Hey it's me

So, here's another question, should I remove the "catchme" folder that has the core.cache.dsk in it? the folder is within the Qoobox generated by Combofix.

Hey it's me

You are never going to believe this!! Avast seems to have found the WIN32:TRATBHO virus AGAIN??? UCH! what the heck doe this mean?

evilfantasy

ceewi1 must have the magic touch.

Leave everything as it is until the Super completes. We will clean up the mess in the closing steps.

If you are saying you have two antivirus installed then yes uninstall one and leave the other. Either Avast! or AVG Antivirus (not to be confused with AVG Antispyware) But not until Super is done scanning.

The Hijacktis log looks fine. Post the Super log and then we can most likely wrap this up.

Thanks ceewi1!!!!!

evilfantasy

It depends on where it found it. It could be in a quarantine folder somewhere.

GameMaster

Possible that Avast! found a Trojan quarantined in AVG, because two antiviruses interfere...
Possible?

__________________
dznutz:

Hey it's me

yes, I think that detected virus was in fact quarantined, there were a bunch of things quarantined in the SAS folder that I just removed for GOOD! The core.cache.dsk and vundo and tons of spyware. I think it's ok after all. PFEW! I was nervous. I actually think every thing's ok now. My stars that was insane! So, evil, how do I thank you? You were great as my platoon captain. And yes, Ceewi gave us the final golden egg, ceewi rules! I really, am grateful!
I'm running SAS right now. I'll post its log, I'm so confused with all the programs I have, does it HAVE a log? Or do I run HJT and give you than in the end? or both? Oh, I'm also running that F-secure in IE to see what it comes up with, it came up with 2 spyware found already. we'll see and as for deciding which protective to run when all is said and done, I'm just not sure? Like I said, I've been using avast since I got this computer 2 years ago. It was fine until THIS! But, perhaps free AVG is better? I don't know?

evilfantasy

Again, STOP doing so much at once. You are going to cause errors by manually doing what the running programs are already doing. Or have them conflict with one another.

Take it easy, let everything complete and post the Super log.

We will then clean up everything.

Hey it's me

I know, sorry about that, I have been told many times int he past to keep myself in check with the multi-tasking. Anyway, I DID stop the other programs and stepped away. here is he only log I could get from Superspyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/15/2008 at 03:46 PM

Application Version : 3.9.1008

Core Rules Database Version : 3379
Trace Rules Database Version: 1373

Scan type : Quick Scan
Total Scan Time : 00:49:01

Memory items scanned : 478
Memory threats detected : 0
Registry items scanned : 825
Registry threats detected : 0
File items scanned : 28907
File threats detected : 0

Hey it's me

I JUST realized something...that was a QUICK Scan NOT a Complete scan. Complete takes longer. For Pete's Sake! I just started the complete, but I may not be able to stay for it today. If I stay here, I won't get anything done and that's not good! grrrrr It's my own stupid fault. Anyway, while it's canning, you know what Evil, I'd really like to do whatever needs to be done to completely remove that core.cache.dsk from my computer, even IF it's now contained in Combofixes Catchme folder. Can we go forward with that? Is it possible? Unless this SAS scans brilliantly quick, when I get back tomorrow I'll run it again. What do you think?

Hey it's me

Oh, and don't be cross, i did another HJT log (it's becoming compulsive):


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:50 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avast4\Alwil Software\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast4\Alwil Software\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iDumpPro\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Avast4\ALWILS~1\ashDisp.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Avast4\Alwil Software\ashMaiSv.exe
C:\Program Files\Avast4\Alwil Software\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Eve\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOCUME~1\Eve\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\Program Files\Eusing Free Registry Cleaner\Regcleaner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.npr.org/templates/rundown...wn.php?prgId=3
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ALWILS~1\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Startup: MailWasherPro.lnk = C:\Program Files\MailWasher Pro\MailWasher.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\Alwil Software\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\Alwil Software\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\Alwil Software\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\Alwil Software\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\iDumpPro\NMSAccessU.exe

--
End of file - 4498 bytes