Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Friday 29.8.2025 / 23:50
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > please help~computer geeks need thier fix! ewido,hjt log & panda info....not sure what to do next
Show topics
 
Forums
Forums
Please help~Computer geeks need thier fix! Ewido,HJT log & Panda info....not sure what to do next
  Jump to:
 
Posted Message
lilonepau
Suspended due to non-functional email address
_ 		26. December 2006 @ 07:23 _ Link to this message    Send private message to this user   
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:54:35 AM 12/26/2006

+ Scan result:

C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
C:\WINDOWS\JUSTIN2.exe -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{97470B51-A59B-4E2E-9E79-5340AAA3CD15}\RP625\A0201196.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{97470B51-A59B-4E2E-9E79-5340AAA3CD15}\RP625\A0201199.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\WINDOWS\876057.exe -> Adware.Mirar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1202660629-1715567821-682003330-1004\Software\RX Toolbar -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\irismon.dll -> Adware.SafeSurfing : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\irsmiuoc.dll -> Adware.SafeSurfing : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\irssyncd.exe -> Adware.SafeSurfing : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\ClientAX.dll -> Adware.Solution : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\p3lqd9.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\slk8x2peu.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dwdsregt.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mwinorag.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\qndsregk.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\ZIFI002.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{97470B51-A59B-4E2E-9E79-5340AAA3CD15}\RP703\A0214959.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{97470B51-A59B-4E2E-9E79-5340AAA3CD15}\RP703\A0214964.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{97470B51-A59B-4E2E-9E79-5340AAA3CD15}\RP703\A0214969.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{97470B51-A59B-4E2E-9E79-5340AAA3CD15}\RP704\A0214983.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{97470B51-A59B-4E2E-9E79-5340AAA3CD15}\RP706\A0214995.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{97470B51-A59B-4E2E-9E79-5340AAA3CD15}\RP706\A0215000.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{97470B51-A59B-4E2E-9E79-5340AAA3CD15}\RP707\A0215009.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
C:\WINDOWS\b.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
C:\Documents and Settings\Eric and Paula\Cookies\eric and paula@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Eric and Paula\Cookies\eric and paula@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Eric and Paula\Cookies\eric and paula@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Eric and Paula\Cookies\eric and paula@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Eric and Paula\Cookies\eric and paula@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Eric and Paula\Cookies\eric and paula@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Eric and Paula\Cookies\eric and paula@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Eric and Paula\Cookies\eric and paula@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\YOINSI.exe -> Trojan.Scapur.k : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\wapisvcc.exe -> Trojan.Small : Cleaned with backup (quarantined).
::Report end

Logfile of HijackThis v1.99.1
Scan saved at 11:00:28 AM, on 12/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Eric and Paula\Desktop\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Eric and Paula\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Eric and Paula\Desktop\HijackThis_v1.99.1.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Eric and Paula\Desktop\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {03A0F84E-3E69-4B3E-B4D3-019CB73B57B3} - http://www3.authentium.com/cssrelease/bin/WizMain.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicat...torLauncher.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/f...302/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events...7207/MILive.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Eric and Paula\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Panda is still running but is there anything I can do to get started with this info. above?

Thanks soo much for your time and patience! :-)
Paula
[ + quote]
lilonepau
Suspended due to non-functional email address
_ 		26. December 2006 @ 08:49 _ Link to this message    Send private message to this user   
Here's the finished Panda Active Scan:

Incident Status Location

Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32m.sys
Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\Eric and Paula\Start Menu\Programs\Registry Cleaner
Potentially unwanted tool:application/winfixer2005 Not disinfected c:\program files\common files\WinSoftware
Potentially unwanted tool:application/need2find Not disinfected c:\program files\Need2Find
Adware:adware/wupd Not disinfected c:\program files\Windows AdStatus
Potentially unwanted tool:application/zango Not disinfected c:\program files\Zango
Adware:adware/deskwizz Not disinfected Windows Registry
Adware:adware/wintools Not disinfected Windows Registry
Spyware:spyware/safesurf Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
Adware:adware/rxtoolbar Not disinfected Windows Registry
Adware:adware/popupsearches Not disinfected Windows Registry
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Aarons\Cookies\aarons@888[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Aarons\Cookies\aarons@atwola[2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Aarons\Cookies\aarons@cdfreaks[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Aarons\Cookies\aarons@ct.360i[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Aarons\Cookies\aarons@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Aarons\Cookies\aarons@dist.belnk[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Aarons\Cookies\aarons@go[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Aarons\Cookies\aarons@rightmedia[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Aarons\Cookies\aarons@target[1].txt
Spyware:Cookie/Buzztone Not disinfected C:\Documents and Settings\Aarons\Cookies\aarons@www.buzztone[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Aarons\Cookies\aarons@xiti[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Eric and Paula\Cookies\eric and paula@ct.360i[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Eric and Paula\Cookies\eric and paula@realmedia[1].txt
Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Program Files\Common Files\WinSoftware\PrCheck.dll
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\SYSTEM32\DHaxi.exe
[ + quote]
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > please help~computer geeks need thier fix! ewido,hjt log & panda info....not sure what to do next
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork