code.cache.dsk

I am having problems removing this file. I understand that it has a randomly named protector file that i have to find, but i havent been able to locate it. The popups are becoming quite annoying. Please help.

 

I hope these are all the log files you need. See attached.

 

Hi pitty238,

1) To begin with, please disable Spybot's TeaTimer. This can be done two ways.
First:

• Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
• If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
• If you have Version 1.4, Click on Exit Spybot S&D Resident

or Second, For Either Version :

• Open Spybot S&D
• Click Mode, choose Advanced Mode
• Go To the bottom of the Vertical Panel on the Left, Click Tools
• then, also in left panel, click Resident shows a red/white shield.
• If your firewall raises a question, say OK
• In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
• OK any prompts.
• Use File, Exit to terminate Spybot

2) Now run CCleaner at the default setting with the Windows tab as the one on top.

3) Go to add/remove programs and uninstall the below:

Viewpoint Manager (Remove Only)
Viewpoint Media Player
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_03

4) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger

5) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {2A5892F4-115E-44B1-BF56-F78BD7590930} - (no file)
O2 - BHO: (no name) - {3E444B70-935E-47F7-867A-81B4ACAA6C1D} - C:\Program Files\.\savuga89104.dll (file missing)
O2 - BHO: (no name) - {987E414A-00D2-4674-B547-63041F79EC6D} - (no file)
O2 - BHO: (no name) - {d416eeb4-7b76-4b16-88ed-d867b3c5c241} - (no file)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [982eb9c5] rundll32.exe "C:\WINDOWS\system32\oaqsphsy.dll",b
O4 - HKLM\..\Run: [BM9b1d8a59] Rundll32.exe "C:\WINDOWS\system32\esctjwpl.dll",s
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

After you click fix, just close hijackthis.


6) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

7) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

8) Install the current version of Sun Java from: Sun Java Runtime Environment


9) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log.


Let me know how things are running now?

abri

 

I did everything you asked. Thanks for the help. I can let you know if anything seems to not work. I had one more question though. I have a list of programs now:

ad aware, spybot, CCcleaner, SAS, ATF-cleaner, avenger, and malwarebytes

Which of these should i keep and run on a regular basis?

Thanks again for the help and i tried attaching the logs you asked for as well, but it wont let me for some reason. I can paste them in a message. It does not give me the option, only "Valid file extensions: bmp doc gif jpe jpeg jpg log pdf png psd txt zip". No where to click and add.

 

Hi Pitty238,

I need to check your logs to make sure the files that needed to be deleted were actually deleted and that no new ones were put onto your computer. There is sometimes a problem with attachments from our side. Please try to attach the logs again using a different browser or try emptying your cache before you use the browser. Either of these often solves the problem. You should be attaching a zip file and this particular file MGlogs.zip is approved for attachment.

In our final cleanup instructions, we post a link for you to read about the recommendations of this site for a combination of antispyware / antivirus / and two-way firewall which will enable you to get the best protection for the least amount of resources. Although we haven't made it to the final cleanup instructions, you are welcome to look at that link, which is here: How to Protect Yourself from Malware[/LIST]

How is your computer running now?

abri

 

Here is an updated version of the MGlogs. Ill see if i can find the avenger logs from that day. The comp is working great and no more popups. The code.cache.dsk file is also deleted.

 

Hi Pitty238,

You still have some bad files on your computer. Please print out the following instructions and then shut down your computer. Disconnect it physically from the internet and then boot back up. After rebooting, please disconnect any antivirus or antispyware programs you have running as these can sometimes block our fixes. After you run the below instructions, be sure to re-enable all your antivirus and antispyware programs before you reconnect to the internet.

First of all
1) What is in the following folders? Do not open any files:

C:\WINDOWS\system32\md2
C:\WINDOWS\system32\Kaspersky Lab


2) Next, I would like for you to run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {987E414A-00D2-4674-B547-63041F79EC6D} - (no file)
O2 - BHO: (no name) - {d416eeb4-7b76-4b16-88ed-d867b3c5c241} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"


After you click fix, just close hijackthis.

3) Download and install Erunt. Use it to create a backup of your registry.

4) Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

5) Now run The Avenger again as you did before in post 4, step 6, only this time use the contents of this box:

6) Please run CCleaner.


7) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log.


Let me know how things are running now?

abri

 

Here are the updated logs. Im pretty sure i did everything right.

 

Hi Pitty238,

grrrrr - wrong syntax - sorry

1) Please run The Avenger again as you did before in post 4, step 6, only this time use the contents of this box:

2) Check the Avenger log and see if it's been deleted correctly this time.

I don't see anything else in your logs. How is your computer working? If it's doing better, I will post the final set of instructions to you to remove all the tools and logs we put on your computer.

abri

 

It deleted the file, and the computer seems to be working fine. Thank you for all the help.

 

Hi Pitty238,

Here are the final cleanup instructions which will remove the tools we used. Also, there are instructions for clearing your old restore points and setting a fresh one.

abri