Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yet Another Core.cache.dsk Problem...


  • This topic is locked This topic is locked
6 replies to this topic

#1 Stuee

Stuee

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 13 February 2008 - 08:09 AM

Hi, I have a problem with IE7 popping up with various different sites (online poker, etc.) while I'm browsing with Firefox.
I ran a bunch of anti-everything apps but it's still happening.
I installed Sygate PFP 5.6 because Zonealarm wasn't giving me enough information, and it immediately told me that Explorer (or something attached to it) was trying to contact www.in-t-e-r-n-e-t.com, which I then Googled and found that core.cache.dsk is indeed on my system.

I have been through the pre-log-posting page and done everything I was asked to do. None of the apps have managed to permanently delete core.cache.dsk
For now I've just switched IE to Offline mode and that's helped. Obviously it's not a fix, but it does enable me to work in the meantime.

Any help you can give me would be so appreciated. Many thanks, Stuee

------------------------------------------------------------
Here is my HijackThis log:
------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:50, on 13/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\system32\taskswitch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\windows\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Roland\VSC32\vsc32cnf.exe
C:\Program Files\Roland\VSC32\vscvol.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Active Desktop Calendar\ADC.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\windows\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [vsc32cnf.exe] C:\Program Files\Roland\VSC32\vsc32cnf.exe
O4 - HKLM\..\Run: [vscvol.exe] C:\Program Files\Roland\VSC32\vscvol.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Outpost Firewall Pro\ie_bar.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\outpos~1\wl_hook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\OUTPOS~1\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\windows\system32\oodag.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe

--
End of file - 9205 bytes

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:33 AM

Posted 14 February 2008 - 03:01 PM

Hello Stuee,

We will run ComboFix.

You need to disable your AVG Antivirus before running ComboFix, as it will prevent it from running.

To disable AVG antivirus:
Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: Posted Image) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.
When you need to enable the AVG Resident Shield, ( I€™ll let you know when) just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.




Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Be sure to install the Windows XP Recovery Console in case you have not installed it yet. <== IMPORTANT

Post the ComboFix log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Stuee

Stuee
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 14 February 2008 - 04:10 PM

Hi SifuMike,
Thank you so much for your help, I really appreciate your time.

The first time I ran Combofix it didn't create a log, but did delete some files.
Anyway I ran it a second time and here's the log it created:


ComboFix 08-02-15.1 - Stu 2008-02-15 21:04:17.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2602 [GMT 0:00]
Running from: C:\Documents and Settings\Stu\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\temp\tn3
C:\windows\system32\drivers\ati1btxxx.sys
C:\windows\system32\drivers\core.cache.dsk
C:\windows\system32\msvcsv60.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_ATI1BTXXX
-------\ati1btxxx




((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))
.

2008-02-14 06:31 . 2008-02-14 06:32 2,431,808 --a------ C:\flaskOut.avi
2008-02-14 03:21 . 2008-02-14 03:22 <DIR> d-------- C:\Program Files\FLV to Video Converter
2008-02-14 03:21 . 2008-02-14 03:28 <DIR> d-------- C:\Documents and Settings\Stu\Application Data\MoyeaFLV2Video
2008-02-14 03:09 . 2008-02-14 03:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-14 03:09 . 2008-02-14 03:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-14 01:26 . 2008-02-14 01:26 <DIR> d-------- C:\Program Files\MediaCoder
2008-02-13 12:13 . 2008-02-13 12:13 <DIR> d-------- C:\Documents and Settings\Stu\Application Data\Agnitum
2008-02-13 12:07 . 2008-02-13 12:48 <DIR> d-------- C:\WINDOWS\system32\Filt
2008-02-13 12:07 . 2008-02-15 21:01 <DIR> d-------- C:\Program Files\Outpost Firewall Pro
2008-02-13 12:07 . 2007-12-20 17:47 443,424 --a------ C:\WINDOWS\system32\drivers\SandBox.sys
2008-02-13 12:07 . 2007-12-12 14:55 200,464 --a------ C:\WINDOWS\system32\drivers\afw.sys
2008-02-13 12:07 . 2007-10-25 18:17 49 --a------ C:\WINDOWS\transp.gif
2008-02-13 12:06 . 2008-02-13 12:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Agnitum
2008-02-13 11:59 . 2008-02-13 11:59 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-02-13 11:59 . 2008-02-13 11:59 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-02-13 08:30 . 2007-08-01 16:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-13 08:22 . 2008-02-13 11:53 <DIR> d-------- C:\Documents and Settings\Stu\Application Data\HouseCall 6.6
2008-02-13 06:06 . 2008-02-13 06:06 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-13 06:06 . 2008-02-13 08:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-13 05:17 . 2008-02-13 05:17 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-13 05:17 . 2008-02-13 05:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-13 03:17 . 2008-02-13 03:22 <DIR> d-------- C:\fixwareout
2008-02-13 02:54 . 2008-02-13 02:54 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-13 02:32 . 2008-02-13 02:32 <DIR> d-------- C:\VundoFix Backups
2008-02-12 20:15 . 2008-02-12 20:23 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-02-12 20:15 . 2008-02-12 20:25 <DIR> d-------- C:\Program Files\AVSMedia
2008-02-12 20:15 . 2003-05-21 23:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2008-02-12 20:15 . 2003-05-22 12:26 221,215 --a------ C:\WINDOWS\system32\divxdec.ax
2008-02-12 20:15 . 2003-05-21 23:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-02-12 20:15 . 2003-05-21 23:50 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2008-02-12 20:15 . 2004-09-06 16:06 53,248 --a------ C:\WINDOWS\system32\xvid.ax
2008-02-12 20:15 . 2003-05-21 23:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2008-02-12 20:15 . 2003-05-21 23:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-02-12 20:15 . 2000-03-14 20:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2008-02-12 10:20 . 2008-02-12 10:20 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-02-12 10:20 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\divx.dll
2008-02-12 10:20 . 2004-07-03 20:59 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-02-12 10:20 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-02-12 10:20 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-02-12 10:20 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-02-12 10:20 . 2004-07-03 21:08 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-02-12 10:20 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-02-12 10:20 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-02-12 10:20 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-02-12 10:20 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-02-12 09:15 . 2008-02-12 09:15 <DIR> d-------- C:\Program Files\ExtractNow
2008-02-12 04:30 . 2008-02-12 04:30 <DIR> d-------- C:\Program Files\Orbitdownloader
2008-02-12 04:30 . 2008-02-14 03:45 <DIR> d-------- C:\Documents and Settings\Stu\Application Data\Orbit
2008-02-10 22:00 . 2008-02-10 22:04 <DIR> d-------- C:\Program Files\Wireshark
2008-02-10 18:32 . 2008-02-10 21:11 <DIR> d-------- C:\Program Files\PFConfig
2008-02-10 16:17 . 2008-02-10 16:17 <DIR> d-------- C:\Documents and Settings\Stu\Application Data\Avant Profiles
2008-02-09 06:23 . 2008-02-13 00:26 <DIR> d-------- C:\Program Files\FreeCommander
2008-02-08 16:47 . 2008-02-08 16:50 <DIR> d-------- C:\Documents and Settings\Stu\Application Data\FileZilla
2008-02-08 16:45 . 2008-02-08 16:45 <DIR> d-------- C:\Program Files\FileZilla FTP Client
2008-02-07 19:31 . 2008-02-07 19:31 <DIR> d-------- C:\Program Files\intermorphic
2008-02-07 19:31 . 2008-02-07 19:46 <DIR> d-------- C:\Documents and Settings\Stu\Application Data\data
2008-02-07 06:09 . 2008-02-12 10:10 <DIR> d-------- C:\Program Files\DirectVobSub
2008-02-05 20:51 . 2008-02-14 01:34 <DIR> d-------- C:\Program Files\Minefield
2008-02-05 10:06 . 2008-02-05 10:06 <DIR> d-------- C:\Program Files\NCH Software
2008-02-04 08:56 . 2008-02-04 08:56 <DIR> d-------- C:\WINDOWS\Caps
2008-02-04 06:38 . 2008-02-04 06:38 <DIR> d-------- C:\Program Files\Roland
2008-02-04 06:38 . 2000-09-12 09:33 204,800 --a------ C:\WINDOWS\system32\vsc32cnf.cpl
2008-02-04 06:37 . 2001-04-16 09:16 951,284 --a------ C:\WINDOWS\system32\drivers\vsc.sys
2008-02-04 06:37 . 2001-03-13 11:15 118,876 --a------ C:\WINDOWS\system32\vscapi.dll
2008-02-04 06:37 . 2008-02-04 06:37 252 --a------ C:\WINDOWS\_delis32.ini
2008-02-04 00:02 . 2008-02-04 00:02 <DIR> d-------- C:\Documents and Settings\Stu\Application Data\ImgBurn
2008-02-03 23:55 . 2008-02-14 16:16 <DIR> d-------- C:\Program Files\ImgBurn
2008-02-03 19:55 . 2008-02-14 20:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-02-03 19:53 . 2008-02-14 20:12 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-02-03 19:53 . 2008-02-14 20:09 <DIR> d-------- C:\Documents and Settings\Stu\Application Data\NCH Swift Sound
2008-02-03 19:53 . 2008-02-03 19:53 26,112 --a------ C:\WINDOWS\system32\drivers\nchssvad.sys
2008-02-03 19:43 . 2008-02-03 19:43 <DIR> d-------- C:\Program Files\ImageShack
2008-02-03 19:10 . 2008-02-13 20:42 <DIR> d-------- C:\Program Files\SnagIt 8
2008-02-03 19:10 . 2008-02-03 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-02-02 23:06 . 2008-02-02 23:07 <DIR> d-------- C:\Program Files\Any DVD Converter Professional
2008-02-02 23:06 . 2008-02-14 04:30 <DIR> d-------- C:\Documents and Settings\Stu\Application Data\Any DVD Converter Professional
2008-02-02 22:44 . 2008-02-02 22:44 <DIR> d-------- C:\Program Files\Total Video Converter
2008-02-02 22:41 . 2008-02-04 10:49 <DIR> d-------- C:\Program Files\FairUse Wizard 2
2008-02-02 22:31 . 2008-02-02 22:31 <DIR> d-------- C:\Documents and Settings\Stu\Application Data\Nero8
2008-02-02 05:30 . 2008-02-02 05:30 <DIR> d-------- C:\Program Files\PlayPianoTODAY
2008-01-31 00:46 . 2008-01-31 00:46 <DIR> d-------- C:\Program Files\Mayoko
2008-01-30 23:44 . 2008-01-30 23:44 <DIR> d-------- C:\Sandbox
2008-01-30 23:44 . 2008-02-05 20:56 <DIR> d-------- C:\Program Files\Sandboxie
2008-01-29 21:34 . 2008-02-11 09:45 <DIR> d-------- C:\Documents and Settings\Stu\Application Data\DMCache
2008-01-29 05:34 . 2008-02-15 20:56 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 2
2008-01-29 05:08 . 2008-01-29 05:08 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-29 01:20 . 2008-01-29 01:20 <DIR> d-------- C:\Program Files\X-Setup Pro
2008-01-29 01:12 . 2008-01-29 01:12 <DIR> d-------- C:\Program Files\Security Task Manager
2008-01-28 21:56 . 2008-02-13 12:01 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-01-28 21:50 . 2008-01-28 21:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-28 21:03 . 2008-01-28 21:03 <DIR> d-------- C:\programdata
2008-01-28 21:03 . 2008-01-28 21:03 <DIR> d-------- C:\Program Files\IM_Lock
2008-01-28 21:03 . 2008-01-22 02:12 593,920 --a------ C:\WINDOWS\system32\imlock.exe
2008-01-28 21:03 . 2008-01-28 21:03 39,911 --a------ C:\WINDOWS\system32\ntmsn.exe
2008-01-28 15:08 . 2008-01-29 21:47 <DIR> d-------- C:\Program Files\uploaded.tool
2008-01-28 06:02 . 2008-01-28 21:20 <DIR> d-------- C:\Program Files\SpywareGuard
2008-01-28 05:57 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-01-28 03:17 . 2008-01-28 13:22 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-28 03:17 . 2008-01-28 13:22 <DIR> d-------- C:\Documents and Settings\Stu\Application Data\SUPERAntiSpyware.com
2008-01-28 03:17 . 2008-01-28 03:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 21:05 --------- d-----w C:\Program Files\PeerGuardian2
2008-02-15 20:57 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-14 18:08 --------- d-----w C:\Program Files\FlashGet
2008-02-14 03:21 --------- d-----w C:\Documents and Settings\Stu\Application Data\AVG7
2008-02-14 01:47 --------- d-----w C:\Program Files\MediaCoder MPx Player Edition
2008-02-14 01:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-14 00:11 --------- d-----w C:\Program Files\DivX
2008-02-13 05:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-12 20:17 --------- d-----w C:\Documents and Settings\Stu\Application Data\Azureus
2008-02-12 10:07 --------- d-----w C:\Program Files\VstPlugins
2008-02-12 09:53 --------- d-----w C:\Program Files\Replay Converter
2008-02-08 17:50 --------- d-----w C:\Documents and Settings\Stu\Application Data\Skype
2008-02-08 03:13 --------- d-----w C:\Documents and Settings\Stu\Application Data\Applied Acoustics Systems
2008-02-06 02:26 --------- d-----w C:\Program Files\Mutilate File Wiper
2008-02-06 02:26 --------- d-----w C:\Program Files\Har-Bal 2.3
2008-02-06 02:26 --------- d-----w C:\Program Files\EphPod
2008-02-02 23:55 --------- d-----w C:\Program Files\Common Files\Nero
2008-02-02 23:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-02 19:32 --------- d-----w C:\Program Files\Propellerhead
2008-02-02 05:30 737,280 ----a-w C:\windows\iun6002.exe
2008-01-29 04:28 --------- d-----w C:\Program Files\Edirol
2008-01-29 04:23 --------- d-----w C:\Program Files\MIDIOX
2008-01-29 01:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\X-Setup Pro
2008-01-29 01:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-28 06:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-28 05:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-27 21:39 --------- d-----w C:\Program Files\East West
2008-01-27 13:36 --------- d-----w C:\Program Files\GetRight
2008-01-26 15:04 716,272 ----a-w C:\windows\system32\drivers\sptd.sys
2008-01-26 00:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-25 17:11 --------- d-----w C:\Documents and Settings\Stu\Application Data\Propellerhead Software
2008-01-25 17:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Propellerhead Software
2008-01-25 16:15 --------- d-----w C:\Program Files\Common Files\Native Instruments
2008-01-25 16:14 --------- d-----w C:\Program Files\Native Instruments
2008-01-24 18:29 --------- d-----w C:\Program Files\Antares Audio Technologies
2008-01-24 16:58 --------- d-----w C:\Documents and Settings\Stu\Application Data\Steinberg
2008-01-24 16:21 --------- d-----w C:\Program Files\Syncrosoft
2008-01-23 17:26 --------- d-----w C:\Program Files\Nomad Factory
2008-01-23 16:20 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-18 11:54 --------- d-----w C:\Program Files\Smart Projects
2008-01-18 10:28 --------- d-----w C:\Documents and Settings\Stu\Application Data\Digidesign
2008-01-18 08:51 --------- d-----w C:\Program Files\Digidesign
2008-01-17 19:27 --------- d-----w C:\Documents and Settings\Stu\Application Data\Tracktion 3
2008-01-17 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Tracktion 3
2008-01-17 14:23 --------- d-----w C:\Program Files\Avant Browser
2008-01-17 14:22 --------- d-----w C:\Program Files\FizzBoost
2008-01-17 14:22 --------- d-----w C:\Documents and Settings\Stu\Application Data\SlimBrowser
2008-01-13 19:17 --------- d-----w C:\Documents and Settings\Stu\Application Data\dvdcss
2008-01-13 09:12 --------- d-----w C:\Program Files\All Media Fixer
2008-01-13 09:10 --------- d-----w C:\Program Files\videofixer
2008-01-13 03:42 --------- d-----w C:\Program Files\Active Desktop Calendar
2008-01-13 03:42 --------- d-----w C:\Documents and Settings\Stu\Application Data\XemiComputers
2008-01-10 21:40 --------- d-----w C:\Documents and Settings\Stu\Application Data\X-Setup Pro
2008-01-10 21:35 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-01-10 21:26 --------- d-----w C:\Documents and Settings\Stu\Application Data\URSoft
2008-01-10 21:02 --------- d-----w C:\Program Files\Radeon Omega Drivers
2008-01-10 21:00 --------- d-----w C:\Program Files\MySpace
2008-01-10 20:54 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-01-10 20:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-01-10 19:01 --------- d-----w C:\Program Files\3D SexVilla
2008-01-06 17:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\FizzBoost
2008-01-03 01:32 472,576 ----a-w C:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
2008-01-03 01:11 --------- d-----w C:\Program Files\Easy Hi-Q Recorder
2008-01-02 04:46 --------- d-----w C:\Program Files\Azureus
2008-01-01 23:22 --------- d-----w C:\Program Files\FPSpellCheck
2008-01-01 23:04 256 ----a-w C:\Documents and Settings\Stu\pool.bin
2008-01-01 20:37 --------- d-----w C:\Documents and Settings\Stu\Application Data\InstallShield
2008-01-01 20:24 --------- d-----w C:\Documents and Settings\Stu\Application Data\Roxio
2008-01-01 20:24 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Roxio
2008-01-01 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2007-12-18 09:51 179,584 ----a-w C:\windows\system32\drivers\mrxdav.sys
2007-12-14 11:32 12,632 ----a-w C:\windows\system32\lsdelete.exe
2007-12-08 23:32 87,040 ----a-w C:\windows\system32\ra32sipr.dll
2007-12-08 23:32 85,504 ----a-w C:\windows\system32\encdnet.dll
2007-12-08 23:32 81,920 ----a-w C:\windows\system32\ra3214_4.dll
2007-12-08 23:32 72,704 ----a-w C:\windows\system32\ra3228_8.dll
2007-12-08 23:32 61,952 ----a-w C:\windows\system32\decdnet.dll
2007-12-08 23:32 487,936 ----a-w C:\windows\system32\rmbe3260.dll
2007-12-08 23:32 487,424 ----a-w C:\windows\system32\msvcp70.dll
2007-12-08 23:32 352,768 ----a-w C:\windows\system32\pngu3263.dll
2007-12-08 23:32 344,064 ----a-w C:\windows\system32\msvcr70.dll
2007-12-08 23:32 21,504 ----a-w C:\windows\system32\ra32dnet.dll
2007-12-08 23:32 131,072 ----a-w C:\windows\system32\pneng50.dll
2007-12-08 23:32 130,560 ----a-w C:\windows\system32\pnc3250.dll
2007-12-07 02:21 824,832 ----a-w C:\windows\system32\wininet.dll
2007-12-05 03:05 368,640 ----a-w C:\windows\system32\ATIDEMGX.dll
2007-12-05 03:04 269,312 ----a-w C:\windows\system32\ati2dvag.dll
2007-12-05 02:56 147,456 ----a-w C:\windows\system32\atipdlxx.dll
2007-12-05 02:55 43,520 ----a-w C:\windows\system32\ati2edxx.dll
2007-12-05 02:55 26,112 ----a-w C:\windows\system32\Ati2mdxx.exe
2007-12-05 02:55 122,880 ----a-w C:\windows\system32\Oemdspif.dll
2007-12-05 02:55 122,880 ----a-w C:\windows\system32\ati2evxx.dll
2007-12-05 02:53 53,248 ----a-w C:\windows\system32\ATIDDC.DLL
2007-12-05 02:53 495,616 ----a-w C:\windows\system32\ati2evxx.exe
2007-12-05 02:48 9,535,488 ----a-w C:\windows\system32\atioglx2.dll
2007-12-05 02:33 1,640,192 ----a-w C:\windows\system32\ativvaxx.dll
2007-12-05 02:19 5,435,392 ----a-w C:\windows\system32\atioglxx.dll
2007-12-05 02:19 385,024 ----a-w C:\windows\system32\atikvmag.dll
2007-12-05 02:17 17,408 ----a-w C:\windows\system32\atitvo32.dll
2007-12-05 02:14 180,224 ----a-w C:\windows\system32\atiok3x2.dll
2005-07-14 18:31 27,648 --sha-w C:\windows\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Active Desktop Calendar"="C:\Program Files\Active Desktop Calendar\ADC.exe" [2007-12-19 10:55 3694592]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 17:40 1421824]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 13:08 136136]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 14:06 118784 C:\WINDOWS\system32\ptipbmf.dll]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 15:24 86016]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-14 00:36 196608]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-03-17 10:30 102400]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 16:30 45632]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-31 14:41 579072]
"M-Audio Taskbar Icon"="C:\windows\System32\M-AudioTaskBarIcon.exe" [2007-01-25 09:54 154112]
"PtiuPbmd"="ptipbm.dll" [2003-01-15 18:41 24576 C:\WINDOWS\system32\ptipbm.dll]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"AtiPTA"="atiptaxx.exe" [2006-02-22 01:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
"DigidesignMMERefresh"="C:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 00:35 77824]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"vsc32cnf.exe"="C:\Program Files\Roland\VSC32\vsc32cnf.exe" [2000-02-07 03:02 36864]
"vscvol.exe"="C:\Program Files\Roland\VSC32\vscvol.exe" [2000-02-08 23:19 36864]
"OutpostMonitor"="C:\PROGRA~1\OUTPOS~1\op_mon.exe" [2007-12-20 17:48 961536]
"OutpostFeedBack"="C:\Program Files\Outpost Firewall Pro\feedback.exe" [2007-12-19 13:32 405504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-26 00:41 219136]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 01:17 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\outpos~1\wl_hook.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Stu^Start Menu^Programs^Startup^fbquick.lnk]
path=C:\Documents and Settings\Stu\Start Menu\Programs\Startup\fbquick.lnk
backup=C:\windows\pss\fbquick.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
-ra------ 2007-08-30 05:32 61440 C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search 2]
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeltTray]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT LGE]
--a------ 2007-06-12 11:32 291328 C:\Program Files\Portrait Displays\forteManager\DTHtml.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileAnt]
C:\Program Files\FileAnt\FileAnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-09-25 08:10 2007088 C:\Program Files\FlashGet\FlashGet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
--a------ 2007-12-11 03:59 307200 C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1179333366\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-09-11 04:40 218032 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 13:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacDrive7.0.4TimeOutPatch]
C:\Program Files\Mediafour\MacDrive 7\TimeOutPatch.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-05-11 01:08 2512392 C:\windows\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
--a------ 2007-02-22 18:53 2209224 C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 14:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-09-28 01:17 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-14 23:43 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-09-13 12:31 22880040 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyWin]
C:\PROGRA~1\SkyWin\SkyWin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
C:\PROGRA~1\SkyWin\SkyWin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-11-09 21:08 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
--a------ 2004-03-18 09:33 892928 C:\Program Files\Logitech\iTouch\iTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{B179023B-6238-4499-8F26-CD73E9D90E0A}]
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe

R0 DigiFilter;DigiFilter;C:\windows\system32\drivers\DigiFilt.sys [2006-12-08 22:50]
R0 dontgo;Promise Removable Disk Control Driver;C:\windows\system32\DRIVERS\DontGo.sys [2004-06-29 13:25]
R0 fttxr5_O;fttxr5_O;C:\windows\system32\DRIVERS\fttxr5_O.sys [2006-07-17 11:22]
R0 ulsata2;ulsata2;C:\windows\system32\DRIVERS\ulsata2.sys [2005-06-29 15:44]
R1 Asapi;Asapi;C:\windows\system32\drivers\Asapi.sys [2002-04-17 20:27]
R1 SandBox;SandBox;C:\windows\system32\DRIVERS\SandBox.sys [2007-12-20 17:47]
R2 SBKUPNT;SBKUPNT;C:\windows\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56]
R3 afw;Agnitum firewall driver;C:\windows\system32\DRIVERS\afw.sys [2007-12-12 14:55]
R3 ASWFilt;ASWFilt;C:\windows\system32\Filt\ASWFilt.dll [2007-12-20 17:48]
R3 CLEDX;Team H2O CLEDX service;C:\windows\system32\DRIVERS\cledx.sys [2005-05-09 19:08]
R3 LCcfltr;Logitech USB Filter Driver;C:\windows\system32\Drivers\LCcFltr.Sys [2004-03-03 09:50]
R3 Tetris;Tetris driver;C:\windows\system32\Drivers\Tetris.sys [2008-01-18 09:04]
R3 vsc32;Virtual Sound Canvas 3.2;C:\windows\system32\DRIVERS\vsc.sys [2001-04-16 09:16]
S1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v3.8.421\ATI Tray Tools\atitray.sys []
S2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\OUTPOS~1\acs.exe [2007-12-19 13:32]
S3 ASUSHWIO;ASUSHWIO;C:\WINDOWS\system32\drivers\ASUSHWIO.sys []
S3 EWAVE;EWAVE;C:\windows\system32\drivers\ew.sys []
S3 FILESPY;FILESPY;C:\windows\system32\drivers\FILESPY.sys []
S3 LoopBe30;nerds.de LoopBe30 - Internal Midi Port SvcDesc(WDM);C:\windows\system32\drivers\loopbe30.sys []
S3 MS1000;MS1000;C:\windows\system32\DRIVERS\MS1000.sys [2008-01-26 20:31]
S3 NSTATION;NSTATION;C:\windows\system32\drivers\nstation.sys []
S3 usbprint;Microsoft USB PRINTER Class;C:\windows\system32\DRIVERS\usbprint.sys [2004-08-03 22:01]

*Newly Created Service* - PGFILTER
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 21:06:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\windows\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Active Desktop Calendar\MouseHook.dll
.
Completion time: 2008-02-15 21:06:41
ComboFix-quarantined-files.txt 2008-02-15 21:06:39
ComboFix2.txt 2008-01-29 22:51:14

#4 Stuee

Stuee
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 14 February 2008 - 04:25 PM

UPDATE:
I just rebooted to see whether the core.cache.dsk stays deleted, and it has! :thumbsup:
Plus, IE seems to have stopped popping up. I think Combofix has done the trick - which is odd because I had tried it before and nothing changed.
Anyway I'll wait to see whether there's anything else you want me to do.

Cheers, Stuee

#5 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:33 AM

Posted 14 February 2008 - 06:09 PM

Hi Stuee,


Click Start, then Run and type Notepad and click OK.
Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the code box below into notepad:

Folder::
C:\fixwareout
C:\VundoFix Backups


Name the Notepad file CFScript.txt and Save it to your desktop.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


******************

Download and install AVG Anti-Spyware v7.5.
  • After download, double click on the file to launch the install process.
  • Choose a language, click "OK" and then click "Next".
  • Read the "License Agreement" and click "I Agree".
  • Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
  • After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
  • Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update". Wait until you see the "Update successful" message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here.
  • Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". (Note: When run in safe mode, sometimes the GUI is larger than the screen and the buttons at the bottom are partly or completely hidden, making them unaccessible for doing a scan. If this is the case, press the WINKEY + M key to "Minimize" the AVG display. Then right-click on AVG in the Task Bar and select "Maximize". If that does not help, then you may have to run your scan in normal mode and advise your helper afterwards.)

Scan with AVG Anti-Spyware as follows:
  • Click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
  • Under "Reports" select "Do not automatically generate reports" and UNcheck "Only if threats were found".
  • Click the "Scan" tab to return to scanning options.
  • Click "Complete System Scan" to start.
  • When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
  • You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
  • Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop.
    A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
  • Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can can continue to use as an on-demand scanner or you may purchase a license to use the full version.

When done, submit the AVG Anti-Spyware 7.5 log, the contents of Combofix.txt and a fresh Hijackthis log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 Stuee

Stuee
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 14 February 2008 - 09:01 PM

Hi again.
Unfortunately my system will now not boot into safe mode. My first suspicion is one of the MS updates I installed the other day.
I don't have time to look into it now and I'm away in London tomorrow, but I'll come back to this over the weekend and keep you posted.
Thanks again, Stuee

#7 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:33 AM

Posted 22 February 2008 - 11:45 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users