4 replies to this topic

[Rosie]

Hope this is right....NEED ASSISTANCE-Thanks, Rosie

Malwarebytes' Anti-Malware 1.30
Database version: 1328
Windows 5.1.2600 Service Pack 2

10/27/2008 11:17:45 AM
mbam-log-2008-10-27 (11-17-45).txt

Scan type: Quick Scan
Objects scanned: 56471
Time elapsed: 6 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Panda----

;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-10-27 11:00:57
PROTECTIONS: 1
MALWARE: 10
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
Zone Alarm Security Suite 7.0.483.000 No No
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00029434 spyware/virtumonde Spyware No 1 Yes No c:\windows\system32\appsetup.exe
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{AF446FFC-67F0-46DF-9BDB-8A21DC5C9FF3}\{8FF50070-2F2D-4883-9240-105570E1909F}.txt[{8FF50070-2F2D-4883-9240-105570E1909F}.txt]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{AF446FFC-67F0-46DF-9BDB-8A21DC5C9FF3}\{39ED2E74-1DAB-4D8A-9DF7-88CDECDF68E2}.txt[{39ED2E74-1DAB-4D8A-9DF7-88CDECDF68E2}.txt]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner.TheEvilOne\Cookies\owner@tribalfusion[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner.TheEvilOne\Cookies\owner@ad.yieldmanager[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{CD6FD4F3-C86A-4238-9925-815F3412909E}\{D36AE51C-16CE-4F69-883A-4BC0DAB48D77}.txt[{D36AE51C-16CE-4F69-883A-4BC0DAB48D77}.txt]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{AF446FFC-67F0-46DF-9BDB-8A21DC5C9FF3}\{661DE5AF-677D-4638-86BA-507D22BB54F6}.txt[{661DE5AF-677D-4638-86BA-507D22BB54F6}.txt]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{AF446FFC-67F0-46DF-9BDB-8A21DC5C9FF3}\{6D6ADA72-4980-46BA-B20F-28A65174470D}.txt[{6D6ADA72-4980-46BA-B20F-28A65174470D}.txt]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{CD6FD4F3-C86A-4238-9925-815F3412909E}\{99AD182C-E49E-498F-8A2A-7CF16CB09406}.txt[{99AD182C-E49E-498F-8A2A-7CF16CB09406}.txt]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{AF446FFC-67F0-46DF-9BDB-8A21DC5C9FF3}\{0262C5C0-CE31-4B2D-9382-EB6740D86A43}.txt[{0262C5C0-CE31-4B2D-9382-EB6740D86A43}.txt]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner.TheEvilOne\Cookies\owner@overture[2].txt
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location 
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description 
;===============================================================================
================================================================================
=
===================
184379 MEDIUM MS08-001 
182048 HIGH MS07-069 
182043 HIGH MS07-064 
176382 HIGH MS07-057 
170907 HIGH MS07-046 
170906 HIGH MS07-045 
170904 HIGH MS07-043 
164913 HIGH MS07-033 
160623 HIGH MS07-027 
150253 HIGH MS07-016 
141030 HIGH MS06-072 
137568 HIGH MS06-067 
133386 MEDIUM MS06-064 
129976 MEDIUM MS06-052 
;===============================================================================
================================================================================
=
===================


HiJack This--
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:20 AM, on 10/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://turbo-search101.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_UR=http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5220
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://turbo-search101.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Search The Web
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FoxyTunes Toolbar Helper - {784D8FBC-4165-4D88-90FB-62907ACDD045} -C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} -c:\windows\system32\BAE.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: FoxyTunes Toolbar - {1D1901C3-F72A-46f3-9DBB-0AAA0DEEF6DF} - C:\Progr Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google DesktopSearch\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"-osboot
O4 - HKLM\..\Run: [SystemGuardAlerter] SystemGuardAlerter.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [iolo Task Agent] C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"/background
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows DesktopSearch\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer -{219C34168CB2491aA3C7D9FCDDC9D600C:\ProgramFiles\Windowive\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) -http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://www.update.microsoft.com/microsoftu.../muweb_site.cab?1215875659718
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class)- http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {819F8533-D935-4183-B692-587F8D56AC3C} (iolo.AV.OnlineVirusScanner) -http://www.iolo.com/threatcenter/App/ocx/AVCheckUp.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate SupportPackage) http://www.creative....15103/CTPID.cab
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} (iolo.ProductDetector) -http://www.iolo.com/app/ocx/UpgradeVerify.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. -C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology LtdC:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Edited by JeanInMontana, 27 October 2008 - 05:59 PM.
unwrap log

[JeanInMontana]

Hi Rosie. What seems to be your problem? I don't see any malware and you give no reason for posting. Please open notepad and unwrap word. Logs are too hard to read when they are wrapped.

Open SB S&D
Make sure you are in Advanced Mode. Click on the Mode link at the top of the program and then Advanced Mode.

Click on the Tools section and then Resident.
You will see two items.
1. Resident "SD helper" (Internet Explorer bad download blocker.) active
2. Resident "Tea Timer" (Protection of over-all system settings.) active.

Uncheck number 2..
Leave number 1 checked always.

You can enable Tea Timer again if you wish once all special fixes have been done.

[Rosie]

JeanInMontana, on Oct 27 2008, 12:01 PM, said:

Hi Rosie. What seems to be your problem? I don't see any malware and you give no reason for posting. Please open notepad and unwrap word. Logs are too hard to read when they are wrapped.

Open SB S&D
Make sure you are in Advanced Mode. Click on the Mode link at the top of the program and then Advanced Mode.

Click on the Tools section and then Resident.
You will see two items.
1. Resident "SD helper" (Internet Explorer bad download blocker.) active
2. Resident "Tea Timer" (Protection of over-all system settings.) active.

Uncheck number 2..
Leave number 1 checked always.

You can enable Tea Timer again if you wish once all special fixes have been done.

Hi Jean? Sorry for my lack of experience. Thanks for wading through it. I accidentally opened Power virus 2008 last year. Now it is listed as a start up program in MSconfig settings, but I can't find it in any of my files.

Since then I have had hang ups and slow down driving me crazy. When I did the Panda scan it said I had 14 vulnerabilities and 11 infections. I know there is something, but I haven't been able to pin it down.

Any help will be greatly appreciated, Rosie

[JeanInMontana]

I'm trying to help you. Items that are in msconfig are not necessarily on the machine. Please do as requested with SBS&D update MBAM, run a quick scan, post that log and a new HJT log.

[JeanInMontana]

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.

Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.