Jump to content

Many Infections!


Recommended Posts

Hope this is right....NEED ASSISTANCE-Thanks, Rosie

Malwarebytes' Anti-Malware 1.30

Database version: 1328

Windows 5.1.2600 Service Pack 2

10/27/2008 11:17:45 AM

mbam-log-2008-10-27 (11-17-45).txt

Scan type: Quick Scan

Objects scanned: 56471

Time elapsed: 6 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Panda----

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-10-27 11:00:57

PROTECTIONS: 1

MALWARE: 10

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

Zone Alarm Security Suite 7.0.483.000 No No

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00029434 spyware/virtumonde Spyware No 1 Yes No c:\windows\system32\appsetup.exe

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{AF446FFC-67F0-46DF-9BDB-8A21DC5C9FF3}\{8FF50070-2F2D-4883-9240-105570E1909F}.txt[{8FF50070-2F2D-4883-9240-105570E1909F}.txt]

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{AF446FFC-67F0-46DF-9BDB-8A21DC5C9FF3}\{39ED2E74-1DAB-4D8A-9DF7-88CDECDF68E2}.txt[{39ED2E74-1DAB-4D8A-9DF7-88CDECDF68E2}.txt]

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner.TheEvilOne\Cookies\owner@tribalfusion[2].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner.TheEvilOne\Cookies\owner@ad.yieldmanager[2].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{CD6FD4F3-C86A-4238-9925-815F3412909E}\{D36AE51C-16CE-4F69-883A-4BC0DAB48D77}.txt[{D36AE51C-16CE-4F69-883A-4BC0DAB48D77}.txt]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{AF446FFC-67F0-46DF-9BDB-8A21DC5C9FF3}\{661DE5AF-677D-4638-86BA-507D22BB54F6}.txt[{661DE5AF-677D-4638-86BA-507D22BB54F6}.txt]

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{AF446FFC-67F0-46DF-9BDB-8A21DC5C9FF3}\{6D6ADA72-4980-46BA-B20F-28A65174470D}.txt[{6D6ADA72-4980-46BA-B20F-28A65174470D}.txt]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{CD6FD4F3-C86A-4238-9925-815F3412909E}\{99AD182C-E49E-498F-8A2A-7CF16CB09406}.txt[{99AD182C-E49E-498F-8A2A-7CF16CB09406}.txt]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{AF446FFC-67F0-46DF-9BDB-8A21DC5C9FF3}\{0262C5C0-CE31-4B2D-9382-EB6740D86A43}.txt[{0262C5C0-CE31-4B2D-9382-EB6740D86A43}.txt]

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner.TheEvilOne\Cookies\owner@overture[2].txt

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description

;===============================================================================

================================================================================

=

===================

184379 MEDIUM MS08-001

182048 HIGH MS07-069

182043 HIGH MS07-064

176382 HIGH MS07-057

170907 HIGH MS07-046

170906 HIGH MS07-045

170904 HIGH MS07-043

164913 HIGH MS07-033

160623 HIGH MS07-027

150253 HIGH MS07-016

141030 HIGH MS06-072

137568 HIGH MS06-067

133386 MEDIUM MS06-064

129976 MEDIUM MS06-052

;===============================================================================

================================================================================

=

===================

HiJack This--

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:10:20 AM, on 10/27/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe

C:\WINDOWS\arservice.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe

C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\MSN\MSNCoreFiles\msn.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://turbo-search101.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_UR=http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5220

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://turbo-search101.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Search The Web

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

*.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: FoxyTunes Toolbar Helper - {784D8FBC-4165-4D88-90FB-62907ACDD045} -C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} -c:\windows\system32\BAE.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: FoxyTunes Toolbar - {1D1901C3-F72A-46f3-9DBB-0AAA0DEEF6DF} - C:\Progr Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google DesktopSearch\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"-osboot

O4 - HKLM\..\Run: [systemGuardAlerter] SystemGuardAlerter.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0

O4 - HKCU\..\Run: [iolo Task Agent] C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe

O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"/background

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows DesktopSearch\WindowsSearch.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer -{219C34168CB2491aA3C7D9FCDDC9D600C:\ProgramFiles\Windowive\Writer\WriterBrowserExtension.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -http://support.gateway.com/support/profiler/PCPitStop.CAB

O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) -http://www.streamplug.com/StreamPlug/beta/SP.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://www.update.microsoft.com/microsoftu.../muweb_site.cab?1215875659718

O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class)- http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab

O16 - DPF: {819F8533-D935-4183-B692-587F8D56AC3C} (iolo.AV.OnlineVirusScanner) -http://www.iolo.com/threatcenter/App/ocx/AVCheckUp.ocx

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate SupportPackage) http://www.creative.com/softwareupdate/su2...15103/CTPID.cab

O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} (iolo.ProductDetector) -http://www.iolo.com/app/ocx/UpgradeVerify.ocx

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. -C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology LtdC:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Edited by JeanInMontana
unwrap log
Link to post
Share on other sites

Hi Rosie. What seems to be your problem? I don't see any malware and you give no reason for posting. Please open notepad and unwrap word. Logs are too hard to read when they are wrapped.

Open SB S&D

Make sure you are in Advanced Mode. Click on the Mode link at the top of the program and then Advanced Mode.

Click on the Tools section and then Resident.

You will see two items.

1. Resident "SD helper" (Internet Explorer bad download blocker.) active

2. Resident "Tea Timer" (Protection of over-all system settings.) active.

Uncheck number 2..

Leave number 1 checked always.

You can enable Tea Timer again if you wish once all special fixes have been done.

Link to post
Share on other sites

Hi Rosie. What seems to be your problem? I don't see any malware and you give no reason for posting. Please open notepad and unwrap word. Logs are too hard to read when they are wrapped.

Open SB S&D

Make sure you are in Advanced Mode. Click on the Mode link at the top of the program and then Advanced Mode.

Click on the Tools section and then Resident.

You will see two items.

1. Resident "SD helper" (Internet Explorer bad download blocker.) active

2. Resident "Tea Timer" (Protection of over-all system settings.) active.

Uncheck number 2..

Leave number 1 checked always.

You can enable Tea Timer again if you wish once all special fixes have been done.

Hi Jean? Sorry for my lack of experience. Thanks for wading through it. I accidentally opened Power virus 2008 last year. Now it is listed as a start up program in MSconfig settings, but I can't find it in any of my files.

Since then I have had hang ups and slow down driving me crazy. When I did the Panda scan it said I had 14 vulnerabilities and 11 infections. I know there is something, but I haven't been able to pin it down.

Any help will be greatly appreciated, Rosie

Link to post
Share on other sites

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.

Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.