Unable to sync BB; $RECYCLE.BIN: malware removal logs

Hello. Here are my notes on the problems I noticed on my notebook. I followed all the steps in READ AND RUN ME FIRST. I have two HitmanPro logs because I saved the log too early while following the instructions. Posting both here. Thanks!

Problems
1. I started having trouble synching my Blackberry smartphone with my notebook computer after using it without problems for months.
2. An error message about an unknown port appeared. When I checked Device Manager, one device icon on USB Controllers is labeled “Unknown Device.” Details show “Windows has stopped this device because it has reported problems. (Code 43)”. This was NOT corrected when I did the ff: (a) update the device software (it is up to date), (b) disable device, then reboot, and (c) uninstall device, then reboot.
3. I followed ?? When I showed hidden files, I noticed $RECYCLE.BIN on my c:\ drive
4. While running TDSS, two errors appeared: (a) can’t initialize log, and (b) a 2nd I don’t remember. I can’t find the log, but when the scan finished I got a report that no threats are found.
5. While running MGTools.exe, this error message appeared:
ProcessDll.exe – Common Language Runtime Debugging Services Application has generated an exception that could not be handled. Process id=0xd64 (3428), Thread id=0x1084 (4228). Click OK to terminate the application. Click CANCEL to debug the application.

I clicked OK. At the end, I got a message that c:\MGLogs.zip failed to create.

 

YES, it is. The reasons I suspected that it is a malware program are: (1) the effect is on devices, and (2) the $RECYCLE.BIN folder. I vaguely remember that this or something similar is an effect of one of the worms or Trojans identified while you were helping me that time.

I did NOT believe this could be infected because I followed the rest of the steps in your Next Steps, including How to Protect from Malware. I did notice that Comodo Firewall sometimes asks me for permission to grant access to svchost.exe for someone trying to access me from outside. I always blocked it but did NOT terminate because it might be something important.

I started another thread because I was not sure if it is a new problem or not.

Immediately after running READ and RUN ME FIRST, I noticed the next time I used to computer that the error message Unknown Device was gone. The error message is back again. I also did the scheduled weekly scan using Malware Anti-bytes and MSE which turned out clear. The $RECYCLE.BIN folder is still there.

Out of curiousity I looked into the MGTools folder and found that there are logs inside. I wonder if I should re-run MGTools, but how do I get it to successfully make the MGTools.zip folder?

Thanks for your reply.

 

Uh-oh. I don't like the sound of that. Will deal with it when we get there

That is good to hear. This malware business encourages paranoia hehe

I understand. That is why I don't terminate. Didn't notice any problems till the failed BB sync.

Am sending the logs using the optional process you mentioned. Hope to move on working on Windows OS problem you mentioned if my logs are clear and you think there is no malware.

 

I have only the firewall installed for Comodo. I still have to check with my ISP provider, but the proxy server settings may be due to my ISP provider or for the network at work. I no longer use the latter.

On the BB sync, I may have to uninstall and re-install Plan Plus and Blackberry Device Software. I'd rather NOT because I lost some data when I tried to use another laptop while my notebook was infected. Do you have any other ideas?

 

Hello again. Thanks for continuing to work with me. I have verified with my ISP provider that proxy server setting is NOT required.

 

Great news! I got my BB sync'ing successfully. Here's how. I took your cue about doing a System Restore to an old restore point on my backup external drive. Worked on How to Protect Yourself from Malware. I then re-scanned with Malware Anti-bytes and MSE before doing another back-up.

You said System Restore is disabled on my system. It is NOT. Glad I have an old restore point.

Thanks for all your help!

 

Hello again. I could not follow the steps in How To Protect yourself from malware as stated in two instances. First on Disabling Autoruns, there is none described on windows 7. I used a Microsoft Fixit program to do this. Second on an alternative web browser, the link for Google Chrome does not work. I downloaded directly from their site. Does this mean you no longer recommend Google Chrome?