This pesky bug has put an icon into my tray trying to get me to buy some software to remove it. The nerve of these bastards. Anyway, I think I actually got infected with this same bug before and Spybot cleared it right up, but now its back and I can't seem to rid my system of it. I first ran the online PandaScan and recieved this log:


Incident Status Location

Adware:Adware/PornMagPass Not disinfected C:\WINDOWS\system32\ishost.exe
Adware:adware/securityerror Not disinfected c:\windows\system32\ot.ico
Spyware:Cookie/Malwarewipe Not disinfected C:\Documents and Settings\Jim\Cookies\jim@malwarewipe[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jim\Desktop\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jim\Local Settings\Application Data\Mozilla\Firefox\Profiles\daxwnhuv.default\Cache\3EFBEAA3d01[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jim\Local Settings\Temp\1qxcm5qx.exe[smitRem/Process.exe]
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Jim\Local Settings\Temp\win5A.tmp.exe[Cowabanga.exe]
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx1.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx10.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx100.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx101.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx102.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx103.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx104.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx105.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx106.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx107.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx108.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx109.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx11.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx110.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx111.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx112.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx113.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx114.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx115.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx116.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx117.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx118.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx119.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx12.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx120.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx121.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx122.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx13.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx14.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx15.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx16.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx17.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx18.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx19.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx2.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx20.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx21.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx22.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx23.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx24.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx25.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx26.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx27.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx28.dll

Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx29.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx3.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx30.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx31.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx32.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx33.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx34.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx35.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx36.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx37.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx38.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx39.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx4.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx40.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx41.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx42.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx43.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx44.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx45.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx46.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx47.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx48.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx49.dll
Adware:Adware/SpywareQuake Not disinfected C:\WINDOWS\system32\components\flx5.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx50.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx51.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx52.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx53.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx54.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx55.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx56.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx57.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx58.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx59.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx6.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx60.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx61.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx62.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx63.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx64.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx65.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx66.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx67.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx68.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx69.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx7.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx70.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx71.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx72.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx73.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx75.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx76.dll

Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx77.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx78.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx79.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx8.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx80.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx81.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx82.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx83.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx84.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx85.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx86.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx87.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx88.dllAdware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx89.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx9.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx90.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx91.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx92.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx93.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx94.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx95.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx96.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx97.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx98.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx99.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\opnoopo.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\Temp\win1083.tmp.exe
Dialer:Dialer.HIX Not disinfected C:\WINDOWS\Temp\win10C8.tmp.exe
Dialer:Dialer.HIX Not disinfected C:\WINDOWS\Temp\win10C9.tmp.exe
Dialer:Dialer.HIX Not disinfected C:\WINDOWS\Temp\win37.tmp.exe
Dialer:Dialer.HIX Not disinfected C:\WINDOWS\Temp\win3A1.tmp.exe
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\Temp\win3A5.tmp.exe
Dialer:Dialer.HIX Not disinfected C:\WINDOWS\Temp\win700.tmp.exe
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\Temp\win708.tmp.exe
Dialer:Dialer.HIX Not disinfected C:\WINDOWS\Temp\winEE6.tmp.exe
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\Temp\winF19.tmp.exe


Next, I ran Spybot in the Diagnostic mode (using the command msconfig, I couldn't figure out how to boot in safe mode as my computer didn't want to respond to F8 at startup :confused: ) but Spybot came up clean. Now I am running in norml mode and have run HijackThis and recieved this log:

Logfile of HijackThis v1.99.1
Scan saved at 7:54:00 PM, on 7/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\ismon.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\toshiba\ivp\ism\pinger.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Documents and Settings\Jim\Desktop\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbue32 - winbue32.dll (file missing)
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\system32\pmnqguh.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

It all looks so confusing to me :confused: Please Help!!!

Hi mugiwara

Fallow the instructions on this page and post the logs mentioned at the bottom, if you have any questions ask before getting started.
http://forums.spybot.info/showthread.php?t=4015

While your in safe mode fallowing those instructions delete this folder
C:\WINDOWS\system32\components

Due to lack of a response this topic has been archived.
If you need it re-opened please send me a pm and provide a link to the thread.

Applies only to the original topic starter.

Thanks for re-opening this and sorry for the delay in my response. My computer's power supply was fried after a lighting storm and I've been waiting until now to get it back.

Anyway, I did everything listed in that thread as well as deleted C:\WINDOWS\system32\components folder while in Safe Mode.

Here are the three logs:
Rapport.txt:

SmitFraudFix v2.81

Scan done at 17:52:23.95, Sun 08/20/2006
Run from C:\Documents and Settings\Jim\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7916f057-223f-4612-ac84-e882cbe043d4}"="bals"

[HKEY_CLASSES_ROOT\CLSID\{7916f057-223f-4612-ac84-e882cbe043d4}\InProcServer32]
@="C:\WINDOWS\system32\hvcycg.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{7916f057-223f-4612-ac84-e882cbe043d4}\InProcServer32]
@="C:\WINDOWS\system32\hvcycg.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\hvcycg.dll -> Missing File

C:\WINDOWS\system32\pmnqguh.dll -> Missing File


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ixt?.dll Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\Jim\FAVORI~1\Antivirus Test Online.url Deleted
C:\Program Files\SpyQuake2.com\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


Ewido:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:25:46 PM 8/20/2006

+ Scan result:



HKU\S-1-5-21-843580018-2121010639-3836802986-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{873EB32D-AE1A-4183-89BD-45A77F761BE4} -> Adware.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\system32\opnoopo.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim\Desktop\components.zip/components/flx123.dll -> Downloader.Zlob.zk : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim\Desktop\components.zip/components/flx74.dll -> Downloader.Zlob.zk : Cleaned with backup (quarantined).
C:\Documents and Settings\Jim\Desktop\components.zip/components/flx5.dll -> Not-A-Virus.Hoax.Win32.Renos.dw : Ignored.
C:\WINDOWS\Temp\win1083.tmp.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win3A5.tmp.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win708.tmp.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winF19.tmp.exe -> Trojan.Pakes : Cleaned with backup (quarantined).


::Report end

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 7:37:48 PM, on 8/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\RTHDCPL.EXE
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jim\Desktop\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbue32 - winbue32.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

Hi

C:\Documents and Settings\Jim\Desktop\components.zip < delete that
Start Hijackthis and place a check next to these items If there.
O20 - Winlogon Notify: winbue32 - winbue32.dll (file missing)
====================================
Hit fix checked and close Hijackthis.


What are the current problems ?

I had zipped up that components folder just in case I'd need it, but ewido wanted to get rid of it so I let it. I fixed what yoiu asked with HJT and there are no problems. Actually, the computer has been problem free since I just did what you had first asked me to do. So I'm hoping the bugs are squashed and you have my thanks for the help. If the problem comes back I'll be sure to let you know, but I'm keeping my fingers crossed that I won't have to.:laugh:

Thats good news.

Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month

To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279

Wow! Thanks for all the help! :D: I never knew about the hosts file before. That's good to have updated; already bookmarked. I even went and installed some of the programs to help guard the computer from now on without having to pay out the ass for it. You guys are a great resource :bigthumb: I'm going to go hit that donate button...

Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.

If you should need to post another log for the same PC let one of us know via a PM (personal message).