First of all tannks for any help, i followed yur instructions and here are the new logs.
SmitFraudFix v2.109
Scan done at 19:32:55.14, Wed 10/11/2006
Run from C:\Documents and Settings\marc knowles\Desktop\security\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b166be07-30a4-4d38-b781-44528a630706}"="hydrodictyon"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\VirusBurster\ Deleted
C:\Program Files\X Password Generator\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
...
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 8:11:01 PM 10/11/2006
+ Scan result:
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP121\A0031847.dll -> Adware.ProtectionBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP116\A0031210.exe -> Downloader.Zlob.aos : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP100\A0030578.exe -> Downloader.Zlob.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP100\A0030588.exe -> Downloader.Zlob.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP100\A0030602.exe -> Downloader.Zlob.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP103\A0030647.exe -> Downloader.Zlob.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP104\A0030659.exe -> Downloader.Zlob.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP105\A0030673.exe -> Downloader.Zlob.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP106\A0030693.exe -> Downloader.Zlob.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP107\A0030706.exe -> Downloader.Zlob.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP108\A0030718.exe -> Downloader.Zlob.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP108\A0030752.exe -> Downloader.Zlob.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP109\A0030770.exe -> Downloader.Zlob.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP110\A0030776.exe -> Downloader.Zlob.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP110\A0030868.exe -> Downloader.Zlob.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP111\A0030880.exe -> Downloader.Zlob.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP113\A0030885.exe -> Downloader.Zlob.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP114\A0030988.exe -> Downloader.Zlob.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP115\A0031087.exe -> Downloader.Zlob.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP115\A0031180.exe -> Downloader.Zlob.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP115\A0031203.exe -> Downloader.Zlob.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP116\A0031216.exe -> Downloader.Zlob.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP116\A0031233.exe -> Downloader.Zlob.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP118\A0031245.exe -> Downloader.Zlob.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP121\A0031799.exe -> Downloader.Zlob.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP121\A0031810.exe -> Downloader.Zlob.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP121\A0031824.exe -> Downloader.Zlob.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP121\A0031848.exe -> Downloader.Zlob.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP121\A0031852.exe -> Downloader.Zlob.aoy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9A48D400-87C7-4E7F-B2AD-41305654F810}\RP121\A0031853.exe -> Downloader.Zlob.aoy : Cleaned with backup (quarantined).
::Report end
....
Logfile of HijackThis v1.99.1
Scan saved at 8:20:42 PM, on 10/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Strokeit\strokeit.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\marc knowles\Desktop\security\crusty.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.toshibadirect.com/dpdstartO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [StrokeIt] C:\Program Files\Strokeit\strokeit.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1160502358607O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe