Somewhere, somehow I picked up the Internet Security / Protection Bar bug and have tried everything in my arsenal to get rid of it. I tried to do an online scan using two of the recommended sites but the scan just bogged down and eventually stalled out. I finally gave up and followed the directions given to another poster with the same (or very similar) problem and the scan results will follow.

I know you hear this all the time, but I am enrolled in an IT program at the local college that involves three online classes. I have been working on this problem since early this morning and, unless I can find a fix within the next 12- 18 hours, I will have no choice but to do a new install with a complete reformat. Any assistance will be greatly appreciated.

SMITFRAUD RAPPORT LOG
SmitFraudFix v2.81

Scan done at 17:47:13.42, Mon 08/28/2006
Run from C:\Documents and Settings\GW\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.


HIJACKTHIS LOG

Logfile of HijackThis v1.99.1
Scan saved at 7:01:49 PM, on 8/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Novatix\Cyberhawk\CHService.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\Novatix\Cyberhawk\CHTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://toshibadirect.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\PCODEC\isaddon.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Protection Bar - {860c2f6b-ca82-4282-9187-beccbb66f0af} - C:\Program Files\PCODEC\iesplugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TOSHIBA Picture Enhancement Utility] C:\Program Files\TOSHIBA\TOSHIBA Picture Enhancement Utility\TosPEHK.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Cyberhawk] C:\Program Files\Novatix\Cyberhawk\CHTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cyberhawk - Unknown owner - C:\Program Files\Novatix\Cyberhawk\CHService.exe" service (file missing)
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

FIRST EWIDO SCAN @ 3:16 PM---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:16:55 PM 8/28/2006

+ Scan result:



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.IntCodec : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.IntCodec : Cleaned with backup (quarantined).
C:\Documents and Settings\GW\Cookies\gw@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@microsofteup.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@sportingnews.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@cz6.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@ehg-ignitemedia.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\GW\Cookies\gw@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

LAST EWIDO SCAN @ 6:41 PM

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:41:32 PM 8/28/2006

+ Scan result:



Nothing found.



::Report end



SPYBOT SCAN


--- Search result list ---
Congratulations!: No immediate threats were found. ()

Welcome to the forum, Let me first apologize for the fact that these volunteer services do not function on a similiar schedule as a technician who you drag your computer to and pay $150.00. Most forums are running 3 to 5 days, and that is if you ever get a answer. Having said this, I did have a look at your log and this is my advice.

The hackers are constantly updating their junk to stay ahead of our efforts, and this looks to be the case with you. You have a BHO and a Toolbar that was just added to the fix Version 2.82 (August 29, 2006) and you ran Version 2.81. I suggest you use this link:
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
remove everything you have on hand and download the newest Version. I would appreciate it if you would run both the Search function (so I can see how it removes the new junk) and the Clean function (to make sure it removes the BHO and Toolbar) and post a new HJT log along with those reports.

If your busy schedule indicates you no longer need our free service, I would appreciate a quick response indicating that so we can close your topic.

Thanks

This topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread.
Applies only to the original topic starter.