Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: Smitfraud and DeepDRive problems

  1. #11
    Junior Member
    Join Date
    Feb 2007
    Posts
    10

    Default results of your instructions.

    here is the combo file first.
    ComboFix 07-11-08.1 - Richard 2007-11-10 20:30:44.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1538 [GMT -5:00]
    Running from: C:\Documents and Settings\Richard\Desktop\ComboFix.exe
    * Created a new restore point
    .

    Unable to gain System Privileges

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\SeekmoSA
    C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA.dat
    C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA_kyf.dat
    C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAAbout.mht
    C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAau.dat
    C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAEULA.mht
    C:\WINDOWS\rs.txt
    C:\WINDOWS\search_res.txt

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 )))))))))))))))))))))))))))))))
    .

    2007-11-10 20:29 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-10 14:27 <DIR> d-------- C:\Program Files\GameSpot
    2007-11-10 11:17 10,920 --a------ C:\aolconnfix.exe
    2007-11-10 11:15 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\AOL
    2007-11-09 13:28 <DIR> d-------- C:\Documents and Settings\Richard\Contacts
    2007-11-09 13:26 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2007-11-09 13:25 <DIR> d-------- C:\Program Files\Windows Live Toolbar
    2007-11-09 13:25 <DIR> d-------- C:\Program Files\Windows Live Favorites
    2007-11-09 13:19 <DIR> d-------- C:\Program Files\Windows Live
    2007-11-09 13:19 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
    2007-11-09 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-11-08 16:05 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-11-08 16:05 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-11-08 16:05 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-11-08 16:05 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-11-08 16:05 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-11-08 13:13 2,492 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-08 11:54 <DIR> d-------- C:\Documents and Settings\PJ\Application Data\AOL
    2007-11-08 11:53 <DIR> d-------- C:\Program Files\Viewpoint
    2007-11-08 11:53 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
    2007-11-08 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
    2007-11-08 11:52 33,588 -ra------ C:\WINDOWS\system32\drivers\wanatw4.sys
    2007-11-08 11:51 <DIR> d-------- C:\WINDOWS\aolshare
    2007-11-08 11:51 <DIR> d-------- C:\Program Files\AOL 9.1
    2007-11-03 23:17 <DIR> d-------- C:\Documents and Settings\PJ\Application Data\iolo
    2007-11-03 06:06 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
    2007-11-03 06:05 <DIR> d-------- C:\Program Files\iolo
    2007-11-03 06:05 378,216 --a------ C:\WINDOWS\system32\Incinerator.dll
    2007-11-03 06:05 41,472 --a------ C:\WINDOWS\system32\iolobtdfg.exe
    2007-11-03 06:05 25,264 --a------ C:\WINDOWS\system32\smrgdf.exe
    2007-11-03 06:04 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
    2007-11-03 06:03 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\iolo
    2007-11-03 06:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
    2007-10-31 21:09 <DIR> d-------- C:\Program Files\THQ
    2007-10-31 20:56 <DIR> d-------- C:\WINDOWS\Hornet Leader Demo
    2007-10-31 20:56 <DIR> d-------- C:\Matrix Games
    2007-10-31 15:57 <DIR> d-------- C:\WINDOWS\privacy_danger
    2007-10-29 19:33 <DIR> d-------- C:\WINDOWS\privacy_danger(2)
    2007-10-27 06:45 <DIR> d-------- C:\Program Files\Trend Micro
    2007-10-23 17:06 585,728 --a------ C:\WINDOWS\WLXPGSS.SCR
    2007-10-23 13:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\eGames
    2007-10-22 10:57 <DIR> d-------- C:\Documents and Settings\PJ\Application Data\Eyeblaster
    2007-10-18 17:15 <DIR> d-------- C:\Program Files\PlayFirst
    2007-10-18 11:31 51,224 --a------ C:\WINDOWS\system32\sirenacm.dll
    2007-10-17 18:14 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2007-10-17 18:14 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
    2007-10-17 18:14 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-10-17 18:12 <DIR> d-------- C:\Program Files\id Software
    2007-10-16 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2007-10-14 07:40 <DIR> d-------- C:\Program Files\7-Zip
    2007-10-13 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Oberon Media
    2007-10-13 09:20 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
    2007-10-13 09:20 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
    2007-10-13 09:20 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
    2007-10-13 09:20 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
    2007-10-12 13:52 <DIR> d-------- C:\Program Files\Lighthouse Interactive
    2007-10-12 13:30 <DIR> d-------- C:\Documents and Settings\PJ\Application Data\VeniceMysteryData
    2007-10-12 09:48 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
    2007-10-12 09:48 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
    2007-10-12 09:48 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
    2007-10-12 09:48 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
    2007-10-11 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\U3
    2007-10-11 13:31 <DIR> d-------- C:\Documents and Settings\PJ\Application Data\ScreenSeven
    2007-10-11 06:21 103,808 --a------ C:\WINDOWS\system32\AOLDial.dll
    2007-10-11 06:20 33,384 --a------ C:\WINDOWS\system32\drivers\atwpkt264.sys
    2007-10-11 06:20 24,960 --a------ C:\WINDOWS\system32\drivers\atwpkt2.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2024-10-26 18:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-10 23:22 --------- d-----w C:\Program Files\AOL Games
    2007-11-10 19:28 21,408 ----a-w C:\Program Files\install.log
    2007-11-09 15:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
    2007-11-08 16:53 --------- d-----w C:\Program Files\Common Files\aolshare
    2007-11-08 16:53 --------- d-----w C:\Program Files\Common Files\AOL
    2007-11-08 16:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
    2007-11-08 12:41 --------- d-----w C:\Program Files\City Interactive
    2007-11-08 12:41 --------- d-----w C:\Program Files\Activision
    2007-11-07 23:55 --------- d-----w C:\Program Files\Rokugen
    2007-11-04 21:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-04 20:58 --------- d-----w C:\Program Files\Electronic Arts
    2007-11-04 17:02 --------- d-----w C:\Program Files\Microsoft Games
    2007-11-03 19:26 --------- d-----w C:\Program Files\Codemasters
    2007-11-03 12:49 --------- d-----w C:\Documents and Settings\Richard\Application Data\U3
    2007-11-01 13:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
    2007-10-27 03:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-19 17:54 --------- d-----w C:\Program Files\Shockwave.com
    2007-10-17 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
    2007-10-12 15:05 --------- d-----w C:\Program Files\cdv Software Entertainment USA
    2007-10-11 01:05 --------- d-----w C:\Documents and Settings\Richard\Application Data\EleFun Games
    2007-10-10 07:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2007-10-10 04:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
    2007-10-09 22:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3 YPack Trial
    2007-10-08 22:36 --------- d-----w C:\Program Files\Java
    2007-10-08 11:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
    2007-10-04 22:29 --------- d-----w C:\Program Files\Windows Media Connect 2
    2007-10-03 23:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\LucasArts
    2007-10-03 23:29 --------- d-----w C:\Program Files\LucasArts
    2007-10-03 01:16 --------- d-----w C:\Program Files\iTunes
    2007-10-03 01:16 --------- d-----w C:\Program Files\iPod
    2007-10-02 10:01 --------- d-----w C:\Program Files\Ubisoft
    2007-10-02 01:56 --------- d-----w C:\Program Files\CAPCOM
    2007-10-01 01:39 796,672 ----a-w C:\WINDOWS\GPInstall.exe
    2007-09-28 23:35 --------- d-----w C:\Documents and Settings\Richard\Application Data\Codemasters
    2007-09-28 23:31 --------- d-----w C:\Documents and Settings\Richard\Application Data\InstallShield
    2007-09-28 17:18 --------- d-----w C:\Documents and Settings\PJ\Application Data\EleFun Games
    2007-09-28 17:15 --------- d-----w C:\Program Files\NoodleNet
    2007-09-28 13:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-09-27 21:31 --------- d-----w C:\Documents and Settings\Richard\Application Data\Gaijin Ent
    2007-09-26 21:57 --------- d-----w C:\Documents and Settings\PJ\Application Data\FloodLightGames
    2007-09-24 20:59 --------- d-----w C:\Program Files\Apple Software Update
    2007-09-20 13:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\InterAction studios
    2007-09-16 16:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft
    2007-09-15 15:14 --------- d-----w C:\Program Files\MFInstall
    2007-08-28 17:16 82 ----a-w C:\Documents and Settings\Chris\._FurionatorWindows.exe
    2007-08-28 17:16 12,240,358 ----a-w C:\Documents and Settings\Chris\FurionatorWindows.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 05:06]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 00:04]
    "StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 00:01]
    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 11:45]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09]
    "HostManager"="C:\Program Files\Common Files\AOL\1186612187\ee\AOLSoftware.exe" [2007-05-25 12:16]
    "SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [2007-10-03 08:05]
    "CTHelper"="CTHELPER.EXE" [2006-08-11 13:56 C:\WINDOWS\CTHELPER.EXE]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 13:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 14:44 C:\WINDOWS\KHALMNPR.Exe]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]

    C:\Documents and Settings\Chris\Start Menu\Programs\Startup\
    GameSpot Download Manager.lnk - C:\RECYCLER\S-1-5-21-1177238915-2049760794-682003330-500\Dc24\GameSpotDownloadManager_Win32.exe [2007-10-12 19:34:50]

    C:\Documents and Settings\Richard\Start Menu\Programs\Startup\
    GameSpot Download Manager.lnk - C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe [2007-10-12 19:34:50]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-06-25 20:19:04]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-06-25 20:17:43]
    Microsoft Works Calendar Reminders.lnk.disabled [2007-06-05 22:23:10]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
    "Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe
    "Microsoft Works Portfolio"=C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    "WorksFUD"=C:\Program Files\Microsoft Works\wkfud.exe
    "Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    "HostManager"=C:\Program Files\Common Files\AOL\1186612187\ee\AOLSoftware.exe

    R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe
    R2 WUSB300NSvc;WUSB300NSvc;"C:\Program Files\Linksys\WUSB300N\WLService.exe" "WUSB300N.exe"
    R3 AtlsAud;Dell Movie Studio Audio Device;C:\WINDOWS\system32\drivers\AtlsAud.sys
    R3 EMATCORE;Dell Movie Studio Video Device;C:\WINDOWS\system32\Drivers\AtlsVid.sys
    S3 PRISM_USB;Dell TrueMobile 1180 Wireless USB Adapter;C:\WINDOWS\system32\DRIVERS\DELUSB_51.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f402c6e-6069-11dc-8074-001a70a7fb0f}]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-07 02:13:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-11-11 00:35:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    "2007-11-10 14:00:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
    - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-10 20:36:31
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-10 20:38:07 - machine was rebooted
    .
    --- E O F ---

    OK, here is the Smit results. still does not seem to get rid of privacy danger.

    SmitFraudFix v2.252

    Scan done at 20:59:48.07, Sat 11/10/2007
    Run from C:\Documents and Settings\Richard\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    Problem while deleting C:\WINDOWS\privacy_danger

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{AADF28C1-2B93-440E-8143-CD3C2B559B15}: DhcpNameServer=65.24.7.3 65.24.7.6
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{AADF28C1-2B93-440E-8143-CD3C2B559B15}: DhcpNameServer=65.24.7.3 65.24.7.6
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{AADF28C1-2B93-440E-8143-CD3C2B559B15}: DhcpNameServer=65.24.7.3 65.24.7.6
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=65.24.7.3 65.24.7.6
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=65.24.7.3 65.24.7.6
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=65.24.7.3 65.24.7.6


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

    The report of the AVG was not created. I db checked to see if I made settings as you requested. I had. there were 13 medium threat cookies. the Hijack file will be in next post. The reply message said I needed to shorten post.

  2. #12
    Junior Member
    Join Date
    Feb 2007
    Posts
    10

    Default

    here is the hijack file.

    Logfile of HijackThis v1.99.1
    Scan saved at 10:34:51 PM, on 11/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
    C:\WINDOWS\runservice.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Linksys\WUSB300N\WLService.exe
    C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Common Files\AOL\1186612187\ee\AOLSoftware.exe
    C:\Program Files\Common Files\AOL\Loader\aolload.exe
    C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1186612187\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk.disabled
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjong%20Roadshow/Images/stg_drm.ocx
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/gh...ball/abxgh.cab
    O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://aolsvc.aol.com/onlinegames/fr...esLauncher.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Lottery%20Ticket/Images/armhelper.ocx
    O16 - DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} (CPlayFirstSandScriptControl Object) - http://aolsvc.aol.com/onlinegames/fr...t.1.0.0.21.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe" "WUSB300N.exe (file missing)

    thanks please let me know what I should be doing next.
    Richard keith

  3. #13
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hello Richard,

    Privacy Danger is no longer on your log , but lets be sure.

    We need to make sure all hidden files are showing :
    • Click Start.
    • Open My Computer.
    • Select the Tools menu and click Folder Options.
    • Select the View tab.
    • Under the Hidden files and folders heading select Show hidden files and folders.
    • Uncheck the Hide file extensions for known types option.
    • Uncheck the Hide protected operating system files (recommended) option.
    • Click Yes to confirm.
    • Click OK.

    Once your system is clean, we suggest that you reverse this to keep critical windows files from accidently being deleted.

    See if these two are still present and delete them if they are, let me know if they were and if you could delete them.

    C:\WINDOWS\privacy_danger
    C:\WINDOWS\privacy_danger(2)


    The rest of your log looks fine, how are things running now??
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  4. #14
    Junior Member
    Join Date
    Feb 2007
    Posts
    10

    Default there still there

    yes those two files say I cant touch them. They are either write protected or in memory. Have tried removing them from safe, no luck. tried Dos com to change attributes. no luck.

    As to how its running, pretty good. Slower as you suggested. One interesting note, when i click on bug report in spybot, it wont automatically to , I have to type in the address?

    Thanks

  5. #15
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Do this.

    Download Pocket Killbox to your desktop.

    Highlight all the files with the complete path inside the quote and press Ctrl C on your keyboard.
    • C:\WINDOWS\privacy_danger
      C:\WINDOWS\privacy_danger(2)
    • Open Pocket Killbox
    • Go to File > Paste from clipboard
    • Set it to Delete on Reboot
    • Tick the box that says End Explorer shell while killing file
    • If its not greyed out..Click the radio button that say Unregister .dll before deleting.
    • Make sure ALL Files is selected
    • Click on the Red circle with the white X
    • It will ask you to confirm the deletion...Say yes
    • It will ask you to reboot, say yes

    If you get a message "pending operations has been stopped by external process!" then reboot the computer manually.


    After you reboot, see if there gone and let me know.

    As far as Spybot, when we are done you can post in the forum for Spybot, its run by the people that specialize in that program
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  6. #16
    Junior Member
    Join Date
    Feb 2007
    Posts
    10

    Default

    Hello Ken,

    Tried the program as you suggested. Those two are still there.
    As for the link question. This goes for all links, not just the one in spybot.

    Thanks,
    Richard Keith

  7. #17
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Richard,

    Boot to Safemode and log on as Administrator and run Option 2 for Smitfraud and also run Combofix again, reboot and post both logs then run HJT and post a new log please
    Last edited by ken545; 2007-11-13 at 11:42.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #18
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Richard,

    Are you running XP Home or Professional? Click on My Computer> Right click on your C: drive and see if you have windows installed using the NTFS .
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #19
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,987

    Default

    How is it going Tollhase.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  10. #20
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,987

    Default

    This topic has been archived due to inactivity.

    As it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened.

    If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •