I believe these 2 files Cash.Core.dsk & Rootkit.Tncore/trace are the cause of making me getting constant popups with new IE windows with adds and so on. I just cant seem to get rid of them, if i delete Cash.Core.dsk it will just be back when i reboot and sometimes windows just keeps rebooting in a loop after i removed it so i must choose load last point windows worked restore point to get back into windows.
*I have Run ATF - Cleaner
*Next i did Combofix, logfile below
Please help me get rid of this problem making me Nuts
ComboFix 08-03-14.4 - Micke 2008-03-15 15:47:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.624 [GMT 1:00]
Running from: C:\Documents and Settings\Micke\Skrivbord\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2008-02-15 to 2008-03-15 )))))))))))))))))))))))))))))))
.
2008-03-15 12:15 . 2008-03-15 12:15 <KAT> d-------- C:\Program\MSXML 6.0
2008-03-15 12:12 . 2008-03-15 12:12 <KAT> d-------- C:\Program\MSBuild
2008-03-15 12:07 . 2008-03-15 12:14 <KAT> d-------- C:\WINDOWS\system32\XPSViewer
2008-03-15 12:05 . 2008-03-15 12:05 <KAT> d-------- C:\Program\Reference Assemblies
2008-03-15 11:58 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-03-15 11:57 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-03-15 11:57 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-03-15 11:57 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-03-15 11:56 . 2008-03-15 11:56 <KAT> d-------- C:\Program\Windows Media Connect 2
2008-03-15 11:52 . 2008-03-15 11:53 <KAT> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-15 11:44 . 2004-08-11 01:45 253,688 --a------ C:\WINDOWS\system32\drmclien.dll
2008-03-14 12:28 . 2008-03-14 12:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-14 12:28 . 2008-03-14 12:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-12 23:33 . 2008-03-12 23:33 <KAT> d-------- C:\Program\MSXML 4.0
2008-03-11 19:50 . 2008-03-11 19:50 <KAT> d-------- C:\Program\Delade filer\Nokia
2008-03-11 19:49 . 2007-02-22 11:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-03-11 19:49 . 2007-02-22 11:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-03-11 19:49 . 2007-02-22 11:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-03-11 19:44 . 2008-03-11 19:44 <KAT> d-------- C:\Documents and Settings\Micke\Application Data\Nokia Multimedia Player
2008-03-11 19:32 . 2008-03-11 19:32 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-03-11 19:30 . 2008-03-11 19:30 <KAT> d-------- C:\Program\Delade filer\PCSuite
2008-03-11 17:12 . 2008-03-11 17:13 <KAT> d-------- C:\Documents and Settings\Micke\Application Data\Nokia
2008-03-11 17:12 . 2008-03-11 19:25 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-03-11 17:11 . 2008-03-11 17:11 <KAT> d-------- C:\WINDOWS\Downloaded Installations
2008-03-11 17:10 . 2008-03-11 17:10 <KAT> d-------- C:\Program\PC Connectivity Solution
2008-03-11 17:10 . 2008-03-11 19:50 <KAT> d-------- C:\Program\Nokia
2008-03-11 17:10 . 2008-03-11 17:12 <KAT> d-------- C:\Documents and Settings\Micke\Application Data\PC Suite
2008-03-11 17:10 . 2007-02-22 11:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-03-09 20:03 . 2008-03-09 20:03 <KAT> d-------- C:\Program\CleanMyPC Popup Blocker
2008-03-09 18:14 . 2008-03-09 18:15 <KAT> d-------- C:\Program\SUPERAntiSpyware
2008-03-08 15:08 . 2008-03-15 15:15 1,113 --a------ C:\rollback.ini
2008-03-08 15:00 . 2008-03-08 15:23 <KAT> d-------- C:\Documents and Settings\Micke\Application Data\MailFrontier
2008-03-08 14:57 . 2008-03-15 15:59 3,245,344 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-08 14:57 . 2008-03-15 15:55 45,536 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-08 14:54 . 2008-03-08 15:11 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-08 14:53 . 2008-03-08 14:53 <KAT> d-------- C:\Program\Zone Labs
2008-03-08 10:58 . 2008-03-08 10:58 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-02-25 21:59 . 2008-03-08 11:15 <KAT> d-------- C:\Program\Software Remove Master
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 15:00 --------- d-----w C:\Documents and Settings\Micke\Application Data\uTorrent
2008-03-15 14:56 932 ----a-w C:\WINDOWS\system32\drivers\core.cache.dsk
2008-03-11 16:10 --------- d-----w C:\Program\DIFX
2008-03-09 17:28 --------- d-----w C:\Program\mIRC
2008-03-09 17:14 --------- d-----w C:\Program\Delade filer\Wise Installation Wizard
2008-03-09 17:14 --------- d-----w C:\Documents and Settings\Micke\Application Data\SUPERAntiSpyware.com
2008-03-08 10:18 --------- d-----w C:\Program\Delade filer\Panda Software
2008-03-08 09:57 --------- d--h--w C:\Program\InstallShield Installation Information
2008-02-25 21:15 --------- d-----w C:\Documents and Settings\Micke\Application Data\dvdcss
2008-02-25 21:04 --------- d-----w C:\Program\SlySoft
2008-02-25 20:37 --------- d-----w C:\Program\Skype
2008-02-25 20:33 --------- d-----w C:\Program\PAN Vision
2008-02-25 20:29 --------- d-----w C:\Program\Opera
2008-02-25 20:21 --------- d-----w C:\Program\toy
2008-02-13 17:17 86,144 ----a-w C:\WINDOWS\system32\drivers\alcxwdmm.sys
2008-02-12 16:50 --------- d-----w C:\Program\Razer
2008-02-12 16:50 --------- d-----w C:\Program\QuickTime
2008-02-12 16:50 --------- d-----w C:\Program\DAEMON Tools
2008-02-10 15:09 --------- d-----w C:\Program\MSN Messenger
2008-02-08 08:19 1,990 ----a-w C:\WINDOWS\system32\drivers\net_m32.inf
2008-02-06 19:01 0 ----a-w C:\WINDOWS\system32\drivers\wnmsav.dat
2008-02-06 18:05 --------- d-----w C:\Program\Panda Software
2008-01-29 10:45 --------- d-----w C:\Program\Prelusion Games
2007-11-15 21:18 22,328 ----a-w C:\Documents and Settings\Micke\Application Data\PnkBstrK.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:34 15360]
"NVIDIA nTune"="C:\Program\NVIDIA Corporation\nTune\nTuneCmd.exe" [ ]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2006-09-08 16:10 1085440]
"SUPERAntiSpyware"="C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-09 18:16 1470464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"razer"="C:\Program\Razer\razerhid.exe" [2005-05-17 18:21 147456]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-12 06:51 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-12 06:51 81920]
"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"ZoneAlarm Client"="C:\Program\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"NSLauncher"="C:\Program\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 14:44 3100672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:34 15360]
C:\Documents and Settings\Micke\Start-meny\Program\Autostart\
æTorrent.lnk - D:\Program\utorrent.exe [2006-08-28 16:45:50 219952]
C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
Personal.lnk - C:\Program\Personal\bin\Personal.exe [2007-12-20 17:20:07 722728]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program\\MSN Messenger\\livecall.exe"=
"D:\\Program\\utorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program\\Messenger\\msmsgs.exe"=
R1 alcxwdmm;alcxwdmm;C:\WINDOWS\system32\drivers\alcxwdmm.sys [2008-02-13 18:17]
S3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-04-24 22:43]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-15 15:59:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\ATKKBService.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\Razer\razerofa.exe
C:\Program\PC Connectivity Solution\ServiceLayer.exe
C:\Program\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
.
**************************************************************************
.
Completion time: 2008-03-15 16:03:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-15 15:03:45
.
2008-03-12 22:35:25 --- E O F ---
Sign In
Create Account
