View Single Post
  #7  
Old August 17th, 2007, 01:48 PM
padmee's Avatar
padmee padmee is offline
New Member
 
Join Date: Aug 2007
Posts: 7
Hey Tom ,thanks so much ,my pc is okay now,and here is the scan results



ComboFix 07-08-16.3 - "PCuser" 08/16/2007 19:01:52.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.22 [GMT 8:00]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\PCuser\Desktop.\Spyware&Malware Protection.url
C:\DOCUME~1\PCuser\Desktop\Error Cleaner.url
C:\DOCUME~1\PCuser\Desktop\Privacy Protector.url
C:\DOCUME~1\PCuser\FAVORI~1.\Error Cleaner.url
C:\DOCUME~1\PCuser\FAVORI~1.\Privacy Protector.url
C:\DOCUME~1\PCuser\FAVORI~1.\Spyware&Malware Protection.url
C:\WINNT\dat.txt
C:\WINNT\duocore.dll
C:\WINNT\privacy_danger
C:\WINNT\privacy_danger\images\capt.gif
C:\WINNT\privacy_danger\images\danger.jpg
C:\WINNT\privacy_danger\images\down.gif
C:\WINNT\privacy_danger\images\spacer.gif
C:\WINNT\privacy_danger\index.htm
C:\WINNT\system32\WinAvXX.exe
C:\WINNT\wmpconf.dll
C:\WINNT\wmpenv.dll


((((((((((((((((((((((((( Files Created from 2007-07-16 to 2007-08-16 )))))))))))))))))))))))))))))))


2007-08-16 19:00 51,200 --a------ C:\WINNT\nircmd.exe
2007-08-15 23:22 <DIR> d--h----- C:\WINNT\PIF
2007-08-15 12:16 208,896 --a------ C:\WINNT\system32\wmpns.dll
2007-08-15 00:56 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-08-14 12:14 <DIR> d-------- C:\DOCUME~1\PCuser\APPLIC~1\Lavasoft
2007-08-14 12:04 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-13 20:08 <DIR> d-------- C:\Program Files\Common Files\Application
2007-08-13 20:07 <DIR> d-------- C:\Program Files\SPYWAREfighter
2007-08-13 15:51 22,016 --------- C:\WINNT\system32\borlndmm.dll
2007-08-13 15:51 1,497,088 --------- C:\WINNT\system32\cc3260mt.dll
2007-08-13 15:51 <DIR> d-------- C:\Program Files\R4U Soft
2007-08-13 15:40 <DIR> d-------- C:\Program Files\PCPitstop
2007-08-13 15:29 <DIR> d-------- C:\Program Files\PopUpCop
2007-08-13 15:29 <DIR> d-------- C:\DOCUME~1\PCuser\APPLIC~1\PopupCop
2007-08-13 10:21 74,752 --a------ C:\WINNT\invoice.exe
2007-08-13 00:21 37,376 --a------ C:\WINNT\system32\vtr348.dll
2007-08-12 13:00 <DIR> d-------- C:\DOCUME~1\PCuser\APPLIC~1\AdobeUM
2007-08-10 20:44 <DIR> d-a------ C:\WINNT\system32\appmgmt
2007-08-10 17:50 1,632 --a------ C:\WINNT\system32\d3d8caps.dat
2007-08-10 00:45 734,208 --a------ C:\WINNT\system32\qedwipes.dll
2007-08-10 00:45 6,400 --a------ C:\WINNT\system32\drivers\mskssrv.sys
2007-08-10 00:45 515,584 --a------ C:\WINNT\system32\qedit.dll
2007-08-10 00:45 41,792 --a------ C:\WINNT\system32\drivers\stream.sys
2007-08-10 00:45 4,896 --a------ C:\WINNT\system32\drivers\mstee.sys
2007-08-10 00:45 4,800 --a------ C:\WINNT\system32\drivers\mspclock.sys
2007-08-10 00:45 346,624 --a------ C:\WINNT\system32\qdvd.dll
2007-08-10 00:45 3,456 --a------ C:\WINNT\system32\drivers\swenum.sys
2007-08-10 00:45 29,184 --a------ C:\WINNT\system32\pid.dll
2007-08-10 00:45 244,224 --a------ C:\WINNT\system32\mswebdvd.dll
2007-08-10 00:45 229,888 --a------ C:\WINNT\system32\qdv.dll
2007-08-10 00:45 167,424 --a------ C:\WINNT\system32\qcap.dll
2007-08-10 00:45 11,264 --a------ C:\WINNT\system32\msdmo.dll
2007-08-10 00:45 1,704,960 --a------ C:\WINNT\system32\quartz.dll
2007-08-10 00:45 <DIR> d-------- C:\WINNT\system32\DirectX
2007-08-10 00:44 98,816 --a------ C:\WINNT\system32\dpnmodem.dll
2007-08-10 00:44 93,696 --a------ C:\WINNT\system32\dmusic.dll
2007-08-10 00:44 90,112 --a------ C:\WINNT\system32\d3dref.dll
2007-08-10 00:44 89,600 --a------ C:\WINNT\system32\dpnlobby.dll
2007-08-10 00:44 785,408 --a------ C:\WINNT\system32\d3dim700.dll
2007-08-10 00:44 78,848 --a------ C:\WINNT\system32\dmscript.dll
2007-08-10 00:44 77,824 --a------ C:\WINNT\system32\dpvacm.dll
2007-08-10 00:44 77,824 --a------ C:\WINNT\system32\dpnaddr.dll
2007-08-10 00:44 7,680 --a------ C:\WINNT\system32\d3d8thk.dll
2007-08-10 00:44 66,560 --a------ C:\WINNT\system32\dsdmoprp.dll
2007-08-10 00:44 62,976 --a------ C:\WINNT\system32\amstream.dll
2007-08-10 00:44 601,088 --a------ C:\WINNT\system32\dx7vb.dll
2007-08-10 00:44 60,928 --a------ C:\WINNT\system32\dpnsvr.exe
2007-08-10 00:44 59,904 --a------ C:\WINNT\system32\dmcompos.dll
2007-08-10 00:44 59,392 --a------ C:\WINNT\system32\gcdef.dll
2007-08-10 00:44 50,688 --a------ C:\WINNT\system32\devenum.dll
2007-08-10 00:44 45,056 --a------ C:\WINNT\system32\dimap.dll
2007-08-10 00:44 4,096 --a------ C:\WINNT\system32\ksuser.dll
2007-08-10 00:44 36,864 --a------ C:\WINNT\system32\dplaysvr.exe
2007-08-10 00:44 330,752 --a------ C:\WINNT\system32\dsound.dll
2007-08-10 00:44 33,792 --a------ C:\WINNT\system32\mciqtz32.dll
2007-08-10 00:44 31,232 --a------ C:\WINNT\system32\dmloader.dll
2007-08-10 00:44 306,176 --a------ C:\WINNT\system32\diactfrm.dll
2007-08-10 00:44 271,872 --a------ C:\WINNT\system32\dpvoice.dll
2007-08-10 00:44 26,112 --a------ C:\WINNT\system32\dmband.dll
2007-08-10 00:44 256,000 --a------ C:\WINNT\system32\ddraw.dll
2007-08-10 00:44 225,792 --a------ C:\WINNT\system32\dpnet.dll
2007-08-10 00:44 21,504 --a------ C:\WINNT\system32\dpmodemx.dll
2007-08-10 00:44 181,760 --a------ C:\WINNT\system32\d3dref8.dll
2007-08-10 00:44 176,128 --a------ C:\WINNT\system32\dsdmo.dll
2007-08-10 00:44 175,616 --a------ C:\WINNT\system32\dpvvox.dll
2007-08-10 00:44 169,472 --a------ C:\WINNT\system32\dmime.dll
2007-08-10 00:44 162,816 --a------ C:\WINNT\system32\dinput8.dll
2007-08-10 00:44 15,872 --a------ C:\WINNT\system32\dswave.dll
2007-08-10 00:44 143,872 --a------ C:\WINNT\system32\dinput.dll
2007-08-10 00:44 130,560 --a------ C:\WINNT\system32\dmsynth.dll
2007-08-10 00:44 121,344 --a------ C:\WINNT\system32\drivers\ks.sys
2007-08-10 00:44 116,224 --a------ C:\WINNT\system32\dpvsetup.exe
2007-08-10 00:44 111,616 --a------ C:\WINNT\system32\dpnwsock.dll
2007-08-10 00:44 110,592 --a------ C:\WINNT\system32\dmstyle.dll
2007-08-10 00:44 1,769,472 --a------ C:\WINNT\system32\dxdiag.exe
2007-08-10 00:44 1,294,336 --a------ C:\WINNT\system32\dsound3d.dll
2007-08-10 00:44 1,069,056 --a------ C:\WINNT\system32\dx8vb.dll
2007-08-10 00:44 1,036,288 --a------ C:\WINNT\system32\d3d8.dll
2007-08-10 00:44 <DIR> d-------- C:\Program Files\directx
2007-08-08 19:05 <DIR> d-------- C:\Program Files\MSN Messenger
2007-08-08 19:05 <DIR> d-------- C:\Program Files\Messenger
2007-08-07 22:45 <DIR> d-------- C:\WINNT\system32\cache632
2007-08-07 22:45 <DIR> d-------- C:\WINNT\system32\AdCache
2007-08-07 20:41 <DIR> d-------- C:\Program Files\NetAnts
2007-08-07 20:37 <DIR> d-------- C:\Downloads
2007-08-07 20:32 <DIR> d-------- C:\Program Files\Free Download Manager
2007-08-07 20:32 <DIR> d-------- C:\DOCUME~1\PCuser\APPLIC~1\Free Download Manager
2007-08-07 00:41 <DIR> d-------- C:\DOCUME~1\PCuser\Saved Games
2007-08-07 00:39 <DIR> d-------- C:\DOCUME~1\PCuser\APPLIC~1\iWin
2007-08-06 23:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\RoboForm
2007-08-06 23:12 <DIR> d-------- C:\Program Files\Siber Systems
2007-08-06 20:33 58,368 --a------ C:\WINNT\Unwash6.exe
2007-08-06 20:33 486,400 --a------ C:\WINNT\system32\wwSecure.exe
2007-08-06 20:33 <DIR> d-------- C:\Program Files\Webroot
2007-08-06 20:33 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared
2007-08-06 20:33 <DIR> d-------- C:\DOCUME~1\PCuser\APPLIC~1\Webroot
2007-08-06 20:10 <DIR> d-------- C:\DOCUME~1\PCuser\APPLIC~1\Talkback
2007-08-06 19:00 8,976 --a------ C:\WINNT\system32\kbdjpn.dll
2007-08-06 19:00 7,440 --a------ C:\WINNT\system32\kbd106.dll
2007-08-06 10:03 <DIR> d-------- C:\FILES


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

07-08-13 15:57 --------- d-------- C:\DOCUME~1\PCuser\APPLIC~1\OpenOffice.org2
07-06-29 20:48 --------- d-------- C:\Program Files\Microsoft.NET
07-06-29 20:47 --------- d-------- C:\Program Files\Microsoft ActiveSync
07-06-26 17:57 235280 --a------ C:\WINNT\system32\GDI32.DLL
07-06-08 11:52 947096 --a------ C:\WINNT\system32\_ISource30.dll
07-06-07 14:50 1119232 --a------ C:\WINNT\system32\msxml3.dll
07-05-22 15:01 499712 --a------ C:\WINNT\system32\msvcp71.dll
07-05-22 15:01 348160 --a------ C:\WINNT\system32\msvcr71.dll
07-05-22 14:06 0 -rahs---- C:\MSDOS.SYS
07-05-22 14:06 0 -rahs---- C:\IO.SYS
07-05-22 14:06 0 ---h----- C:\CONFIG.SYS
07-05-22 14:06 0 ---h----- C:\AUTOEXEC.BAT
07-05-22 14:05 271 ---h----- C:\Program Files\desktop.ini
07-05-22 14:05 21952 ---h----- C:\Program Files\folder.htt
03-06-20 20:00 32528 --a------ C:\WINNT\inf\wbfirdma.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ippop"="C:\Program Files\Stop My Popups\IP\StopIPPopups.exe" []
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [07-06-08 11:52 ]
"Synchronization Manager"="mobsync.exe" [03-06-20 20:00 C:\WINNT\system32\mobsync.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [05-06-10 09:45 ]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [07-08-06 23:12 ]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [06-08-21 00:24 ]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINNT\privacy_danger\index.htm
FriendlyName= my current home page

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
"PC Pitstop Optimize Scheduler"=C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
"PCPitstop Optimize Registration Reminder"=C:\Program Files\PCPitstop\Optimize\Reminder.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
"spywarefighterguard"=C:\Program Files\SPYWAREfighter\spftray.exe
"Synchronization Manager"=mobsync.exe /logon
"<NO NAME>"=
"SpyHunter"=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

R1 Avg7RsNT;AVG7 Resident Driver NT;C:\WINNT\system32\Drivers\avg7rsnt.sys
S3 SpyFighter;SpyFighter Guard Device;\??\C:\Program Files\SPYWAREfighter\spyfighter.sys

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS

************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-16 19:07:42
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

************************************************** ************************

Completion time: 2007-08-16 19:09:56 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-08-16 19:09

--- E O F ---


Norman Malware Cleaner
Copyright © 1990 - 2007, Norman ASA. Built 2007/07/27 01:04:54

Norman Scanner Engine Version: 5.91.02
Nvcbin.def Version: 5.90.00, Date: 2007/07/27 01:04:54, Variants: 1
Nvcmacro.def Version: 5.90.00, Date: 2007/07/27 01:04:54, Variants: 12
Running pre-scan cleanup routine:
Operating System: Microsoft Windows 2000 5.0.2195 Service Pack 4
Logged on user: CL\PCuser


Scan started: 17/08/2007 18:46:08


Scanning running processes and process memory...

Number of processes/threads found: 1320
Number of processes/threads scanned: 1320
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 53s


Scanning file system...

Scanning: C:\*.*


Running post-scan cleanup routine:
Reply With Quote