Jump to content

rdeining

Honorary Members
  • Posts

    27
  • Joined

  • Last visited

Reputation

0 Neutral
  1. hopefully, a clean bill of health (combofix and HJT logs attached) ComboFix 08-12-21.04 - Ray 2008-12-28 17:37:52.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.524 [GMT -8:00] Running from: c:\documents and settings\Ray\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\LocalService\Application Data\twain_32 c:\documents and settings\LocalService\Application Data\twain_32\user.ds c:\documents and settings\NetworkService\Application Data\twain_32 c:\documents and settings\NetworkService\Application Data\twain_32\user.ds c:\documents and settings\Ray\Application Data\inst.exe I:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV.SYS -------\Service_TDSSserv.sys ((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-29 ))))))))))))))))))))))))))))))) . 2008-12-28 17:17 . 2008-12-28 17:17 <DIR> d-------- c:\documents and settings\Ray\Application Data\Malwarebytes 2008-12-28 10:46 . 2008-12-28 10:50 <DIR> d-------- C:\HostsXpert 2008-12-27 03:17 . 2008-12-27 03:17 <DIR> d-------- C:\_OTScanIt 2008-12-22 21:50 . 2008-12-22 21:50 <DIR> d-------- c:\program files\Safari 2008-12-22 21:05 . 2008-12-22 21:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-22 21:05 . 2008-12-22 21:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-22 21:05 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-22 21:05 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-21 17:28 . 2008-12-21 17:28 <DIR> d-------- c:\program files\Trend Micro 2008-12-21 16:39 . 2008-12-21 16:39 <DIR> d-------- c:\program files\Windows Live Safety Center 2008-12-21 15:18 . 2008-12-21 15:18 <DIR> d-------- c:\program files\DVDFab 5 2008-12-20 10:46 . 2004-08-03 23:10 78,464 --a------ c:\windows\system32\drivers\usbvideo.sys 2008-12-20 10:46 . 2004-08-03 23:10 78,464 --a--c--- c:\windows\system32\dllcache\usbvideo.sys 2008-12-20 09:57 . 2008-12-20 09:57 <DIR> d-------- c:\windows\system32\IOSUBSYS 2008-12-14 11:59 . 2008-12-14 11:59 <DIR> d-------- c:\program files\Visioneer OneTouch 2008-12-07 06:56 . 2008-12-07 06:56 <DIR> d-------- c:\program files\QuickTime 2008-12-07 06:56 . 2008-12-07 06:56 <DIR> d-------- c:\program files\Common Files\Apple 2008-12-07 06:55 . 2008-12-07 06:55 <DIR> d-------- c:\program files\Apple Software Update 2008-12-07 06:55 . 2008-12-07 06:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple 2008-12-06 15:54 . 2001-08-17 12:19 40,704 --a------ c:\windows\system32\drivers\es1371mp.sys 2008-12-06 15:54 . 2001-08-17 12:19 40,704 --a--c--- c:\windows\system32\dllcache\es1371mp.sys 2008-12-06 15:54 . 2004-08-03 23:08 10,624 --a------ c:\windows\system32\drivers\gameenum.sys 2008-12-06 15:54 . 2004-08-03 23:08 10,624 --a--c--- c:\windows\system32\dllcache\gameenum.sys 2008-12-06 15:08 . 2005-08-17 18:25 18,771,968 --a------ c:\windows\system32\alsndmgr.cpl 2008-12-06 15:08 . 2005-08-17 18:21 10,458,112 --a------ c:\windows\system32\RTLCPL.exe 2008-12-06 15:08 . 2005-08-19 17:31 3,644,800 --a------ c:\windows\system32\drivers\alcxwdm.sys 2008-12-06 15:08 . 2004-09-07 14:23 156,672 --a------ c:\windows\system32\RtlCPAPI.dll 2008-12-06 15:08 . 2002-02-05 13:54 141,016 --a------ c:\windows\system32\alsndmgr.wav 2008-12-06 15:08 . 2005-08-17 18:39 90,112 --a------ c:\windows\soundman.exe 2008-12-06 15:08 . 2005-07-15 16:48 40,960 --a------ c:\windows\system32\ChCfg.exe 2008-12-06 15:06 . 2008-12-06 15:06 <DIR> d-------- c:\program files\Realtek Sound Manager 2008-12-06 15:06 . 2008-12-06 15:06 <DIR> d-------- c:\program files\AvRack 2008-12-06 15:06 . 2001-07-06 00:19 164 --a------ c:\windows\avrack.ini 2008-12-06 15:05 . 2008-12-06 15:06 <DIR> d-------- c:\program files\Realtek AC97 2008-12-06 15:05 . 2005-08-12 18:40 307,200 --a------ c:\windows\alcupd.exe 2008-12-06 15:05 . 2005-09-09 16:39 212,992 --a------ c:\windows\alcrmv.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-29 01:40 20,249,632 --sha-w c:\windows\system32\drivers\fidbox.dat 2008-12-29 01:40 195,860 --sha-w c:\windows\system32\drivers\fidbox.idx 2008-12-28 22:04 115,473 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_12_28_13_55_29_small.dmp.zip 2008-12-28 21:55 362,496 ----a-w c:\windows\Internet Logs\xDBA.tmp 2008-12-28 17:53 415,232 ----a-w c:\windows\Internet Logs\xDB7.tmp 2008-12-28 17:53 2,535,936 ----a-w c:\windows\Internet Logs\xDB8.tmp 2008-12-28 17:50 2,535,424 ----a-w c:\windows\Internet Logs\xDB9.tmp 2008-12-24 18:18 667,136 ----a-w c:\windows\Internet Logs\xDB5.tmp 2008-12-24 18:18 2,520,064 ----a-w c:\windows\Internet Logs\xDB6.tmp 2008-12-23 08:13 20,006,936 ----a-w c:\windows\Internet Logs\vsmon_on_demand_thread_2008_12_23_00_12_19_full.dmp.zip 2008-12-23 05:50 --------- d-----w c:\documents and settings\Ray\Application Data\Apple Computer 2008-12-21 23:27 --------- d-----w c:\documents and settings\Ray\Application Data\Vso 2008-12-21 23:18 1,501,184 ----a-w c:\windows\Internet Logs\xDB4.tmp 2008-12-21 21:47 3,187,017 ----a-w c:\windows\Internet Logs\tvDebug.zip 2008-12-20 17:54 --------- d-----w c:\program files\Google 2008-12-14 19:00 2,256 ----a-w c:\windows\current_settings.bin 2008-12-07 14:56 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2008-12-06 23:05 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-25 13:12 --------- d-----w c:\program files\DivX 2008-11-25 06:16 41,841 ----a-w c:\windows\Internet Logs\zlclient_2nd_2008_11_16_12_52_00_small.dmp.zip 2008-11-25 06:08 --------- d-----w c:\documents and settings\Ray\Application Data\X-Downloader 2008-11-24 01:50 --------- d-----w c:\program files\MediaMonkey 2008-11-17 20:04 2,306,113 ----a-w c:\windows\system32\GPhotos.scr 2008-11-13 11:11 2,262,528 ----a-w c:\windows\Internet Logs\xDB3.tmp 2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll 2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll 2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll 2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll 2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll 2008-10-26 16:07 88,576 ----a-w c:\windows\Internet Logs\xDB2.tmp 2008-10-24 10:06 2,300,928 ----a-w c:\windows\Internet Logs\xDB1.tmp 2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 10:37 659,456 ----a-w c:\windows\system32\wininet.dll 2008-10-09 22:25 73,104 ----a-w c:\windows\zllsputility.exe 2008-10-09 22:25 1,221,008 ----a-w c:\windows\system32\zpeng25.dll 2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-08-25 04:18 47,360 ----a-w c:\documents and settings\Ray\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-10-09 981904] "UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-06 36864] "SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 75584] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016] "Norton Ghost 12.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-05-07 2037088] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "nwiz"="nwiz.exe" [2007-04-19 c:\windows\system32\nwiz.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Kaiser VPN Client.lnk - c:\program files\Kaiser\VPN Client\ipsecdialer.exe [2008-10-15 1269836] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 BIOS;BIOS;\??\c:\windows\system32\drivers\BIOS.sys [2008-08-24 13696] R2 CVPNDRV;Kaiser IPsec Driver;\??\c:\windows\system32\Drivers\CVPNDRV.sys [2008-10-15 263751] S3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);c:\windows\system32\Drivers\XLoader.sys [2004-11-26 13696] . Contents of the 'Scheduled Tasks' folder 2008-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s O16 -: {D00E9550-440D-4EF8-BFCE-174300890C05} - hxxp://www.gomusic.ru/cabs/xdownloader.cab c:\windows\Downloaded Program Files\XDownloader.inf FF - ProfilePath - c:\documents and settings\Ray\Application Data\Mozilla\Firefox\Profiles\s5nmffeg.default\ FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-28 17:43:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ZoneLabs\vsmon.exe c:\windows\system32\ZoneLabs\avsys\ScanningProcess.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\Kaiser\VPN Client\cvpnd.exe c:\program files\Norton Ghost\Agent\VProSvc.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Completion time: 2008-12-28 17:45:14 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-29 01:45:08 Pre-Run: 28,207,931,392 bytes free Post-Run: 28,156,235,776 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 190 --- E O F --- 2008-12-18 11:00:46 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:47:16 PM, on 12/28/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Kaiser\VPN Client\cvpnd.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe C:\Program Files\Norton Ghost\Agent\VProTray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe O4 - HKLM\..\Run: [sansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - Global Startup: Kaiser VPN Client.lnk = C:\Program Files\Kaiser\VPN Client\ipsecdialer.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab O16 - DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} (DMList Class) - http://www.gomusic.ru/cabs/xdownloader.cab O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Kaiser\VPN Client\cvpnd.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 4363 bytes
  2. I was able to run MAMB and the log is attached after the avenger log. I removed what it found Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\WINDOWS\system32\drivers\TDSSrvdc.sys" not found! Deletion of file "C:\WINDOWS\system32\drivers\TDSSrvdc.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSurob.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSSurob.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSkfkl.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSSkfkl.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSoaba.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSSoaba.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\WINDOWS\system32\TDSSqrde.log" deleted successfully. File "C:\WINDOWS\system32\TDSSweat.dat" deleted successfully. File "C:\WINDOWS\system32\TDSSxnpr.dll" deleted successfully. File "C:\WINDOWS\temp\TDSS3972.tmp" deleted successfully. File "C:\WINDOWS\temp\TDSS3982.tmp" deleted successfully. Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\tdssserv" not found! Deletion of driver "tdssserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdssserv.sys" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdssserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdssserv.sys" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdssserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\tdss" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\tdss" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. Malwarebytes' Anti-Malware 1.31 Database version: 1563 Windows 5.1.2600 Service Pack 2 12/28/2008 5:22:55 PM mbam-log-2008-12-28 (17-22-55).txt Scan type: Quick Scan Objects scanned: 51508 Time elapsed: 4 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\twain_32\local.ds (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\twain_32\user.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
  3. I was able to boot it back into normal mode and ran avenger from there. Upon Reboot, zonealarm found this: Backdoor.Win32.TDSS.asz was found in C:\WINDOWS\system32\TDSSurob.dll on 12/28/2008 14:43:58 this is interesting, and maybe some of these are normal: Directory of C:\WINDOWS\system32 12/28/2008 11:53 AM 35,840 TDSSkfkl.dll 12/28/2008 11:53 AM 31,232 TDSSoaba.dll 12/28/2008 11:53 AM 3,584 TDSSqrde.log 12/28/2008 11:53 AM 441 TDSSweat.dat 12/28/2008 02:25 PM 2,704 TDSSxnpr.dll 5 File(s) 73,801 bytes 0 Dir(s) 28,325,597,184 bytes free C:\WINDOWS\system32>dir ..\temp\tds* Volume in drive C has no label. Volume Serial Number is 649E-C5D1 Directory of C:\WINDOWS\temp 12/20/2008 12:45 PM 102,400 TDSS3972.tmp 12/20/2008 12:45 PM 616,960 TDSS3982.tmp 2 File(s) 719,360 bytes 0 Dir(s) 28,325,597,184 bytes free Here is the avenger Log: Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. Hidden driver "TDSSserv.sys" found! ImagePath: \systemroot\system32\drivers\TDSSrvdc.sys Start Type: 1 (System) Rootkit scan completed. Error: file "C:\WINDOWS\system32\drivers\TDSSmqlt.sys" not found! Deletion of file "C:\WINDOWS\system32\drivers\TDSSmqlt.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\windows\system32\drivers\tdssserv.sys" not found! Deletion of file "C:\windows\system32\drivers\tdssserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\drivers\TDSSmact.sys" not found! Deletion of file "C:\WINDOWS\system32\drivers\TDSSmact.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\WINDOWS\system32\drivers\TDSSrvdc.sys" deleted successfully. Error: file "C:\WINDOWS\system32\TDSSwpyd.dat" not found! Deletion of file "C:\WINDOWS\system32\TDSSwpyd.dat" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSStkdv.log" not found! Deletion of file "C:\WINDOWS\system32\TDSStkdv.log" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSotxb.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSSotxb.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSScrrn.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSScrrn.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSbvqh.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSSbvqh.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSjnmx.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSSjnmx.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSShrxr.dll" not found! Deletion of file "c:\windows\system32\TDSShrxr.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSkkbi.log" not found! Deletion of file "c:\windows\system32\TDSSkkbi.log" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSlrvd.dat" not found! Deletion of file "c:\windows\system32\TDSSlrvd.dat" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSlxwp.dll" not found! Deletion of file "c:\windows\system32\TDSSlxwp.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSnmxh.log" not found! Deletion of file "c:\windows\system32\TDSSnmxh.log" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSoiqt.dll" not found! Deletion of file "c:\windows\system32\TDSSoiqt.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSrhyp.log" not found! Deletion of file "c:\windows\system32\TDSSrhyp.log" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSrtqp.dll" not found! Deletion of file "c:\windows\system32\TDSSrtqp.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSsihc.dll" not found! Deletion of file "c:\windows\system32\TDSSsihc.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSxfum.dll" not found! Deletion of file "c:\windows\system32\TDSSxfum.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\tdssserv" not found! Deletion of driver "tdssserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdssserv.sys" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdssserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdssserv.sys" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdssserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" deleted successfully. Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\tdss" deleted successfully. Completed script processing. ******************* Finished! Terminate.
  4. thanks, I was able to boot in safe mode, but the browser is still hijacked
  5. I can't even boot the system up now. the windows screen comes up, goes black (where I would expect to see the windows is starting up screen) and never comes up. I see some disk activity, but thats it.
  6. found the password, here is the file: ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows XP (build 2600, Service Pack 2) Sun Dec 28 11:49:41 2008 11:49:37: Warning: Skipping potentially dangerous line: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv" (Registry key deletion mode) 11:49:41: Error: Execution aborted by user! ////////////////////////////////////////// Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. Hidden driver "TDSSserv.sys" found! ImagePath: \systemroot\system32\drivers\TDSSrvdc.sys Start Type: 1 (System) Rootkit scan completed. Error: file "C:\WINDOWS\system32\drivers\TDSSmqlt.sys" not found! Deletion of file "C:\WINDOWS\system32\drivers\TDSSmqlt.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\windows\system32\drivers\tdssserv.sys" not found! Deletion of file "C:\windows\system32\drivers\tdssserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\drivers\TDSSmact.sys" not found! Deletion of file "C:\WINDOWS\system32\drivers\TDSSmact.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSfpmp.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSSfpmp.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSwpyd.dat" not found! Deletion of file "C:\WINDOWS\system32\TDSSwpyd.dat" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSStkdv.log" not found! Deletion of file "C:\WINDOWS\system32\TDSStkdv.log" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSotxb.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSSotxb.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSScrrn.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSScrrn.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSbvqh.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSSbvqh.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSjnmx.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSSjnmx.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSShrxr.dll" not found! Deletion of file "c:\windows\system32\TDSShrxr.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSkkbi.log" not found! Deletion of file "c:\windows\system32\TDSSkkbi.log" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSlrvd.dat" not found! Deletion of file "c:\windows\system32\TDSSlrvd.dat" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSlxwp.dll" not found! Deletion of file "c:\windows\system32\TDSSlxwp.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSnmxh.log" not found! Deletion of file "c:\windows\system32\TDSSnmxh.log" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSoiqt.dll" not found! Deletion of file "c:\windows\system32\TDSSoiqt.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSrhyp.log" not found! Deletion of file "c:\windows\system32\TDSSrhyp.log" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSrtqp.dll" not found! Deletion of file "c:\windows\system32\TDSSrtqp.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSsihc.dll" not found! Deletion of file "c:\windows\system32\TDSSsihc.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSxfum.dll" not found! Deletion of file "c:\windows\system32\TDSSxfum.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\tdssserv" not found! Deletion of driver "tdssserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdssserv.sys" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdssserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdssserv.sys" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdssserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" deleted successfully. Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\tdss" deleted successfully. Completed script processing. ******************* Finished! Terminate.
  7. I didn't copy the log contents before it closed and there is a password on the file. I am attaching the zip containing the file in hopes that you know the password. If not, I hope we have another plan. backup.zip backup.zip
  8. can't get there. page not found. If I try kaspersy.com, I get some bogus site.
  9. Twext.dll is still in the windows\system32 directory Here is the log GooredFix v1.6 by jpshortstuff Log created at 10:19 on 28/12/2008 running Option #2 Firefox version 3.0.5 (en-US) =====Goored Deletions===== =====Dumping Registry Values===== [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions] "Plugins"="C:\Program Files\Mozilla Firefox\plugins" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions] "Components"="C:\Program Files\Mozilla Firefox\components"
  10. Sorry, but after re-booting, this crap is still here.
  11. There still seems to be something going on. I still can't run mamb. I am re-booting to see if that helps. Will post results after Investigate a little.
  12. Many thanks. Seems to be back to nomal. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:39:35 AM, on 12/28/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Kaiser\VPN Client\cvpnd.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe C:\Program Files\Norton Ghost\Agent\VProTray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe O4 - HKLM\..\Run: [sansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - Global Startup: Kaiser VPN Client.lnk = C:\Program Files\Kaiser\VPN Client\ipsecdialer.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab O16 - DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} (DMList Class) - http://www.gomusic.ru/cabs/xdownloader.cab O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Kaiser\VPN Client\cvpnd.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 3893 bytes
  13. Sorry, Don't know how that happend Process Explorer.EXE killed successfully! [Registry - Safe List] Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL\\provider deleted successfully. Registry key HKEY_USERS\1-5-21-507921405-308236825-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main not found. Registry key HKEY_USERS\1-5-21-507921405-308236825-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\SearchURL not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NVMixerTray deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\HijackThis startup scan deleted successfully. Registry value HKEY_USERS\S-1-5-21-507921405-308236825-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\HijackThis startup scan not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found. Registry value HKEY_USERS\S-1-5-21-507921405-308236825-725345543-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\twext.exe deleted successfully. File C:\WINDOWS\system32\twext.exe not found. [Files/Folders - Created Within 30 Days] C:\Documents and Settings\Ray\Desktop\gmer.exe moved successfully. C:\_OTMoveIt\MovedFiles\12242008_210504\windows\system32 folder moved successfully. C:\_OTMoveIt\MovedFiles\12242008_210504\windows folder moved successfully. C:\_OTMoveIt\MovedFiles\12242008_210504 folder moved successfully. C:\_OTMoveIt\MovedFiles\12242008_210414 folder moved successfully. C:\_OTMoveIt\MovedFiles\12242008_131728 folder moved successfully. C:\_OTMoveIt\MovedFiles folder moved successfully. C:\_OTMoveIt folder moved successfully. C:\Documents and Settings\Ray\Desktop\OTMoveIt3.exe moved successfully. C:\rsit folder moved successfully. C:\Documents and Settings\Ray\Desktop\RSIT.exe moved successfully. C:\Documents and Settings\Ray\Desktop\fixit.com moved successfully. [Files/Folders - Modified Within 30 Days] C:\WINDOWS\NV1240368.TMP folder deleted successfully. C:\WINDOWS\NV16921252.TMP folder deleted successfully. C:\Documents and Settings\Ray\Local Settings\Temp\7zS8.tmp folder deleted successfully. C:\Documents and Settings\Ray\Local Settings\Temp\bye49.tmp\Disk1\setupdir\040c folder deleted successfully. C:\Documents and Settings\Ray\Local Settings\Temp\bye49.tmp\Disk1\setupdir\0404 folder deleted successfully. C:\Documents and Settings\Ray\Local Settings\Temp\bye49.tmp\Disk1\setupdir\0011 folder deleted successfully. C:\Documents and Settings\Ray\Local Settings\Temp\bye49.tmp\Disk1\setupdir\0009 folder deleted successfully. C:\Documents and Settings\Ray\Local Settings\Temp\bye49.tmp\Disk1\setupdir\0007 folder deleted successfully. C:\Documents and Settings\Ray\Local Settings\Temp\bye49.tmp\Disk1\setupdir folder deleted successfully. C:\Documents and Settings\Ray\Local Settings\Temp\bye49.tmp\Disk1 folder deleted successfully. C:\Documents and Settings\Ray\Local Settings\Temp\bye49.tmp folder deleted successfully. C:\Documents and Settings\Ray\Local Settings\Temp\Div4.tmp folder deleted successfully. C:\Documents and Settings\Ray\Local Settings\Temp\isp1E.tmp folder deleted successfully. C:\Documents and Settings\Ray\Local Settings\Temp\isp27.tmp folder deleted successfully. C:\Documents and Settings\Ray\Local Settings\Temp\isp4.tmp folder deleted successfully. C:\Documents and Settings\Ray\Local Settings\Temp\isp47.tmp folder deleted successfully. C:\Documents and Settings\Ray\Local Settings\Temp\iss1.tmp folder deleted successfully. C:\Documents and Settings\Ray\Local Settings\Temp\iss6.tmp folder deleted successfully. C:\Documents and Settings\Ray\Local Settings\Temp\nsg8E.tmp folder deleted successfully. C:\Documents and Settings\Ray\Local Settings\Temp\VSDE.tmp\dotnetfx folder deleted successfully. C:\Documents and Settings\Ray\Local Settings\Temp\VSDE.tmp folder deleted successfully. C:\Documents and Settings\Ray\Local Settings\Temp\WZSE0.TMP folder deleted successfully. File delete failed. C:\Documents and Settings\Ray\Local Settings\Temp\~DF7DFF.tmp scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Ray\Local Settings\Temp\~DFD345.tmp scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Ray\Local Settings\Temp\~DFD353.tmp scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Ray\Local Settings\Temp\~DF7DFF.tmp scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Ray\Local Settings\Temp\~DFD345.tmp scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Ray\Local Settings\Temp\~DFD353.tmp scheduled to be deleted on reboot. C:\WINDOWS\Temp\nso44.tmp folder deleted successfully. File delete failed. C:\WINDOWS\Temp\ZLT017c3.TMP scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\Temp\ scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\Temp\ scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\Temp\ZLT017c3.TMP scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\Temp\ scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\Temp\ scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\Temp\ZLT017c3.TMP scheduled to be deleted on reboot. File C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_7f4.dat not found! File move failed. C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_9cc.dat scheduled to be moved on reboot. File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_4a0.dat scheduled to be moved on reboot. C:\WINDOWS\tasks\SA.DAT moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_ba0.dat moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_c38.dat moved successfully. File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_3e4.dat scheduled to be moved on reboot. File C:\Documents and Settings\Ray\Desktop\RSIT.exe not found! File C:\Documents and Settings\Ray\Desktop\fixit.com not found! C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_8b8.dat moved successfully. File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_3f0.dat scheduled to be moved on reboot. C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_8fc.dat moved successfully. File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_3c0.dat scheduled to be moved on reboot. File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_2fc.dat scheduled to be moved on reboot. C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_86c.dat moved successfully. File C:\WINDOWS\Temp\nso44.tmp\System.dll not found! File C:\WINDOWS\Temp\nso44.tmp\NSIS_Picasa.dll not found! C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_2dc.dat moved successfully. File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_260.dat scheduled to be moved on reboot. C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_81c.dat moved successfully. File move failed. C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\WINDOWS\Temp\History\History.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\WINDOWS\Temp\Cookies\index.dat scheduled to be moved on reboot. C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_b88.dat moved successfully. File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_250.dat scheduled to be moved on reboot. C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_6fc.dat moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_9d8.dat moved successfully. File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_24c.dat scheduled to be moved on reboot. C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_6e0.dat moved successfully. File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_300.dat scheduled to be moved on reboot. File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_26c.dat scheduled to be moved on reboot. C:\Documents and Settings\Ray\Local Settings\Temp\112408221614\vsxml.dll moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\111608124923\vsxml.dll moved successfully. File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_120.dat scheduled to be moved on reboot. File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_154.dat scheduled to be moved on reboot. C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_228.dat moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_704.dat moved successfully. File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_1b8.dat scheduled to be moved on reboot. C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_614.dat moved successfully. File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_164.dat scheduled to be moved on reboot. File C:\Documents and Settings\Ray\Local Settings\Temp\isp4.tmp\_Setup.dll not found! File C:\Documents and Settings\Ray\Local Settings\Temp\bye49.tmp\Disk1\setup.exe not found! File C:\Documents and Settings\Ray\Local Settings\Temp\isp47.tmp\_Setup.dll not found! File C:\Documents and Settings\Ray\Local Settings\Temp\VSDE.tmp\dotnetfx\dotnetfx.exe not found! File C:\Documents and Settings\Ray\Local Settings\Temp\VSDE.tmp\bootstrap.exe not found! File C:\Documents and Settings\Ray\Local Settings\Temp\VSDE.tmp\dotnetfx\dotnetchk.exe not found! File C:\Documents and Settings\Ray\Local Settings\Temp\isp27.tmp\_Setup.dll not found! File C:\Documents and Settings\Ray\Local Settings\Temp\isp1E.tmp\_Setup.dll not found! File C:\Documents and Settings\Ray\Local Settings\Temp\nsg8E.tmp\NSIS_Picasa.dll not found! C:\Documents and Settings\Ray\Local Settings\Temp\082408170320\vsutil.dll moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\082408170320\vsinit.dll moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\082408170320\vsavpro.dll moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\082408170320\vsdb.dll moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\082408170320\vsdata.dll moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\082408170320\fbl.dll moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\082408170320\featuremap.dll moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\WDM\SoundMan.exe moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\WDM\SoundMan.exe moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\WDM\RTLCPL.exe moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\WDM\RtlCPAPI.dll moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\WDM\RtlCPAPI.dll moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\WDM\ChCfg.exe moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\WDM\ChCfg.exe moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\ChCfg.exe moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\ChCfg.exe moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\WDM\alcrmv.exe moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\WDM\alcrmv.exe moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\WDM\alcrmv64.exe moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\WDM\alcrmv64.exe moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\alcrmv64.exe moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\alcrmv64.exe moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\alcrmv.exe moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\alcrmv.exe moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\AlcUpd64.exe moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\AlcUpd64.exe moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\alcupd.exe moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\alcupd.exe moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\WDM\CPLUtl64.exe moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\WDM\CPLUtl64.exe moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\setup.exe moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\setup.exe moved successfully. File C:\Documents and Settings\Ray\Local Settings\Temp\WZSE0.TMP\nvudisp.exe not found! File C:\Documents and Settings\Ray\Local Settings\Temp\WZSE0.TMP\setup.exe not found! File move failed. C:\WINDOWS\Temp\alcrmv.exe scheduled to be moved on reboot. File move failed. C:\WINDOWS\Temp\soundman.exe scheduled to be moved on reboot. File move failed. C:\WINDOWS\Temp\RTLCPL.exe scheduled to be moved on reboot. File move failed. C:\WINDOWS\Temp\alcupd.exe scheduled to be moved on reboot. File move failed. C:\WINDOWS\Temp\ChCfg.exe scheduled to be moved on reboot. File move failed. C:\WINDOWS\Temp\RtlCPAPI.dll scheduled to be moved on reboot. C:\Documents and Settings\Ray\Local Settings\Temp\setup_wm.exe moved successfully. File move failed. C:\WINDOWS\Temp\newdev.dll scheduled to be moved on reboot. C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\alcrmv9x.exe moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\alcrmv9x.exe moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\alcchkid.exe moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\alcchkid.exe moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\ALCXDEV.EXE moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\ALCXDEV.EXE moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\GETDXVER.EXE moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\GETDXVER.EXE moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\SetCDfmt.exe moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\SetCDfmt.exe moved successfully. [Purity] Purity scan complete. [Empty Temp Folders] File delete failed. C:\Documents and Settings\Ray\Local Settings\Temp\etilqs_2rAMVZF1lBbp3yjC4ZKk scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_9cc.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Ray\Local Settings\Temp\~DF7DFF.tmp scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Ray\Local Settings\Temp\~DFD345.tmp scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Ray\Local Settings\Temp\~DFD353.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4a0.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\ZLT017c3.TMP scheduled to be deleted on reboot. Windows Temp folder emptied. File delete failed. C:\Documents and Settings\Ray\Local Settings\Application Data\Mozilla\Firefox\Profiles\s5nmffeg.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Ray\Local Settings\Application Data\Mozilla\Firefox\Profiles\s5nmffeg.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Ray\Local Settings\Application Data\Mozilla\Firefox\Profiles\s5nmffeg.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Ray\Local Settings\Application Data\Mozilla\Firefox\Profiles\s5nmffeg.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Ray\Local Settings\Application Data\Mozilla\Firefox\Profiles\s5nmffeg.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Ray\Local Settings\Application Data\Mozilla\Firefox\Profiles\s5nmffeg.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. RecycleBin -> emptied. Explorer started successfully < End of fix log > OTScanIt2 by OldTimer - Version 1.0.4.0 fix logfile created on 12272008_031710 Files moved on Reboot... C:\Documents and Settings\Ray\Local Settings\Temp\~DF7DFF.tmp moved successfully. C:\Documents and Settings\Ray\Local Settings\Temp\~DFD345.tmp moved successfully. File C:\Documents and Settings\Ray\Local Settings\Temp\~DFD353.tmp not found! File C:\WINDOWS\Temp\ZLT017c3.TMP not found! Folder move failed. C:\WINDOWS\Temp\\Temporary Internet Files scheduled to be moved on reboot. Folder move failed. C:\WINDOWS\Temp\\History scheduled to be moved on reboot. Folder move failed. C:\WINDOWS\Temp\\Cookies scheduled to be moved on reboot. Folder move failed. C:\WINDOWS\Temp\ scheduled to be moved on reboot. File C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_9cc.dat not found! File C:\WINDOWS\Temp\Perflib_Perfdata_4a0.dat not found! File C:\WINDOWS\Temp\Perflib_Perfdata_3e4.dat not found! File C:\WINDOWS\Temp\Perflib_Perfdata_3f0.dat not found! File C:\WINDOWS\Temp\Perflib_Perfdata_3c0.dat not found! File C:\WINDOWS\Temp\Perflib_Perfdata_2fc.dat not found! File C:\WINDOWS\Temp\Perflib_Perfdata_260.dat not found! File move failed. C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\WINDOWS\Temp\History\History.IE5\index.dat scheduled to be moved on reboot. C:\WINDOWS\Temp\Cookies\index.dat moved successfully. File C:\WINDOWS\Temp\Perflib_Perfdata_250.dat not found! File C:\WINDOWS\Temp\Perflib_Perfdata_24c.dat not found! File C:\WINDOWS\Temp\Perflib_Perfdata_300.dat not found! File C:\WINDOWS\Temp\Perflib_Perfdata_26c.dat not found! File C:\WINDOWS\Temp\Perflib_Perfdata_120.dat not found! File C:\WINDOWS\Temp\Perflib_Perfdata_154.dat not found! File C:\WINDOWS\Temp\Perflib_Perfdata_1b8.dat not found! File C:\WINDOWS\Temp\Perflib_Perfdata_164.dat not found! File C:\WINDOWS\Temp\alcrmv.exe not found! File C:\WINDOWS\Temp\soundman.exe not found! File C:\WINDOWS\Temp\RTLCPL.exe not found! File C:\WINDOWS\Temp\alcupd.exe not found! File C:\WINDOWS\Temp\ChCfg.exe not found! File C:\WINDOWS\Temp\RtlCPAPI.dll not found! File C:\WINDOWS\Temp\newdev.dll not found! File C:\Documents and Settings\Ray\Local Settings\Temp\etilqs_2rAMVZF1lBbp3yjC4ZKk not found! File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. C:\Documents and Settings\Ray\Local Settings\Application Data\Mozilla\Firefox\Profiles\s5nmffeg.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\Ray\Local Settings\Application Data\Mozilla\Firefox\Profiles\s5nmffeg.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\Ray\Local Settings\Application Data\Mozilla\Firefox\Profiles\s5nmffeg.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\Ray\Local Settings\Application Data\Mozilla\Firefox\Profiles\s5nmffeg.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\Ray\Local Settings\Application Data\Mozilla\Firefox\Profiles\s5nmffeg.default\urlclassifier3.sqlite moved successfully. C:\Documents and Settings\Ray\Local Settings\Application Data\Mozilla\Firefox\Profiles\s5nmffeg.default\XUL.mfl moved successfully. Registry entries deleted on Reboot...
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.