mystoran Posted November 22, 2007 ID:10242 Share Posted November 22, 2007 hey all,i recently got a hold of some malware and it is making my computer worse and worse.it keeps kicking up all sorts of ads and popups, making my pc run real slow and sometimes freezing it up.i have tried to get rid of it with what i have on my pc. i have advanced system optimizer and ccleaner and panda antivirus with spyware protection. i have a folder in my program files called sec center and a windows\system32 folder called fibagbia that keep coming back.right now i cannot download anything at all.keeps kicking up this page everytime i try.http://dns4error.com/i found a few different sites with manual deletions but most all of the fies they list arent here or the registry keyim going out of my mind. lolim not for sure how to post the logs you guys want. please let know what to do and i will do itsorry to bother everyone on thanksgiving.thanksmystoran Link to post Share on other sites More sharing options...
mystoran Posted November 22, 2007 Author ID:10243 Share Posted November 22, 2007 hey i finally got a download in thru download.com. heres a fresh log. hope it helps.Logfile of HijackThis v1.99.1Scan saved at 5:32:53 PM, on 11/22/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exeC:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exeC:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXEC:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\program files\advanced system optimizer\memtuneup.exeC:\Program Files\DAEMON Tools Pro\DTProAgent.exeC:\WINDOWS\system32\tcpsvcs.exeC:\WINDOWS\System32\snmp.exeC:\WINDOWS\system32\mqsvc.exeC:\WINDOWS\system32\mqtgsvc.exeC:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exeC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\system32\cidaemon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\explorer.exeD:\downloads\hijackthis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Mediacom OnlineO4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /sO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [startup Manager] C:\Program Files\Advanced System Optimizer\startUp manager.exeO4 - HKCU\..\Run: [systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exeO4 - HKCU\..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [iNTERNATIONAL] International*O14 - IERESET.INF: START_PAGE_URL=http://www.mchsi.comO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - http://lads.myspace.com/upload/MySpaceUploader1005.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193014453468O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exeO23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exeO23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe Link to post Share on other sites More sharing options...
JeanInMontana Posted November 23, 2007 ID:10282 Share Posted November 23, 2007 Hi there mystoran, and welcome to Malwarebytes. Unfortunately you downloaded an outdated version of HJT and it shows nothing concrete as the root of your troubles. The site your being redirected to is a bad site, but I need to see the logs from the programs below to try and find the root.If you haven't already, please get these programs, update and run a complete scan removing all items found.Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this.AVG AntiSpyware Be sure to "take action"Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum.Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth.I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures. Link to post Share on other sites More sharing options...
mystoran Posted November 25, 2007 Author ID:10369 Share Posted November 25, 2007 ---------------------------------------------------------AVG Anti-Spyware - Scan Report--------------------------------------------------------- + Created at: 11:51:17 AM 11/25/2007 + Scan result: C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@enhance[2].txt -> TrackingCookie.Enhance : Cleaned.C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@search.live[2].txt -> TrackingCookie.Live : Cleaned.C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@ssl-hints.netflame[3].txt -> TrackingCookie.Netflame : Cleaned.C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@revsci[3].txt -> TrackingCookie.Revsci : Cleaned.C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.C:\Documents and Settings\Laurence Gilbert Jr\Cookies\laurence_gilbert_jr@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.D:\RECYCLER\S-1-5-21-725345543-152049171-2147133589-1003\Df3.rar/AdvancedUninstallerPRO_8.3\Orthodox no.0.exe -> Trojan.Small : Cleaned with backup (quarantined).D:\downloads\alt.binaries.boneless\Advanced System Optimizer AdvancedUninstallerPRO TweakNow PowerP By STeR\setup,s\AdvancedUninstallerPRO_8.3\Orthodox no.0.exe -> Trojan.Small : Cleaned with backup (quarantined).::Report end Link to post Share on other sites More sharing options...
mystoran Posted November 25, 2007 Author ID:10373 Share Posted November 25, 2007 Incident Status Location Dialer:Dialer.KUV Not disinfected C:\WINDOWS\system32\wineij32.dll Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\nsu189.tmp Virus:Trj/ClassLoader.AH Disinfected C:\Documents and Settings\Laurence Gilbert Jr\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-6db28033[bnnnnBaa.class] Virus:Trj/ClassLoader.AH Disinfected C:\Documents and Settings\Laurence Gilbert Jr\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-6db28033[VaannnaaBaa.class] Virus:Trj/ClassLoader.AH Disinfected C:\Documents and Settings\Laurence Gilbert Jr\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-6db28033[bnnnnn.class] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Laurence Gilbert Jr\Desktop\VirtumundoBeGone.exe Adware:Adware/WinAntiSpyware Not disinfected C:\WINDOWS\system32\drvnakr.dll Adware:Adware/VirusAlarma Not disinfected C:\WINDOWS\system32\drvteh.dll Adware:Adware/WinAntiSpyware Not disinfected C:\WINDOWS\system32\drvvogr.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\hggeeef.dll.vir Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\khfcbyw.dll Potentially unwanted tool:Application/UltimateCleaner Not disinfected C:\WINDOWS\system32\tnrtmwuk\tnrtmwuk3.exe Virus:Generic Malware Disinfected D:\downloads\alt.binaries.boneless\CuteFTP Pro\CuteFTP Pro\cuteftppro_setup.exe Potentially unwanted tool:Application/Processor Not disinfected D:\downloads\smitfraud\SmitfraudFix\Process.exe Potentially unwanted tool:Application/SuperFast Not disinfected D:\downloads\smitfraud\SmitfraudFix\restart.exe Potentially unwanted tool:Application/ErrorSafe Not disinfected D:\downloads\wizard\Download Accelerator Plus\Crack\DAP.exe Link to post Share on other sites More sharing options...
mystoran Posted November 26, 2007 Author ID:10384 Share Posted November 26, 2007 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:46:48 PM, on 11/25/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exeC:\Program Files\DAP\DAP.EXEC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\WINDOWS\system32\ctfmon.exeC:\program files\advanced system optimizer\memtuneup.exeC:\Program Files\DAEMON Tools Pro\DTProAgent.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exeC:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exeC:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exeC:\WINDOWS\system32\tcpsvcs.exeC:\WINDOWS\System32\snmp.exeC:\WINDOWS\system32\mqsvc.exeC:\WINDOWS\system32\mqtgsvc.exeC:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Mediacom OnlineO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exeO4 - HKLM\..\Run: [sBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exeO4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUPO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [startup Manager] "C:\Program Files\Advanced System Optimizer\startUp manager.exe"O4 - HKCU\..\Run: [systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exeO4 - HKCU\..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exeO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htmO8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htmO8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.mchsi.comO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - http://lads.myspace.com/upload/MySpaceUploader1005.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193014453468O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exeO23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exeO23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe--End of file - 6322 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted November 26, 2007 ID:10404 Share Posted November 26, 2007 OK please get a trial version of RogueRemover Pro from the link in my signature and update then run a complete scan with it removing all it finds. Also use the immunize feature. Then please get this program.Please download VundoFix.exeto your desktop. http://www.atribune.org/ccount/click.php?id=4 * Double-click VundoFix.exe to run it. * Click the Scan for Vundo button. * Once it's done scanning, click the Remove Vundo button. * You will receive a prompt asking if you want to remove the files, click YES * Once you click yes, your desktop will go blank as it starts removing Vundo. * When completed, it will prompt that it will reboot your computer, click OK. * Please post the contents of C:\vundofix.txt and a new HiJackThis log.Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the aboveinstructions starting from "Click the Scan for Vundo button." whenVundoFix appears at reboot.Follow those directions carefully and post the results and a new HJT log. Link to post Share on other sites More sharing options...
mystoran Posted November 26, 2007 Author ID:10407 Share Posted November 26, 2007 i already have vundo fix on my pc. i got it the other day along with counterspy but vundo isnt finding anything at all.rogue remover did not find anything at all. my pc is still running extremely slow and kicking up popups. Link to post Share on other sites More sharing options...
JeanInMontana Posted November 27, 2007 ID:10424 Share Posted November 27, 2007 Never use special fixes like Vundo fix without someone helping you that understands how the program is to be used. Please delete the program and run another Panda scan. Be sure you remove what Panda finds. Post that log please and a new HJT also. Link to post Share on other sites More sharing options...
JeanInMontana Posted December 13, 2007 ID:10886 Share Posted December 13, 2007 No reply closing topic. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic. Link to post Share on other sites More sharing options...
Recommended Posts