Jump to content

Dodni

Honorary Members
  • Posts

    59
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Can someone kill this post; it is a mistaken dupe and MrC has resolved my issue in the other thread. Thanks again for the assistance!!! -- Dondi
  2. I tried MSCONFIG from the START >> RUN and then went to the STARTUP tab and saw the startup items. I had disable a dupe of ATI and another one that I didn't need to run on startup. I also tried a program I got indirectly from one of your maintenance tip links STARTUP LITE that looks at the startup items and disables unused ones. I will try the program you suggested above to see if I get better results.
  3. Ok, MrC..... I think the PC is doing well, I don't want to keep you from assisting other people who need help. I still have to END PROCESS for explorer.exe once I boot into Windows and then restart explorer as a new task to get my icons in the systray to appear; I routinely only get MBAM, ATI Catalyst Control Center icon & Network icons to appear in the systray upon initial start of windows. After killing explorer & restarting, I get all to appear except 2 that I know of; Extender resource monitor & Apple Airport extreme manager. Any suggestions and what I could try? I have rebooted many many times, to no avail. Other than that, I think the PC is running well & I thank you immensely for your assistance!! Thanks MrC!!
  4. Hey MrC, gotta catch a train to work.... I will catch up after work, later this evening. Thank you for your help in all of this.... truly appreciated
  5. ok, the one in the $NTUninstall folder was reported as good too on Jotti's ?????
  6. http://virusscan.jotti.org/en/scanresult/f0346af11f67bb604b1d3e3899297ee3e849749d/74a257ce0a9ac57730f305a2e21a5d56c6e2b84e did the scan of the ipsec in the system32/drivers directory says it looks good
  7. hmmm this one not looking too gooed either.... http://www.virustotal.com/file-scan/report.html?id=5a6c11317def14b8c34a8c669eb75f7a8d46f05090c43d3dff602cfa13cc504e-1326125621 1 VT Community user(s) with a total of 3091 reputation credit(s) say(s) this sample is goodware. 2 VT Community user(s) with a total of 2 reputation credit(s) say(s) this sample is malware.
  8. at the top in the info box it says: 4 VT Community user(s) with a total of 34538 reputation credit(s) say(s) this sample is goodware. 8 VT Community user(s) with a total of 8 reputation credit(s) say(s) this sample is malware. so, out of 12, 4 say it is maware and 8 say it is goodware
  9. This one looks good though: C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys -----c- 74752 bytes [23:55 16/08/2009] [12:00 10/08/2004] 64537AA5C003A6AFEEE1DF819062D0D1 should I scan this with VT?
  10. http://www.virustotal.com/file-scan/report.html?id=394d296f38e7d8efd91a6eec301d9ce6af910e35eb9819f1a9e3363863aedfdc-1326123422#
  11. There are 2 restore points; one created yesterday by OTL at 4:39pm (RP0) and another created at 1:38 this morning (RP1); (I wasn't actively using the PC at 1:38 this morning) Here is the log from SystemLook SystemLook 30.07.11 by jpshortstuff Log created at 10:23 on 09/01/2012 by Administrator Administrator - Elevation successful ========== filefind ========== Searching for "ipsec.sys" C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys -----c- 74752 bytes [23:55 16/08/2009] [12:00 10/08/2004] 64537AA5C003A6AFEEE1DF819062D0D1 C:\WINDOWS\ERDNT\cache\ipsec.sys --a---- 75264 bytes [15:30 05/01/2012] [19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91 C:\WINDOWS\ServicePackFiles\i386\ipsec.sys ------- 75264 bytes [23:48 16/08/2009] [19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91 C:\WINDOWS\system32\dllcache\ipsec.sys --a--c- 75264 bytes [15:46 15/11/2008] [19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91 C:\WINDOWS\system32\drivers\ipsec.sys --a---- 75264 bytes [15:46 15/11/2008] [19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91 -= EOF =-
  12. Ok, probably my fault that OTL has issues; I had to go back in and turn off real-time protection on the apps that were running. The last try yielded a log: All processes killed ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 5318 bytes ->Temporary Internet Files folder emptied: 1069650 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 56077401 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 456 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Dondi ->Temp folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 65716 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: MCX3 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 405 bytes User: MCX4 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: NetworkService ->Temp folder emptied: 163966 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 51076 bytes ->Flash cache emptied: 58938 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1245096 bytes %systemroot%\System32 .tmp files removed: 328398 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 67517 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 373526 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 57.00 mb Restore points cleared and new OTL Restore Point set! Error starting restore point: System Restore is disabled. Error closing restore point: System Restore is disabled. OTL by OldTimer - Version 3.2.31.0 log created on 01082012_150049 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_d88.dat not found! File\Folder C:\WINDOWS\temp\Perflib_Perfdata_e70.dat not found! Registry entries deleted on Reboot...
  13. Ok, I changed the curly brace to a bracket and ran another RUN FIX with OTL just after my last post (~1hr ago).... OTL is still "running" at the same spot KILLING PROCESS DO NOT INTERRUPT I think we may be miscommunicating regarding the ipsec.sys because of the way I formatted my own log from the MSE scan: Virus:Win32/Sirefef.N (ALL DISINFECTED) file:C:\System Volume Information\_restore{7D16AC66-F68E-485C-93DB-231595C53BA9}\RP994\A0162931.sys driver:IPSec file:C:\WINDOWS\system32\drivers\ipsec.sys These are 2 separate entries in the MSE scan log. I went into each entry individually and copy/pasted the file/info section on the bottom portion of the properties of each entry. So, the Sirefef.N had 2 entries: This was the first one: file:C:\System Volume Information\_restore{7D16AC66-F68E-485C-93DB-231595C53BA9}\RP994\A0162931.sys ...and this was the second one. This was the one that had me concerned because we used a Combofix script to fix ipsec.sys in our earlier steps driver:IPSec file:C:\WINDOWS\system32\drivers\ipsec.sys
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.