Please help~Computer geeks need thier fix! Ewido,HJT log & Panda info....not sure what to do next

Discussion in 'Windows - Virus and spyware problems' started by lilonepau, Dec 26, 2006.

  1. lilonepau

    lilonepau Guest

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 10:54:35 AM 12/26/2006

    + Scan result:

    C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
    C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
    C:\WINDOWS\JUSTIN2.exe -> Adware.EZula : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{97470B51-A59B-4E2E-9E79-5340AAA3CD15}\RP625\A0201196.exe -> Adware.HotBar : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{97470B51-A59B-4E2E-9E79-5340AAA3CD15}\RP625\A0201199.dll -> Adware.HotBar : Cleaned with backup (quarantined).
    C:\WINDOWS\876057.exe -> Adware.Mirar : Cleaned with backup (quarantined).
    HKU\S-1-5-21-1202660629-1715567821-682003330-1004\Software\RX Toolbar -> Adware.RXToolbar : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\irismon.dll -> Adware.SafeSurfing : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\irsmiuoc.dll -> Adware.SafeSurfing : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\irssyncd.exe -> Adware.SafeSurfing : Cleaned with backup (quarantined).
    C:\WINDOWS\Downloaded Program Files\ClientAX.dll -> Adware.Solution : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\p3lqd9.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\slk8x2peu.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\dwdsregt.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\mwinorag.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\qndsregk.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\WINDOWS\ZIFI002.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{97470B51-A59B-4E2E-9E79-5340AAA3CD15}\RP703\A0214959.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{97470B51-A59B-4E2E-9E79-5340AAA3CD15}\RP703\A0214964.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{97470B51-A59B-4E2E-9E79-5340AAA3CD15}\RP703\A0214969.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{97470B51-A59B-4E2E-9E79-5340AAA3CD15}\RP704\A0214983.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{97470B51-A59B-4E2E-9E79-5340AAA3CD15}\RP706\A0214995.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{97470B51-A59B-4E2E-9E79-5340AAA3CD15}\RP706\A0215000.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{97470B51-A59B-4E2E-9E79-5340AAA3CD15}\RP707\A0215009.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
    C:\WINDOWS\b.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
    C:\Documents and Settings\Eric and Paula\Cookies\eric and paula@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\Eric and Paula\Cookies\eric and paula@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
    C:\Documents and Settings\Eric and Paula\Cookies\eric and paula@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Eric and Paula\Cookies\eric and paula@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Eric and Paula\Cookies\eric and paula@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Eric and Paula\Cookies\eric and paula@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Eric and Paula\Cookies\eric and paula@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Eric and Paula\Cookies\eric and paula@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\WINDOWS\YOINSI.exe -> Trojan.Scapur.k : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\wapisvcc.exe -> Trojan.Small : Cleaned with backup (quarantined).
    ::Report end

    Logfile of HijackThis v1.99.1
    Scan saved at 11:00:28 AM, on 12/26/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Documents and Settings\Eric and Paula\Desktop\AVG Anti-Spyware 7.5\avgas.exe
    C:\Documents and Settings\Eric and Paula\Desktop\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Eric and Paula\Desktop\HijackThis_v1.99.1.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - (no file)
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Eric and Paula\Desktop\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {03A0F84E-3E69-4B3E-B4D3-019CB73B57B3} - http://www3.authentium.com/cssrelease/bin/WizMain.exe
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
    O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/Coupons.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
    O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/bin/media/5.1.3.1429-3.0.0.7207/MILive.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Eric and Paula\Desktop\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    Panda is still running but is there anything I can do to get started with this info. above?

    Thanks soo much for your time and patience! :)
    Paula
     
    lilonepau, Dec 26, 2006
    #1
  2. lilonepau

    lilonepau Guest

    Here's the finished Panda Active Scan:

    Incident Status Location

    Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
    Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32m.sys
    Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\Eric and Paula\Start Menu\Programs\Registry Cleaner
    Potentially unwanted tool:application/winfixer2005 Not disinfected c:\program files\common files\WinSoftware
    Potentially unwanted tool:application/need2find Not disinfected c:\program files\Need2Find
    Adware:adware/wupd Not disinfected c:\program files\Windows AdStatus
    Potentially unwanted tool:application/zango Not disinfected c:\program files\Zango
    Adware:adware/deskwizz Not disinfected Windows Registry
    Adware:adware/wintools Not disinfected Windows Registry
    Spyware:spyware/safesurf Not disinfected Windows Registry
    Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
    Adware:adware/rxtoolbar Not disinfected Windows Registry
    Adware:adware/popupsearches Not disinfected Windows Registry
    Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Aarons\Cookies\aarons@888[2].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Aarons\Cookies\aarons@atwola[2].txt
    Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Aarons\Cookies\aarons@cdfreaks[2].txt
    Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Aarons\Cookies\aarons@ct.360i[2].txt
    Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Aarons\Cookies\aarons@did-it[1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Aarons\Cookies\aarons@dist.belnk[1].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Aarons\Cookies\aarons@go[2].txt
    Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Aarons\Cookies\aarons@rightmedia[1].txt
    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Aarons\Cookies\aarons@target[1].txt
    Spyware:Cookie/Buzztone Not disinfected C:\Documents and Settings\Aarons\Cookies\aarons@www.buzztone[2].txt
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Aarons\Cookies\aarons@xiti[2].txt
    Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Eric and Paula\Cookies\eric and paula@ct.360i[2].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Eric and Paula\Cookies\eric and paula@realmedia[1].txt
    Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Program Files\Common Files\WinSoftware\PrCheck.dll
    Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\SYSTEM32\DHaxi.exe
     
    lilonepau, Dec 26, 2006
    #2

Share This Page