mike69 wrote: Here is the log, I thought it froze, but it was just doing something else
From the results, C:\Windows\system32\windrvnt.sys, that was the file that got infected and quarantined when I ran spydoctor from the post earlier:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\Windows\system32\windrvnt.sys not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL MACHINE\SYSTEM\ControlSet001\Services\windrvNT\\ deleted successfully.
Registry key HKEY_LOCAL MACHINE\SYSTEM\ControlSet002\Services\windrvNT\\ deleted successfully.
Registry key HKEY_LOCAL MACHINE\SYSTEM\CurrentControlSet\Services\windrvNT\\ not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Mike\LOCALS~1\Temp\etilqs_7MuvplmcUhiPm1dAbIEY scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7ac.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_bc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\8y4k1ogv.Default User\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\8y4k1ogv.Default User\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\8y4k1ogv.Default User\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\8y4k1ogv.Default User\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\8y4k1ogv.Default User\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01112009_140958
Files moved on Reboot...
File C:\DOCUME~1\Mike\LOCALS~1\Temp\etilqs_7MuvplmcUhiPm1dAbIEY not found!
C:\WINDOWS\temp\Perflib_Perfdata_7ac.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_bc.dat not found!
C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\8y4k1ogv.Default User\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\8y4k1ogv.Default User\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\8y4k1ogv.Default User\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\8y4k1ogv.Default User\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\8y4k1ogv.Default User\urlclassifier3.sqlite moved successfully.
q1)
What are all of those "not found" entries mean?q2)
Also, I got a response from another forum when they examined my dds log and needed to see if you can translate to how to remove:'"
The logs look ok apart from these entries.
Code: Select All
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/A...oadcontrol.cab
Not sure what ActiveX control is trying to be downloaded.
Code: Select All
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
Norton live update must have gotten screwed.
Code: Select All
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
"
please help with this
q3) I know that the zafi.b might not be there anymore, but there seems to still be traces of things spawned from it. My process list looks strange from the post I showed earlier, things a still a little slow and still a lag from the browser.
Are there supposed to be 3 svchost.exe in the process list?