TratBHO and Smitfraud (core.cache.dsk) HELLLLLP! please

[evilfantasy]

Were going to need to run a more thorough scanners. These will take longer then the others have, just follow the instructions and relax while they run. Do them separately, one right after the other.

First:

Please download ATF Cleaner by Atribune. ATF Cleaner.exe

Make sure that all browser windows are closed.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All and UNCHECK Cookies.
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All and UNCHECK Cookies.
• Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All and UNCHECK Cookies.
• Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

Second:

Please download DrWeb CureIt & save it to your desktop.

Scan with DrWeb-CureIt as follows:

• Double-click on drweb-cureit.exe and then click Start.
• An Express Scan of your PC notice will appear.
• Under Start the Express Scan Now Click OK to start.
  • This is a short scan that will scan the files currently running in memory.
  • If or when something is found, click the Yes button when it asks you if you want to cure it.
• Once the short scan has finished, Click Options > Change settings
• Choose the Scan tab and UNcheck Heuristic analysis and click OK
• Back at the main window, select the Complete scan button.
• Then click the Green Arrow
  
  Start Scanning button on the right and the scan will start.
  • Click Yes to all if it asks if you want to cure/move any file(s).
• When the scan is done.
• In the Dr.Web CureIt menu on top left, click File and choose Save report list.
• Save the DrWeb.csv report to your Desktop.
• Exit Dr.Web Cureit.

• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

• After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
• Copy and paste that log in the next reply

Third:

Please run the F-Secure Online Scanner

Note: This Scanner works with Internet Explorer Only!

• Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
• Allow the Active X control to be installed on your computer, then click the Accept button
• Click Full System Scan and allow the components to download and the scan to complete.
• If malware is found, check Submit samples to F-Secure then select Automatic cleaning
• When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
• Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
  • If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
• When the cleaning option is presented, Uncheck Submit samples to F-Secure
• Click Automatic cleaning
• When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
• Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
• This scan can take quite some time, so please be patient

Next post:
Dr. Web log
F-Secure log

 

[Hey it's me]

thanks. yeah I had already figured I'm not going anywhere today. be back as soon as I'm done.

 

[evilfantasy]

No problem, these will take a while. We will pick it up when they are done.

 

[Hey it's me]

the scan froze...I stopped it and restarted. it was 95% finished. It said it found a virus. UGH!

 

[Hey it's me]

also, Evil, I selected only the main drive, C rather than the extra drive I have in my computer. That drive doesn't have any drivers on it. I use it for back up and space. Anyway, the scan is going quickly and it got stuck on a program I don't use but keep on that other drive.

 

[evilfantasy]

It is probably getting stuck on the driver. If it happens again we will need to try something else.

 

[evilfantasy]

I know for a fact that SuperAntispyware removes the core.cache.dsk as I just finished with a log from another forum where it was removed.

You may need to boot into Safe Mode and let SuperAntispyware do a full scan and remove what is found that way.

 

[Hey it's me]

so should i stop the dr web scan and run antispyware in safe mode?

 

[evilfantasy]

Let Dr. Web finish if it can. You may need to try it in safe mode also.

 

[Hey it's me]

ok cool.

 

[ceewi1]

evilfantasy, my apologies for jumping in, but that driver really needs to be removed in order to kill the file.

Hey it's me, please do the following:

• Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  

  File::
  C:\WINDOWS\system32\drivers\core.cache.dsk
  C:\WINDOWS\system32\drivers\redbookk.sys
  C:\WINDOWS\system32\EBEAD39BB3.sys
  
  Folder::
  C:\temp\tn3
  
  Registry::
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\comup]
  
  Driver::
  redbookk

• Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop.
  
  
  
  
  
  
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Please copy and paste the contents of the log in your next reply, along with a new HijackThis log.

CAUTION:
Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall.
Also, please do NOT adjust your time format while ComboFix is running.

 

[evilfantasy]

No problem ceewi1

I was a little lost on the redbookk (I should have known by the spelling) and combofix is unable to delete the core.cache.dsk.

Seems these always pop up in pairs for me. I was able to get the core.cache.dsk on another forum earlier with The Avenger.

Step in anytime. I welcome your knowledge!!!!!

 

[Hey it's me]

OK guys, thanks Ceewi (also) I went to bed last night I was delirious from stressing about this. When i woke up I saw the result from Superspyware which I ran in safe mode. It said it found two trojans which were DIFFERENT from the ones other anti virus programs are saying I have when run in regular mode. One is the Vundo which I've been seeing all over the forums. I can't recall the the other and since the program said restart to receive a log, I did but I didn't get a log. Also, in safe mode, Core.cache.dsk didn't show up in my drivers, however, now back in regular mode, it's there! After Superspware says it was removing everything bad in safe mode too. Oh AND...I'm still getting pop ups and NOW I wasn't able to come back to this site, yes THIS specific site Computerforum.com. so I chose Chached version in a google search for computerforum.com and somehow I followed links that brought me back to my posting and you guys.
With all that said, I'm going to try ceewi's instructions and if it doesn't work I think I'm going to have to throw in the towel. I'm overwhlemed by this and I guess I'll just reinstall the op system. I just want to make sure I'm saving everything on my two external hard drives (that I need to) I mean, if you guys could please let me know if there are files I need to move form the c drive that will assure I am back up and running without a lot of loss (I've backed up MY DOCUMENTS, office .pst [archived too] and well, that's really it) I'm concerned there are files somewhere I don't know about that are essential for me.

Anyway, perhaps ceewi's instructions will do the trick. Let's hope so Evil, after all the time we've put in!

here it goes!

 

[evilfantasy]

If that doesn't get the driver we can try one more tool which I mentioned earlier. It worked for another computer yesterday so should work now as well.

Let us know......

 

[Hey it's me]

ok cool I will, I've actually been backing up some more files onto one of the externals. I got up while close to completion of both the programs files (I know there will missing important missing files, bu t I wanted to do it because I'm very forgetful and might miss something to reinstall (If I end up having to do that). I was also moving my itunes folder which is FULL of TONS of music and podcasts. I suppose there is a way to have avoided moving all that, but, I'm on my own here and really don;t want to lose anything. Anyway, I got up from my desk to walk away and disconnected the usb wire and had to re-copy those folders. I'm surprised it's taking so long again, but it's half way there, so I'm just doing some studying off of a study website for an important licensing exam I need to take next month. when there copying is done I'm going to do the combofix thing, then I'll be back here to continue with you and sure, if the combofix doesn't work we'll try that one last thing Evil and then I have to give it up. I have to be out of the house later today by like 4 at the latest anyway.
*sigh*

 

[evilfantasy]

Sounds good. The next try will only take a couple of minutes to complete.

 

[Hey it's me]

Here it is!:


ComboFix 08-01-14.4 - Eve 2008-01-15 13:13:41.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.645 [GMT -5:00]
Running from: C:\Documents and Settings\Eve\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Eve\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\redbookk.sys
C:\WINDOWS\system32\EBEAD39BB3.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\tn3
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\redbookk.sys
C:\WINDOWS\system32\EBEAD39BB3.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_REDBOOKK
-------\redbookk


((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
.

2008-01-15 10:30 . 2008-01-15 10:30 754 --a--c--- C:\WINDOWS\WORDPAD.INI
2008-01-14 17:08 . 2008-01-14 17:08 <DIR> d----c--- C:\Documents and Settings\Eve\DoctorWeb
2008-01-14 17:07 . 2008-01-14 17:07 <DIR> d----c--- C:\Program Files\Windows Installer Clean Up
2008-01-14 17:06 . 2008-01-14 17:06 <DIR> d----c--- C:\Program Files\MSECACHE
2008-01-14 16:28 . 2008-01-14 16:28 <DIR> d----c--- C:\WINDOWS\ERUNT
2008-01-14 16:10 . 2008-01-14 17:05 <DIR> d----c--- C:\Program Files\SDFix
2008-01-14 16:03 . 2008-01-14 16:03 1,550 --a--c--- C:\WINDOWS\system32\tmp.reg
2008-01-14 13:32 . 2008-01-14 15:50 <DIR> d----c--- C:\Program Files\QooBox
2008-01-14 13:31 . 2000-08-31 08:00 51,200 --a--c--- C:\WINDOWS\NirCmd.exe
2008-01-14 12:19 . 2008-01-14 12:19 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-14 12:18 . 2008-01-14 20:40 <DIR> d----c--- C:\Program Files\SUPERAntiSpyware
2008-01-14 12:18 . 2008-01-14 12:18 <DIR> d----c--- C:\Documents and Settings\Eve\Application Data\SUPERAntiSpyware.com
2008-01-14 09:27 . 2008-01-14 09:27 <DIR> d----c--- C:\Program Files\Lavasoft
2008-01-14 09:27 . 2008-01-14 09:27 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-14 09:24 . 2008-01-14 12:16 <DIR> d----c--- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-13 22:05 . 2008-01-13 22:05 <DIR> d----c--- C:\Program Files\Trend Micro
2008-01-13 21:38 . 2008-01-13 21:38 <DIR> d----c--- C:\Documents and Settings\Eve\Application Data\Grisoft
2008-01-13 21:38 . 2008-01-13 21:38 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-13 21:38 . 2007-05-30 07:10 10,872 --a--c--- C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-13 21:25 . 2008-01-13 21:25 <DIR> d----c--- C:\Program Files\SmitfraudFix
2008-01-13 21:24 . 2008-01-13 21:23 1,062,501 --a--c--- C:\Program Files\SmitfraudFix.zip
2008-01-11 17:36 . 2008-01-11 18:22 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-11 17:14 . 2008-01-11 17:14 <DIR> d----c--- C:\Program Files\Plato Video To PSP Converter
2008-01-11 12:04 . 2008-01-11 15:52 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn
2008-01-11 12:04 . 2008-01-11 12:04 1,409 --a--c--- C:\WINDOWS\QTFont.for
2008-01-11 12:03 . 2008-01-11 12:03 <DIR> d----c--- C:\Program Files\iPod
2008-01-11 10:11 . 2008-01-11 15:12 <DIR> d----c--- C:\Program Files\uTorrent
2008-01-11 10:10 . 2008-01-14 08:50 <DIR> d----c--- C:\Documents and Settings\Eve\Application Data\uTorrent
2008-01-10 12:40 . 2008-01-10 12:40 <DIR> d----c--- C:\Program Files\MAPILab Ltd
2008-01-10 12:40 . 2008-01-10 12:40 <DIR> d----c--- C:\Program Files\Common Files\MAPILab Ltd
2008-01-03 19:26 . 2008-01-03 19:26 <DIR> d----c--- C:\Program Files\iDumpPro
2008-01-03 19:26 . 2008-01-03 19:26 1,521,113 --a--c--- C:\WINDOWS\iDumpPro Uninstaller.exe
2008-01-03 19:26 . 2008-01-03 19:26 3,120 --a--c--- C:\WINDOWS\system32\2bad2884-02a9-488c-9f8c-13fecc7c77f9.dll
2008-01-03 19:26 . 2008-01-03 19:26 3,120 --a--c--- C:\WINDOWS\db7a9e38-547e-4544-bf7c-a4beabe1c61a.ocx
2007-12-25 21:31 . 2007-12-25 21:31 <DIR> d----c--- C:\Documents and Settings\Eve\Application Data\EPSON
2007-12-23 14:35 . 2007-11-02 09:36 1,763,248 --a--c--- C:\WINDOWS\system32\Codejock.CommandBars.v11.2.1.ocx
2007-12-23 14:35 . 2007-11-02 09:37 518,064 --a--c--- C:\WINDOWS\system32\Codejock.SkinFramework.v11.2.1.ocx
2007-12-23 14:33 . 2007-10-02 05:47 849,920 --a--c--- C:\WINDOWS\system32\AdjMmsEng.dll
2007-12-23 14:33 . 2007-10-01 07:38 827,392 --a--c--- C:\WINDOWS\system32\asrecmms.ocx
2007-12-23 14:33 . 2007-10-01 05:43 425,984 --a--c--- C:\WINDOWS\system32\amp3dj.ocx
2007-12-20 09:16 . 2007-12-20 09:16 <DIR> d----c--- C:\Program Files\MailWasher Pro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 15:18 --------- dc----w C:\Documents and Settings\Eve\Application Data\MailWasherPro
2008-01-14 15:19 --------- dc----w C:\Documents and Settings\Eve\Application Data\Symantec
2008-01-11 18:03 --------- dc----w C:\Program Files\itunes
2008-01-11 17:01 --------- dc----w C:\Program Files\QuickTime
2008-01-11 16:35 --------- dc----w C:\Program Files\Microsoft Plus! Photo Story 2 LE
2008-01-11 16:34 --------- dc----w C:\Program Files\Jasc Software Inc
2008-01-11 16:00 --------- dc----w C:\Program Files\Dell
2008-01-11 15:35 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-01-11 15:35 --------- dc----w C:\Program Files\Common Files\Nikon
2008-01-11 15:30 --------- dc----w C:\Documents and Settings\Eve\Application Data\ArcSoft
2008-01-11 15:18 --------- dc----w C:\Program Files\Azureus
2008-01-11 15:18 --------- dc----w C:\Documents and Settings\Eve\Application Data\Azureus
2008-01-09 20:41 --------- dc----w C:\Program Files\Google
2007-12-07 17:30 --------- dc----w C:\Documents and Settings\All Users\Application Data\SiComponents
2007-12-07 17:05 --------- dc----w C:\Documents and Settings\Eve\Application Data\Jasc Software Inc
2007-12-06 19:37 --------- dc----w C:\Documents and Settings\Eve\Application Data\Final Draft
2007-12-06 14:28 --------- dc----w C:\Documents and Settings\All Users\Application Data\Final Draft
2007-12-04 19:00 --------- dc----w C:\Program Files\Eusing Free Registry Cleaner
2007-12-04 18:59 --------- dc----w C:\Program Files\Skype
2007-12-04 16:33 --------- dc----w C:\Documents and Settings\Eve\Application Data\Skype
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:56 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-04 14:56 --------- dc----w C:\Program Files\Common Files\Skype
2007-12-04 14:56 --------- dc----w C:\Documents and Settings\Eve\Application Data\skypePM
2007-12-04 14:56 --------- dc----w C:\Documents and Settings\All Users\Application Data\Skype
2007-12-04 14:55 94,544 -c--a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 -c--a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 -c--a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 -c--a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-25 15:59 688 -c--a-w C:\WINDOWS\Fonts\CompleteinHim-TOU.txt
2007-11-20 23:47 --------- dc----w C:\Program Files\Soulseek
2007-10-17 11:24 2,526,800 -c--a-w C:\WINDOWS\Install_B4Playing.exe
2006-12-21 03:27 92,064 -c--a-w C:\Documents and Settings\Eve\mqdmmdm.sys
2006-12-21 03:27 9,232 -c--a-w C:\Documents and Settings\Eve\mqdmmdfl.sys
2006-12-21 03:27 79,328 -c--a-w C:\Documents and Settings\Eve\mqdmserd.sys
2006-12-21 03:27 66,656 -c--a-w C:\Documents and Settings\Eve\mqdmbus.sys
2006-12-21 03:27 6,208 -c--a-w C:\Documents and Settings\Eve\mqdmcmnt.sys
2006-12-21 03:27 5,936 -c--a-w C:\Documents and Settings\Eve\mqdmwhnt.sys
2006-12-21 03:27 4,048 -c--a-w C:\Documents and Settings\Eve\mqdmcr.sys
2006-12-21 03:27 25,600 -c--a-w C:\Documents and Settings\Eve\usbsermptxp.sys
2006-12-21 03:27 22,768 -c--a-w C:\Documents and Settings\Eve\usbsermpt.sys
2006-03-24 15:18 2,516 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\Avast4\ALWILS~1\ashDisp.exe" [2007-12-04 08:00 79224]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]

C:\Documents and Settings\Eve\Start Menu\Programs\Startup\
MailWasherPro.lnk - C:\Program Files\MailWasher Pro\MailWasher.exe [2007-12-20 09:16:07]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SAC-Desktop-Alert.lnk]
backup=C:\WINDOWS\pss\SAC-Desktop-Alert.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Eve^Start Menu^Programs^Startup^Norton Disk Doctor.LNK]
backup=C:\WINDOWS\pss\Norton Disk Doctor.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a--c--- 2007-06-11 04:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a--c--- 2007-04-27 16:17 50736 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
--a--c--- 2004-07-30 11:04 245760 C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2005-02-23 16:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a--c--- 2004-08-10 04:04 59392 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX8400 Series]
--a--c--- 2007-02-15 06:00 179200 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a--c--- 2005-07-19 23:06 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a--c--- 2005-07-19 23:10 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a--c--- 2005-07-19 23:09 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a--c--- 2003-09-03 20:12 221184 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2004-07-27 16:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2004-07-27 16:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2007-12-11 12:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a--c--- 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickCamPro.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2007-12-11 10:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a--c--- 2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a--c--- 2007-08-31 16:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-09-25 00:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a--c--- 2007-07-18 20:04 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

R2 NMSAccessU;NMSAccessU;C:\Program Files\iDumpPro\NMSAccessU.exe [2007-10-12 04:34]
S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-07-29 20:55]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-11 20:46:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 13:19:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-15 13:23:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-15 18:23:35
ComboFix2.txt 2008-01-14 20:50:02
.
2008-01-09 20:46:04 --- E O F ---

 

[Hey it's me]

OMG! OMG! OMG! The core.cache.dsk...it's GONE! WOOWOOOWOWOOWOOWOWOOWOOWOOWOO! could this mean? that my computer is clean again? That I don;t have to reinstall after all? let me surf a little a see if I keep getting pop ups? I'll be back. I'm going to run Supersyware to see if detects anything too. that one seems to be the best for detection. AM I right? Also, should I keep AVG running? I've always had avast (free version) but that did a whole lot of nothing...I'm not sure I'd feel comfortable NOT running avast however. ??? brb with more info.

I'd put a smiley emotion but, though the site says they're enabled, i can't see them any longer next to the "post reply" box.
whatever.

I'm psyched right now!

 

[Hey it's me]

here's my latest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:45:01 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avast4\Alwil Software\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast4\Alwil Software\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iDumpPro\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Avast4\ALWILS~1\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Avast4\Alwil Software\ashMaiSv.exe
C:\Program Files\Avast4\Alwil Software\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.npr.org/templates/rundowns/rundown.php?prgId=3
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ALWILS~1\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Startup: MailWasherPro.lnk = C:\Program Files\MailWasher Pro\MailWasher.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\Alwil Software\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\Alwil Software\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\Alwil Software\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\Alwil Software\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\iDumpPro\NMSAccessU.exe

--
End of file - 4343 bytes

 

[Hey it's me]

Evil (and ceewi) I'm doing a Superspyware scan right now and it has come up with 7 threats already. What does THAT mean? will I be able to completely rove whatever it is when it's done scanning/ So far while surfing on Firefox, I still have no gotten ANY IE popups! I'm sooooo relieved about this! it's turning into a much better day!