1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Recycler\s-2-5-..

Discussion in 'Malware and Virus Removal Archive' started by Camie, 2009/05/10.

  1. 2009/05/10
    Camie

    Camie Inactive Thread Starter

    Joined:
    2009/05/10
    Messages:
    2
    Likes Received:
    0
    [Resolved] Recycler\s-2-5-..

    I had a problem earlier of entering C: drive but now it's only happening on my K: drive which is associated with my USB flash drive. I ran every virus thing I have and nothing shows up. This is what it says when I try to click on the K: drive "Windows cannot find RECYCLER\S-2-5-90-100027579-100016300-100023095-2460.com Make sure you typed the name correctly..... "

    Heres the DDS


    DDS (Ver_09-03-16.01) - NTFSx86
    Run by Owner at 15:40:08.54 on Sun 05/10/2009
    Internet Explorer: 6.0.2900.2180
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.191.13 [GMT -7:00]

    AV: AntiVir Desktop *On-access scanning enabled* (Updated)
    AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    K:\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://att.yahoo.com
    uInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/
    uInternet Settings,ProxyOverride = 127.0.0.1
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    uRun: [Yahoo! Pager] 1
    mRun: [AudioDeck] c:\program files\via\viaudioi\sbadeck\ADeck.exe 1
    mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
    mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
    mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sbcsel~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
    DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
    Notify: NavLogon - c:\windows\system32\NavLogon.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\06f8b5cd.default\
    FF - prefs.js: browser.startup.homepage - hxxp://start.io/sensico
    FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\06f8b5cd.default\extensions\{d02b1e87-a8c6-433f-9b5c-2cec4a072736}\components\susfox3.dll

    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-9 11608]
    R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
    R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-9 108289]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-9 185089]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-9 55640]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-11-21 192104]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576]
    R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-3-14 1816768]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-5-10 101936]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090509.003\naveng.sys [2009-5-10 89104]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090509.003\navex15.sys [2009-5-10 876144]
    S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-3-14 116416]

    =============== Created Last 30 ================

    2009-05-10 03:13 <DIR> --d----- c:\windows\system32\PreInstall
    2009-05-10 03:13 22,752 a------- c:\windows\system32\spupdsvc.exe
    2009-05-10 03:13 <DIR> --d-h--- c:\windows\$hf_mig$
    2009-05-10 01:37 110,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
    2009-05-10 01:37 48,768 a------- c:\windows\system32\S32EVNT1.DLL
    2009-05-10 01:37 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
    2009-05-10 01:37 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
    2009-05-10 01:36 <DIR> --d----- c:\windows\RegisteredPackages
    2009-05-10 01:36 <DIR> --d----- c:\program files\Symantec
    2009-05-10 01:35 <DIR> --d----- c:\program files\Symantec AntiVirus
    2009-05-10 01:35 <DIR> --d----- c:\program files\common files\Symantec Shared
    2009-05-10 01:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
    2009-05-10 01:15 <DIR> --d----- c:\windows\system32\SoftwareDistribution
    2009-05-09 22:59 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
    2009-05-09 22:59 15,504 a------- c:\windows\system32\drivers\mbam.sys
    2009-05-09 22:59 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-09 22:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2009-05-09 22:59 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
    2009-05-09 22:16 <DIR> a-dshr-- C:\cmdcons
    2009-05-09 22:14 161,792 a------- c:\windows\SWREG.exe
    2009-05-09 22:14 98,816 a------- c:\windows\sed.exe
    2009-05-09 21:53 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
    2009-05-09 21:53 <DIR> --d----- c:\program files\Avira
    2009-05-09 21:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
    2009-05-09 21:52 43,387 a------- c:\windows\browser.exe
    2009-05-09 21:52 6,246 a------- c:\windows\atty.ico
    2009-05-09 21:51 81,920 -------- c:\windows\system32\W32n50.dll
    2009-05-09 21:51 17,162 -------- c:\windows\system32\Pcandis5.sys
    2009-05-09 21:51 16,848 -------- c:\windows\system32\Pcandis4.sys
    2009-05-09 21:51 16,073 -------- c:\windows\system32\Pcandis3.vxd
    2009-05-09 21:51 <DIR> --d----- c:\windows\Motive
    2009-05-09 21:51 <DIR> --d----- c:\program files\common files\Motive
    2009-05-09 21:50 <DIR> --d----- c:\program files\SBC Self Support Tool
    2009-05-09 21:44 <DIR> --d----- c:\program files\Yahoo!
    2009-05-09 21:42 <DIR> --d----- c:\program files\BroadJump
    2009-05-09 21:42 22 a------- c:\windows\system32\ati64hlp.stb
    2009-05-09 21:39 6,345 a----r-- c:\windows\system32\DevMngr.vxd
    2009-05-09 21:38 266,240 -------- c:\windows\SBCDSL.exe
    2009-05-09 21:38 487,462 -------- c:\windows\system32\swflash.cab
    2009-05-09 21:38 99,544 -------- c:\windows\system32\GetFlash.exe
    2009-05-09 21:38 600 -------- c:\windows\system32\GetFlash.man
    2009-05-09 21:36 <DIR> --d----- C:\Python30
    2009-05-09 21:35 <DIR> --d----- c:\program files\K-Lite Codec Pack
    2009-05-09 21:34 <DIR> --d----- c:\program files\ATI Technologies
    2009-05-09 21:34 6,400 ac------ c:\windows\system32\dllcache\splitter.sys
    2009-05-09 21:34 6,400 a------- c:\windows\system32\drivers\splitter.sys
    2009-05-09 21:34 82,944 ac------ c:\windows\system32\dllcache\wdmaud.sys
    2009-05-09 21:34 82,944 a------- c:\windows\system32\drivers\wdmaud.sys
    2009-05-09 21:34 52,864 ac------ c:\windows\system32\dllcache\dmusic.sys
    2009-05-09 21:34 52,864 a------- c:\windows\system32\drivers\DMusic.sys
    2009-05-09 21:34 114,688 -------- c:\windows\system32\ati2sgag.exe
    2009-05-09 21:32 <DIR> --d----- c:\program files\VIA
    2009-05-09 21:32 331,184 -------- c:\windows\system32\difxapi.dll
    2009-05-09 21:29 25,600 a------- c:\windows\system32\setupcl.exe
    2009-05-09 21:29 <DIR> --d----- C:\SYSPREP
    2009-05-09 21:28 <DIR> --d----- c:\windows\system32\ReinstallBackups
    2009-05-09 21:27 2 a------- C:\REQUEST_OEMRESET_ENDUSER
    2009-05-09 21:26 46,464 a------- c:\windows\system32\drivers\GAGP30KX.SYS
    2009-05-09 21:25 1,082,112 ac------ c:\windows\system32\dllcache\ati3duag.dll
    2009-05-09 21:25 576,512 ac------ c:\windows\system32\dllcache\ati2mtag.sys
    2009-05-09 21:25 1,082,112 a------- c:\windows\system32\ati3duag.dll
    2009-05-09 21:25 845,728 a------- c:\windows\system32\ati3d1ag.dll
    2009-05-09 21:25 576,512 a------- c:\windows\system32\drivers\ati2mtag.sys
    2009-05-09 21:25 516,768 a------- c:\windows\system32\ativvaxx.dll
    2009-05-09 21:25 301,568 a------- c:\windows\system32\ati2dvag.dll
    2009-05-09 21:25 229,376 a------- c:\windows\system32\ati2cqag.dll
    2009-05-09 21:25 27,165 a------- c:\windows\system32\drivers\fetnd5.sys
    2009-05-09 21:25 26,624 a------- c:\windows\system32\drivers\usbehci.sys
    2009-05-09 21:25 7,168 a------- c:\windows\system32\hccoin.dll
    2009-05-09 21:22 60 a------- c:\windows\system32\SYSDRV.DAT
    2009-05-09 21:22 359,936 a------- c:\windows\system32\wzcsvc.dll
    2009-05-09 21:22 51,712 a------- c:\windows\system32\wzcsapi.dll
    2009-05-09 21:20 53,305 a------- c:\windows\system32\usrlbva.dll
    2009-05-09 21:19 157,696 a------- c:\windows\system32\paqsp.dll
    2009-05-09 21:19 4,274,816 a------- c:\windows\system32\nv4_disp.dll
    2009-05-09 21:19 2,056,832 a------- c:\windows\system32\ntkrnlpa.exe
    2009-05-09 21:19 17,408 a------- c:\windows\system32\msyuv.dll
    2009-05-09 21:19 294,912 a------- c:\windows\system32\msh263.drv
    2009-05-09 21:19 147,968 a------- c:\windows\system32\mdwmdmsp.dll
    2009-05-09 21:19 47,616 a------- c:\windows\system32\iyuv_32.dll
    2009-05-09 21:19 20,992 a------- c:\windows\system32\hid.dll
    2009-05-09 21:19 55,296 a------- c:\windows\system32\dvdplay.exe
    2009-05-09 21:19 58,112 a------- c:\windows\system32\drivers\vdmindvd.sys
    2009-05-09 21:19 16,000 a------- c:\windows\system32\drivers\usbintel.sys
    2009-05-09 21:19 23,936 a------- c:\windows\system32\drivers\usbcamd2.sys
    2009-05-09 21:17 74,752 ac------ c:\windows\system32\dllcache\storprop.dll
    2009-05-09 21:17 196,864 ac------ c:\windows\system32\dllcache\rdpdr.sys
    2009-05-09 21:16 47,104 a------- c:\windows\system32\cnbjmon.dll
    2009-05-09 21:14 290,816 ac------ c:\windows\system32\dllcache\winsrv.dll
    2009-05-09 21:13 1,236,480 ac------ c:\windows\system32\dllcache\msxml3.dll
    2009-05-09 21:12 9,728 ac------ c:\windows\system32\dllcache\label.exe
    2009-05-09 21:11 611,328 ac------ c:\windows\system32\dllcache\comctl32.dll
    2009-05-09 05:59 <DIR> --d----- C:\My Backup -- 09-05-09 0559AM

    ==================== Find3M ====================

    2009-05-09 21:40 155,995 a------- c:\windows\java\packages\F3LBRDFP.ZIP
    2009-05-09 21:40 2,232 a------- c:\windows\java\packages\data\A9RPZVNF.DAT
    2009-05-09 21:40 2,678 a------- c:\windows\java\packages\data\LRJBN3RV.DAT
    2009-05-09 21:40 2,678 a------- c:\windows\java\packages\data\SXRB31J1.DAT
    2009-05-09 21:40 2,678 a------- c:\windows\java\packages\data\G4K6VFZB.DAT
    2009-05-09 21:40 2,678 a------- c:\windows\java\packages\data\9VPZ35F3.DAT
    2009-05-09 21:40 2,678 a------- c:\windows\java\packages\data\5JH3JTZ7.DAT
    2009-04-02 06:21 84,480 a------- c:\windows\system32\ff_vfw.dll

    ============= FINISH: 15:41:07.09 ===============

    Heres the Attach


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-03-16.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/9/2009 9:28:06 PM
    System Uptime: 5/10/2009 3:15:54 AM (12 hours ago)

    Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7142
    Processor: AMD Sempron(tm) Processor 3100+ | Socket 754 | 1799/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 93 GiB total, 88.813 GiB free.
    E: is CDROM (CDFS)
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is CDROM (CDFS)
    K: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Video Controller (VGA Compatible)
    Device ID: PCI\VEN_1106&DEV_3108&SUBSYS_71421462&REV_01\4&26E5F5CD&0&0008
    Manufacturer:
    Name: Video Controller (VGA Compatible)
    PNP Device ID: PCI\VEN_1106&DEV_3108&SUBSYS_71421462&REV_01\4&26E5F5CD&0&0008
    Service:

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: PCI Simple Communications Controller
    Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200014F1&REV_00\3&13C0B0C5&0&50
    Manufacturer:
    Name: PCI Simple Communications Controller
    PNP Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200014F1&REV_00\3&13C0B0C5&0&50
    Service:

    ==== System Restore Points ===================

    RP1: 5/9/2009 9:28:13 PM - System Checkpoint
    RP2: 5/9/2009 9:32:51 PM - Installed Platform
    RP3: 5/9/2009 9:36:31 PM - Installed Python 3.0.1
    RP4: 5/9/2009 9:51:35 PM - Avira AntiVir Personal - 5/9/2009 21:51
    RP5: 5/10/2009 1:35:11 AM - Installed Symantec AntiVirus
    RP6: 5/10/2009 2:33:30 AM - Removed Adobe Reader 6.0
    RP7: 5/10/2009 2:34:11 AM - Installed Adobe Reader 9.1.
    RP8: 5/10/2009 3:13:47 AM - Software Distribution Service 3.0

    ==== Installed Programs ======================

    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.1
    AT&T Self Support Tool
    AT&T Yahoo! Internet Mail
    ATI Control Panel
    ATI Display Driver
    ATI HydraVision
    Avira AntiVir Personal - Free Antivirus
    BroadJump Client Foundation
    K-Lite Codec Pack 4.8.0 (Full)
    LiveUpdate 3.1 (Symantec Corporation)
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Mozilla Firefox (3.0.10)
    Platform
    Python 3.0.1
    Symantec AntiVirus
    Update for Windows XP (KB898461)
    VIA Platform Device Manager
    WebFldrs XP
    Windows Backup Utility
    Windows Installer 3.1 (KB893803)
    WinRAR archiver
    Yahoo! Install Manager

    ==== Event Viewer Messages From Past Week ========

    5/9/2009 9:28:14 PM, error: Service Control Manager [7005] - The LoadUserProfile call failed with the following error: The device is not ready.
    5/10/2009 3:20:38 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    5/10/2009 3:20:38 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    ==== End Of File ===========================
     
    Camie,
    #1
  2. 2009/05/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
     
    broni,
    #2


  3. to hide this advert.

  4. 2009/05/14
    Camie

    Camie Inactive Thread Starter

    Joined:
    2009/05/10
    Messages:
    2
    Likes Received:
    0
    Thanks, but I was eventually able to get rid of the recycler. My computer is ok now :) Sorry I forgot to close the thread.
     
    Camie,
    #3
  5. 2009/05/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK, then.
    I'll mark it as resolved.
     
    broni,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...