Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Core.cache.dsk Removal


  • Please log in to reply
1 reply to this topic

#1 Day_V6880

Day_V6880

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 01 March 2008 - 05:21 PM

Here is the Combofix Log, can you tell me what I can do to remove core.cache.dsk.

ComboFix 08-03-01.3 - David 2008-03-01 15:22:17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.400 [GMT -5:00]
Running from: C:\Documents and Settings\David\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\reg.reg
C:\temp\tn3
C:\WINDOWS\system32\_000202_.tmp.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\jkchywgb.dllbox
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\srqss.ini2

----- BITS: Possible infected sites -----

hxxp://softworldnetwork.com
hxxp://onsafepro.com
.
((((((((((((((((((((((((( Files Created from 2008-02-01 to 2008-03-01 )))))))))))))))))))))))))))))))
.

2008-03-01 15:15 . 2008-03-01 15:17 <DIR> d-------- C:\Program Files\CCleaner
2008-03-01 15:15 . 2008-03-01 15:16 <DIR> d-------- C:\ComboFix[1]
2008-03-01 15:11 . 2008-03-01 15:11 3,218 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-01 15:07 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-01 15:07 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-01 15:07 . 2008-02-28 11:37 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-01 15:07 . 2008-02-29 23:48 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-01 15:07 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-01 15:07 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-01 15:07 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-01 15:03 . 2008-03-01 15:03 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-01 05:13 . 2008-03-01 05:13 <DIR> d-------- C:\Program Files\Sun
2008-03-01 04:50 . 2008-03-01 04:51 <DIR> d-------- C:\Documents and Settings\David\.SunDownloadManager
2008-03-01 04:43 . 2008-03-01 04:43 <DIR> d-------- C:\VundoFix Backups
2008-02-29 14:13 . 2008-03-01 00:17 <DIR> d-------- C:\Documents and Settings\David\Application Data\uTorrent
2008-02-28 18:00 . 2008-02-28 18:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-28 02:38 . 2008-02-28 02:38 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-28 02:24 . 2008-03-01 06:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-28 02:24 . 2008-02-28 02:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-28 02:02 . 2008-02-28 02:02 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-02-28 02:02 . 2008-02-28 02:02 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-02-25 00:35 . 2008-02-25 00:48 <DIR> d-------- C:\TOOLKIT
2008-02-25 00:19 . 2008-02-25 00:19 <DIR> d-------- C:\Documents and Settings\David\Application Data\Lavasoft
2008-02-23 17:23 . 2008-02-23 17:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sunbelt Software
2008-02-23 17:19 . 2004-04-02 05:07 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-02-23 17:19 . 2004-04-03 03:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-02-23 17:19 . 2004-04-02 20:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-02-23 15:56 . 2008-02-23 15:56 3,120 --a------ C:\WINDOWS\system32\HAF9SE8K.ocx
2008-02-23 15:56 . 2008-02-23 15:56 3,120 --a------ C:\WINDOWS\D9H7ADCC.ocx
2008-02-23 06:10 . 2008-02-23 06:10 101 --a------ C:\WINDOWS\wininit.ini
2008-02-23 05:30 . 2008-02-23 05:30 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-23 05:30 . 2008-02-23 16:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-22 21:29 . 2008-02-22 21:29 <DIR> d-------- C:\Documents and Settings\David\Application Data\Sunbelt Software
2008-02-22 21:29 . 2008-02-22 21:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-02-22 21:29 . 2008-02-22 21:29 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-02-22 21:22 . 2008-02-22 21:22 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-02-22 01:56 . 2008-02-22 01:56 <DIR> d-------- C:\fsaua.data
2008-02-21 00:39 . 2008-03-01 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-02-21 00:36 . 2008-02-21 00:36 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-02-21 00:36 . 2008-03-01 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-02-20 16:38 . 2008-02-20 16:38 <DIR> d-------- C:\Program Files\Panicware
2008-02-18 19:45 . 2004-02-11 23:08 1,783,864 --a------ C:\WINDOWS\system32\WINPY.MB
2008-02-18 19:44 . 2004-02-11 23:00 180,770 --a--c--- C:\WINDOWS\system32\dllcache\c_20932.nls
2008-02-18 19:43 . 2001-08-17 22:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2008-02-16 23:37 . 2008-02-16 23:37 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-02-16 23:37 . 2008-02-23 17:20 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-02-16 03:54 . 2008-02-16 03:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-02-16 03:53 . 2008-02-16 16:14 <DIR> d-------- C:\Documents and Settings\David\Application Data\Uniblue
2008-02-16 03:27 . 2008-02-21 00:39 <DIR> d-------- C:\Program Files\STOPzilla!
2008-02-16 03:27 . 2008-02-16 03:27 <DIR> d-------- C:\Documents and Settings\David\Application Data\STOPzilla!
2008-02-15 21:41 . 2008-02-16 14:11 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-02-15 21:23 . 2008-02-15 21:23 <DIR> d-------- C:\Program Files\Mininova
2008-02-15 21:23 . 2008-02-15 21:23 <DIR> d-------- C:\Program Files\Conduit
2008-02-15 03:56 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-02-15 03:56 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-02-15 03:56 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-02-15 02:52 . 2008-02-15 02:52 <DIR> d-------- C:\Documents and Settings\David\Application Data\AdobeUM
2008-02-14 12:46 . 2008-02-14 12:46 <DIR> d-------- C:\Program Files\Xvid
2008-02-14 12:46 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-02-14 12:46 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-02-14 12:46 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-02-13 03:17 . 2008-02-13 03:17 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-02-12 18:39 . 2008-02-12 18:39 <DIR> d-------- C:\Program Files\Common Files\Defender Pro Firewall
2008-02-12 18:38 . 2008-02-12 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus
2008-02-12 18:37 . 2008-02-12 18:37 64 --a------ C:\WINDOWS\tsiwinfile.dat
2008-02-12 18:36 . 2008-02-23 20:32 <DIR> d-------- C:\Program Files\DefenderPro AntiSpy
2008-02-12 18:36 . 2008-02-12 18:36 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-02-12 18:36 . 2004-08-04 00:56 54,784 --a------ C:\WINDOWS\system32\msvcirt.dll.bak
2008-02-12 18:34 . 2008-02-12 18:54 <DIR> d-------- C:\Program Files\Defender Pro
2008-02-12 06:36 . 2008-02-12 06:36 <DIR> d-------- C:\Documents and Settings\David\Application Data\Symantec
2008-02-11 23:49 . 2008-02-11 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-11 23:43 . 2008-02-11 23:43 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-11 23:06 . 2008-02-11 23:06 86,144 --a------ C:\WINDOWS\system32\drivers\mnmddd.sys
2008-02-11 22:45 . 2008-02-11 22:45 15,939,586 --a------ C:\WINDOWS\system32\eav_nt32_enu.msi
2008-02-11 22:22 . 2008-02-11 22:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-02-11 19:47 . 2008-02-16 15:24 <DIR> d-------- C:\Documents and Settings\David\Application Data\LimeWire
2008-02-11 03:01 . 2008-02-11 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-02-10 22:41 . 2008-02-10 22:41 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-10 22:31 . 2008-02-16 16:12 <DIR> d-------- C:\Program Files\Guild Wars
2008-02-10 12:47 . 2008-02-10 12:47 <DIR> d-------- C:\Program Files\Microsoft Games
2008-02-10 12:38 . 2008-02-10 12:38 <DIR> d-------- C:\Documents and Settings\David\Application Data\iWin
2008-02-10 12:37 . 2008-02-10 12:37 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-02-10 12:37 . 2008-02-10 12:39 <DIR> d-------- C:\Program Files\Jewel Quest 2
2008-02-10 12:32 . 2008-02-10 12:32 <DIR> d-------- C:\WINDOWS\Sun
2008-02-10 12:26 . 2008-02-10 12:26 <DIR> d-------- C:\Program Files\PopCap Games
2008-02-10 12:26 . 2008-02-10 12:27 16 --a------ C:\WINDOWS\popcinfo.dat
2008-02-10 12:08 . 2004-08-20 15:50 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
2008-02-10 01:58 . 2008-02-10 01:58 <DIR> d-------- C:\WINDOWS\system32\SolidStateNetworks
2008-02-10 01:06 . 2008-02-10 01:06 <DIR> d-------- C:\Program Files\Sudoku
2008-02-10 01:06 . 2008-02-10 01:06 <DIR> d-------- C:\Program Files\BFG
2008-02-10 01:06 . 2008-02-10 01:06 <DIR> d-------- C:\Documents and Settings\David\Application Data\demo
2008-02-10 01:04 . 2008-02-10 01:04 <DIR> d-------- C:\Program Files\Mahjong Towers Eternity
2008-02-10 01:04 . 2008-02-10 01:04 <DIR> d-------- C:\Program Files\bfgclient
2008-02-10 01:04 . 2008-02-10 01:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-02-09 23:56 . 2008-02-09 23:56 <DIR> d-------- C:\Documents and Settings\David\Application Data\QQ Games
2008-02-09 23:54 . 2008-02-09 23:54 <DIR> d-------- C:\Documents and Settings\David\Application Data\QQ Games Plugin
2008-02-09 23:54 . 2008-02-09 23:54 <DIR> d-------- C:\Documents and Settings\David\Application Data\acccore
2008-02-09 23:48 . 2008-02-09 23:48 <DIR> d-------- C:\Program Files\Tencent
2008-02-09 23:48 . 2008-02-10 00:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-02-09 23:46 . 2008-02-20 17:56 <DIR> d-------- C:\Program Files\AIMTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 10:13 --------- d-----w C:\Program Files\Java
2008-03-01 06:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-09 22:06 --------- d-----w C:\Program Files\iTunes
2008-02-09 22:05 --------- d-----w C:\Program Files\iPod
2008-02-09 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-09 22:03 --------- d-----w C:\Program Files\QuickTime
2008-02-09 07:09 --------- d-----w C:\Program Files\Easy Internet signup
2008-02-09 07:04 --------- d-----w C:\Program Files\Quicken
2008-02-09 02:19 3,888 ----a-w C:\WINDOWS\viassary-hp.reg
2008-02-06 03:46 --------- d-----w C:\Program Files\InterMute
2008-02-05 00:05 4,182 --sha-r C:\WINDOWS\system32\drivers\HP_PC184A-ABA SR1123WM NA430_YC_Pres_QCNC426_E43NAheREG3_4_IGamila Giovani Neon series_SMICRO-STAR INTERNATIONAL CO., LTD_V030_B3.11_T040517_WXH1_L409_M1016_J80_7Intel_8Celeron_92.67_1_N10EC8139_P_Z11C1048C_K_A_U808624C2.MRK
2008-01-31 17:16 34,944 ----a-r C:\WINDOWS\system32\drivers\SZKG.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f592709f-ff4a-4862-b659-4afabda56312}]
2008-02-14 14:54 1555480 --a------ C:\Program Files\Mininova\tbMini.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{102BAD8B-CD05-46FF-94FF-A2C1ABD5F7D5}
{F592709F-FF4A-4862-B659-4AFABDA56312}
{98828DED-A591-462F-83BA-D2F62A68B8B8}

[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F592709F-FF4A-4862-B659-4AFABDA56312}"= C:\Program Files\Mininova\tbMini.dll [2008-02-14 14:54 1555480]

[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 13:31 1372160]
"PopUpStopperProfessional"="C:\Program Files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe" [2008-02-18 15:39 516096]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 15:51 118784]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-04-02 04:43 151597]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-13 23:43 233472]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 22:13 98304]
"nwiz"="nwiz.exe" [2005-04-01 16:16 1495040 C:\WINDOWS\system32\nwiz.exe]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-01-05 18:34 40960]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"NSRKey"="C:\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe" [2007-03-26 15:45 1582696]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-28 01:38 107112]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 21:22 26248]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 15:55 155648]
"Norton Save and Restore"="C:\PROGRA~1\NORTON~1\NSR\Agent\NSRTray.exe" [2007-03-26 15:45 1582696]
"NSWosCheck"="C:\Program Files\Norton SystemWorks Premier\osCheck.exe" [2007-12-03 01:41 25472]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-11-28 12:57 698864]

C:\Documents and Settings\David\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-02-04 16:12:55 106496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^David^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo PopUpBlocker]
--a------ 2004-02-03 14:13 1216000 C:\PROGRA~1\DEFEND~1\DEFEND~4\PopUpKiller.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAVPersonal50]
--a------ 2006-03-27 08:18 440423 C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
--a------ 2007-10-15 21:39 601336 C:\Program Files\Registry Clean Expert\RCHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Defender Pro\\Defender Pro Anti-Virus\\kav.exe"=
"C:\\Program Files\\Defender Pro\\Defender Pro Firewall\\KAVPF.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"44481:TCP"= 44481:TCP:*:Disabled:SolidNetworkManager
"44481:UDP"= 44481:UDP:*:Disabled:SolidNetworkManager
"21537:TCP"= 21537:TCP:*:Disabled:SolidNetworkManager
"21537:UDP"= 21537:UDP:*:Disabled:SolidNetworkManager

R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys [2005-08-04 10:19]
R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys [2005-08-04 10:19]
R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-02-22 21:29]
R0 szkg5;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys [2008-01-31 12:16]
S1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2005-10-03 09:59]
S1 mnmddd;mnmddd;C:\WINDOWS\system32\drivers\mnmddd.sys [2008-02-11 23:06]
S2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
S2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]
S2 Norton Save and Restore;Norton Save and Restore;C:\PROGRA~1\NORTON~1\NSR\Agent\VProSvc.exe [2007-03-26 15:45]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S3 NPDriver;Norton UnErase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2006-10-10 08:17]
S3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys []
S3 SDdriver;SDdriver;C:\WINDOWS\system32\Drivers\sddriver.sys [2005-11-03 21:43]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-27 16:14:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-01 06:09:10 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-02-26 22:42:47 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - David.job"
- C:\PROGRA~1\NORTON~2\Navw32.exeh/TASK:
"2008-02-25 20:36:25 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks Premier\OBC.exe
"2008-02-16 21:42:45 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 15:43:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
.
**************************************************************************
.
Completion time: 2008-03-01 16:15:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-01 21:15:23
.
2008-02-29 08:34:28 --- E O F ---

BC AdBot (Login to Remove)

 


m

#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,693 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:11 PM

Posted 01 March 2008 - 11:24 PM

Hello Day_V6880 and welcome to BC :trumpet:

A general warning to users of Combofix, followed by directions for what to do next :flowers:

Combofix is a powerful tool intended by its creator to be used under the direction of an expert. It is NOT for private use. You should NOT use Combofix unless a Malware Removal Expert has told you to. Improper use of this tool can seriously damage your operating system and may even prevent it from starting again. Please read Combofix's Disclaimer.

Please follow the directions in this guide. If you cannot do a step, then skip it and go to the next. Then create an HJT log, you will find the directions in Step 9 of the guide.

Create a new topic in the HJT forum, not here and give it a good descriptive title. Briefly summarize what the problems are, what you have done to try to solve it, and what worked and didn't work. Paste in your HJT log being sure to include the Top Portion of the log which lists the version information.

After you post your log, DO NOT make any further changes to your computer: deleting files, editing the registry, using special fix tools, installing or uninstalling software etc. as this will make it more difficult for the HJT team to help you.

When you have created your new thread, please post the link to your HJT thread as a reply to this thread so we know you are receiving help from the HJT team.

Please be patient as the HJT team is very busy. DO NOT bump your log as the team may think that someone is already helping you. If you have not had a response in five days, add a response to the five days no response topic and paste in the link to your thread.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users