JeanInMontana

Hi there mjstef, and welcome to Malwarebytes. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

I can't find anything for sure about it. Get it scanned at Virustotal.com and post the results here. I don't know how I have not been seeing this either O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll Proof I needed to step back. Get rid of the P2P stuff. It is going to be trouble eventually.

Umm.... you are showing scans with Vundo on 3 different dates! Delete everything you have connected to Vundo all files, all downloaded files. Run HJT again and put a check next to these items below and click fix. O2 - BHO: (no name) - {16975C1E-950B-F58A-B187-08ED8F89A6B0} - C:\Program Files\Xhsxfzvt\nqxwjuqz.dll (file missing) O2 - BHO: (no name) - {35BFEF80-9814-0F5F-9961-0444D2412BD9} - C:\Program Files\Cestzfde\jaspsadd.dll (file missing) O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file) O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\Nick\LOCALS~1\Temp\{51C4F6AA-16AE-4C1D-9A52-6B6C5A925AB5}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing) Reboot, and run a new Vundo scan from a new download. Post that log and a new HJT log too please.

OK.... I would get rid of Viewpoint and I don't know what Urge is? A component for MTV is some stuff I see on Google. I would do a disk error check for the messages your getting. See if that helps. I can't see anything bad. What are your symptoms now?

OK get a copy of RogueRemover Pro either from my signature link or the one at the top of this page and run a scan with it. Remove everything it finds. Run a new Panda scan and post that log and a new HJT log please.

If you did what I asked was it after you ran the Panda scan? Combo fix and several other things are in the Panda log. Nothing in the Panda log was removed. You have to remove the things it finds. There is no point in scanning for the sake of scanning. Try running a scan with a trial of RogueRemover Pro you can use the link in my signature or at the top of this page. Run Panda again and post that log with a new HJT. But remove everything I have already asked you to before you scan with Panda and then remove what ever Panda will for free.

You can usually find how to run specific software by looking in the help tab. AVG Anti-Spyware Settings Select the "Scanner" icon at the top of the screen, then select the "Settings" tab. In the Settings screen click "Recommended actions" and then select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" DE-Select "Only if threats were found" IMPORTANT: Do not open any other windows or programs while AVG is scanning, it may interfere with the scanning proccess. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan" AVG Anti-Spyware will now begin the scanning process. Be patient as this may take a little time. While scanning, AVG will list any infections found on the left side. When the scan is completed, the recommended action should be set to Quarantine. If not, click Recommended Action and set it there. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right side. Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop). Close AVG Anti-Spyware.

Please download VundoFix.exe to your desktop. http://www.atribune.org/ccount/click.php?id=4 * Double-click VundoFix.exe to run it. * Click the Scan for Vundo button. * Once it's done scanning, click the Remove Vundo button. * You will receive a prompt asking if you want to remove the files, click YES * Once you click yes, your desktop will go blank as it starts removing Vundo. * When completed, it will prompt that it will reboot your computer, click OK. * Please post the contents of C:\vundofix.txt and a new HiJackThis log. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Hello again. Please delete the version of HJT you have, it is outdated and also should not be on the desktop. What symptoms are you experiencing? If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

My turn to apologize. I should have been more clear. Misc. tools in HJT is where you can get the info I requested.

Hi please get this program Author: Option^Explicit Download Location License: Freeware KillBox Download Link http://download.bleepingcomputer.com/spyware/KillBox.exe Operating System: Windows File Description: Pocket KillBox is a program that can be used to get rid of files that stubbornly refuse to allow you to delete them. Usage Information: Download this file and run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, allow it to do so, and hopefully your file will now be deleted. Put these files into it C:\WINDOWS\sapnet.dll C:\WINDOWS\rmvgor.dll Then post a new HJT log.

I took a couple of days to make some money and just take a break. I thought you got rid of SpyCatcher? IMO it is crapware and not worth the resources it's using up. That's just my opinion. But I see it back in full force and this 020 line needs to go. Use Kill box and post another log. secuload.dll Author: Option^Explicit Download Location License: Freeware KillBox Download Link http://download.bleepingcomputer.com/spyware/KillBox.exe Operating System: Windows File Description: Pocket KillBox is a program that can be used to get rid of files that stubbornly refuse to allow you to delete them. Usage Information: Download this file and run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, allow it to do so, and hopefully your file will now be deleted.

LOL glad you like the smilies. I get many from a pal in Canada. You need to have a Honey Pot installed before you can donate an MX record.

Delete the Combo Fix program please. Uninstall these programs D:\MPP\SYSTEM\VOICE\STDIO.DLL Documents\Download_Accelerator_Plus_v8.5.5.5_Premium___Crack\Download_Accelerator_Plus_v8.5.5.5_Premium___Crack\CRACK\DAP.exe It is against the law to obtain software you do not pay for that is not provided free. Cracks are illegal and probably why your infected. Run HJT and put a check next to these: O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL <====== This one is debatable. Not classified as malware, but not good either. Get this and clean everything it finds. http://www.ccleaner.com/download Then run another Panda scan please and post that log with a new HJT log after it.

Hey I see you also have a thread here http://forums.whatthetech.com/wats_going_o...ml&p=419335 You need to pick one forum and stick with it. Your taking up the time of two people when you double post at other forums. You also risk ruining your system.

I'm not going to ask you to use any program that isn't "legit" Please run the scan and post the log also a new HJT log.

Well still some nasty looking stuff in your log. Please put a check next to these: O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file) O4 - HKLM\..\Run: [sC2] C:\Program Files\SecCenter\scprot4.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background Click fix and exit the program. Delete all your quarantine files in AVG and Smitfraud fix. Do you know what this is O1 - Hosts: 216.107.242.199 l2authd.lineage2.com ? I would like a Panda scan too please. Also a scan from this program 1. Download this file : http://www.techsupportforum.com/sectools/combofix.exe 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall

OK still not clean. Run HJT and put a check next to these: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 O21 - SSODL: sapnet - {BA9D3F44-D0EB-441E-ADCE-478EF7EA7D57} - C:\WINDOWS\sapnet.dll O21 - SSODL: rmvgor - {067AB3C3-869D-4ABF-ACBC-AB76550A115D} - C:\WINDOWS\rmvgor.dll O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm Click fix and then please follow the directions below. 1. Download this file : http://www.techsupportforum.com/sectools/combofix.exe 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Wow, that actually brought a tear to my eye. I don't think in three plus years of this forum work, anyone has been so sincere and totally touching. I also could see from the logs that the true PC owner was Kat, but people choose all sorts of names for forums. You are very perceptive. Am I right then that we have whipped your demon? Or you think we have? I would like to invite you to my personal forum too. It is not all PC security we have fun too. There is a link in my signature to MontanaMenagerie.

You have to help me help you. End now and not responding mean nothing, without know where those messages are coming from. Is it a Windows message, or a program? End what now, what is not responding? Show me a new AVG scan log and HJT start up log. Look in Misc tool and find the Uninstall list, save that and post it here please. Also post a start up log from that same section. I will stress you get rid of the P2P programs this is most likely where you got infected.

I got some great news this morning from Project HoneyPot. I just have to share it. Jean -- Regardless of how the rest of your day goes, here's something to be happy about -- today one of your donated MXs helped to identify a previously unknown email harvester (IP: 70.169.1.203). The harvester was caught a spam trap email address created with your donated MX: mail2.montanamenagerie.org You can find information about your newly identified harvester here: http://www.projecthoneypot.org/i_09902b63c...8861445d69106d4 Don't forget to tell your friends you made the Internet a little better today. You can refer them to Project Honey Pot directly from our website: http://www.projecthoneypot.org/refer_a_friend.php

Five days no response I will close this topic. Should you decide to continue with the fixes send me a PM. Advice in this topic is for this system only. Applying to your system can be ruination. If you need help open your own topic and someone will be happy to help you.

Thanks for your help Steven it is much appreciated. Due to no response for six days I will close this to prevent others from posting it. If you experience problems similar to those described here please start your own topic. All fixes and advice are for the system in this topic not yours. Following advice for someone else's machine can ruin yours.

Steven thank you for your help it is much appreciated. Since this issue is resolved I will close the topic to prevent others from posting in it. If you experience symptoms similar to those described here, do not follow this advice, it can result in ruination. Open your own topic and someone will be happy to help you.

What did you scan with that found the toolbar? I would like to see that log if possible. How is your PC running now?