debbie3

okay fredmh
I have finished and here are the reports

SmitFraudFix v2.124

Scan done at 13:37:03.51, Sun 11/26/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{40dcff6e-af8d-4183-8ebe-a82270ac449e}"="gimmicks"

[HKEY_CLASSES_ROOT\CLSID\{40dcff6e-af8d-4183-8ebe-a82270ac449e}\InProcServer32]
@="C:\WINDOWS\system32\dcvwaah.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{40dcff6e-af8d-4183-8ebe-a82270ac449e}\InProcServer32]
@="C:\WINDOWS\system32\dcvwaah.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\dcvwaah.dll -> Hoax.Win32.Renos.gen.i
C:\WINDOWS\system32\dcvwaah.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\secure32.html Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\Gold Codec\ Deleted
C:\Program Files\Virus-Bursters\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:33:46 PM 11/26/2006

+ Scan result:



C:\Program Files\Microsoft AntiSpyware\Quarantine\A8A8A4D5-44D3-439D-8965-BFBCB3\CA2BD2DE-7F82-4D2E-A0FF-22DDF3 -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\B969BE93-8E3D-4404-8ADB-B7988E\415DF344-38B7-4999-A857-32869C -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-129560896-272997143-4236220617-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP723\A0103097.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP723\A0103123.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP723\A0103124.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP723\A0103125.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP723\A0103132.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP723\A0103133.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP657\A0098158.ocx -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP658\A0098189.ocx -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP660\A0098246.ocx -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP682\A0099092.ocx -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP685\A0099236.ocx -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP686\A0099265.ocx -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP689\A0099350.ocx -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP702\A0099766.ocx -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP709\A0100966.ocx -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\actskn45.ocx -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-40baf3a5-728412e4.class -> Downloader.OpenStream.y : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP728\A0103983.dll -> Downloader.Small.dzp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP728\A0103986.dll -> Downloader.Zlob.azk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP727\A0103711.exe -> Downloader.Zlob.azl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP727\A0103712.exe -> Downloader.Zlob.azm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP725\A0103362.exe -> Downloader.Zlob.bai : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP725\A0103363.exe -> Downloader.Zlob.bai : Cleaned with backup (quarantined).


::Report end


Incident Status Location

Potentially unwanted tool:application/mywebsearch Not disinfected c:\program files\MyGlobalSearch
Potentially unwanted tool:application/zango Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{99410cde-6f16-42ce-9d49-3807f78f0287}
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv265.jar-3283d0d0-5845ab47.zip[Matrix.class]

Logfile of HijackThis v1.99.1
Scan saved at 3:12:15 PM, on 11/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\hijackthis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AccuWeatherDesktopAlerts] C:\Program Files\AccuWeatherDesktopAlerts\AccuWeatherDesktopAlerts.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LXBTCustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTserv.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

thank you for making your instuctions so easy to follow
oh and i wanted to add that my home page is back, the flashing icon is gone
and about bearshare, I didn't see it in my add/remove list, how do i get rid of it?