Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP with Recycler / S-1-5-18 Virus & other possible viruses


  • Please log in to reply
31 replies to this topic

#1 davidad

davidad

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 PM

Posted 09 October 2012 - 02:50 PM

Hello.

I have an old XP machine and believe my machine is infected with the Recylcer / S -1-5-18 virus and possibly other viruses. I need your help!

I have MSE and Malware Bytes Anti-Malware installed. I've tried removing this folder though I think it's still on the machine. I still see this folder as a folder on my "C" drive even after I've renamed it, unlocked it, and then deleted it. I also changed the property on my recycle bin to immediiately delete items. Malware doesn't show anything detected and MSE had identified some sort of Sirefef items though I still see this Recycler folder.

Finally, I recently also got the FBI Moneypak virus though I did a system restore to a point in Aug or Sep which seemed to fix this. And, I don't see/have any more system restore points as they were removed and erased given the concern that they were corrupted.

Can you please assist me here?! I need your help!

Thanks very much!

Davidad

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:10 PM

Posted 09 October 2012 - 02:51 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 davidad

davidad
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 PM

Posted 10 October 2012 - 07:27 PM

Narenxp,

Thanks for your follow up. I just checked Bleeping computer now and saw your comment. For some reason, I did not get any email notification yesterday or today, hence why I checked myself.

I will look to undertake your requested actions later tonight or tomorrow when I am home as I am currently on another computer at another location.

Again, thanks for reaching out to help me and I will get back to you.

Kind regards,

Davidad

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:10 PM

Posted 10 October 2012 - 08:35 PM

:thumbup2:

#5 davidad

davidad
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 PM

Posted 16 October 2012 - 12:11 AM

Hello Narenxp,

Thanks for your patience. I had trouble getting the ASW to fully run.

Ok, here are the various logs that I am posting here per your instructions.

1) TDSS Killer

23:22:22.0297 4088 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
23:22:23.0489 4088 ============================================================
23:22:23.0489 4088 Current date / time: 2012/10/15 23:22:23.0489
23:22:23.0489 4088 SystemInfo:
23:22:23.0489 4088
23:22:23.0489 4088 OS Version: 5.1.2600 ServicePack: 3.0
23:22:23.0489 4088 Product type: Workstation
23:22:23.0489 4088 ComputerName: DAMONFAMILY01
23:22:23.0489 4088 UserName: Family Login
23:22:23.0489 4088 Windows directory: C:\WINDOWS
23:22:23.0489 4088 System windows directory: C:\WINDOWS
23:22:23.0489 4088 Processor architecture: Intel x86
23:22:23.0489 4088 Number of processors: 1
23:22:23.0489 4088 Page size: 0x1000
23:22:23.0489 4088 Boot type: Normal boot
23:22:23.0489 4088 ============================================================
23:22:49.0396 4088 Drive \Device\Harddisk0\DR0 - Size: 0x4A94F0000 (18.65 Gb), SectorSize: 0x200, Cylinders: 0xA1A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
23:22:49.0817 4088 ============================================================
23:22:49.0817 4088 \Device\Harddisk0\DR0:
23:22:49.0837 4088 MBR partitions:
23:22:49.0837 4088 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2546451
23:22:49.0837 4088 ============================================================
23:22:49.0877 4088 C: <-> \Device\Harddisk0\DR0\Partition1
23:22:49.0877 4088 ============================================================
23:22:49.0877 4088 Initialize success
23:22:49.0877 4088 ============================================================
23:23:50.0294 2564 ============================================================
23:23:50.0294 2564 Scan started
23:23:50.0294 2564 Mode: Manual; TDLFS;
23:23:50.0294 2564 ============================================================
23:23:50.0404 2564 ================ Scan system memory ========================
23:23:50.0414 2564 System memory - ok
23:23:50.0434 2564 ================ Scan services =============================
23:23:50.0784 2564 Abiosdsk - ok
23:23:50.0874 2564 abp480n5 - ok
23:23:50.0995 2564 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:23:51.0025 2564 ACPI - ok
23:23:51.0115 2564 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
23:23:51.0125 2564 ACPIEC - ok
23:23:51.0185 2564 adpu160m - ok
23:23:51.0285 2564 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:23:51.0325 2564 aec - ok
23:23:51.0435 2564 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:23:51.0455 2564 AFD - ok
23:23:51.0555 2564 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
23:23:51.0565 2564 agp440 - ok
23:23:51.0625 2564 Aha154x - ok
23:23:51.0716 2564 aic78u2 - ok
23:23:51.0786 2564 aic78xx - ok
23:23:51.0866 2564 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:23:51.0876 2564 Alerter - ok
23:23:51.0976 2564 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
23:23:51.0996 2564 ALG - ok
23:23:52.0056 2564 AliIde - ok
23:23:52.0126 2564 amsint - ok
23:23:52.0256 2564 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:23:52.0286 2564 AppMgmt - ok
23:23:52.0346 2564 asc - ok
23:23:52.0397 2564 asc3350p - ok
23:23:52.0467 2564 asc3550 - ok
23:23:52.0687 2564 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:23:52.0687 2564 aspnet_state - ok
23:23:52.0817 2564 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:23:52.0827 2564 AsyncMac - ok
23:23:52.0907 2564 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:23:52.0917 2564 atapi - ok
23:23:52.0977 2564 Atdisk - ok
23:23:53.0108 2564 [ 79E888CCCEAFB49764B254C2537F1AFB ] atirage3 C:\WINDOWS\system32\DRIVERS\atimpae.sys
23:23:53.0128 2564 atirage3 - ok
23:23:53.0208 2564 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:23:53.0218 2564 Atmarpc - ok
23:23:53.0338 2564 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:23:53.0348 2564 AudioSrv - ok
23:23:53.0448 2564 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:23:53.0448 2564 audstub - ok
23:23:53.0628 2564 [ 90A87D49205B3893281203A477F66FE5 ] BCMNTIO C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
23:23:53.0859 2564 BCMNTIO - ok
23:23:53.0949 2564 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:23:53.0959 2564 Beep - ok
23:23:54.0129 2564 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
23:23:54.0209 2564 BITS - ok
23:23:54.0329 2564 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
23:23:54.0339 2564 Browser - ok
23:23:54.0429 2564 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:23:54.0429 2564 cbidf2k - ok
23:23:54.0490 2564 cd20xrnt - ok
23:23:54.0610 2564 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:23:54.0620 2564 Cdaudio - ok
23:23:54.0720 2564 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:23:54.0730 2564 Cdfs - ok
23:23:54.0810 2564 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:23:54.0820 2564 Cdrom - ok
23:23:54.0920 2564 Changer - ok
23:23:55.0010 2564 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\system32\cisvc.exe
23:23:55.0010 2564 cisvc - ok
23:23:55.0090 2564 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:23:55.0100 2564 ClipSrv - ok
23:23:55.0191 2564 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:23:55.0211 2564 clr_optimization_v2.0.50727_32 - ok
23:23:55.0271 2564 CmdIde - ok
23:23:55.0351 2564 COMSysApp - ok
23:23:55.0451 2564 Cpqarray - ok
23:23:55.0531 2564 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:23:55.0561 2564 CryptSvc - ok
23:23:55.0621 2564 dac2w2k - ok
23:23:55.0701 2564 dac960nt - ok
23:23:55.0821 2564 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:23:55.0872 2564 DcomLaunch - ok
23:23:55.0982 2564 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:23:56.0002 2564 Dhcp - ok
23:23:56.0092 2564 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:23:56.0102 2564 Disk - ok
23:23:56.0162 2564 dmadmin - ok
23:23:56.0322 2564 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:23:56.0422 2564 dmboot - ok
23:23:56.0502 2564 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:23:56.0522 2564 dmio - ok
23:23:56.0623 2564 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:23:56.0633 2564 dmload - ok
23:23:56.0753 2564 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:23:56.0763 2564 dmserver - ok
23:23:56.0843 2564 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:23:56.0853 2564 DMusic - ok
23:23:56.0983 2564 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:23:56.0993 2564 Dnscache - ok
23:23:57.0113 2564 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:23:57.0133 2564 Dot3svc - ok
23:23:57.0193 2564 dpti2o - ok
23:23:57.0284 2564 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:23:57.0284 2564 drmkaud - ok
23:23:57.0374 2564 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:23:57.0374 2564 EapHost - ok
23:23:57.0454 2564 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:23:57.0464 2564 ERSvc - ok
23:23:57.0584 2564 [ AB570FB40832BEE65F4D90A7F02792BF ] ess C:\WINDOWS\system32\drivers\ess.sys
23:23:57.0594 2564 ess - ok
23:23:57.0704 2564 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
23:23:57.0724 2564 Eventlog - ok
23:23:57.0864 2564 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
23:23:57.0925 2564 EventSystem - ok
23:23:58.0015 2564 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:23:58.0045 2564 Fastfat - ok
23:23:58.0145 2564 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:23:58.0165 2564 FastUserSwitchingCompatibility - ok
23:23:58.0265 2564 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
23:23:58.0285 2564 Fdc - ok
23:23:58.0345 2564 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:23:58.0365 2564 Fips - ok
23:23:58.0445 2564 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:23:58.0445 2564 Flpydisk - ok
23:23:58.0545 2564 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:23:58.0565 2564 FltMgr - ok
23:23:58.0706 2564 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:23:58.0716 2564 FontCache3.0.0.0 - ok
23:23:58.0786 2564 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:23:58.0796 2564 Fs_Rec - ok
23:23:58.0866 2564 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:23:58.0926 2564 Ftdisk - ok
23:23:59.0016 2564 [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
23:23:59.0026 2564 GEARAspiWDM - ok
23:23:59.0136 2564 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:23:59.0136 2564 Gpc - ok
23:23:59.0317 2564 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:23:59.0317 2564 helpsvc - ok
23:23:59.0377 2564 HidServ - ok
23:23:59.0497 2564 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:23:59.0507 2564 hkmsvc - ok
23:23:59.0567 2564 hpn - ok
23:23:59.0627 2564 hpt3xx - ok
23:23:59.0777 2564 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:23:59.0807 2564 HTTP - ok
23:23:59.0877 2564 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:23:59.0917 2564 HTTPFilter - ok
23:23:59.0977 2564 i2omgmt - ok
23:24:00.0058 2564 i2omp - ok
23:24:00.0158 2564 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:24:00.0168 2564 i8042prt - ok
23:24:00.0408 2564 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:24:00.0508 2564 idsvc - ok
23:24:00.0598 2564 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\drivers\Imapi.sys
23:24:00.0608 2564 Imapi - ok
23:24:00.0729 2564 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
23:24:00.0749 2564 ImapiService - ok
23:24:00.0839 2564 ini910u - ok
23:24:00.0949 2564 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
23:24:00.0949 2564 IntelIde - ok
23:24:01.0019 2564 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
23:24:01.0029 2564 ip6fw - ok
23:24:01.0129 2564 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:24:01.0139 2564 IpFilterDriver - ok
23:24:01.0219 2564 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:24:01.0219 2564 IpInIp - ok
23:24:01.0309 2564 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:24:01.0329 2564 IpNat - ok
23:24:01.0440 2564 [ 688B773BA6074D5E9695EF1886FDCD3E ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:24:01.0510 2564 iPod Service - ok
23:24:01.0610 2564 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:24:01.0620 2564 IPSec - ok
23:24:01.0710 2564 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:24:01.0720 2564 IRENUM - ok
23:24:01.0820 2564 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:24:01.0820 2564 isapnp - ok
23:24:01.0920 2564 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:24:01.0930 2564 Kbdclass - ok
23:24:02.0020 2564 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:24:02.0040 2564 kmixer - ok
23:24:02.0141 2564 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:24:02.0171 2564 KSecDD - ok
23:24:02.0281 2564 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:24:02.0301 2564 lanmanserver - ok
23:24:02.0391 2564 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:24:02.0441 2564 lanmanworkstation - ok
23:24:02.0501 2564 lbrtfdc - ok
23:24:02.0641 2564 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:24:02.0681 2564 LmHosts - ok
23:24:02.0761 2564 [ 61330A29BD4230505A7618BC41693CBB ] MAPMEM C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
23:24:02.0852 2564 MAPMEM - ok
23:24:02.0992 2564 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
23:24:03.0002 2564 MBAMSwissArmy - ok
23:24:03.0092 2564 [ D7010580BF4E45D5E793A1FE75758C69 ] MDC8021X C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
23:24:03.0102 2564 MDC8021X - ok
23:24:03.0232 2564 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
23:24:03.0292 2564 MDM - ok
23:24:03.0382 2564 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:24:03.0392 2564 Messenger - ok
23:24:03.0533 2564 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:24:03.0533 2564 mnmdd - ok
23:24:03.0623 2564 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
23:24:03.0633 2564 mnmsrvc - ok
23:24:03.0733 2564 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:24:03.0753 2564 Modem - ok
23:24:03.0833 2564 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:24:03.0843 2564 Mouclass - ok
23:24:03.0913 2564 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:24:03.0913 2564 MountMgr - ok
23:24:04.0033 2564 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
23:24:04.0053 2564 MpFilter - ok
23:24:04.0254 2564 [ A69630D039C38018689190234F866D77 ] MpKslc2623fdf c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{67A716E2-B808-4445-9A82-7779ADA473ED}\MpKslc2623fdf.sys
23:24:04.0264 2564 MpKslc2623fdf - ok
23:24:04.0324 2564 mraid35x - ok
23:24:04.0444 2564 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:24:04.0464 2564 MRxDAV - ok
23:24:04.0614 2564 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:24:04.0684 2564 MRxSmb - ok
23:24:04.0794 2564 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
23:24:04.0824 2564 MSDTC - ok
23:24:04.0925 2564 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:24:04.0935 2564 Msfs - ok
23:24:04.0995 2564 MSIServer - ok
23:24:05.0075 2564 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:24:05.0085 2564 MSKSSRV - ok
23:24:05.0225 2564 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
23:24:05.0245 2564 MsMpSvc - ok
23:24:05.0325 2564 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:24:05.0335 2564 MSPCLOCK - ok
23:24:05.0395 2564 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:24:05.0395 2564 MSPQM - ok
23:24:05.0515 2564 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:24:05.0525 2564 mssmbios - ok
23:24:05.0626 2564 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:24:05.0636 2564 Mup - ok
23:24:05.0766 2564 [ C7EB926899FF4575B630087EA4C7AF61 ] N100 C:\WINDOWS\system32\DRIVERS\n100325.sys
23:24:05.0786 2564 N100 - ok
23:24:05.0896 2564 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
23:24:05.0936 2564 napagent - ok
23:24:06.0006 2564 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:24:06.0046 2564 NDIS - ok
23:24:06.0136 2564 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:24:06.0146 2564 NdisTapi - ok
23:24:06.0246 2564 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:24:06.0256 2564 Ndisuio - ok
23:24:06.0367 2564 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:24:06.0377 2564 NdisWan - ok
23:24:06.0467 2564 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:24:06.0477 2564 NDProxy - ok
23:24:06.0577 2564 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:24:06.0587 2564 NetBIOS - ok
23:24:06.0687 2564 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:24:06.0707 2564 NetBT - ok
23:24:06.0887 2564 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
23:24:06.0897 2564 NetDDE - ok
23:24:06.0947 2564 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:24:06.0958 2564 NetDDEdsdm - ok
23:24:07.0038 2564 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:24:07.0048 2564 Netlogon - ok
23:24:07.0138 2564 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
23:24:07.0178 2564 Netman - ok
23:24:07.0288 2564 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:24:07.0308 2564 NetTcpPortSharing - ok
23:24:07.0438 2564 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
23:24:07.0468 2564 Nla - ok
23:24:07.0528 2564 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:24:07.0538 2564 Npfs - ok
23:24:07.0679 2564 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:24:07.0749 2564 Ntfs - ok
23:24:07.0829 2564 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
23:24:07.0829 2564 NtLmSsp - ok
23:24:08.0009 2564 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:24:08.0099 2564 NtmsSvc - ok
23:24:08.0199 2564 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:24:08.0199 2564 Null - ok
23:24:08.0299 2564 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:24:08.0309 2564 NwlnkFlt - ok
23:24:08.0410 2564 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:24:08.0420 2564 NwlnkFwd - ok
23:24:08.0510 2564 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:24:08.0520 2564 ose - ok
23:24:08.0640 2564 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
23:24:08.0670 2564 Parport - ok
23:24:08.0770 2564 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:24:08.0780 2564 PartMgr - ok
23:24:08.0880 2564 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:24:08.0890 2564 ParVdm - ok
23:24:09.0020 2564 [ 58C5EA3DE400FE1D08CFECA6D5C14EBD ] PCANDIS5 C:\WINDOWS\system32\PCANDIS5.SYS
23:24:09.0030 2564 PCANDIS5 - ok
23:24:09.0131 2564 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:24:09.0141 2564 PCI - ok
23:24:09.0191 2564 PCIDump - ok
23:24:09.0261 2564 PCIIde - ok
23:24:09.0351 2564 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
23:24:09.0371 2564 Pcmcia - ok
23:24:09.0441 2564 PDCOMP - ok
23:24:09.0511 2564 PDFRAME - ok
23:24:09.0581 2564 PDRELI - ok
23:24:09.0641 2564 PDRFRAME - ok
23:24:09.0721 2564 perc2 - ok
23:24:09.0782 2564 perc2hib - ok
23:24:09.0982 2564 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
23:24:10.0002 2564 PlugPlay - ok
23:24:10.0082 2564 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:24:10.0092 2564 PolicyAgent - ok
23:24:10.0192 2564 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:24:10.0192 2564 PptpMiniport - ok
23:24:10.0282 2564 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
23:24:10.0292 2564 Processor - ok
23:24:10.0372 2564 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:24:10.0372 2564 ProtectedStorage - ok
23:24:10.0443 2564 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:24:10.0463 2564 PSched - ok
23:24:10.0573 2564 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:24:10.0583 2564 Ptilink - ok
23:24:10.0673 2564 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:24:10.0683 2564 PxHelp20 - ok
23:24:10.0743 2564 ql1080 - ok
23:24:10.0813 2564 Ql10wnt - ok
23:24:10.0873 2564 ql12160 - ok
23:24:10.0953 2564 ql1240 - ok
23:24:11.0033 2564 ql1280 - ok
23:24:11.0113 2564 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:24:11.0123 2564 RasAcd - ok
23:24:11.0224 2564 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:24:11.0244 2564 RasAuto - ok
23:24:11.0354 2564 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:24:11.0364 2564 Rasl2tp - ok
23:24:11.0474 2564 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:24:11.0504 2564 RasMan - ok
23:24:11.0564 2564 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:24:11.0594 2564 RasPppoe - ok
23:24:11.0654 2564 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:24:11.0674 2564 Raspti - ok
23:24:11.0764 2564 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:24:11.0784 2564 Rdbss - ok
23:24:11.0885 2564 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:24:11.0895 2564 RDPCDD - ok
23:24:12.0035 2564 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:24:12.0065 2564 rdpdr - ok
23:24:12.0225 2564 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:24:12.0245 2564 RDPWD - ok
23:24:12.0335 2564 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:24:12.0385 2564 RDSessMgr - ok
23:24:12.0475 2564 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:24:12.0485 2564 redbook - ok
23:24:12.0586 2564 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:24:12.0626 2564 RemoteAccess - ok
23:24:12.0736 2564 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:24:12.0746 2564 RemoteRegistry - ok
23:24:12.0846 2564 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
23:24:12.0856 2564 RpcLocator - ok
23:24:12.0976 2564 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
23:24:13.0006 2564 RpcSs - ok
23:24:13.0126 2564 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
23:24:13.0176 2564 RSVP - ok
23:24:13.0337 2564 [ 4EF3F74439AA644BCD8DDC0ED88A5D01 ] RT73 C:\WINDOWS\system32\DRIVERS\Dr71WU.sys
23:24:13.0397 2564 RT73 - ok
23:24:13.0497 2564 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
23:24:13.0507 2564 SamSs - ok
23:24:13.0617 2564 [ 1FD538C4FEB36B793D2121F20BBDC16F ] SBRE C:\WINDOWS\system32\drivers\SBREdrv.sys
23:24:13.0627 2564 SBRE - ok
23:24:13.0737 2564 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:24:13.0757 2564 SCardSvr - ok
23:24:13.0837 2564 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:24:13.0867 2564 Schedule - ok
23:24:14.0028 2564 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:24:14.0038 2564 Secdrv - ok
23:24:14.0118 2564 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
23:24:14.0138 2564 seclogon - ok
23:24:14.0188 2564 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
23:24:14.0198 2564 SENS - ok
23:24:14.0268 2564 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
23:24:14.0278 2564 serenum - ok
23:24:14.0348 2564 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
23:24:14.0358 2564 Serial - ok
23:24:14.0528 2564 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:24:14.0538 2564 Sfloppy - ok
23:24:14.0679 2564 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:24:14.0719 2564 SharedAccess - ok
23:24:14.0829 2564 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:24:14.0839 2564 ShellHWDetection - ok
23:24:14.0909 2564 Simbad - ok
23:24:15.0019 2564 Sparrow - ok
23:24:15.0109 2564 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:24:15.0119 2564 splitter - ok
23:24:15.0229 2564 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:24:15.0259 2564 Spooler - ok
23:24:15.0380 2564 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:24:15.0400 2564 sr - ok
23:24:15.0500 2564 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
23:24:15.0520 2564 srservice - ok
23:24:15.0680 2564 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:24:15.0730 2564 Srv - ok
23:24:15.0830 2564 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:24:15.0860 2564 SSDPSRV - ok
23:24:15.0980 2564 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:24:16.0061 2564 stisvc - ok
23:24:16.0151 2564 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:24:16.0171 2564 swenum - ok
23:24:16.0291 2564 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:24:16.0301 2564 swmidi - ok
23:24:16.0371 2564 SwPrv - ok
23:24:16.0451 2564 symc810 - ok
23:24:16.0511 2564 symc8xx - ok
23:24:16.0561 2564 sym_hi - ok
23:24:16.0621 2564 sym_u3 - ok
23:24:16.0691 2564 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:24:16.0702 2564 sysaudio - ok
23:24:16.0822 2564 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:24:16.0842 2564 SysmonLog - ok
23:24:16.0972 2564 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:24:17.0012 2564 TapiSrv - ok
23:24:17.0162 2564 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:24:17.0212 2564 Tcpip - ok
23:24:17.0342 2564 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:24:17.0352 2564 TDPIPE - ok
23:24:17.0413 2564 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:24:17.0433 2564 TDTCP - ok
23:24:17.0533 2564 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:24:17.0533 2564 TermDD - ok
23:24:17.0663 2564 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
23:24:17.0733 2564 TermService - ok
23:24:17.0823 2564 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
23:24:17.0833 2564 Themes - ok
23:24:17.0963 2564 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
23:24:18.0003 2564 TlntSvr - ok
23:24:18.0063 2564 TosIde - ok
23:24:18.0154 2564 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:24:18.0174 2564 TrkWks - ok
23:24:18.0294 2564 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:24:18.0304 2564 Udfs - ok
23:24:18.0364 2564 ultra - ok
23:24:18.0464 2564 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
23:24:18.0474 2564 UMWdf - ok
23:24:18.0574 2564 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
23:24:18.0825 2564 UnlockerDriver5 - ok
23:24:18.0975 2564 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:24:19.0025 2564 Update - ok
23:24:19.0135 2564 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:24:19.0165 2564 upnphost - ok
23:24:19.0275 2564 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
23:24:19.0345 2564 UPS - ok
23:24:19.0435 2564 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:24:19.0445 2564 usbhub - ok
23:24:19.0556 2564 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:24:19.0556 2564 USBSTOR - ok
23:24:19.0636 2564 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:24:19.0646 2564 usbuhci - ok
23:24:19.0736 2564 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:24:19.0746 2564 VgaSave - ok
23:24:19.0826 2564 ViaIde - ok
23:24:19.0896 2564 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:24:19.0906 2564 VolSnap - ok
23:24:20.0066 2564 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
23:24:20.0197 2564 VSS - ok
23:24:20.0387 2564 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
23:24:20.0417 2564 W32Time - ok
23:24:20.0537 2564 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:24:20.0547 2564 Wanarp - ok
23:24:20.0607 2564 WDICA - ok
23:24:20.0687 2564 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:24:20.0697 2564 wdmaud - ok
23:24:20.0787 2564 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:24:20.0797 2564 WebClient - ok
23:24:20.0968 2564 [ 5DC04E2BADF701D7A9D00365B623DF2F ] wg111nd5 C:\WINDOWS\system32\DRIVERS\wg111nd5.sys
23:24:21.0388 2564 wg111nd5 - ok
23:24:21.0548 2564 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:24:21.0569 2564 winmgmt - ok
23:24:21.0739 2564 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:24:21.0749 2564 WmdmPmSN - ok
23:24:21.0899 2564 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
23:24:21.0969 2564 Wmi - ok
23:24:22.0099 2564 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
23:24:22.0119 2564 WmiApSrv - ok
23:24:22.0189 2564 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:24:22.0199 2564 WS2IFSL - ok
23:24:22.0360 2564 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:24:22.0380 2564 wscsvc - ok
23:24:22.0460 2564 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:24:22.0520 2564 wuauserv - ok
23:24:22.0680 2564 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:24:22.0780 2564 WZCSVC - ok
23:24:22.0890 2564 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:24:22.0910 2564 xmlprov - ok
23:24:23.0041 2564 ================ Scan global ===============================
23:24:23.0131 2564 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:24:23.0261 2564 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:24:23.0391 2564 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:24:23.0471 2564 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:24:23.0481 2564 [Global] - ok
23:24:23.0511 2564 ================ Scan MBR ==================================
23:24:23.0551 2564 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
23:24:23.0982 2564 \Device\Harddisk0\DR0 - ok
23:24:24.0002 2564 ================ Scan VBR ==================================
23:24:24.0032 2564 [ DB8054C905D4D5CA11B031403D912802 ] \Device\Harddisk0\DR0\Partition1
23:24:24.0042 2564 \Device\Harddisk0\DR0\Partition1 - ok
23:24:24.0062 2564 ============================================================
23:24:24.0062 2564 Scan finished
23:24:24.0062 2564 ============================================================
23:24:24.0152 3812 Detected object count: 0
23:24:24.0152 3812 Actual detected object count: 0
23:25:34.0293 3776 Deinitialize success


2. ASWMBR


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-15 23:27:11
-----------------------------
23:27:11.122 OS Version: Windows 5.1.2600 Service Pack 3
23:27:11.122 Number of processors: 1 586 0x502
23:27:11.122 ComputerName: DAMONFAMILY01 UserName: Family Login
23:27:12.705 Initialize success
23:55:51.166 AVAST engine defs: 12101501
23:59:20.977 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:59:20.987 Disk 0 Vendor: ST320414A 3.28 Size: 19092MB BusType: 3
23:59:21.027 Disk 0 MBR read successfully
23:59:21.027 Disk 0 MBR scan
23:59:23.841 Disk 0 Windows XP default MBR code
23:59:23.922 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 19084 MB offset 63
23:59:26.595 Disk 0 scanning sectors +39085200
23:59:27.967 Disk 0 scanning C:\WINDOWS\system32\drivers
00:01:08.191 Service scanning
00:01:44.534 Service MpKslc2623fdf c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{67A716E2-B808-4445-9A82-7779ADA473ED}\MpKslc2623fdf.sys **LOCKED** 32
00:02:32.242 Modules scanning
00:02:50.539 Disk 0 trace - called modules:
00:02:50.569 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
00:02:51.099 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82bd85e0]
00:02:51.109 3 CLASSPNP.SYS[f76fefd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82b60d98]
00:02:51.790 AVAST engine scan C:\WINDOWS
00:03:03.357 AVAST engine scan C:\WINDOWS\system32
00:18:22.419 AVAST engine scan C:\WINDOWS\system32\drivers
00:19:38.338 AVAST engine scan C:\Documents and Settings\Family Login
00:22:14.963 AVAST engine scan C:\Documents and Settings\All Users
00:23:33.276 Scan finished successfully
00:24:09.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Family Login\Desktop\MBR.dat"
00:24:09.728 The log file has been saved successfully to "C:\Documents and Settings\Family Login\Desktop\aswMBR.txt"


3. ESET SCANNER

I will send this separately just so you have some data in case ESET locks up.

4. OTHER POINTS - For several days after my initial reply, I did NOT see the RECYCLER FOLDER on my C: Drive. Once I started running the downloads you asked, and I looked at "My Computer", I saw the RECYCLER Folder again for the first time in several days. I'm not sure why this occurred? Can you please advise? See the listing below. Its properties show 2 files, 1 folder, size of 85 bytes or size on disk 8.0 kb 98,192 bytes) created on Sunday, Oct 14, 2012 5:34 PM. Do you see this folder? Here are the contents that I see when I double click on the folder in my computer....

S-1-5-21-839522115-813497703-1060284298-1003 Type - Folder Date Modified 10/15/2012 11:18 PM..like when I started running the downloads.

Then, when I open up windows explorer and proceed to run an "unlocker" program (that I downloaded), it tells me that nothing is locked. I am given options to delete, move, rename, etc. Previously, I renamed and then deleted it. Tonight, I just renamed it RECYLERXX.


Here is some info re the unlocker program I downloaded.

For details on the unlocker program I have, please see the explanation below:

Unlocker for Windows 2000, XP, 2003, Vista and 7 both 32 and 64 bits.
Copyright © 2005-2011 Cedrick Collomb / Empty Loop
unlocker.emptyloop.com

Using Unlocker
--------------

How often have you tried to delete or rename a file or folder and got
"Cannot delete xxx: It is being used by another person or program." ?

Unlocker is a tool which will help you overcoming this scandalous Windows
bug.

Simply right click the file or folder and select Unlocker. If the file
or folder is locked then a window will appear with a list of processes
locking the file or folder. Select the locks and click Unlock and you



Not sure what to do here since I thought this folder was gone..but it keeps reappearing. Can you please advise and help Narenxp?!

Thanks again and regards,

Davidad

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:10 PM

Posted 16 October 2012 - 12:25 AM

Do not run any other tools when I'm helping you

#7 davidad

davidad
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 PM

Posted 16 October 2012 - 06:36 AM

Hello Narenxp,

Here is the ESET Scan.

C:\Documents and Settings\Family Login\My Documents\Downloads\Unlocker1.9.1.exe a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined

It came up with and identified the Unlocker Program that I had downloaded to try to unlock the RECYCLER Folder!

And, I still see the RECYCLER Folder on my C: Drive! How do I get rid of it without it coming back again and again?

Finally, FYI, MSE runs every day and has not detected or quarantined this item.

Please help and thanks very much.

Davidad

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:10 PM

Posted 16 October 2012 - 09:27 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#9 davidad

davidad
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 PM

Posted 16 October 2012 - 10:38 AM

Hello Narenxp!

Thanks for your quick reply. Apologies for running the unlocker program. I thought it was just going to enable me to see contents of a folder that may be hidden and didn't realize it might interfere with what you're trying to accomplish in helping me. I'll make sure to follow your guidelines.

I already have Malwarebytes Anti-Malware installed that I usually run every few days. I will update its virus definitions and then run a full scan and follow your directions, ok? (And, then, I'll follow the rest of your instructions.)

What do you think so far re this RECYCLER Folder virus? Can you see it in any of the logs I've sent or do you see anything else of concern?

Thanks again very much for your help.

Regards,

Davidad

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:10 PM

Posted 16 October 2012 - 10:50 AM

I will explain about recycler after getting all the logs.RECYCLER folder is not a virus.Zero access rootkit can drop malicious files in RECYCLER folder and run from there.

#11 davidad

davidad
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 PM

Posted 17 October 2012 - 01:44 AM

Narenxp,

Hello. I ran 4 of the 5 scans and have posted the logs/results below. I'll run the 5th (Adware Cleaner and then send the log/results later.

1. Malwarebytes Anti-Malware

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.17.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Family Login :: DAMONFAMILY01 [administrator]

10/16/2012 11:10:00 PM
mbam-log-2012-10-16 (23-10-00).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System |

Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218652
Time elapsed: 2 hour(s), 35 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32|

(Hijack.SHELL32) -> Bad: (fastprox.dll) Good: (shell32.dll) -> Quarantined

and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



2. MINITOOLBOX


MiniToolBox by Farbar Version: 23-07-2012
Ran by Family Login (administrator) on 16-10-2012 at 23:11:54
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

D-Link AirPlus G DWL-G122 Wireless USB Adapter(rev.C) = Wireless Network Connection 2 (Connected)
Compaq NC3161 Fast Ethernet NIC = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : damonfamily01

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Compaq NC3161 Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-08-C7-E3-59-D5



Ethernet adapter Wireless Network Connection 2:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : D-Link AirPlus G DWL-G122 Wireless USB Adapter(rev.C)

Physical Address. . . . . . . . . : 00-19-5B-7A-7A-6B

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 167.206.254.1

167.206.254.2

Lease Obtained. . . . . . . . . . : Tuesday, October 16, 2012 3:21:30 PM

Lease Expires . . . . . . . . . . : Wednesday, October 17, 2012 3:21:30 PM

Server: vdns1.srv.hcvlny.cv.net
Address: 167.206.254.1

Name: google.com
Addresses: 173.194.43.39, 173.194.43.32, 173.194.43.37, 173.194.43.36
173.194.43.40, 173.194.43.38, 173.194.43.46, 173.194.43.33, 173.194.43.35
173.194.43.34, 173.194.43.41



Pinging google.com [173.194.43.40] with 32 bytes of data:



Reply from 173.194.43.40: bytes=32 time=11ms TTL=55

Reply from 173.194.43.40: bytes=32 time=17ms TTL=55



Ping statistics for 173.194.43.40:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 11ms, Maximum = 17ms, Average = 14ms

Server: vdns1.srv.hcvlny.cv.net
Address: 167.206.254.1

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=100ms TTL=49

Reply from 98.138.253.109: bytes=32 time=67ms TTL=50



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 67ms, Maximum = 100ms, Average = 83ms

Server: vdns1.srv.hcvlny.cv.net
Address: 167.206.254.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 08 c7 e3 59 d5 ...... Compaq NC3161 Fast Ethernet NIC - Packet Scheduler Miniport
0x10004 ...00 19 5b 7a 7a 6b ...... D-Link AirPlus G DWL-G122 Wireless USB Adapter(rev.C) - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.100 192.168.1.100 20
192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.100 192.168.1.100 20
224.0.0.0 240.0.0.0 192.168.1.100 192.168.1.100 20
255.255.255.255 255.255.255.255 192.168.1.100 2 1
255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/16/2012 03:07:46 AM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1705.5046kb26563701033643finstallx865.1.2600.2.3.0.2560

Error: (10/16/2012 03:07:29 AM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.

Error: (10/16/2012 03:07:21 AM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.

Error: (10/15/2012 11:56:00 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.1.522.0, P3 timeout, P4 1.1.8800.0, P5 fixed, P6 1 _ 512, P7 10 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (10/15/2012 03:03:55 AM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1705.5046kb26563701033643finstallx865.1.2600.2.3.0.2560

Error: (10/15/2012 03:03:42 AM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.

Error: (10/15/2012 03:03:39 AM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.

Error: (10/14/2012 03:03:52 AM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1705.5046kb26563701033643finstallx865.1.2600.2.3.0.2560

Error: (10/14/2012 03:03:43 AM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.

Error: (10/14/2012 03:03:39 AM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.


System errors:
=============
Error: (10/16/2012 09:41:52 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest.
Reference error message: The operation completed successfully.
.

Error: (10/16/2012 09:41:52 PM) (Source: SideBySide) (User: )
Description: Syntax error in manifest or policy file "The manifest file contains one or more syntax errors.
1" on line The manifest file contains one or more syntax errors.
2.

Error: (10/16/2012 09:41:52 PM) (Source: SideBySide) (User: )
Description: Syntax error in manifest or policy file "assemblyIdentity1" on line assemblyIdentity2.
The required attribute version is missing from element assemblyIdentity.

Error: (10/16/2012 09:41:52 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files\Apple Software Update\Plugins\EXEInstallPlugin.dll.Manifest.
Reference error message: The operation completed successfully.
.

Error: (10/16/2012 09:41:52 PM) (Source: SideBySide) (User: )
Description: Syntax error in manifest or policy file "The manifest file contains one or more syntax errors.
1" on line The manifest file contains one or more syntax errors.
2.

Error: (10/16/2012 09:41:52 PM) (Source: SideBySide) (User: )
Description: Syntax error in manifest or policy file "assemblyIdentity1" on line assemblyIdentity2.
The required attribute version is missing from element assemblyIdentity.

Error: (10/16/2012 03:08:03 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).

Error: (10/15/2012 03:09:09 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).

Error: (10/14/2012 03:07:44 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).

Error: (10/13/2012 03:07:33 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).


Microsoft Office Sessions:
=========================
Error: (10/16/2012 03:07:46 AM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1705.5046kb26563701033643finstallx865.1.2600.2.3.0.2560

Error: (10/16/2012 03:07:29 AM) (Source: MsiInstaller)(User: NT AUTHORITY)NT AUTHORITY
Description: Microsoft .NET Framework 1.1{A38B334A-A0A2-436D-BAA0-34FE5E517E44}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log

Error: (10/16/2012 03:07:21 AM) (Source: MsiInstaller)(User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (10/15/2012 11:56:00 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.1.522.0timeout1.1.8800.0fixed1 _ 51210 _ not bootNILNILNIL

Error: (10/15/2012 03:03:55 AM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1705.5046kb26563701033643finstallx865.1.2600.2.3.0.2560

Error: (10/15/2012 03:03:42 AM) (Source: MsiInstaller)(User: NT AUTHORITY)NT AUTHORITY
Description: Microsoft .NET Framework 1.1{A38B334A-A0A2-436D-BAA0-34FE5E517E44}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log

Error: (10/15/2012 03:03:39 AM) (Source: MsiInstaller)(User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (10/14/2012 03:03:52 AM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1705.5046kb26563701033643finstallx865.1.2600.2.3.0.2560

Error: (10/14/2012 03:03:43 AM) (Source: MsiInstaller)(User: NT AUTHORITY)NT AUTHORITY
Description: Microsoft .NET Framework 1.1{A38B334A-A0A2-436D-BAA0-34FE5E517E44}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log

Error: (10/14/2012 03:03:39 AM) (Source: MsiInstaller)(User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.(NULL)(NULL)(NULL)


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader 7.0.5 Language Support (Version: 7.0.5)
Adobe Reader 7.0.8 (Version: 7.0.8)
Adobe Shockwave Player (Version: 10.1.4.20)
Apple Software Update (Version: 1.0.2.1)
CCleaner (Version: 3.22)
CheckIt Diagnostics (Version: 7.0)
ESET Online Scanner v3
iTunes (Version: 7.0.2.16)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
NETGEAR WG111 Software
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Primo (Version: 1.00.0000)
QuickTime (Version: 7.1.3.170)
Revo Uninstaller 1.94 (Version: 1.94)
Runtime (Version: 1.00.0000)
Sony Picture Utility (Version: 4.2.00.11130)
Unlocker 1.9.1 (Version: 1.9.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
Viewpoint Media Player
WebFldrs XP (Version: 9.50.5318)
Windows Defender Signatures (Version: 1.20.0.0)
Windows Doctor 2.7.3
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 87%
Total physical RAM: 383.55 MB
Available physical RAM: 47.21 MB
Total Pagefile: 986.15 MB
Available Pagefile: 526.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.74 MB

========================= Partitions: =====================================

2 Drive c: (ST320414A) (Fixed) (Total:18.64 GB) (Free:8.33 GB) NTFS

========================= Users: ========================================

User accounts for \\DAMONFAMILY01

Administrator ASPNET Family Login
Guest HelpAssistant SUPPORT_388945a0

========================= Restore Points ==================================

09-10-2012 04:24:51 System Checkpoint
09-10-2012 07:02:43 Software Distribution Service 3.0
09-10-2012 07:26:06 Software Distribution Service 3.0
10-10-2012 01:43:56 Software Distribution Service 3.0
10-10-2012 06:17:24 Software Distribution Service 3.0
10-10-2012 07:00:48 Software Distribution Service 3.0
11-10-2012 02:54:17 Software Distribution Service 3.0
11-10-2012 06:17:02 Software Distribution Service 3.0
11-10-2012 07:01:36 Software Distribution Service 3.0
12-10-2012 06:29:16 Software Distribution Service 3.0
12-10-2012 07:00:47 Software Distribution Service 3.0
12-10-2012 07:59:52 Software Distribution Service 3.0
13-10-2012 06:28:33 Software Distribution Service 3.0
13-10-2012 07:00:46 Software Distribution Service 3.0
13-10-2012 08:00:56 Software Distribution Service 3.0
14-10-2012 06:32:59 Software Distribution Service 3.0
14-10-2012 07:00:53 Software Distribution Service 3.0
15-10-2012 06:29:14 Software Distribution Service 3.0
15-10-2012 07:00:46 Software Distribution Service 3.0
16-10-2012 07:03:05 Software Distribution Service 3.0
16-10-2012 08:11:39 Software Distribution Service 3.0
16-10-2012 08:44:08 Software Distribution Service 3.0

**** End of log ****


3. FARBER

Farbar Service Scanner Version: 07-10-2012
Ran by Family Login (administrator) on 16-10-2012 at 23:19:22
Running from "C:\Documents and Settings\Family Login\Local Settings\Temporary Internet Files\Content.IE5\AVXG2I6Y"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) MDC8021X(9) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000060000000700000009000000
IpSec Tag value is correct.

**** End of log ****


4. JUNK REMOVAL TOOL

Junkware Removal Tool (JRT) by Thisisu
Version: 1.6.9 (10.16.2012)
OS: Microsoft Windows XP x86
Ran by Family Login on Tue 10/16/2012 at 23:23:07.38
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] "hkey_local_machine\software\metastream"
Successfully deleted: [KEY] hkey_current_user\software\microsoft\internet explorer\searchscopes\{3bd44f0e-0596-4008-aee0-45d47e3a8f0e}



*** Files: 0 Detections



*** Folders: 0 Detections



*** Event Viewer Logs - NOT cleared





**************************************************************
Scan was completed on Wed 10/17/2012 at 0:28:53.04
End of Report



Thank you very much for heling me Narenxp. What do all those errors in the MinitoolBox mean? For a while now, when I try to install windows updates like "windows security update for Microsoft.net Framework 1.1. SP1 on windows xp, windows vista, and windows server 2008 x86(KB2656370)", the installation never works and always fails..with a note that installation was not successful.

Thanks again and I will send results for adwCleaner in my next message.

Regards,

Davidad

#12 davidad

davidad
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 PM

Posted 17 October 2012 - 01:58 AM

Narenxp,

Hello again.

Here is the log for AdwCleaner.

# AdwCleaner v2.005 - Logfile created 10/17/2012 at 02:45:16
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Family Login - DAMONFAMILY01
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Family Login\Local

Settings\Temporary Internet Files\Content.IE5\7VQBJ3ZI\adwcleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application

Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\Microsoft\Internet

Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Viewpoint
Key Deleted :

HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted :

HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted :

HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted :

HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted :

HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted :

HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\FCSB000063123
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed

Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed

Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet

Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App

Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App

Management\ARPCache\Viewpoint Manager
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App

Management\ARPCache\ViewpointMediaPlayer
Key Deleted :

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.



OK, what do you think? I still see the RECYCLER Folder on the C Drive, FYI.

Thanks again Narenxp for helping me out. By the way, where are you actually located?

Take care, please advise and thanks.

Davidad

*************************

AdwCleaner[S2].txt - [2891 octets] - [17/10/2012 02:45:16]

########## EOF - C:\AdwCleaner[S2].txt - [2951 octets] ##########

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:10 PM

Posted 17 October 2012 - 07:42 AM

I'm from India

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#14 davidad

davidad
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 PM

Posted 17 October 2012 - 01:44 PM

Hello Narenxp,

Thanks for your quick response and action recommendations.

Just a few follow up questions on questions I had raised earlier. Can you help me out and please advise?

1. I still see the RECYCLER Folder on my C: Drive! How do I get rid of it without it coming back again and again? (from yesterday early am). Or should we just wait a bit more till all the logs you asked for are sent over?

2. Can you see it in any of the logs I've sent or do you see anything else of concern? (from yesterday mid am).

3. What do all those errors in the MinitoolBox mean? (from today am) Can you assist me in fixing them?

Finally, I'll look to follow your recent instructions shortly? Where in India specifically?!

Thanks and regards,

Davidad

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:10 PM

Posted 17 October 2012 - 04:53 PM

I still need the logs

RECYCLER folder is not a virus.Zero access rootkit can drop malicious files in RECYCLER folder and run from there.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users