Cannot Delete annoying pup up CORE.CACHE.DSK

P

photoITguy

New Member
I'm having trouble deleting a system driver file called "core.cache.dsk". This file appears to be some type of malware/spyware that creates annoying pop-ups in Internet Explorer, even though I'm using Firefox as my default browser.
The file location is "C:\WINDOWS\System32\drivers\core.cache.dsk". I've tried using everything you can think of, from going in to safe mode and manually deleting, to using adaware, kaspersky, avg, spyware doctor, spyware blaster, delete on reboot, etc. And nothing seems to work. Most of them are able to locate it, and claim to delete it, but upon reboot it re-creates itself each time. If you attempt to manually delete it, you receive an error stating it's in use by a program already, if you go in to safe mode you can delete it, but when you reboot it re-appears in normal mode.

please help! I do not want to re-install windows vista again, but as a last resort I will.
here is my HiJack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38, on 2008-01-21
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5317 bytes
 
We've had a few similar cases here lately.

First of all, please post a combofix log:
Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
 
Combo Fix Log

Here is my combo fix log..I'm not sure if this is right but I hope it helps. There were 3 text documents in the Combo Fix folder, here they are


text document - "comboxfix"
ComboFix 08-01-20.1 - Josh 2008-01-21 12:40:35.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.542 [GMT -5:00]
Running from: C:\Users\Josh\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

text document - ComboDel
Files to Move:
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat|C:\QooBox\Quarantine\C\ProgramData\Microsoft\Network\Downloader\qmgr0.dat.vir
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat|C:\QooBox\Quarantine\C\ProgramData\Microsoft\Network\Downloader\qmgr1.dat.vir
C:\Windows\system32\drivers\core.cache.dsk|C:\QooBox\Quarantine\C\Windows\system32\drivers\core.cache.dsk.vir
C:\Windows\system32\drivers\core.cache.dsk|C:\QooBox\Quarantine\C\Windows\system32\drivers\core.cache.dsk.vir
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat|C:\QooBox\Quarantine\C\ProgramData\Microsoft\Network\Downloader\qmgr0.dat.vir
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat|C:\QooBox\Quarantine\C\ProgramData\Microsoft\Network\Downloader\qmgr1.dat.vir
C:\Windows\system32\drivers\core.cache.dsk|C:\QooBox\Quarantine\C\Windows\system32\drivers\core.cache.dsk.vir
C:\Windows\system32\drivers\core.cache.dsk|C:\QooBox\Quarantine\C\Windows\system32\drivers\core.cache.dsk.vir
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat|C:\QooBox\Quarantine\C\ProgramData\Microsoft\Network\Downloader\qmgr0.dat.vir
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat|C:\QooBox\Quarantine\C\ProgramData\Microsoft\Network\Downloader\qmgr1.dat.vir


text document - Pend
\??\C:\ntdetect.com\0\0
\??\C:\boot.ini\0\0
\??\C:\ntldr\0\0
\??\C:\Windows\0\0
\??\C:\Windows\explorer.exe\0\0
\??\C:\Windows\system32\csrss.exe\0\0
\??\C:\Windows\system32\lsass.exe\0\0
\??\C:\Windows\system32\services.exe\0\0
\??\C:\Windows\system32\smss.exe\0\0
\??\C:\Windows\system32\svchost.exe\0\0
\??\C:\Windows\system32\userinit.exe\0\0
\??\C:\Windows\system32\winlogon.exe\0\0
\??\C:\Windows\system32\hal.dll\0\0
\??\C:\Windows\system32\ntdll.dll\0\0
\??\C:\Windows\system32\config\0\0
\??\C:\Windows\system32\drivers\0\0
\??\C:\Windows\system32\wbem\0\0


hope that helps :confused:
 
I ran combo fix a couple more times and it isn't creating the .txt file in my main C:\ directory where you're stating it should. On my desktop it does create a zipped directory labeled "catchme"

inside the zipped directory of "catchme" are 6 files-

"catchme" (directory)
core.cache.dsk (DSK File 163KB)
qmgr0.dat (DAT File 1kb)
qmgr0.dat.1 (1 File 1KB)
qmgr0.dat.2 (2 File 1KB)
qmgr1.dat (DAT File KB)
qmgr1.dat.1 (1 File KB)


I also have ran Spybot Search & Destroy, it is able to find the file C:/windows/system/drivers/core.cache.dsk
It says it removes it too, and even prompts to authorize the registry change, but it too doesn't completely remove it.
At least right now when the pop-up internet explorer boxes come up they are just blank white pages with nothing in them.

I really would like this to STOP, and i really am getting tempted to just re-install windows Vista.:confused:
 
OK, if ComboFix isn't able to complete we'll approach this a different way.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
 
main.txt & extra.txt

main.txt

Deckard's System Scanner v20071014.68
Run by Josh on 2008-01-23 16:47:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 991 MiB (1024 MiB recommended).


-- HijackThis (run as Josh.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:47:57 PM, on 2008-01-23
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Josh\Desktop\dss.exe
\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Josh.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB6194] command /c del "C:\Windows\System32\drivers\core.cache.dsk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7458] cmd /c del "C:\Windows\System32\drivers\core.cache.dsk"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7125 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 VClone - c:\windows\system32\drivers\vclone.sys <Not Verified; Elaborate Bytes AG; Virtual CloneDrive>

S0 OemBiosDevice (Royalty OEM BIOS Extension) - c:\windows\system32\drivers\royal.sys <Not Verified; PARADOX; SLP Kernel-Mode Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&645C964&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&645C964&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-01-22 22:53:27 416 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{58011B01-0681-4E22-8602-18B1CF9A403E}.job
2008-01-22 18:31:00 444 --a------ C:\Windows\Tasks\At2.job
2008-01-21 12:44:49 444 --a------ C:\Windows\Tasks\At1.job


-- Files created between 2007-12-23 and 2008-01-23 -----------------------------

2008-01-22 18:31:05 60416 --a------ C:\Windows\system32\drivers\ComboFix.sys
2008-01-21 17:40:50 0 -rahs---- C:\MSDOS.SYS
2008-01-21 17:40:50 0 -rahs---- C:\IO.SYS
2008-01-21 17:08:39 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-01-21 16:41:17 0 d-------- C:\Users\All Users\Avg7
2008-01-21 11:27:22 0 d-------- C:\Program Files\Trend Micro
2008-01-20 23:05:22 0 d-------- C:\!KillBox
2008-01-20 22:44:46 0 d-------- C:\Windows\Open RegEdit
2008-01-20 22:23:49 0 d-------- C:\Program Files\SpywareBlaster
2008-01-20 22:21:08 0 d-------- C:\Program Files\FireTrust
2008-01-20 20:35:55 0 d-------- C:\Program Files\Kaspersky Lab
2008-01-20 20:35:54 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-01-20 20:34:49 0 d-------- C:\KAV
2008-01-20 19:36:45 0 d-------- C:\Program Files\Remove on Reboot
2008-01-20 14:55:17 0 d-------- C:\Program Files\Lavasoft
2008-01-20 14:55:14 0 d-------- C:\Users\All Users\Lavasoft
2008-01-20 14:52:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-20 12:18:08 86144 --a------ C:\Windows\system32\drivers\fetnd55.sys
2008-01-20 12:17:46 86144 --a------ C:\Windows\system32\drivers\Wdf010000.sys
2008-01-20 12:14:59 86144 --a------ C:\Windows\system32\drivers\sisraid22.sys
2008-01-20 11:48:28 0 d-a------ C:\Users\All Users\TEMP
2008-01-20 11:48:13 0 d-------- C:\Program Files\Spyware Doctor
2008-01-19 19:41:51 0 d-------- C:\Program Files\WinZix
2008-01-18 18:08:27 0 d-------- C:\Program Files\Microsoft Works
2008-01-18 18:06:19 0 d-------- C:\Windows\PCHEALTH
2008-01-18 18:06:18 0 d-------- C:\Program Files\Microsoft.NET
2008-01-18 18:03:25 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-18 18:01:18 0 d-------- C:\Users\All Users\Microsoft Help
2008-01-18 18:00:36 0 dr-h----- C:\MSOCache
2008-01-17 18:29:07 1240 --a------ C:\Windows\mozver.dat
2008-01-16 18:42:35 0 d-------- C:\Program Files\iPod
2008-01-16 18:42:19 0 d-------- C:\Program Files\iTunes
2008-01-16 18:39:54 0 d-------- C:\Program Files\QuickTime
2008-01-13 14:41:29 0 d-------- C:\Program Files\DivX
2008-01-13 10:12:55 0 d-------- C:\Program Files\Xilisoft
2008-01-12 11:12:37 0 d-------- C:\Program Files\BitLocker
2008-01-10 23:40:22 180224 --a------ C:\Windows\system32\xvidvfw.dll
2008-01-10 23:40:22 765952 --a------ C:\Windows\system32\xvidcore.dll
2008-01-10 23:40:22 0 d-------- C:\Program Files\Xvid
2008-01-10 20:50:39 0 d-------- C:\Program Files\NewzToolz
2008-01-10 18:06:50 0 d-------- C:\Program Files\Tencent
2008-01-10 18:06:15 0 d-------- C:\Program Files\AIMTunes
2008-01-10 18:04:55 0 d-------- C:\Users\All Users\AOL Downloads
2008-01-10 18:03:56 0 d-------- C:\Users\All Users\Viewpoint
2008-01-10 18:03:56 0 d-------- C:\Program Files\Viewpoint
2008-01-10 18:03:51 0 d-------- C:\Users\All Users\AOL
2008-01-10 18:03:51 0 d-------- C:\Users\All Users\AOL OCP
2008-01-10 18:03:38 0 d-------- C:\Program Files\Common Files\AOL
2008-01-10 18:03:16 0 d-------- C:\Program Files\AIM6
2008-01-10 17:55:48 0 dr------- C:\Users\Abby\Searches
2008-01-10 17:55:39 0 dr------- C:\Users\Abby\Contacts
2008-01-10 17:55:31 0 dr------- C:\Users\Abby\Videos
2008-01-10 17:55:31 0 d--hs---- C:\Users\Abby\Templates
2008-01-10 17:55:31 0 d--hs---- C:\Users\Abby\Start Menu
2008-01-10 17:55:31 0 d--hs---- C:\Users\Abby\SendTo
2008-01-10 17:55:31 0 dr------- C:\Users\Abby\Saved Games
2008-01-10 17:55:31 0 d--hs---- C:\Users\Abby\Recent
2008-01-10 17:55:31 0 d--hs---- C:\Users\Abby\PrintHood
2008-01-10 17:55:31 0 dr------- C:\Users\Abby\Pictures
2008-01-10 17:55:31 0 d--hs---- C:\Users\Abby\NetHood
2008-01-10 17:55:31 0 d--hs---- C:\Users\Abby\My Documents
2008-01-10 17:55:31 0 dr------- C:\Users\Abby\Music
2008-01-10 17:55:31 0 d--hs---- C:\Users\Abby\Local Settings
2008-01-10 17:55:31 0 dr------- C:\Users\Abby\Links
2008-01-10 17:55:31 0 dr------- C:\Users\Abby\Favorites
2008-01-10 17:55:31 0 dr------- C:\Users\Abby\Downloads
2008-01-10 17:55:31 0 dr------- C:\Users\Abby\Documents
2008-01-10 17:55:31 0 dr------- C:\Users\Abby\Desktop
2008-01-10 17:55:31 0 d--hs---- C:\Users\Abby\Cookies
2008-01-10 17:55:31 0 d--hs---- C:\Users\Abby\Application Data
2008-01-10 17:55:31 0 d--h----- C:\Users\Abby\AppData
2008-01-10 17:55:30 618496 --a------ C:\Users\Abby\NTUSER.DAT
2008-01-09 21:30:18 0 d-------- C:\Program Files\SlySoft
2008-01-09 21:28:58 0 d-------- C:\Users\All Users\Elaborate Bytes
2008-01-09 21:28:21 0 d-------- C:\Program Files\Elaborate Bytes
2008-01-09 21:17:49 240128 --a------ C:\Windows\system32\drivers\royal.sys <Not Verified; PARADOX; SLP Kernel-Mode Driver>
2008-01-09 21:12:06 0 d--hs---- C:\Boot
2008-01-09 21:03:14 0 d-------- C:\Program Files\SAMSUNG
2008-01-09 21:03:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-09 21:01:42 0 d-------- C:\Program Files\Common Files\Nero
2008-01-09 21:01:30 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-09 21:00:25 0 d-------- C:\Users\All Users\Ahead
2008-01-09 21:00:19 0 d-------- C:\Program Files\Common Files\Ahead
2008-01-09 21:00:17 0 d-------- C:\Program Files\Ahead
2008-01-09 20:38:14 148 --a------ C:\Windows\system32\mscomserv.bin
2008-01-09 20:38:05 0 d-------- C:\Program Files\Pointstone
2008-01-09 20:38:05 0 d-------- C:\Program Files\Common Files\Pointstone
2008-01-09 19:58:39 0 d-------- C:\Users\All Users\Adobe
2008-01-09 19:58:01 0 d-------- C:\Program Files\Bonjour
2008-01-09 19:50:20 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-09 19:49:06 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-09 19:21:36 0 d-------- C:\Windows\SoftwareDistribution
2008-01-09 19:20:36 0 d-------- C:\Windows\Debug
2008-01-09 19:20:36 0 d-------- C:\Windows\CSC
2008-01-09 19:19:33 0 d-------- C:\Windows\Prefetch
2008-01-09 19:19:18 0 d--hs---- C:\System Volume Information
2008-01-09 19:18:06 0 d-------- C:\Windows\Panther
2008-01-09 18:33:56 0 d-------- C:\Users\All Users\Azureus
2008-01-09 18:32:06 0 d-------- C:\Program Files\Azureus
2008-01-09 18:27:07 0 d-------- C:\Users\All Users\Apple Computer
2008-01-09 18:26:40 0 d-------- C:\Program Files\Apple Software Update
2008-01-09 18:25:21 0 d-------- C:\Program Files\Common Files\Apple
2008-01-09 18:25:18 0 d-------- C:\Users\All Users\Apple
2008-01-09 18:24:49 0 d--hs---- C:\Windows\Installer
2008-01-09 16:52:33 0 d-------- C:\Windows\system32\Macromed
2008-01-09 16:34:08 0 dr------- C:\Users\Josh\Searches
2008-01-09 16:33:54 0 dr------- C:\Users\Josh\Contacts
2008-01-09 16:33:43 0 dr------- C:\Users\Josh\Videos
2008-01-09 16:33:43 0 d--hs---- C:\Users\Josh\Templates
2008-01-09 16:33:43 0 d--hs---- C:\Users\Josh\Start Menu
2008-01-09 16:33:43 0 d--hs---- C:\Users\Josh\SendTo
2008-01-09 16:33:43 0 dr------- C:\Users\Josh\Saved Games
2008-01-09 16:33:43 0 d--hs---- C:\Users\Josh\Recent
2008-01-09 16:33:43 0 d--hs---- C:\Users\Josh\PrintHood
2008-01-09 16:33:43 0 dr------- C:\Users\Josh\Pictures
2008-01-09 16:33:43 2359296 --ahs---- C:\Users\Josh\NTUSER.DAT
2008-01-09 16:33:43 0 d--hs---- C:\Users\Josh\NetHood
2008-01-09 16:33:43 0 d--hs---- C:\Users\Josh\My Documents
2008-01-09 16:33:43 0 dr------- C:\Users\Josh\Music
2008-01-09 16:33:43 0 d--hs---- C:\Users\Josh\Local Settings
2008-01-09 16:33:43 0 dr------- C:\Users\Josh\Links
2008-01-09 16:33:43 0 dr------- C:\Users\Josh\Favorites
2008-01-09 16:33:43 0 dr------- C:\Users\Josh\Downloads
2008-01-09 16:33:43 0 dr------- C:\Users\Josh\Documents
2008-01-09 16:33:43 0 d-------- C:\Users\Josh\Desktop
2008-01-09 16:33:43 0 d--hs---- C:\Users\Josh\Cookies
2008-01-09 16:33:43 0 d--hs---- C:\Users\Josh\Application Data
2008-01-09 16:33:43 0 d--h----- C:\Users\Josh\AppData


-- Find3M Report ---------------------------------------------------------------

2008-01-22 23:20:13 0 d-------- C:\Users\Josh\AppData\Roaming\Adobe
2008-01-22 22:02:55 0 d-------- C:\Users\Josh\AppData\Roaming\Azureus
2008-01-20 14:52:27 0 d-------- C:\Program Files\Common Files
2008-01-20 12:14:29 0 d-------- C:\Users\Josh\AppData\Roaming\NewzToolz
2008-01-20 11:48:13 0 d-------- C:\Users\Josh\AppData\Roaming\PC Tools
2008-01-18 18:08:12 0 d-------- C:\Program Files\MSBuild
2008-01-14 16:27:38 0 d-------- C:\Users\Josh\AppData\Roaming\QQ Games Plugin
2008-01-14 16:27:23 0 d-------- C:\Users\Josh\AppData\Roaming\acccore
2008-01-12 11:10:58 0 d-------- C:\Program Files\Microsoft Games
2008-01-10 20:40:42 446 --a------ C:\Users\Josh\AppData\Roaming\SamsungLiveUpdateConfig.ini
2008-01-09 21:09:23 769536 --a------ C:\Users\Josh\AppData\Roaming\sfdnwin.dll <Not Verified; Toshiba Samsung Storage Technology Coporation; SFDNWIN>
2008-01-09 18:28:50 0 d-------- C:\Users\Josh\AppData\Roaming\Apple Computer
2008-01-09 17:27:03 174 --ahs---- C:\Program Files\desktop.ini
2008-01-09 17:16:58 0 d-------- C:\Program Files\Windows Mail
2008-01-09 17:16:58 0 d-------- C:\Program Files\Windows Calendar
2008-01-09 17:16:57 0 d-------- C:\Program Files\Windows Defender
2008-01-09 17:16:55 0 d-------- C:\Program Files\Windows Sidebar
2008-01-09 16:52:38 0 d-------- C:\Users\Josh\AppData\Roaming\Macromedia
2008-01-09 16:38:42 0 d-------- C:\Users\Josh\AppData\Roaming\Talkback
2008-01-09 16:38:32 0 d-------- C:\Users\Josh\AppData\Roaming\Mozilla
2008-01-09 16:33:56 0 d-------- C:\Users\Josh\AppData\Roaming\Identities
2007-12-03 20:33:18 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-03 20:33:18 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-03 20:33:18 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-03 20:33:16 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-11-29 17:30:28 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2007-11-29 17:28:24 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-11-28 16:52:32 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-09 05:08 PM]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2007-04-05 03:29 PM]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 08:21 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 03:27 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 12:47 AM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe" [2007-11-19 02:40 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 02:53 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 04:46 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB6194"=command /c del "C:\Windows\System32\drivers\core.cache.dsk"
"SpybotDeletingD7458"=cmd /c del "C:\Windows\System32\drivers\core.cache.dsk"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7840 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-01-23 16:50:49 ------------
 

Attachments

Please download The Avenger by Swandog46 to your Desktop

Open the program. Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens, paste the contents of the codebox below. Please do not include the word Code:
Code: 
[b]Files to delete:[/b]
C:\Windows\system32\drivers\fetnd55.sys
C:\Windows\system32\drivers\Wdf010000.sys
C:\Windows\system32\drivers\sisraid22.sys
C:\Windows\System32\drivers\core.cache.dsk
and click 'Done'

Click the Traffic Light icon to start the program, and OK the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger.txt.

Please re-run Deckard's System Scanner and post the contents of main.txt as well.
 
Avenger

I tried to run Avenger, but it will not allow me to run it because I'm using Windows Vista Ultimate

Here is the error log it made when trying to open and run avenger

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Fatal error: unsupported version of Windows! This program will run only on Windows 2000 or XP.
Error code: 0
Error logged to errorlog.txt. Aborting now!
 
My fault, sorry. Here's the next thing to try, if it doesn't work we'll have to resort to some more complicated steps. Do you have your Windows Disk?

Please delete the version of ComboFix you have and download an updated one from http://download.bleepingcomputer.com/sUBs/ComboFix.exe.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: 
    Files to delete:
C:\Windows\system32\drivers\fetnd55.sys
C:\Windows\system32\drivers\Wdf010000.sys
C:\Windows\system32\drivers\sisraid22.sys
C:\Windows\System32\drivers\core.cache.dsk
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. These results are also located at C:\_OTMoveIt\MovedFiles\Date_Time.log, where Date_Time is the date and time you ran OTMoveIt.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

You may wish to print these instructions, or copy them to a Notepad document, as you will be unable to access the Internet while in Safe Mode to read from this site.

Please reboot into Safe Mode (tap F8 just before Windows starts to load and select Safe Mode from the list).

Please run ComboFix in Safe Mode and post the log it generates if it completes successfully. If not, please reboot into Normal Mode and post a new Deckard's System Scanner log instead.

Please post
  • The OTMoveIt2 results
  • The ComboFix or Deckard's System Scanner results
  • Whether or not you have your Windows Disk
 
logs

_OTMOVEIT LOG
File/Folder Files to delete: not found.
File move failed. C:\Windows\system32\drivers\fetnd55.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\Wdf010000.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\sisraid22.sys scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\core.cache.dsk scheduled to be moved on reboot.

OTMoveIt2 v1.0.14 log created on 01252008_111923

ComboFix once again did not create the correct log file. This time I noticed it kept repeating, and saying "please enter administrator command to run this process, permission denied" it said that several times during it while I was running it in safe mode. I right clicked on it and selected "run as administrator" as well, and that error message still came up during it.

Here is the Deckard Log

Deckard's System Scanner v20071014.68
Run by Josh on 2008-01-25 11:44:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 991 MiB (1024 MiB recommended).


-- HijackThis (run as Josh.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44, on 2008-01-25
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Users\Josh\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Josh.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB6194] command /c del "C:\Windows\System32\drivers\core.cache.dsk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7458] cmd /c del "C:\Windows\System32\drivers\core.cache.dsk"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - cmd.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7401 bytes

-- Files created between 2007-12-25 and 2008-01-25 -----------------------------

2008-01-24 12:27:01 0 d-------- C:\Program Files\Alien Skin
2008-01-24 11:56:26 0 d-------- C:\Users\Josh\Roaming
2008-01-24 11:56:26 0 d-------- C:\Users\Default\Roaming
2008-01-24 11:56:26 0 d-------- C:\Users\Abby\Roaming
2008-01-24 11:56:22 0 d-------- C:\Program Files\MySpace
2008-01-21 17:40:50 0 -rahs---- C:\MSDOS.SYS
2008-01-21 17:40:50 0 -rahs---- C:\IO.SYS
2008-01-21 17:08:39 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-01-21 16:41:17 0 d-------- C:\Users\All Users\Avg7
2008-01-21 11:27:22 0 d-------- C:\Program Files\Trend Micro
2008-01-20 23:05:22 0 d-------- C:\!KillBox
2008-01-20 22:44:46 0 d-------- C:\Windows\Open RegEdit
2008-01-20 22:23:49 0 d-------- C:\Program Files\SpywareBlaster
2008-01-20 22:21:08 0 d-------- C:\Program Files\FireTrust
2008-01-20 20:35:55 0 d-------- C:\Program Files\Kaspersky Lab
2008-01-20 20:35:54 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-01-20 20:34:49 0 d-------- C:\KAV
2008-01-20 19:36:45 0 d-------- C:\Program Files\Remove on Reboot
2008-01-20 14:55:17 0 d-------- C:\Program Files\Lavasoft
2008-01-20 14:55:14 0 d-------- C:\Users\All Users\Lavasoft
2008-01-20 14:52:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-20 11:48:28 0 d-a------ C:\Users\All Users\TEMP
2008-01-20 11:48:13 0 d-------- C:\Program Files\Spyware Doctor
2008-01-19 19:41:51 0 d-------- C:\Program Files\WinZix
2008-01-18 18:08:27 0 d-------- C:\Program Files\Microsoft Works
2008-01-18 18:06:19 0 d-------- C:\Windows\PCHEALTH
2008-01-18 18:06:18 0 d-------- C:\Program Files\Microsoft.NET
2008-01-18 18:03:25 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-18 18:01:18 0 d-------- C:\Users\All Users\Microsoft Help
2008-01-18 18:00:36 0 dr-h----- C:\MSOCache
2008-01-17 18:29:07 1240 --a------ C:\Windows\mozver.dat
2008-01-16 18:42:35 0 d-------- C:\Program Files\iPod
2008-01-16 18:42:19 0 d-------- C:\Program Files\iTunes
2008-01-16 18:39:54 0 d-------- C:\Program Files\QuickTime
2008-01-13 14:41:29 0 d-------- C:\Program Files\DivX
2008-01-13 10:12:55 0 d-------- C:\Program Files\Xilisoft
2008-01-12 11:12:37 0 d-------- C:\Program Files\BitLocker
2008-01-10 23:40:22 180224 --a------ C:\Windows\system32\xvidvfw.dll
2008-01-10 23:40:22 765952 --a------ C:\Windows\system32\xvidcore.dll
2008-01-10 23:40:22 0 d-------- C:\Program Files\Xvid
2008-01-10 20:50:39 0 d-------- C:\Program Files\NewzToolz
2008-01-10 18:06:50 0 d-------- C:\Program Files\Tencent
2008-01-10 18:06:15 0 d-------- C:\Program Files\AIMTunes
2008-01-10 18:04:55 0 d-------- C:\Users\All Users\AOL Downloads
2008-01-10 18:03:56 0 d-------- C:\Users\All Users\Viewpoint
2008-01-10 18:03:56 0 d-------- C:\Program Files\Viewpoint
2008-01-10 18:03:51 0 d-------- C:\Users\All Users\AOL
2008-01-10 18:03:51 0 d-------- C:\Users\All Users\AOL OCP
2008-01-10 18:03:38 0 d-------- C:\Program Files\Common Files\AOL
2008-01-10 18:03:16 0 d-------- C:\Program Files\AIM6
2008-01-10 17:55:48 0 dr------- C:\Users\Abby\Searches
2008-01-10 17:55:39 0 dr------- C:\Users\Abby\Contacts
2008-01-10 17:55:31 0 dr------- C:\Users\Abby\Videos
2008-01-10 17:55:31 0 d--hs---- C:\Users\Abby\Templates
2008-01-10 17:55:31 0 d--hs---- C:\Users\Abby\Start Menu
2008-01-10 17:55:31 0 d--hs---- C:\Users\Abby\SendTo
2008-01-10 17:55:31 0 dr------- C:\Users\Abby\Saved Games
2008-01-10 17:55:31 0 d--hs---- C:\Users\Abby\Recent
2008-01-10 17:55:31 0 d--hs---- C:\Users\Abby\PrintHood
2008-01-10 17:55:31 0 dr------- C:\Users\Abby\Pictures
2008-01-10 17:55:31 0 d--hs---- C:\Users\Abby\NetHood
2008-01-10 17:55:31 0 d--hs---- C:\Users\Abby\My Documents
2008-01-10 17:55:31 0 dr------- C:\Users\Abby\Music
2008-01-10 17:55:31 0 d--hs---- C:\Users\Abby\Local Settings
2008-01-10 17:55:31 0 dr------- C:\Users\Abby\Links
2008-01-10 17:55:31 0 dr------- C:\Users\Abby\Favorites
2008-01-10 17:55:31 0 dr------- C:\Users\Abby\Downloads
2008-01-10 17:55:31 0 dr------- C:\Users\Abby\Documents
2008-01-10 17:55:31 0 dr------- C:\Users\Abby\Desktop
2008-01-10 17:55:31 0 d--hs---- C:\Users\Abby\Cookies
2008-01-10 17:55:31 0 d--hs---- C:\Users\Abby\Application Data
2008-01-10 17:55:31 0 d--h----- C:\Users\Abby\AppData
2008-01-10 17:55:30 786432 --a------ C:\Users\Abby\NTUSER.DAT
2008-01-09 21:30:18 0 d-------- C:\Program Files\SlySoft
2008-01-09 21:28:58 0 d-------- C:\Users\All Users\Elaborate Bytes
2008-01-09 21:28:21 0 d-------- C:\Program Files\Elaborate Bytes
2008-01-09 21:17:49 240128 --a------ C:\Windows\system32\drivers\royal.sys <Not Verified; PARADOX; SLP Kernel-Mode Driver>
2008-01-09 21:12:06 0 d--hs---- C:\Boot
2008-01-09 21:03:14 0 d-------- C:\Program Files\SAMSUNG
2008-01-09 21:03:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-09 21:01:42 0 d-------- C:\Program Files\Common Files\Nero
2008-01-09 21:01:30 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-09 21:00:25 0 d-------- C:\Users\All Users\Ahead
2008-01-09 21:00:19 0 d-------- C:\Program Files\Common Files\Ahead
2008-01-09 21:00:17 0 d-------- C:\Program Files\Ahead
2008-01-09 20:38:14 148 --a------ C:\Windows\system32\mscomserv.bin
2008-01-09 20:38:05 0 d-------- C:\Program Files\Pointstone
2008-01-09 20:38:05 0 d-------- C:\Program Files\Common Files\Pointstone
2008-01-09 19:58:39 0 d-------- C:\Users\All Users\Adobe
2008-01-09 19:58:01 0 d-------- C:\Program Files\Bonjour
2008-01-09 19:50:20 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-09 19:49:06 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-09 19:21:36 0 d-------- C:\Windows\SoftwareDistribution
2008-01-09 19:20:36 0 d-------- C:\Windows\Debug
2008-01-09 19:20:36 0 d-------- C:\Windows\CSC
2008-01-09 19:19:33 0 d-------- C:\Windows\Prefetch
2008-01-09 19:19:18 0 d--hs---- C:\System Volume Information
2008-01-09 19:18:06 0 d-------- C:\Windows\Panther
2008-01-09 18:33:56 0 d-------- C:\Users\All Users\Azureus
2008-01-09 18:32:06 0 d-------- C:\Program Files\Azureus
2008-01-09 18:27:07 0 d-------- C:\Users\All Users\Apple Computer
2008-01-09 18:26:40 0 d-------- C:\Program Files\Apple Software Update
2008-01-09 18:25:21 0 d-------- C:\Program Files\Common Files\Apple
2008-01-09 18:25:18 0 d-------- C:\Users\All Users\Apple
2008-01-09 18:24:49 0 d--hs---- C:\Windows\Installer
2008-01-09 16:52:33 0 d-------- C:\Windows\system32\Macromed
2008-01-09 16:34:08 0 dr------- C:\Users\Josh\Searches
2008-01-09 16:33:54 0 dr------- C:\Users\Josh\Contacts
2008-01-09 16:33:43 0 dr------- C:\Users\Josh\Videos
2008-01-09 16:33:43 0 d--hs---- C:\Users\Josh\Templates
2008-01-09 16:33:43 0 d--hs---- C:\Users\Josh\Start Menu
2008-01-09 16:33:43 0 d--hs---- C:\Users\Josh\SendTo
2008-01-09 16:33:43 0 dr------- C:\Users\Josh\Saved Games
2008-01-09 16:33:43 0 d--hs---- C:\Users\Josh\Recent
2008-01-09 16:33:43 0 d--hs---- C:\Users\Josh\PrintHood
2008-01-09 16:33:43 0 dr------- C:\Users\Josh\Pictures
2008-01-09 16:33:43 2359296 --ahs---- C:\Users\Josh\NTUSER.DAT
2008-01-09 16:33:43 0 d--hs---- C:\Users\Josh\NetHood
2008-01-09 16:33:43 0 d--hs---- C:\Users\Josh\My Documents
2008-01-09 16:33:43 0 dr------- C:\Users\Josh\Music
2008-01-09 16:33:43 0 d--hs---- C:\Users\Josh\Local Settings
2008-01-09 16:33:43 0 dr------- C:\Users\Josh\Links
2008-01-09 16:33:43 0 dr------- C:\Users\Josh\Favorites
2008-01-09 16:33:43 0 dr------- C:\Users\Josh\Downloads
2008-01-09 16:33:43 0 dr------- C:\Users\Josh\Documents
2008-01-09 16:33:43 0 d-------- C:\Users\Josh\Desktop
2008-01-09 16:33:43 0 d--hs---- C:\Users\Josh\Cookies
2008-01-09 16:33:43 0 d--hs---- C:\Users\Josh\Application Data
2008-01-09 16:33:43 0 d--h----- C:\Users\Josh\AppData


-- Find3M Report ---------------------------------------------------------------

2008-01-24 17:48:22 0 d-------- C:\Users\Josh\AppData\Roaming\Azureus
2008-01-24 12:31:16 0 d-------- C:\Users\Josh\AppData\Roaming\Alien Skin
2008-01-24 12:24:50 0 d-------- C:\Users\Josh\AppData\Roaming\NewzToolz
2008-01-24 11:56:26 0 d-------- C:\Users\Josh\AppData\Roaming\MySpace
2008-01-22 23:20:13 0 d-------- C:\Users\Josh\AppData\Roaming\Adobe
2008-01-20 14:52:27 0 d-------- C:\Program Files\Common Files
2008-01-20 11:48:13 0 d-------- C:\Users\Josh\AppData\Roaming\PC Tools
2008-01-18 18:08:12 0 d-------- C:\Program Files\MSBuild
2008-01-14 16:27:38 0 d-------- C:\Users\Josh\AppData\Roaming\QQ Games Plugin
2008-01-14 16:27:23 0 d-------- C:\Users\Josh\AppData\Roaming\acccore
2008-01-12 11:10:58 0 d-------- C:\Program Files\Microsoft Games
2008-01-10 20:40:42 446 --a------ C:\Users\Josh\AppData\Roaming\SamsungLiveUpdateConfig.ini
2008-01-09 21:09:23 769536 --a------ C:\Users\Josh\AppData\Roaming\sfdnwin.dll <Not Verified; Toshiba Samsung Storage Technology Coporation; SFDNWIN>
2008-01-09 18:28:50 0 d-------- C:\Users\Josh\AppData\Roaming\Apple Computer
2008-01-09 17:27:03 174 --ahs---- C:\Program Files\desktop.ini
2008-01-09 17:16:58 0 d-------- C:\Program Files\Windows Mail
2008-01-09 17:16:58 0 d-------- C:\Program Files\Windows Calendar
2008-01-09 17:16:57 0 d-------- C:\Program Files\Windows Defender
2008-01-09 17:16:55 0 d-------- C:\Program Files\Windows Sidebar
2008-01-09 16:52:38 0 d-------- C:\Users\Josh\AppData\Roaming\Macromedia
2008-01-09 16:38:42 0 d-------- C:\Users\Josh\AppData\Roaming\Talkback
2008-01-09 16:38:32 0 d-------- C:\Users\Josh\AppData\Roaming\Mozilla
2008-01-09 16:33:56 0 d-------- C:\Users\Josh\AppData\Roaming\Identities
2007-12-03 20:33:18 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-03 20:33:18 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-03 20:33:18 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-03 20:33:16 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-11-29 17:30:28 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2007-11-29 17:28:24 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-11-28 16:52:32 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-09 17:08]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2007-04-05 15:29]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 08:21]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe" [2007-11-19 14:40]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 20:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB6194"=command /c del "C:\Windows\System32\drivers\core.cache.dsk"
"SpybotDeletingD7458"=cmd /c del "C:\Windows\System32\drivers\core.cache.dsk"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-01-25 11:46:15 ------------

I do have my windows disk available if we need to go the "complicated" route.
If I have to, I can just reinstall windows, I have my drives partitioned, so no personal files/data other than programs, and windows are installed on my C:// drive; so it wouldn't be that painful to reinstall if i have to.
 
Hiya ceewi1 & photoITguy,

If I can make a quick suggestion.

Unfortunately combofix and Vista don't always play well together.

This is a method I have found useful for deleting the core.cache.dsk files, reasonably easy to follow.

Boot the pc into "safe mode" and navigate to c:\windows\system32\drivers.

Highlight and "drag" these files out and drop them onto the desktop.

1) core.cache.dsk

2) core.sys

Reboot your pc and now use spybot to scan and remove.

PhotoITguy please only use this method upon advisement from ceewi1.

nn
 
This isn't the traditional core.cache.dsk that's been around for quite some time, this is a newer variant that's protected by a randomly named driver.

Moving the core.cache.dsk file and the protecting drivers is really what's being attempted by OTMoveIt2, although OTMoveIt2 is far more powerful than moving the file in Safe Mode.

The offending files aren't showing up in the Deckard's System Scanner log, although I'd like to look further. How is your PC behaving at the moment?

Please run HijackThis and choose Do a system scan only.

Place a check next to the following entries if still present:

  • [*]O4 - HKCU\..\RunOnce: [SpybotDeletingB6194] command /c del "C:\Windows\System32\drivers\core.cache.dsk"
    [*]O4 - HKCU\..\RunOnce: [SpybotDeletingD7458] cmd /c del "C:\Windows\System32\drivers\core.cache.dsk"
Please close all open windows except for HijackThis and choose Fix checked

Please reboot your PC.

Please run Notepad and copy the contents of the codebox below into a new Notepad document. Please do not include the word Code:
Code: 
dir /A C:\Windows\System32\drivers > driver_files.txt
Save the file to your Desktop as driver_files.bat and make sure the Save as type field says All files. Double click on driver_files.bat. This will create a file driver_files.txt on your Desktop. Please copy and paste the contents of that file into your next reply.
 
driver_files.txt log

Volume in drive C has no label.
Volume Serial Number is 70FC-3385

Directory of C:\Windows\System32\drivers

2008-01-26 06:18 PM <DIR> .
2008-01-26 06:18 PM <DIR> ..
2006-11-02 03:55 AM 53,376 1394bus.sys
2006-11-02 02:36 AM 68,096 ac97via.sys
2008-01-09 05:11 PM 258,232 acpi.sys
2006-11-02 04:51 AM 420,968 adp94xx.sys
2006-11-02 04:51 AM 297,576 adpahci.sys
2006-11-02 04:50 AM 98,408 adpu160m.sys
2006-11-02 04:51 AM 147,048 adpu320.sys
2006-11-02 03:58 AM 270,336 afd.sys
2006-11-02 04:49 AM 53,864 AGP440.sys
2006-11-02 04:49 AM 14,952 aliide.sys
2006-11-02 04:49 AM 54,888 AMDAGP.SYS
2006-11-02 04:49 AM 15,464 amdide.sys
2006-11-02 03:30 AM 38,912 amdk7.sys
2006-11-02 03:30 AM 40,960 amdk8.sys
2007-01-27 01:40 PM 41,160 AnyDVD.sys
2006-11-02 04:50 AM 67,688 arc.sys
2006-11-02 04:50 AM 67,688 arcsas.sys
2006-11-02 03:58 AM 17,408 asyncmac.sys
2008-01-09 04:55 PM 21,560 atapi.sys
2008-01-09 04:55 PM 109,624 ataport.sys
2007-12-11 01:32 AM 761,856 athr.sys
2007-07-11 01:37 PM 6,272 AWRTPD.sys
2007-08-07 12:58 PM 8,320 AWRTRD.sys
2006-11-02 04:49 AM 25,192 battc.sys
2006-11-02 07:32 AM 12,288 bdasup.sys
2006-11-02 03:51 AM 6,144 beep.sys
2006-11-02 03:31 AM 69,632 bowser.sys
2006-11-02 03:24 AM 13,568 BrFiltLo.sys
2006-11-02 03:24 AM 5,248 BrFiltUp.sys
2006-11-02 04:23 AM 93,184 bridge.sys
2006-11-02 03:25 AM 71,808 BrSerId.sys
2006-11-02 03:24 AM 62,336 BrSerWdm.sys
2006-11-02 03:24 AM 12,160 BrUsbMdm.sys
2006-11-02 03:24 AM 11,904 BrUsbSer.sys
2006-11-02 03:55 AM 39,936 bthmodem.sys
2006-11-02 03:30 AM 70,144 cdfs.sys
2006-11-02 03:51 AM 67,072 cdrom.sys
2006-11-02 03:55 AM 35,328 circlass.sys
2006-11-02 04:50 AM 125,032 Classpnp.sys
2006-11-02 04:49 AM 16,488 cmdide.sys
2006-11-02 04:49 AM 18,280 compbatt.sys
2006-11-02 04:50 AM 33,384 crashdmp.sys
2006-11-02 04:49 AM 22,632 crcdisk.sys
2006-11-02 03:30 AM 38,912 crusoe.sys
2008-01-09 04:56 PM 320,000 csc.sys
2006-11-02 03:31 AM 74,752 dfsc.sys
2006-11-02 04:49 AM 52,840 disk.sys
2006-11-02 03:51 AM 19,456 Diskdump.sys
2006-11-02 04:50 AM 71,272 djsvs.sys
2006-11-02 04:20 AM 130,048 drmk.sys
2006-11-02 03:54 AM 5,632 drmkaud.sys
2006-11-02 04:49 AM 26,728 Dumpata.sys
2006-11-02 07:34 AM 40,040 dumpfve.sys
2006-11-02 03:38 AM 13,312 dxapi.sys
2006-11-02 03:38 AM 76,288 dxg.sys
2008-01-09 05:13 PM 619,008 dxgkrnl.sys
2006-11-02 02:30 AM 117,760 E1G60I32.sys
2006-11-02 07:32 AM 132,200 ecache.sys
2007-08-07 02:48 PM 25,160 ElbyCDIO.sys
2007-02-15 07:56 PM 11,984 ElbyDelay.sys
2006-11-02 04:51 AM 316,520 elxstor.sys
2006-11-02 07:41 AM <DIR> en-US
2008-01-21 06:06 PM <DIR> etc
2006-11-02 03:30 AM 142,336 fastfat.sys
2006-11-02 03:51 AM 25,088 fdc.sys
2006-11-02 02:30 AM 45,568 fetnd5.sys
2008-01-02 02:12 AM 43,520 fetnd5bv.sys
2006-11-02 04:49 AM 56,424 fileinfo.sys
2006-11-02 03:32 AM 27,648 filetrace.sys
2006-11-02 03:51 AM 20,480 flpydisk.sys
2006-11-02 04:51 AM 183,912 fltMgr.sys
2008-01-09 04:53 PM 12,800 fs_rec.sys
2006-11-02 07:34 AM 121,960 fvevol.sys
2006-11-02 03:57 AM 84,992 FWPKCLNT.SYS
2006-11-02 04:50 AM 58,984 GAGP30KX.SYS
2006-09-19 02:44 PM 15,664 GEARAspiWDM.sys
2006-09-18 04:26 PM 3,440,660 gm.dls
2006-09-18 04:26 PM 646 gmreadme.txt
2006-11-02 02:36 AM 53,248 hdaudbus.sys
2006-11-02 03:55 AM 29,184 hidbth.sys
2006-11-02 03:55 AM 38,912 hidclass.sys
2006-11-02 03:55 AM 21,504 hidir.sys
2006-11-02 03:55 AM 25,472 hidparse.sys
2006-11-02 03:55 AM 12,288 hidusb.sys
2006-11-02 04:50 AM 37,480 HpCISSs.sys
2006-11-02 03:57 AM 385,536 http.sys
2006-11-02 04:49 AM 16,488 i2omgmt.sys
2006-11-02 04:49 AM 27,752 i2omp.sys
2006-11-02 03:51 AM 54,784 i8042prt.sys
2006-11-02 04:51 AM 232,040 iaStorV.sys
2006-11-02 04:50 AM 41,576 iirsp.sys
2007-12-10 02:53 PM 41,864 ikfilesec.sys
2007-12-10 02:53 PM 66,952 iksysflt.sys
2007-12-10 02:53 PM 81,288 iksyssec.sys
2006-11-02 04:49 AM 14,952 intelide.sys
2006-11-02 03:30 AM 39,424 intelppm.sys
2006-11-02 03:58 AM 47,104 ipfltdrv.sys
2006-11-02 03:42 AM 65,536 IPMIDrv.sys
2006-11-02 03:58 AM 99,840 ipnat.sys
2006-11-02 03:57 AM 95,744 irda.sys
2006-11-02 03:57 AM 13,312 irenum.sys
2006-11-02 04:50 AM 47,208 isapnp.sys
2006-11-02 04:50 AM 35,944 iteatapi.sys
2006-11-02 04:50 AM 35,944 iteraid.sys
2006-11-02 04:49 AM 32,872 kbdclass.sys
2006-11-02 03:51 AM 15,872 kbdhid.sys
2007-12-10 02:53 PM 29,576 kcom.sys
2006-11-02 03:51 AM 148,992 ks.sys
2006-11-02 04:51 AM 407,144 ksecdd.sys
2006-11-02 03:56 AM 47,104 lltdio.sys
2006-11-02 04:50 AM 65,640 lsi_fc.sys
2006-11-02 04:50 AM 65,640 lsi_sas.sys
2006-11-02 04:50 AM 65,640 lsi_scsi.sys
2006-11-02 03:33 AM 83,456 luafv.sys
2006-11-02 03:52 AM 18,944 mcd.sys
2006-11-02 04:49 AM 28,776 megasas.sys
2006-11-02 03:58 AM 31,744 modem.sys
2006-11-02 03:54 AM 41,984 monitor.sys
2006-11-02 04:49 AM 31,848 mouclass.sys
2006-11-02 03:51 AM 15,872 mouhid.sys
2006-11-02 04:49 AM 54,888 mountmgr.sys
2006-11-02 04:50 AM 78,952 mpio.sys
2008-01-09 05:04 PM 63,488 mpsdrv.sys
2006-11-02 04:49 AM 33,384 Mraid35x.sys
2006-11-02 07:32 AM 109,568 mrxdav.sys
2008-01-09 04:53 PM 101,888 mrxsmb.sys
2006-11-02 03:31 AM 211,456 mrxsmb10.sys
2008-01-09 04:53 PM 58,368 mrxsmb20.sys
2006-11-02 04:49 AM 23,144 msahci.sys
2006-11-02 04:50 AM 80,488 msdsm.sys
2006-11-02 03:30 AM 22,528 msfs.sys
2006-09-18 04:43 PM 3 MsftWdf_Kernel_01005_Inbox_Critical.Wdf
2008-01-12 11:12 AM 0 Msft_Kernel_NuidFltr_01005.Wdf
2006-11-02 04:49 AM 13,928 msisadrv.sys
2006-11-02 04:51 AM 168,552 msiscsi.sys
2006-11-02 03:51 AM 8,192 mskssrv.sys
2006-11-02 03:51 AM 5,888 mspclock.sys
2006-11-02 03:51 AM 5,504 mspqm.sys
2006-11-02 04:51 AM 160,872 msrpc.sys
2006-11-02 04:49 AM 28,776 mssmbios.sys
2006-11-02 03:51 AM 6,016 mstee.sys
2006-11-02 04:50 AM 46,696 mup.sys
2006-11-02 04:51 AM 500,840 ndis.sys
2008-01-09 05:13 PM 20,480 ndistapi.sys
2006-11-02 03:57 AM 16,896 ndisuio.sys
2006-11-02 03:58 AM 118,784 ndiswan.sys
2008-01-09 05:13 PM 48,640 ndproxy.sys
2006-11-02 03:57 AM 35,840 netbios.sys
2006-11-02 03:57 AM 184,320 netbt.sys
2008-01-09 05:08 PM 216,760 netio.sys
2006-11-02 04:50 AM 45,160 nfrd960.sys
2006-11-02 03:30 AM 34,816 npfs.sys
2007-08-07 12:56 PM 9,344 NSDriver.sys
2006-11-02 03:57 AM 16,384 nsiproxy.sys
2008-01-09 04:55 PM 1,060,920 ntfs.sys
2006-11-02 02:36 AM 20,608 ntrigdigi.sys
2007-01-15 05:18 PM 9,728 nuidfltr.sys
2006-11-02 03:51 AM 4,608 null.sys
2006-11-02 04:50 AM 88,680 nvraid.sys
2006-11-02 04:50 AM 40,040 nvstor.sys
2006-11-02 04:50 AM 106,600 NV_AGP.SYS
2008-01-09 04:55 PM 154,624 nwifi.sys
2006-11-02 03:55 AM 62,080 ohci1394.sys
2008-01-09 05:13 PM 70,144 pacer.sys
2006-11-02 03:51 AM 79,360 parport.sys
2006-11-02 04:50 AM 49,256 partmgr.sys
2006-11-02 03:51 AM 8,704 parvdm.sys
2006-11-02 04:50 AM 140,392 pci.sys
2006-11-02 04:49 AM 13,416 pciide.sys
2008-01-09 04:55 PM 45,112 pciidex.sys
2006-11-02 04:51 AM 167,528 pcmcia.sys
2006-11-02 04:04 AM 878,080 PEAuth.sys
2006-11-02 03:55 AM 167,424 portcls.sys
2006-11-02 03:30 AM 38,400 processr.sys
2006-11-02 04:51 AM 900,712 ql2300.sys
2006-11-02 04:50 AM 106,088 ql40xx.sys
2006-11-02 07:32 AM 31,232 qwavedrv.sys
2006-11-02 03:58 AM 11,776 rasacd.sys
2006-11-02 03:58 AM 75,776 rasl2tp.sys
2006-11-02 03:58 AM 41,472 raspppoe.sys
2006-11-02 03:58 AM 61,440 raspptp.sys
2006-11-02 03:31 AM 222,208 rdbss.sys
2006-11-02 04:02 AM 6,144 RDPCDD.sys
2006-11-02 04:03 AM 242,688 rdpdr.sys
2006-11-02 04:02 AM 6,144 RDPENCDD.sys
2006-11-02 04:02 AM 160,256 rdpwd.sys
2007-01-27 01:40 PM 11,984 RegKill.sys
2006-11-02 03:57 AM 113,664 rmcast.sys
2006-11-02 03:57 AM 32,768 RNDISMP.sys
2006-11-02 03:58 AM 8,192 rootmdm.sys
2008-01-09 09:17 PM 240,128 royal.sys
2006-11-02 03:56 AM 60,416 rspndr.sys
2007-06-28 03:21 PM 3,993,248 RTKVAC.SYS
2006-11-02 04:50 AM 76,392 sbp2port.sys
2006-11-02 04:50 AM 140,392 scsiport.sys
2006-11-02 01:37 AM 20,480 secdrv.sys
2006-11-02 03:51 AM 17,920 serenum.sys
2006-11-02 03:51 AM 83,456 serial.sys
2006-11-02 03:51 AM 19,968 sermouse.sys
2006-11-02 03:51 AM 13,312 sffdisk.sys
2006-11-02 03:51 AM 12,800 sffp_mmc.sys
2006-11-02 03:51 AM 12,800 sffp_sd.sys
2006-11-02 03:51 AM 13,312 sfloppy.sys
2006-11-02 04:49 AM 53,352 SISAGP.SYS
2006-11-02 04:50 AM 38,504 sisraid2.sys
2006-11-02 04:50 AM 71,784 sisraid4.sys
2006-11-02 03:57 AM 66,048 smb.sys
2006-11-02 03:51 AM 17,408 smclib.sys
2006-11-02 04:49 AM 18,536 spldr.sys
2006-11-02 02:16 AM 551,936 spsys.sys
2006-11-02 03:31 AM 290,304 srv.sys
2008-01-09 04:53 PM 130,048 srv2.sys
2008-01-09 04:53 PM 84,992 srvnet.sys
2006-11-02 04:50 AM 117,864 Storport.sys
2006-11-02 03:55 AM 52,864 stream.sys
2006-11-02 04:49 AM 12,776 swenum.sys
2006-11-02 04:50 AM 35,944 symc8xx.sys
2006-11-02 04:49 AM 31,848 sym_hi.sys
2006-11-02 04:50 AM 34,920 sym_u3.sys
2006-11-02 03:51 AM 24,576 tape.sys
2008-01-09 05:08 PM 802,816 tcpip.sys
2006-11-02 03:57 AM 27,648 tcpipreg.sys
2006-11-02 03:58 AM 20,992 tdi.sys
2006-11-02 04:02 AM 17,920 tdpipe.sys
2006-11-02 04:02 AM 28,672 tdtcp.sys
2006-11-02 03:57 AM 68,096 tdx.sys
2006-11-02 04:50 AM 50,792 termdd.sys
2006-11-02 04:02 AM 23,552 tssecsrv.sys
2008-01-09 05:04 PM 15,360 TUNMP.SYS
2008-01-09 05:04 PM 23,040 tunnel.sys
2006-11-02 04:49 AM 56,936 UAGP35.SYS
2006-11-02 03:30 AM 225,280 udfs.sys
2006-11-02 04:50 AM 58,472 ULIAGPKX.SYS
2006-11-02 04:51 AM 235,112 uliahci.sys
2006-11-02 04:50 AM 98,408 ulsata.sys
2006-11-02 04:50 AM 115,816 ulsata2.sys
2006-11-02 03:55 AM 34,816 umbus.sys
2008-01-09 07:11 PM <DIR> UMDF
2006-11-02 03:55 AM 7,168 umpass.sys
2006-11-02 03:57 AM 14,848 usb8023.sys
2006-11-02 03:55 AM 25,728 USBCAMD.sys
2006-11-02 03:55 AM 25,728 USBCAMD2.sys
2008-01-09 05:01 PM 73,216 usbccgp.sys
2006-11-02 03:55 AM 68,608 usbcir.sys
2008-01-09 05:01 PM 5,888 usbd.sys
2008-01-09 05:01 PM 38,400 usbehci.sys
2008-01-09 05:01 PM 192,000 usbhub.sys
2006-11-02 03:55 AM 19,456 usbohci.sys
2008-01-09 05:01 PM 224,768 usbport.sys
2006-11-02 04:14 AM 18,944 usbprint.sys
2008-01-09 05:07 PM 55,296 USBSTOR.SYS
2008-01-09 05:01 PM 23,040 usbuhci.sys
2007-06-16 04:16 PM 31,616 VClone.sys
2006-11-02 03:53 AM 25,088 vga.sys
2006-11-02 03:53 AM 26,112 vgapnp.sys
2006-11-02 04:49 AM 54,376 VIAAGP.SYS
2006-11-02 03:30 AM 39,424 viac7.sys
2008-01-09 04:55 PM 20,024 viaide.sys
2006-11-02 03:54 AM 109,056 videoprt.sys
2006-11-02 04:50 AM 50,280 volmgr.sys
2006-11-02 04:51 AM 290,408 volmgrx.sys
2008-01-09 04:55 PM 211,000 volsnap.sys
2006-11-02 04:50 AM 112,232 vsmraid.sys
2006-11-02 03:52 AM 20,608 wacompen.sys
2008-01-09 05:13 PM 61,952 wanarp.sys
2006-11-02 03:37 AM 32,256 watchdog.sys
2006-11-02 04:49 AM 19,560 wd.sys
2006-11-02 04:51 AM 492,648 Wdf01000.sys
2006-11-02 04:49 AM 32,872 WdfLdr.sys
2006-11-02 03:35 AM 11,264 wmiacpi.sys
2006-11-02 04:49 AM 15,464 wmilib.sys
2006-11-02 03:58 AM 15,872 ws2ifsl.sys
2006-11-02 03:54 AM 51,712 WUDFPf.sys
2006-11-02 03:54 AM 82,560 WUDFRd.sys
271 File(s) 31,522,109 bytes
5 Dir(s) 168,256,905,216 bytes free
 
Great! Neither core.cache.dsk or any of the protecting driver files are appearing in that list, so your logs appear to be clean of malware.

Please run OTMoveIt2 again and click the CleanUp! button. This will remove the backups it has created along with the program itself.

Your logfiles do show that you have Viewpoint Manager installed, though.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything bad. It is known to be intrusive, but there is some possibility that it is now being used by those companies to give them info about your habits. It is not considered spyware since this is not clear, but I would not tolerate it on my machine if I didn't install it.

I suggest you remove it. To do so, click on Start -> Control Panel -> Add or Remove Programs. Click on Viewpoint Manager and click Remove.

Below I have included some ideas on how to prevent future infections.

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please navigate to http://windowsupdate.microsoft.com and download all the Critical Updates for Windows. These will patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Some good free firewalls are ZoneAlarm, Kerio, or Outpost. All of these will provide a far greater level of protection than the firewall built into Windows.
A tutorial on understanding and using firewalls may be found here.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's
Immunize and TeaTimer features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad which provides protections against malicious websites.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure are looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.
If you are interested, Firefox may be downloaded from here
Opera is available here: http://www.opera.com/download/

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)
 
Last edited:
Thank You!

Thanks for all you're help, glad I didn't have to re-install Vista. I have been using Firefox for a couple of years. I now have anti-virus, firewall, and spyware search and destroy on my machine. Thanks again.
 
I am having the same issue. i have tried everything . i know very little about computers. i am on windows xp. i would be forever greatfull for help. firedog was usless and expensive.
 
You must log in or register to reply here.
Back
Top