1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Ran smithfraudfix and ran panda scan

Discussion in 'Virus & Other Malware Removal' started by 8th street, Dec 10, 2008.

Thread Status:
Not open for further replies.
  1. 8th street

    8th street Thread Starter

    Joined:
    Dec 9, 2008
    Messages:
    4
    Hello,:cool:
    Joined yesturday and have done alot to fix daugters computer. Always lurking on these tech forums when there is a problem, but never joining.

    I ran smithfraudfix in safe mode and then rebooted to normal and the daughters computer now connects to the internet. I'm hoping the Zlob virus is gone.

    My daughters puter initially showed the tiny proxy, bolivar28.exe

    Do I still need to run ComboFix??

    I will post some logs from smith, panda and hijackthis and hopefully someone can suggest where to proceed from here??
    I am really hoping that this problem will be resolved soon


    4 LOgS tO FoLLow

    mitFraudFix v2.382
    Scan done at 18:17:27.84, Wed 12/10/2008
    Run from C:\Documents and Settings\:eek:Erin\Desktop\smithfraudfix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode
    »»»»»»»»»»»»»»»»»»»»»»»» Process
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton Ghost\Agent\GhostTray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\WINDOWS\system32\wuauclt.exe
    c:\program files\common files\installshield\updateservice\isuspm.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
    C:\WINDOWS\system32\cmd.exe
    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Erin

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Erin\LOCALS~1\Temp

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Erin\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Erin\FAVORI~1

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="about:Home"
    "SubscribedURL"="about:Home"
    "FriendlyName"="My Current Home Page"

    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, following keys are not inevitably infected!!!
    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!
    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!
    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, following keys are not inevitably infected!!!
    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!
    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, following keys are not inevitably infected!!!
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS
    Description: Linksys Wireless-G PCI Adapter - Packet Scheduler Miniport
    DNS Server Search Order: 204.186.0.201
    DNS Server Search Order: 207.44.96.129
    DNS Server Search Order: 24.229.54.212
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{317E0A0A-558C-4883-B615-26210AB1EC98}: DhcpNameServer=204.186.0.201 207.44.96.129 24.229.54.212
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{317E0A0A-558C-4883-B615-26210AB1EC98}: DhcpNameServer=204.186.0.201 207.44.96.129 24.229.54.212
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{317E0A0A-558C-4883-B615-26210AB1EC98}: DhcpNameServer=204.186.0.201 207.44.96.129 24.229.54.212

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

    »»»»»»»»»»»»»»»»»»»»»»»» End

    SmitFraudFix v2.382
    Scan done at 18:24:40.34, Wed 12/10/2008
    Run from C:\Documents and Settings\Erin\Desktop\smithfraudfix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode
    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!
    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll
    »»»»»»»»»»»»»»»»»»»»»»»» Killing process

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost
    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{317E0A0A-558C-4883-B615-26210AB1EC98}: DhcpNameServer=204.186.0.201 207.44.96.129 24.229.54.212
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{317E0A0A-558C-4883-B615-26210AB1EC98}: DhcpNameServer=204.186.0.201 207.44.96.129 24.229.54.212
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{317E0A0A-558C-4883-B615-26210AB1EC98}: DhcpNameServer=204.186.0.201 207.44.96.129 24.229.54.212

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!
    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» End

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2008-12-10 19:56:12
    PROTECTIONS: 2
    MALWARE: 21
    SUSPECTS: 19
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    AVG 7.5.552 7.5.552 Yes Yes
    McAfee VirusScan Yes Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Erin\Cookies\[email protected][1].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Erin\Cookies\[email protected][2].txt
    00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Erin\Cookies\[email protected][2].txt
    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Erin\Cookies\[email protected][1].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Erin\Cookies\[email protected][1].txt
    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Erin\Cookies\[email protected][1].txt
    00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Erin\Cookies\[email protected][1].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Erin\Cookies\[email protected][2].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Erin\Cookies\[email protected][1].txt
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Erin\Cookies\[email protected][2].txt
    00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Erin\Cookies\[email protected][2].txt
    00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Erin\Cookies\[email protected][1].txt
    00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Erin\Cookies\[email protected][2].txt
    00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Erin\Cookies\[email protected][1].txt
    00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Erin\Cookies\[email protected][1].txt
    00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Erin\Cookies\[email protected][1].txt
    00472244 W32/Boface.H.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0026920.exe
    02164907 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\DIGStream\digstream.exe
    02941681 Trj/WmaDownloader.G Virus/Trojan No 0 Yes No C:\Documents and Settings\Erin\My Documents\My Music\06 Track 6.wma
    02941683 ASF/GetaCodec.A Virus No 0 Yes No C:\Documents and Settings\Erin\My Documents\FrostWire\Incomplete\T-5745425-neon acoustic set.mp3
    04313674 Generic Trojan Virus/Trojan No 0 Yes No E:\ComboFix.exe
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location
    ;===================================================================================================================================================================================
    No C:\Documents and Settings\Erin\Desktop\smithfraudfix\404Fix.exe
    No C:\Documents and Settings\Erin\Desktop\smithfraudfix\IEDFix.C.exe
    No C:\Documents and Settings\Erin\Desktop\smithfraudfix\SmitfraudFix.zip[SmitfraudFix/404Fix.exe]
    No C:\Documents and Settings\Erin\Desktop\smithfraudfix\SmitfraudFix.zip[SmitfraudFix/IEDFix.C.exe]
    No C:\Documents and Settings\Erin\Desktop\smithfraudfix\SmitfraudFix.zip[SmitfraudFix/VACFix.exe]
    No C:\Documents and Settings\Erin\Desktop\smithfraudfix\VACFix.exe
    No C:\Documents and Settings\Erin\Desktop\UFileDownloadTrial.EXE[Common.zip][InternetDownload.exe][VDTB.dll]
    No C:\Documents and Settings\Erin\Desktop\UFileDownloadTrial.EXE[Common.zip][InternetDownload.exe][install.dll]
    No C:\Documents and Settings\Erin\Local Settings\Temp\Temporary Directory 1 for SmitfraudFix.zip\SmitfraudFix\404Fix.exe
    No C:\Documents and Settings\Erin\Local Settings\Temp\Temporary Directory 1 for SmitfraudFix.zip\SmitfraudFix\IEDFix.C.exe
    No C:\Documents and Settings\Erin\Local Settings\Temp\Temporary Directory 1 for SmitfraudFix.zip\SmitfraudFix\VACFix.exe
    No C:\Program Files\VersalSoft\InternetDownload\install.dll
    No C:\WINDOWS\system32\404Fix.exe
    No C:\WINDOWS\system32\IEDFix.C.exe
    No C:\WINDOWS\system32\o4Patch.exe
    No C:\WINDOWS\system32\VACFix.exe
    No E:\SmitfraudFix.zip[SmitfraudFix/VACFix.exe]
    No E:\SmitfraudFix.zip[SmitfraudFix/IEDFix.C.exe]
    No E:\SmitfraudFix.zip[SmitfraudFix/404Fix.exe]
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description
    ;===================================================================================================================================================================================
    108742 MEDIUM MS06-006
    ;===================================================================================================================================================================================


    Logfile of HijackThis v1.99.1
    Scan saved at 8:03:04 PM, on 12/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton Ghost\Agent\GhostTray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
    O4 - HKLM\..\Run: [InternetDownload_upgrade] "C:\Program Files\VersalSoft\InternetDownload\InternetDownload.exe" /upgrade
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: Download by VersalSoft Internet Download - C:\Program Files\VersalSoft\InternetDownload\adddownload.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
  2. 8th street

    8th street Thread Starter

    Joined:
    Dec 9, 2008
    Messages:
    4
    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix



    00472244 W32/Boface.H.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP436\A0026920.exe
    02164907 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\DIGStream\digstream.exe
    02941681 Trj/WmaDownloader.G Virus/Trojan No 0 Yes No C:\Documents and Settings\Erin\My Documents\My Music\06 Track 6.wma
    02941683 ASF/GetaCodec.A Virus No 0 Yes No C:\Documents and Settings\Erin\My Documents\FrostWire\Incomplete\T-5745425-neon acoustic set.mp3

    This was at the bottom of the report.
    Can I just manually delete these??

    04313674 Generic Trojan Virus/Trojan No 0 Yes No E:\ComboFix.exe
    Do I need to run the comboFix program??
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/778315

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice