here is the combo file first.
ComboFix 07-11-08.1 - Richard 2007-11-10 20:30:44.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1538 [GMT -5:00]
Running from: C:\Documents and Settings\Richard\Desktop\ComboFix.exe
* Created a new restore point
.
Unable to gain System Privileges
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\SeekmoSA
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAAbout.mht
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAau.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAEULA.mht
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
.
((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 )))))))))))))))))))))))))))))))
.
2007-11-10 20:29 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-10 14:27 <DIR> d-------- C:\Program Files\GameSpot
2007-11-10 11:17 10,920 --a------ C:\aolconnfix.exe
2007-11-10 11:15 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\AOL
2007-11-09 13:28 <DIR> d-------- C:\Documents and Settings\Richard\Contacts
2007-11-09 13:26 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-09 13:25 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-11-09 13:25 <DIR> d-------- C:\Program Files\Windows Live Favorites
2007-11-09 13:19 <DIR> d-------- C:\Program Files\Windows Live
2007-11-09 13:19 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-09 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-08 16:05 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-08 16:05 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-08 16:05 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-08 16:05 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-08 16:05 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-08 13:13 2,492 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-08 11:54 <DIR> d-------- C:\Documents and Settings\PJ\Application Data\AOL
2007-11-08 11:53 <DIR> d-------- C:\Program Files\Viewpoint
2007-11-08 11:53 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2007-11-08 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-08 11:52 33,588 -ra------ C:\WINDOWS\system32\drivers\wanatw4.sys
2007-11-08 11:51 <DIR> d-------- C:\WINDOWS\aolshare
2007-11-08 11:51 <DIR> d-------- C:\Program Files\AOL 9.1
2007-11-03 23:17 <DIR> d-------- C:\Documents and Settings\PJ\Application Data\iolo
2007-11-03 06:06 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2007-11-03 06:05 <DIR> d-------- C:\Program Files\iolo
2007-11-03 06:05 378,216 --a------ C:\WINDOWS\system32\Incinerator.dll
2007-11-03 06:05 41,472 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2007-11-03 06:05 25,264 --a------ C:\WINDOWS\system32\smrgdf.exe
2007-11-03 06:04 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2007-11-03 06:03 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\iolo
2007-11-03 06:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2007-10-31 21:09 <DIR> d-------- C:\Program Files\THQ
2007-10-31 20:56 <DIR> d-------- C:\WINDOWS\Hornet Leader Demo
2007-10-31 20:56 <DIR> d-------- C:\Matrix Games
2007-10-31 15:57 <DIR> d-------- C:\WINDOWS\privacy_danger
2007-10-29 19:33 <DIR> d-------- C:\WINDOWS\privacy_danger(2)
2007-10-27 06:45 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-23 17:06 585,728 --a------ C:\WINDOWS\WLXPGSS.SCR
2007-10-23 13:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\eGames
2007-10-22 10:57 <DIR> d-------- C:\Documents and Settings\PJ\Application Data\Eyeblaster
2007-10-18 17:15 <DIR> d-------- C:\Program Files\PlayFirst
2007-10-18 11:31 51,224 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-10-17 18:14 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-10-17 18:14 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-10-17 18:14 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-17 18:12 <DIR> d-------- C:\Program Files\id Software
2007-10-16 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-10-14 07:40 <DIR> d-------- C:\Program Files\7-Zip
2007-10-13 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Oberon Media
2007-10-13 09:20 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-10-13 09:20 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-10-13 09:20 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-10-13 09:20 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-10-12 13:52 <DIR> d-------- C:\Program Files\Lighthouse Interactive
2007-10-12 13:30 <DIR> d-------- C:\Documents and Settings\PJ\Application Data\VeniceMysteryData
2007-10-12 09:48 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-10-12 09:48 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-10-12 09:48 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-10-12 09:48 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-10-11 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\U3
2007-10-11 13:31 <DIR> d-------- C:\Documents and Settings\PJ\Application Data\ScreenSeven
2007-10-11 06:21 103,808 --a------ C:\WINDOWS\system32\AOLDial.dll
2007-10-11 06:20 33,384 --a------ C:\WINDOWS\system32\drivers\atwpkt264.sys
2007-10-11 06:20 24,960 --a------ C:\WINDOWS\system32\drivers\atwpkt2.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2024-10-26 18:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-10 23:22 --------- d-----w C:\Program Files\AOL Games
2007-11-10 19:28 21,408 ----a-w C:\Program Files\install.log
2007-11-09 15:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-08 16:53 --------- d-----w C:\Program Files\Common Files\aolshare
2007-11-08 16:53 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-08 16:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-08 12:41 --------- d-----w C:\Program Files\City Interactive
2007-11-08 12:41 --------- d-----w C:\Program Files\Activision
2007-11-07 23:55 --------- d-----w C:\Program Files\Rokugen
2007-11-04 21:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-04 20:58 --------- d-----w C:\Program Files\Electronic Arts
2007-11-04 17:02 --------- d-----w C:\Program Files\Microsoft Games
2007-11-03 19:26 --------- d-----w C:\Program Files\Codemasters
2007-11-03 12:49 --------- d-----w C:\Documents and Settings\Richard\Application Data\U3
2007-11-01 13:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-10-27 03:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-19 17:54 --------- d-----w C:\Program Files\Shockwave.com
2007-10-17 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-10-12 15:05 --------- d-----w C:\Program Files\cdv Software Entertainment USA
2007-10-11 01:05 --------- d-----w C:\Documents and Settings\Richard\Application Data\EleFun Games
2007-10-10 07:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-10 04:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
2007-10-09 22:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3 YPack Trial
2007-10-08 22:36 --------- d-----w C:\Program Files\Java
2007-10-08 11:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
2007-10-04 22:29 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-03 23:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\LucasArts
2007-10-03 23:29 --------- d-----w C:\Program Files\LucasArts
2007-10-03 01:16 --------- d-----w C:\Program Files\iTunes
2007-10-03 01:16 --------- d-----w C:\Program Files\iPod
2007-10-02 10:01 --------- d-----w C:\Program Files\Ubisoft
2007-10-02 01:56 --------- d-----w C:\Program Files\CAPCOM
2007-10-01 01:39 796,672 ----a-w C:\WINDOWS\GPInstall.exe
2007-09-28 23:35 --------- d-----w C:\Documents and Settings\Richard\Application Data\Codemasters
2007-09-28 23:31 --------- d-----w C:\Documents and Settings\Richard\Application Data\InstallShield
2007-09-28 17:18 --------- d-----w C:\Documents and Settings\PJ\Application Data\EleFun Games
2007-09-28 17:15 --------- d-----w C:\Program Files\NoodleNet
2007-09-28 13:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-27 21:31 --------- d-----w C:\Documents and Settings\Richard\Application Data\Gaijin Ent
2007-09-26 21:57 --------- d-----w C:\Documents and Settings\PJ\Application Data\FloodLightGames
2007-09-24 20:59 --------- d-----w C:\Program Files\Apple Software Update
2007-09-20 13:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\InterAction studios
2007-09-16 16:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft
2007-09-15 15:14 --------- d-----w C:\Program Files\MFInstall
2007-08-28 17:16 82 ----a-w C:\Documents and Settings\Chris\._FurionatorWindows.exe
2007-08-28 17:16 12,240,358 ----a-w C:\Documents and Settings\Chris\FurionatorWindows.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 05:06]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 00:04]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 00:01]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 11:45]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09]
"HostManager"="C:\Program Files\Common Files\AOL\1186612187\ee\AOLSoftware.exe" [2007-05-25 12:16]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [2007-10-03 08:05]
"CTHelper"="CTHELPER.EXE" [2006-08-11 13:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 13:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 14:44 C:\WINDOWS\KHALMNPR.Exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
C:\Documents and Settings\Chris\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk - C:\RECYCLER\S-1-5-21-1177238915-2049760794-682003330-500\Dc24\GameSpotDownloadManager_Win32.exe [2007-10-12 19:34:50]
C:\Documents and Settings\Richard\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk - C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe [2007-10-12 19:34:50]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-06-25 20:19:04]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-06-25 20:17:43]
Microsoft Works Calendar Reminders.lnk.disabled [2007-06-05 22:23:10]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe
"Microsoft Works Portfolio"=C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
"WorksFUD"=C:\Program Files\Microsoft Works\wkfud.exe
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"HostManager"=C:\Program Files\Common Files\AOL\1186612187\ee\AOLSoftware.exe
R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe
R2 WUSB300NSvc;WUSB300NSvc;"C:\Program Files\Linksys\WUSB300N\WLService.exe" "WUSB300N.exe"
R3 AtlsAud;Dell Movie Studio Audio Device;C:\WINDOWS\system32\drivers\AtlsAud.sys
R3 EMATCORE;Dell Movie Studio Video Device;C:\WINDOWS\system32\Drivers\AtlsVid.sys
S3 PRISM_USB;Dell TrueMobile 1180 Wireless USB Adapter;C:\WINDOWS\system32\DRIVERS\DELUSB_51.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f402c6e-6069-11dc-8074-001a70a7fb0f}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2007-11-07 02:13:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-11 00:35:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
"2007-11-10 14:00:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-10 20:36:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-10 20:38:07 - machine was rebooted
.
--- E O F ---
OK, here is the Smit results. still does not seem to get rid of privacy danger.
SmitFraudFix v2.252
Scan done at 20:59:48.07, Sat 11/10/2007
Run from C:\Documents and Settings\Richard\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
Problem while deleting C:\WINDOWS\privacy_danger
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{AADF28C1-2B93-440E-8143-CD3C2B559B15}: DhcpNameServer=65.24.7.3 65.24.7.6
HKLM\SYSTEM\CS1\Services\Tcpip\..\{AADF28C1-2B93-440E-8143-CD3C2B559B15}: DhcpNameServer=65.24.7.3 65.24.7.6
HKLM\SYSTEM\CS3\Services\Tcpip\..\{AADF28C1-2B93-440E-8143-CD3C2B559B15}: DhcpNameServer=65.24.7.3 65.24.7.6
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=65.24.7.3 65.24.7.6
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=65.24.7.3 65.24.7.6
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=65.24.7.3 65.24.7.6
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
The report of the AVG was not created. I db checked to see if I made settings as you requested. I had. there were 13 medium threat cookies. the Hijack file will be in next post. The reply message said I needed to shorten post.