Upon Logging "system32/1.tmp doesn't exist" error

Hello,

When I log in XP, I get the following message:

1.
The path C:\WINDOWS\system32\1.tmp does not exist or is not a folder.

I click OK, then I get the following message:

2.
Windows does not find 'C:\WINDOWS\system32\1.tmp'. Check that you entered the name correctly and try again. To search for a file, click on Start>Search.

History:
I ran the Malware Removal Guide Step by Step yesterday and today.
This PC is not mine but I've been its sole user for some months. I return it this week end so I would like it to be clean!!
A few months ago, I read the topic "How to protect yourslef from malware", because there was not appropraite protection on the PC (and there was this annoying 31.tmp" stuff). I followed the steps and chose Avast, Comodo' Firewall and BOClean.


Thanks for your help!!



PS: When the system will be clean and I do Step 8 (a restore point) should I keep Normal Startup in msconfig?
PS2: PandaActiveScan has a new domain name and site structure, you may wish to update the links of the thread.

 

GetRunKey, ShowMe and analyse (aka HighJackTHisThis) logs

 

Thanks for your instructions!

1.

I was prompted, and another window popped up, with the message:

"Location of startup: FILE
C:\\WINDOWS\SYSTEM32\DRIVERS\XLNTJFVP.sys
This trojan horse was found on your machine. It has been shut down, but the FILE from which it started still remains and can be started up again.
Do you want the file removed also?"
Yes/No buttons

I choose Yes.

2.
After the reboot, the messages about 1.tmp did not appear
(But the explorer opened a window for My Documents)

3.
I could not find any log of avenger. There was nothing in C:\\; C:\\Avenger folder was empty; I did a search for avenger.txt on the C drive, but it did not find anything.

New HJT log is attached.


PS: CounterSpy is started at boot, should I disable it because of possible conflicts (I have Avast, Comodo's BOClean (and Firewall))?

 

1. I couldn't find C:\\WINDOWS\SYSTEM32\DRIVERS\XLNTJFVP.sys with the explorer, so I did a search on MyComputer but it did not come up either.

Just in case you didn't notice my comment in the preceding post, last time I rebooted (after avenger), the 1.tmp messages did not appear anymore. So it *appears* to be fixed, although, of course, I have no clue what's going on under the hood!

2. question unrelated to this problem: when the problem is fixed, and the PC can thus be considered malware-free, can I run CCleaner to get rid of any references to BitDefender and PandaScan's online scans that it finds (as well as any remnants of CoutnerSpy after I uninstall it) BEFORE doing Step 8 of the Removal Guide, namely before creating a restore point?

 

Thanks, I did all that (well, all that applies), including regoing through the thread "How to prevent yourslef from malware".

Two little things remain from the cleaning:
1. I could not uninstall avenger: it does not appear in the Panel Configuration uninstall utility, nor does it have a folder in Start>Programs.
2. At boot, Windows Explorer opens MyDocuments. How can I disable this?

----
Unrelated to this problem:
--
I'm going to return this PC to his owner, so I ordered (and just received!) a new machine. It has Vista. I will go though the thread "How to prevent yourself from malware" first thing. I downloaded Avast, a-squared, Comodo Personnal Firewall, CCleaner, Comodo BOClean, SpyBot Search & Destroy and Spyware blaster on a USB key, so that I can install them on the new machine offline. I don't plan to run the initial virus/spyware scans though, because the machine is brand new (I didn't even turn it on yet), so, hopefully, it's malware-free! I would think that updating them and running the scan in a couple of weeks instead should be enough. Is that correct?

--
The thread How to protect yourslef from malware, as well as "Disable Unneeded Services In Windows XP" ( http://forums.majorgeeks.com/showthread.php?t=25835 ) are geared towards pre-Vista Windowses.
A sample of what I'll go through with Vista soon is:
*I ll install Linux besides it (on the same HDD). But the Vista partition utility doesn't shrink things much, and many (free?) partitionners seem (from what I gathered on the net) not to work well with Vista.
*Vista's MBR is different than XP's, so I don't know if "HOWTO: Make an NTFS bootdisk" (
[URL="http://forums.majorgeeks.com/showthread.php?t=35319"[/URL ] ) applies to Vista at all.

Basically, I wonder if there are some Vista-specific ressources that you would recommend, a specialized MajorGeeks.com!
--
----

 

Fixed, thanks!

Avenger doesn't come up at MS, but its author says that the .exe selfloads at boot. So I simply deleted it together with the (empty) folder that it had been created.

Ok, I will be watching for your list when it's out!
I haven't gotten the internet connection running on my Vista laptop yet(!!), but FYI, when asking Comodo's FireWall to update, Vista says that the user doesn't have enough privileges, instead of just asking for the admin password, like it does for 100% Vista-compatible programs.

Thanks a lot for all your dedication in solving this!! Voluntary & experienced antimalware expertise is a great help to the community, thumbs up!