First - thank you for all that you do. i have been using Spybot for a couple of years and love it.

As a computer novice, I've been trying to fix my laptop now for five days. Have read and dutifully followed the instructions in Spybot tutorial and this forum.

Basically, I continue to run Spybot in safe mode, etc and keep finding two critical problems again and again:

- SmitFraud-c.core

- Vitumonde

I have analyzed the HJT log using Google and HJT.de tools and removed the unquestionably bad stuff (about 9 items); still problems.

Here is my latest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:29, on 7/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120574662626
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124835286819
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimsvc.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\John M Griffin\Local Settings\Temporary Internet Files\Content.IE5\MZYR0J8D\SFUninstaller[1].exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7269 bytes

Hi hisport

Please post back spybot report next :)

Hello Shaba:

Thanks for your help.

I'm new at this, so please bear with me. Here is what I have done:

- Update definitions in Spybot and run twice; fixed problems

- Switched to advanced mode; tools; bug report

- Report is too lengthy to cut and paste here, so I will send it to SpyBot, attn Shaba

- I will cut and paste this message into header

- Report was confirmed sent just now

Regards,

john

PS: I was in Helsinki on business 3 weeks ago; Beautiful city!

Hi

You can upload spybot report to eg. rapidshare and post back link here, please :)

Hi:

I'm learning to do these things as I go...

Here's the rapidshare link:

http://rapidshare.com/files/132189019/spybot_july_24_2008_report_log.txt.html

Just FYI:

- I noticed while reading the tutorials that there is a new Spybot version (1.6)

- I downloaded, updated, immunized, and ran

- The report is the result of this latest Spybot run

Bests,

john

Hi

That report seems to be clean.

Still problems?

Hi:

My computer is working much better, but still plagued by pop ups and occasional slow downs.

The last Spybot scan (v1.6; report sent to you) was clean, yet Windows defender ran automatically early this morning and found:

- win32/vundo.gen/R (critical)

The Defender log shows multiples of this item, with different suffixes, over the last two weeks.

Any advice?

Thanks,

john

Hi

"
My computer is working much better, but still plagued by pop ups and occasional slow downs."

Do you use IE or Firefox?

"The Defender log shows multiples of this item, with different suffixes, over the last two weeks."

Well then I need Defender log :)

I'm using IE

Sorry, but I don't seem able to copy or send the Defender log. Any advice appreciated.

The most recent critical log includes:

- win32/Vundo.gen!R

- win32/Vundo.gen!T

- win32/star

- win32/agent

Tks,

john

Hi

Then IE is most likely reason for popups, Firefox has a better popup control

If you can't copy/paste it, then you will need to write those down and type needed information here, please :)

Hi Shaba:

1. I will switch to Firefox

- (Tried it a few years ago; some problems, but I will try it once again)

2. Not sure which data you would like from Windows Defender, so I ran Spybot 1.6 again; picked up 6+ "Red" entries. Fixed the problems and ran a Spybot report:

http://rapidshare.com/files/132866750/SpybotSD.Report.txt.html

Seems that there is something resident which keeps breeding problems (?) Either that, or I keep getting reinfected.

Questions:

- Other than Spybot, what software should I have on my computer to get it (and keep it) clean?

- Should I remove all the rest? (Some of them, eg Panda, seem stuck on my "add/remove program" list)

- I am considering a Mac computer as a way of resolving ongoing spyware problems. Your opinion?

Many thanks!

john

PS: I will make a donation to Spybot

Hi

Those findings are just tracking cookies.

See here (http://www.spybot.info/en/faq/37.html) how to prevent them coming.

"- Other than Spybot, what software should I have on my computer to get it (and keep it) clean?"

I give you tips during my final instructions :)

"- Should I remove all the rest? (Some of them, eg Panda, seem stuck on my "add/remove program" list)"

Do you mean this entry?

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimsvc.exe

"- I am considering a Mac computer as a way of resolving ongoing spyware problems. Your opinion?"

It has less malware yes but I don't think that there is reason to switch.

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.