Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Log For Core.cache.dsk File


  • This topic is locked This topic is locked
15 replies to this topic

#1 troytrey

troytrey

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 17 March 2008 - 12:16 PM

Thanks Jacee and everyone else -- still can't get rid of the \windows\system32\drivers\core.cache.dsk file, i have tried EVERYTHING...this thing is a bleep!!!! i hope i don't have to reinstall???


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:00:14, on 3/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\MICROS~4\Office\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.flemingandstein.com/
O2 - BHO: DbarBHO - {CC11617C-259E-429c-9063-7D70B8355EBD} - C:\Program Files\dbar\Deskbar.dll
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Unknown owner - c:\Program Files\Intel\NCS\Sync\NetSvc.exe (file missing)

--
End of file - 1972 bytes

thanks again

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:48 AM

Posted 17 March 2008 - 03:34 PM

Hello troytrey,

Welcome to Bleeping Computer :thumbsup:

As Jacee told you, this can be cleared up, so no worries, okay? :blink:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 troytrey

troytrey
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 18 March 2008 - 10:23 AM

Teacup 61 You RULE!!!...it appears I have my computer back!! I have spoken to several different services and people regarding this problem and you're the only one that has helped me. I really appreciate it since I use my computer to run my business so this issue was really killing me thanks again. A couple of oher Q's please

I had to interupt the combo fix scan and removal..it took way longer than 10 min.
and I also got locked up in CHKDSK....should i rerun these to make sure??? I have run several sweeps and everything appears to be gone!!!What preventing spyware do you recomend to prevent these problems in the future.

Thanks Again...I certainly will make a donation to keep this great service going

TroyTrey

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:48 AM

Posted 18 March 2008 - 10:10 PM

Hello,

So glad it's better! :wacko: I really would like to see a ComboFix report, so please run it again. This time, when you get it started, just walk away from the computer and let it do its thing. :blink: Sometimes, when a system is heavily infected, it will take much more than 10 minutes. We'll get to prevention next post. :thumbsup:

Donations are very much appreciated, thank you. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 troytrey

troytrey
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 20 March 2008 - 09:06 AM

tea

can't seem to find to combo fix log....does it create a file??

thanks for the help.

#6 troytrey

troytrey
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 20 March 2008 - 03:25 PM

do you mean the hijack this log???

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:48 AM

Posted 21 March 2008 - 01:31 PM

Hello,

Look in the ComboFix folder for a .txt file. That should be the report. :thumbsup:

How is it running today please?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 troytrey

troytrey
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 23 March 2008 - 12:35 PM

don't seem to have that folder - may have deleted it. I'm still running great thanks!!!

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:48 AM

Posted 23 March 2008 - 12:53 PM

Hi there,

You deleted ComboFix? Well all right....we would have deleted it anyway, but I wanted to see what else might have been running around in your system that needs to go. Can you post me up a last HijackThis log then? If it's clean I'll stop hounding you for reports, especially since you say it's running so well. :blink: Deal? :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 troytrey

troytrey
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 26 March 2008 - 12:20 PM

Tea, here it is...still running great..thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:18, on 2008-03-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~4\Office\OUTLOOK.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\R3KT33JI\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.flemingandstein.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: DbarBHO - {CC11617C-259E-429c-9063-7D70B8355EBD} - C:\Program Files\dbar\Deskbar.dll
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Unknown owner - c:\Program Files\Intel\NCS\Sync\NetSvc.exe (file missing)

--
End of file - 2459 bytes

#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:48 AM

Posted 26 March 2008 - 01:44 PM

Hi there,

I'm hoping that ComboFix deleted these, and that they're simply leftovers in your HijackThis log. This is why I wanted to see the report from ComboFix. :thumbsup:

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: DbarBHO - {CC11617C-259E-429c-9063-7D70B8355EBD} - C:\Program Files\dbar\Deskbar.dll
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Navigate to and delete the following folders :

C:\Program Files\dbar
C:\Program Files\winvi

Reboot your computer.

I need to see another one, please, and let me know if those folders were there to delete.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#12 troytrey

troytrey
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 26 March 2008 - 04:35 PM

Here Tea .they both were present.....deleted winvi...could not delete dbar..Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:29, on 2008-03-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SpywareDetector\LiveUpdateSD.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.flemingandstein.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Unknown owner - c:\Program Files\Intel\NCS\Sync\NetSvc.exe (file missing)

--
End of file - 2103 bytes

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:48 AM

Posted 30 March 2008 - 01:43 PM

Hello,

I don't suppose I could talk you into putting an AntiVirus Program on your system could I? :thumbsup: AVG, Avira OR Avast are good FREE antivirus. None of them are heavy on your system, and they really are good.

How is it running after a few days?

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#14 troytrey

troytrey
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 03 April 2008 - 12:56 PM

tea,

thanks so much again....I would like to purchase one...don't i need to remove what i find. I don't really run much on my system.....then maybe i can send you a log...i have a current malware spyware program that has sheild it seem to be working ok. thanks again

#15 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:48 AM

Posted 03 April 2008 - 03:37 PM

Hi there,

If you really feel you have to spend the money, then fine, but until then grab one of those. I use AVG on mine.....ranked right up there with the top paid programs. :blink:

You're most welcome. :thumbsup:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users