Core.cache.dsk = need help!

**Ryyaann** · 2009-05-09, 12:49

ComboFix 09-05-08.03 - Ryan 05/09/2009 5:40.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.894.347 [GMT -5:00]
Running from: c:\users\Ryan\Desktop\ComboFix.exe
FW: CA Personal Firewall 9.1.0.35 *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\temp\tn3

.
((((((((((((((((((((((((( Files Created from 2009-04-09 to 2009-05-09 )))))))))))))))))))))))))))))))
.

2009-05-09 02:32 . 2009-05-09 02:32 -------- d-----w c:\users\Ryan\AppData\Roaming\Malwarebytes
2009-05-09 02:32 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-09 02:32 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-09 02:32 . 2009-05-09 02:32 -------- d-----w c:\programdata\Malwarebytes
2009-05-09 02:32 . 2009-05-09 02:32 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-09 02:32 . 2009-05-09 02:32 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-30 04:56 . 2009-04-30 05:02 -------- d-----w c:\users\Ryan\AppData\Roaming\Hamachi
2009-04-30 04:55 . 2009-04-30 04:55 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-04-19 02:46 . 2009-04-20 01:50 -------- d-----w c:\users\Ryan\Coupons
2009-04-19 01:48 . 2008-10-01 00:35 65536 ----a-w c:\windows\system32\camcodec.dll
2009-04-19 01:40 . 2009-04-19 01:40 -------- d-----w c:\program files\CamStudio
2009-04-15 00:23 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-15 00:23 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-15 00:23 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-12 19:39 . 2002-12-10 07:20 102439 ----a-w c:\windows\system32\sipr3260.dll
2009-04-12 19:39 . 2006-09-29 17:24 217127 ----a-w c:\windows\system32\drv43260.dll
2009-04-12 19:39 . 2006-09-29 17:25 208935 ----a-w c:\windows\system32\drv33260.dll
2009-04-12 19:39 . 2006-09-29 17:26 176165 ----a-w c:\windows\system32\drv23260.dll
2009-04-12 19:39 . 2007-03-19 01:37 65602 ----a-w c:\windows\system32\cook3260.dll
2009-04-12 19:39 . 2006-05-12 00:21 626688 ----a-w c:\windows\system32\vp7vfw.dll
2009-04-12 19:39 . 2006-05-20 21:16 1184984 ----a-w c:\windows\system32\wvc1dmod.dll
2009-04-12 19:39 . 2009-04-12 19:39 -------- d-----w c:\program files\VSO
2009-04-10 08:51 . 2009-04-10 08:51 -------- d-----w c:\program files\WMPTagSupportExtender
2009-04-10 08:47 . 2009-04-10 08:47 -------- d-----w c:\program files\Ogg Codecs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-09 02:17 . 2007-11-27 07:09 -------- d-----w c:\program files\BitLord
2009-05-07 16:31 . 2008-09-08 03:22 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-15 08:28 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-12 19:39 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-12 19:39 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-12 19:39 . 2007-11-28 05:35 47360 ----a-w c:\users\Ryan\AppData\Roaming\pcouffin.sys
2009-04-03 20:51 . 2007-08-31 12:10 -------- d-----w c:\program files\Java
2009-03-17 03:38 . 2009-04-15 00:21 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 00:21 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-09 10:19 . 2008-12-16 09:02 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-03 04:46 . 2009-04-15 00:21 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 00:21 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 00:21 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-15 00:21 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 00:21 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 00:21 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 00:21 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-15 00:21 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 00:21 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 00:21 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 00:21 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 00:21 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-15 00:21 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-26 19:27 . 2007-11-24 07:32 108248 ----a-w c:\users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-13 08:49 . 2009-04-15 00:21 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-15 00:21 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 06:56 2033152 ----a-w c:\windows\system32\win32k.sys
2008-05-24 08:32 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2007-12-20 05:57 . 2007-12-20 05:39 72 --sh--w c:\windows\SE2814D68.tmp
2007-08-31 12:18 . 2007-08-31 12:12 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-05-09_00.43.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-31 11:44 . 2009-05-09 10:40 46528 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-05-09 10:40 57954 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-11-24 08:31 . 2009-05-09 10:40 9308 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1060344925-2780176758-1917801657-1000_UserData.bin
- 2009-05-09 00:42 . 2009-05-09 00:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-09 10:38 . 2009-05-09 10:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-09 10:38 . 2009-05-09 10:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-05-09 00:42 . 2009-05-09 00:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2008-02-22 54672]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9C86FEAD-811F-4FF3-8721-EB157BFEF68A}"= c:\program files\HP\DVDPlay\DVDPlay.exe:_this_program_will_be_deleted
"{D65B3374-533C-4D90-BB24-15A6927E9EE6}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{37775002-EA0C-4733-9624-CDEEAF341F41}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{CF5E2A38-41CC-4BF8-AA57-97396D5BBC61}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{53C5FEA9-F35C-4662-9C20-C71829D85BF0}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B9240566-E56A-4F7D-AFCB-61EF15F38456}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2741757D-95B3-4596-A1E2-63CCE3761046}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{3536B1B5-56B4-4020-9004-577A12F6B4FE}c:\\program files\\bitlord2\\bitlord.exe"= UDP:c:\program files\bitlord2\bitlord.exe:
"UDP Query User{441B2425-EC46-4892-B907-53AEADCFACE0}c:\\program files\\bitlord2\\bitlord.exe"= TCP:c:\program files\bitlord2\bitlord.exe:
"TCP Query User{0731591D-AA69-4FF6-86D7-255615836873}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{377F63FF-8C84-43A9-8956-5233E7DF1395}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{70FE5CB0-71CA-4E79-BA7A-3240893F8B12}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{799ABF85-372D-453D-BB3F-18707F003BA4}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{01C6D322-6D61-463E-83DB-38B9A98E82C6}"= UDP:465:Mail
"{E23C8140-18FA-4D5A-A4A8-CCE752C0CC78}"= UDP:c:\program files\Windows Mail\WinMail.exe:Windows Mail
"{235DD089-2ECB-40C7-BBC5-EB38009270C5}"= TCP:c:\program files\Windows Mail\WinMail.exe:Windows Mail
"{20465406-8411-47E5-AF89-B204DE3063EA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{56AA1E21-769D-46F7-99E0-AB8316878394}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{02F3DD92-B915-451C-AE17-EBFA76CC0C53}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{FAB8CD17-D4CC-425D-A59D-54D5F5FBAB2A}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{1CB4E6B4-05FE-4B72-ADCB-F6C9A277ABD3}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{E4E66911-5990-4135-964E-2C88DAEA69B2}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{C2B29A37-309B-472E-901F-9F6CFC4FDCCC}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{5059CF4C-635F-4FEC-9698-CBD6B2A50F4A}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D49DD4D4-FC57-4612-9535-551D9A9D3AD8}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6BAE0F52-B1D2-426A-A762-FDF076A2991E}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{17657C76-C626-48D2-A385-662CBD354954}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F15C73A3-8450-48F7-8B88-35BCF8ED28B5}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{53BF35D3-B30E-4238-931E-1AC495B7F2A9}"= c:\program files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{5AEAF1ED-B3D9-436A-96FF-8B6E936DCB50}"= c:\program files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"TCP Query User{8CBCA77E-8EE4-40EF-B731-686A758CEC69}c:\\program files\\myspace\\im\\myspaceim.exe"= UDP:c:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"UDP Query User{2A567ED7-D1B6-4ED4-9AC2-371D6081BCF3}c:\\program files\\myspace\\im\\myspaceim.exe"= TCP:c:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"{96209DCA-5217-440F-BAE1-533B2EFBC058}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{9E0793A1-1331-4B46-B137-EAC2A4A588A1}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{942C3071-C247-4E9A-A17F-E04D9F395228}"= Disabled:c:\program files\HP\DVDPlay\DVDPlay.exe:_this_program_will_be_deleted
"{72365225-E1C1-45B1-A9AA-139562AE0D62}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7964AE64-162A-4EE3-B8DF-F27F50AA0B46}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{9150287E-8E69-484A-9182-A8AE0E9D9B82}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{282AC7FE-B57B-47B7-8A7B-10435384DFAF}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"TCP Query User{B10828DB-1B3F-4597-8E44-30A2105E2E22}c:\\users\\ryan\\appdata\\local\\temp\\blizzard launcher temporary - e057b678\\launcher.exe"= UDP:c:\users\ryan\appdata\local\temp\blizzard launcher temporary - e057b678\launcher.exe:launcher.exe
"UDP Query User{6596A967-99CA-4642-BF6B-0F1C44035FF9}c:\\users\\ryan\\appdata\\local\\temp\\blizzard launcher temporary - e057b678\\launcher.exe"= TCP:c:\users\ryan\appdata\local\temp\blizzard launcher temporary - e057b678\launcher.exe:launcher.exe
"TCP Query User{4EFA302C-CAD8-4EBA-8203-E1E47FF03D43}c:\\users\\ryan\\desktop\\world of warcraft\\launcher.exe"= UDP:c:\users\ryan\desktop\world of warcraft\launcher.exe:launcher.exe
"UDP Query User{DE3EDF2E-8345-45D4-9B77-37298FACDF5E}c:\\users\\ryan\\desktop\\world of warcraft\\launcher.exe"= TCP:c:\users\ryan\desktop\world of warcraft\launcher.exe:launcher.exe
"TCP Query User{6294D9AA-4B4D-48FD-BAAC-56C0A862CBE0}c:\\users\\ryan\\desktop\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\users\ryan\desktop\world of warcraft\backgrounddownloader.exe:backgrounddownloader.exe
"UDP Query User{FE8D1AC9-99EB-4DB8-AF49-17F8F6C237E1}c:\\users\\ryan\\desktop\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\users\ryan\desktop\world of warcraft\backgrounddownloader.exe:backgrounddownloader.exe
"{7ADF827F-AF6D-4947-B151-51EDC1DA8A52}"= Disabled:UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2DF174C7-3D93-4CCB-B77E-5D156746F8E7}"= Disabled:TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B745A776-E328-43D9-B5B0-C8DA7FBD43EF}"= Disabled:UDP:c:\program files\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{9CC1770F-3783-40AC-ADA4-A0D482EF2B98}"= Disabled:TCP:c:\program files\Tunebite\TunebiteHelper.exe:TunebiteHelper
"TCP Query User{911B0E8A-58E1-4639-8AE5-EE58A844CDCF}c:\\program files\\world series of poker toc\\wsoptoc.exe"= Disabled:UDP:c:\program files\world series of poker toc\wsoptoc.exe:WSOPTOC
"UDP Query User{15A92E16-731F-4A28-9134-F2BD6BB5B369}c:\\program files\\world series of poker toc\\wsoptoc.exe"= Disabled:TCP:c:\program files\world series of poker toc\wsoptoc.exe:WSOPTOC
"{95FCD858-85F7-48BC-9B7A-E0833766A6CA}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-enUS-downloader.exe:Blizzard Downloader
"{2F136575-B2E0-4FE4-B642-2DEDFD1B1638}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-enUS-downloader.exe:Blizzard Downloader
"{2E20541B-5AA5-4F32-8CBB-FB0DB18E533B}"= UDP:3724:Blizzard Downloader: 3724
"{4C554C80-281A-44A5-9FF1-D6EE357DF8E0}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.3.9183-to-3.0.8.9464-enUS-downloader.exe:Blizzard Downloader
"{248EE5F3-6300-40E6-B204-F769D068B556}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.3.9183-to-3.0.8.9464-enUS-downloader.exe:Blizzard Downloader
"TCP Query User{A5C3A14C-F429-427B-9B63-74F01C63F632}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{8F8D7B64-4F71-41A5-BEEB-CCB3F0A99F6C}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

S3 US122;US122 Driver;c:\windows\System32\drivers\US122.sys [8/29/2008 1:57 AM 131968]
S3 US122DL;US122 Firmware Downloader;c:\windows\System32\drivers\US122DL.sys [8/29/2008 1:57 AM 18304]
S3 Us122WdmService;US122 Wdm Audio;c:\windows\System32\drivers\US122Wdm.sys [8/29/2008 1:57 AM 39168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\kgobozax.default\
FF - prefs.js: browser.startup.homepage - hxxp://thottbot.com/
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-09 05:46
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-05-09 5:48
ComboFix-quarantined-files.txt 2009-05-09 10:47
ComboFix2.txt 2009-05-09 00:49

Pre-Run: 9,205,952,512 bytes free
Post-Run: 9,201,483,776 bytes free

233 --- E O F --- 2009-05-08 08:01

**ken545** · 2009-05-09, 14:01

Its gone

The problem with Corecache is that a file protects it from deletion but it looks like Malwarebytes found and deleted them both.

c:\temp <--Go here and delete everything inside this folder but not the folder itself.

How are things running now??

**Ryyaann** · 2009-05-09, 14:06

Wooohooo!!!

Thank you very much for your help!

Things are running perfectly now. I am no longer getting error messages on start-up, which must have somehow been associated with corecache or keygen.exe.

What AV software do you reccomend?

**ken545** · 2009-05-09, 14:43

Thats great Ryan,

First make sure you Java is up to date to keep you more secure.

Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 6 Update 13, if not proceed with the instructions.

Download the latest version Here save it, do not install it yet.

Java SE Runtime Environment (JRE)JRE 6 Update 13 <--The wording is confusing but this is what you need

Go to your Add Remove Programs in the Control Panel and uninstall any previous versions of Java
Reboot your computer
Install the latest version

You can verify the installation Here

AVG FREE <-- This is a good program but I don't see it running, do you have it enabled??

If you need one here are some links, just install one , more is overkill and can cause issues.

Free Anti Virus Programs

ATF Cleaner <-- Yours to keep, run it now and then to clean out the clutter.

Malwarebytes <-- Yours to keep also, check for updates and run a scan now and then.

Combofix <---Is not a general cleaning tool, just run it with supervision or you can bork your system

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
When shown the disclaimer, Select "2"

The above procedure will:

Delete the following:
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:\Deckard folder, if present
- The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
WhattheTech
Grinler BleepingComputer
GeeksTo Go
Dslreports

Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .

Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

Spybot Search and Destroy 1.6
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
IE-Spyad
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

Safe Surfn
Ken

**Ryyaann** · 2009-05-10, 02:36

Thanks again Ken, I really appreciate your help and the information you've provided.

See Ya!

Ryan

**ken545** · 2009-05-10, 11:30

Your very welcome Ryan,

Take care,
Ken

**ken545** · 2009-05-10, 11:32

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Thread: Core.cache.dsk = need help!

Thread Tools

Display

New Combofix Log

Thanks!!!

Posting Permissions