messes things up.

Here is the TDSSKiller log:

2011/07/25 23:58:50.0781 3692 ================================================================================
2011/07/25 23:58:50.0781 3692 SystemInfo:
2011/07/25 23:58:50.0781 3692
2011/07/25 23:58:50.0781 3692 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/25 23:58:50.0781 3692 Product type: Workstation
2011/07/25 23:58:50.0781 3692 ComputerName: TAKESHI-CVXLYTC
2011/07/25 23:58:50.0781 3692 UserName: Owner
2011/07/25 23:58:50.0781 3692 Windows directory: C:\WINDOWS
2011/07/25 23:58:50.0781 3692 System windows directory: C:\WINDOWS
2011/07/25 23:58:50.0781 3692 Processor architecture: Intel x86
2011/07/25 23:58:50.0781 3692 Number of processors: 1
2011/07/25 23:58:50.0781 3692 Page size: 0x1000
2011/07/25 23:58:50.0781 3692 Boot type: Normal boot
2011/07/25 23:58:50.0781 3692 ================================================================================
2011/07/25 23:58:52.0578 3692 Initialize success
2011/07/25 23:58:57.0265 3944 ================================================================================
2011/07/25 23:58:57.0265 3944 Scan started
2011/07/25 23:58:57.0265 3944 Mode: Manual;
2011/07/25 23:58:57.0265 3944 ================================================================================
2011/07/25 23:58:58.0484 3944 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/25 23:58:58.0562 3944 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/25 23:58:58.0765 3944 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/07/25 23:58:58.0875 3944 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/25 23:58:59.0000 3944 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/07/25 23:58:59.0140 3944 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/25 23:58:59.0296 3944 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/07/25 23:58:59.0453 3944 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/07/25 23:59:00.0031 3944 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/25 23:59:00.0156 3944 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/25 23:59:00.0359 3944 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/25 23:59:00.0484 3944 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/25 23:59:00.0593 3944 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS
2011/07/25 23:59:00.0750 3944 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/25 23:59:00.0875 3944 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/25 23:59:01.0000 3944 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/25 23:59:01.0187 3944 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/25 23:59:01.0312 3944 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/25 23:59:01.0453 3944 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/07/25 23:59:01.0578 3944 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/07/25 23:59:01.0703 3944 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/25 23:59:01.0843 3944 cdudf_xp (071f51d6382b308fb3292ea009c2979f) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2011/07/25 23:59:01.0843 3944 Suspicious file (Forged): C:\WINDOWS\system32\drivers\cdudf_xp.sys. Real md5: 071f51d6382b308fb3292ea009c2979f, Fake md5: a19f8c660426e02aa99af1ed3d0dcb1c
2011/07/25 23:59:01.0859 3944 cdudf_xp - detected ForgedFile.Multi.Generic (1)
2011/07/25 23:59:02.0187 3944 ctms2020 (f3a9e35d79f200ef2916d058e5e7bfc3) C:\WINDOWS\system32\DRIVERS\ctms2020.Sys
2011/07/25 23:59:02.0593 3944 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/25 23:59:02.0734 3944 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/25 23:59:02.0906 3944 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/25 23:59:03.0046 3944 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/25 23:59:03.0203 3944 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/25 23:59:03.0421 3944 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/25 23:59:03.0515 3944 dvd_2K (943873bf94e372b78ab0b0631069ac2b) C:\WINDOWS\system32\drivers\dvd_2K.sys
2011/07/25 23:59:03.0640 3944 E1000 (a97b4360acc61d9d3cae50cd155ef02c) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2011/07/25 23:59:03.0796 3944 EntDrv51 (755b51fbf57e39db017ba4e6f3032c6f) C:\WINDOWS\system32\drivers\EntDrv51.sys
2011/07/25 23:59:03.0953 3944 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/25 23:59:04.0093 3944 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/25 23:59:04.0218 3944 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/25 23:59:04.0437 3944 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/25 23:59:04.0562 3944 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/25 23:59:04.0703 3944 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/25 23:59:04.0828 3944 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/25 23:59:05.0031 3944 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/25 23:59:05.0140 3944 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
2011/07/25 23:59:05.0281 3944 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/07/25 23:59:05.0437 3944 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/25 23:59:05.0609 3944 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/07/25 23:59:05.0687 3944 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/07/25 23:59:05.0765 3944 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/07/25 23:59:05.0906 3944 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/25 23:59:06.0156 3944 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/07/25 23:59:06.0250 3944 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/07/25 23:59:06.0421 3944 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/25 23:59:06.0656 3944 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/25 23:59:06.0765 3944 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/25 23:59:06.0906 3944 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/25 23:59:07.0015 3944 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/25 23:59:07.0171 3944 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/25 23:59:07.0359 3944 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/25 23:59:07.0468 3944 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/25 23:59:07.0609 3944 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/25 23:59:07.0734 3944 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/25 23:59:07.0843 3944 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/25 23:59:07.0984 3944 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/25 23:59:08.0125 3944 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/25 23:59:08.0359 3944 mmc_2K (18032034b88c7f9e9068df91ab3ae968) C:\WINDOWS\system32\drivers\mmc_2K.sys
2011/07/25 23:59:08.0468 3944 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/25 23:59:08.0578 3944 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/25 23:59:08.0718 3944 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/25 23:59:08.0828 3944 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/25 23:59:08.0937 3944 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/25 23:59:09.0296 3944 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/25 23:59:09.0453 3944 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/25 23:59:09.0640 3944 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/25 23:59:09.0734 3944 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/25 23:59:09.0937 3944 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/25 23:59:10.0062 3944 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/25 23:59:10.0234 3944 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/25 23:59:10.0328 3944 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/25 23:59:10.0468 3944 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/25 23:59:10.0593 3944 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/25 23:59:10.0750 3944 NaiAvFilter1 (bfafb7203642eed61c405c4070017efb) C:\WINDOWS\system32\drivers\naiavf5x.sys
2011/07/25 23:59:10.0906 3944 NaiAvTdi1 (577d668392eca8f47442db740a1dd76f) C:\WINDOWS\system32\drivers\mvstdi5x.sys
2011/07/25 23:59:11.0046 3944 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/25 23:59:11.0187 3944 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/25 23:59:11.0359 3944 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/25 23:59:11.0484 3944 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/25 23:59:11.0625 3944 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/25 23:59:11.0718 3944 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/25 23:59:11.0859 3944 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/25 23:59:12.0000 3944 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/25 23:59:12.0156 3944 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/25 23:59:12.0328 3944 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/25 23:59:12.0546 3944 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/25 23:59:12.0968 3944 nv (5950e6cc9fb3fabb61604d395dbc8550) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/07/25 23:59:13.0375 3944 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/25 23:59:13.0484 3944 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/25 23:59:13.0625 3944 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/07/25 23:59:13.0734 3944 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/25 23:59:13.0859 3944 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/25 23:59:13.0984 3944 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/25 23:59:14.0109 3944 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/25 23:59:14.0281 3944 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/25 23:59:14.0375 3944 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/25 23:59:14.0515 3944 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/07/25 23:59:14.0984 3944 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/25 23:59:15.0078 3944 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/07/25 23:59:15.0234 3944 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/25 23:59:15.0359 3944 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/25 23:59:15.0468 3944 pwd_2k (4f1948a73db89ee4b34feeedd6745ee1) C:\WINDOWS\system32\drivers\pwd_2k.sys
2011/07/25 23:59:15.0593 3944 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/25 23:59:15.0968 3944 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/25 23:59:16.0078 3944 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/25 23:59:16.0203 3944 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/25 23:59:16.0375 3944 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/25 23:59:16.0500 3944 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/25 23:59:16.0609 3944 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/25 23:59:16.0734 3944 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/25 23:59:16.0890 3944 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/25 23:59:17.0031 3944 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/25 23:59:17.0203 3944 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/25 23:59:17.0328 3944 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/25 23:59:17.0437 3944 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/25 23:59:17.0578 3944 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/25 23:59:17.0718 3944 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys
2011/07/25 23:59:18.0359 3944 SNPSTD3 (11bb0e11d42cc3a43d741d9b30839be1) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
2011/07/25 23:59:18.0921 3944 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/25 23:59:19.0031 3944 sptd (0c1dad75274cb6e31f053ce3e08bf9c3) C:\WINDOWS\system32\Drivers\sptd.sys
2011/07/25 23:59:19.0031 3944 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 0c1dad75274cb6e31f053ce3e08bf9c3
2011/07/25 23:59:19.0046 3944 sptd - detected LockedFile.Multi.Generic (1)
2011/07/25 23:59:19.0171 3944 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/25 23:59:19.0375 3944 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/25 23:59:19.0531 3944 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/25 23:59:19.0671 3944 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/25 23:59:19.0812 3944 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/25 23:59:20.0203 3944 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/25 23:59:20.0375 3944 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/25 23:59:20.0500 3944 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/25 23:59:20.0609 3944 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/25 23:59:20.0718 3944 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/25 23:59:20.0890 3944 UdfReadr_xp (37148e648e0f3a6694040fd9f80941b7) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2011/07/25 23:59:20.0968 3944 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/25 23:59:21.0187 3944 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/25 23:59:21.0421 3944 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/07/25 23:59:21.0593 3944 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/25 23:59:21.0765 3944 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/25 23:59:21.0937 3944 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/25 23:59:22.0093 3944 USBMIDI (8f954ae23a564487414dfc143203f9d4) C:\WINDOWS\system32\Drivers\Mdusb.sys
2011/07/25 23:59:22.0250 3944 USBNET_XP (f2eadc6a8f9bce582af6ba855426a47e) C:\WINDOWS\system32\DRIVERS\netusbxp.sys
2011/07/25 23:59:22.0437 3944 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/25 23:59:22.0593 3944 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/25 23:59:22.0750 3944 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/25 23:59:22.0906 3944 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/25 23:59:23.0187 3944 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/25 23:59:23.0453 3944 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/25 23:59:23.0593 3944 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
2011/07/25 23:59:23.0703 3944 wacomvhid (73e6f16a1f187d71fb26af308551e54a) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
2011/07/25 23:59:23.0812 3944 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/25 23:59:23.0984 3944 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/25 23:59:24.0125 3944 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/07/25 23:59:24.0281 3944 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/25 23:59:24.0437 3944 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/25 23:59:24.0546 3944 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/25 23:59:24.0718 3944 WUSB54GPV4SRV (70aeec67e87a2002e6b2cc353d56e222) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
2011/07/25 23:59:24.0890 3944 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/07/25 23:59:25.0046 3944 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/07/25 23:59:25.0093 3944 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/07/25 23:59:25.0234 3944 Boot (0x1200) (c708c7d99260f2755e7bce728d0a8a5e) \Device\Harddisk0\DR0\Partition0
2011/07/25 23:59:25.0250 3944 ================================================================================
2011/07/25 23:59:25.0250 3944 Scan finished
2011/07/25 23:59:25.0250 3944 ================================================================================
2011/07/25 23:59:25.0265 3936 Detected object count: 2
2011/07/25 23:59:25.0265 3936 Actual detected object count: 2
2011/07/26 00:00:03.0750 3936 HKLM\SYSTEM\ControlSet001\services\cdudf_xp - will be deleted after reboot
2011/07/26 00:00:03.0781 3936 HKLM\SYSTEM\ControlSet003\services\cdudf_xp - will be deleted after reboot
2011/07/26 00:00:03.0781 3936 HKLM\SYSTEM\ControlSet004\services\cdudf_xp - will be deleted after reboot
2011/07/26 00:00:03.0796 3936 C:\WINDOWS\system32\drivers\cdudf_xp.sys - will be deleted after reboot
2011/07/26 00:00:03.0796 3936 ForgedFile.Multi.Generic(cdudf_xp) - User select action: Delete
2011/07/26 00:00:03.0796 3936 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2011/07/26 00:00:03.0812 3936 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot
2011/07/26 00:00:03.0812 3936 HKLM\SYSTEM\ControlSet003\services\sptd - will be deleted after reboot
2011/07/26 00:00:03.0812 3936 HKLM\SYSTEM\ControlSet004\services\sptd - will be deleted after reboot
2011/07/26 00:00:03.0812 3936 C:\WINDOWS\system32\Drivers\sptd.sys - will be deleted after reboot
2011/07/26 00:00:03.0812 3936 LockedFile.Multi.Generic(sptd) - User select action: Delete
2011/07/26 00:00:20.0406 2412 Deinitialize success


---

I will not follow other forums and stick to this one. I have yet to reinstall Microsoft Security Essentials and will not continue as I've noticed that it might conflict with the anti-malware software you are recommending me, but please suggest otherwise if I should install it. I was struggling with it when it was present, as it had made my computer run very slow. I will try to avoid MSE until the situation settles.

Edited by agentrx, 25 July 2011 - 11:26 PM.


#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:46 AM

Posted 26 July 2011 - 06:04 AM

0x80070005 error message usually indicates an Access is Denied error.

You should not leave your system without anti-virus protection. If you continue to have issues with MSE, I would remove and replace it with avast! Free Antivirus, then perform a full system scan.


Please download MiniToolBox by farbar and save it to your desktop.

Close all open browsers, double-click on the file to launch the utility and check the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List Users, Partitions and Memory size
Click Go and a log file named Result.txt will open in Notepad with the results. Copy and paste the contents in your next reply.

Please download and scan with the McAfee FakeAlert Stinger Tool.
Be sure to follow the instructions provided and to check the “Full Scan” option. If you cannot complete the scan, then retry using the "Smart Scan" option. If the tool will not run at all, read the instructions for using "Fix to Scan".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 agentrx

agentrx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 26 July 2011 - 11:09 AM

Here is the MiniToolBox log:

MiniToolBox by Farbar
Ran by Owner (administrator) on 26-07-2011 at 12:07:39
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

Hosts file not detected in the default diroctory
========================= Memory info: ===================================

Percentage of memory in use: 31%
Total physical RAM: 1534.98 MB
Available physical RAM: 1047.54 MB
Total Pagefile: 1644.63 MB
Available Pagefile: 1371.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.48 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:74.5 GB) (Free:33.66 GB) NTFS

========================= Users: ========================================

User accounts for \\TAKESHI-CVXLYTC

Administrator Guest HelpAssistant
Owner SUPPORT_388945a0


== End of log ==




------

I also ran Stinger as a .bat and enabled full scan and fix to scan.

Scan initiated on Tue Jul 26 12:17:00 2011
Number of clean files: 29

I also ran Stinger full scan now without fix to scan enabled.

Scan initiated on Tue Jul 26 12:20:40 2011
Number of clean files: 231808

Edited by agentrx, 26 July 2011 - 01:02 PM.


#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:46 AM

Posted 26 July 2011 - 12:15 PM

Ok, just let me know the results.


Your MiniToolBox log shows the HOSTS file is missing from its default location.

Please follow the instructions provided in How to reset the hosts file back to the default.

To reset the HOSTS file automatically, click the Posted Image button.
Click Run in the file download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.

If you want to add a custom HOSTS file instead, read here first, then download hosts.zip, save it to your Desktop and follow follow these instructions to install the MVPS HOSTS File.

If you encounter a problem with the zipped version, try using an alternative zipping tool like 7zip or ExtractNow. If you still encounter problems, then use the MVPS HOSTS File text version. Go to File in the top menu and select "Save As", then save hosts.txt to your desktop. Rename it hosts without an extension. Go to the folder containing your existing HOSTS file and rename it HOSTS.MVP. Then copy the hosts file on your desktop into the same folder where you renamed the existing file.

Note: If using Vista or Windows 7, be aware that they require special instructions.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 agentrx

agentrx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 26 July 2011 - 01:07 PM

I ran Microsoft Fix it 50267.
It says:

This Microsoft Fix it has been processed.

It prompted me to restart.gives me
I restarted the computer.

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:46 AM

Posted 26 July 2011 - 01:10 PM

How did the stinger scan go?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users