|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
01-03-2006, 01:34 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jan 2006
Posts: 8
OS: XP
|
Trojan.Spaxe
Hi All,
I need help. The Trojan.Spaxe showed up on my computer and have followed the instructions from Symantec, but I am still having problems. Every time I open a web browser it redirects away from my home page and says Watning Spyware detected and gives the following message: Attention! Your system is under control of remote computer with IP address 227.4.167.118. The remote computer has access to the following folders on your PC: - \WINDOWS\System32 - \Program Files\Internet Explorer - \My Documents - Drive C:\ files Click here to download official anti-spyware software I ran the hijackthis software and it gave the following log: Logfile of HijackThis v1.99.1 Scan saved at 11:52:47 AM, on 1/3/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\NavNT\defwatch.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe C:\Program Files\NavNT\rtvscan.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\MsgSys.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\mssearchnet.exe C:\WINDOWS\System32\00THotkey.exe C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\System32\EZSP_PX.EXE C:\toshiba\ivp\ism\pinger.exe C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\system32\TPWRTRAY.EXE C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TFNF5.exe C:\Program Files\NavNT\vptray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\WINDOWS\msagent\AgentSvr.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\regedit.exe C:\WINDOWS\system32\nvctrl.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Chad Corbett\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbssportsline.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local., O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpB21A.tmp O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\EZSP_PX.EXE O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 28 O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect O4 - HKLM\..\Run: [javalv32.exe] C:\WINDOWS\javalv32.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe |
|
     |
| Sponsored Links |
|
01-04-2006, 09:09 AM
|
#2 (permalink) |
|
Manager, The Conversation Pit/Analyst, Security Team
Join Date: Apr 2002
Location: NW Territory circa 1787
Posts: 11,143
OS: winxp pro sp2
 |
Hello and Welcome to TSF!!!
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. Also if you have any programs that may prevent system changes (like Spybot's TeaTimer program, Ad-aware's Ad-Watch, and others), make sure you disable them before doing any of the fixes (or accept the changes for the fix we give you when asked by the programs). Please disable Spybot's Tea Timer. We can re-enable it later. Go to My Computer->Tools (or View)->Folder Options->View tab: * Under the Hidden files and folders heading, select Show hidden files and folders (it's Show all files for Windows 98). * Uncheck the Hide protected operating system files (recommended) option. * Click Yes to confirm and then click OK. For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep). Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. Download smitRem.exe and save the file to your desktop. Double click on the file to extract it to it's own folder on the desktop. Place a shortcut to Panda ActiveScan on your desktop. Please download the trial version of Ewido Security Suite here: http://www.ewido.net/en/download/ Please read Ewido Setup Instructions Install it, and update the definitions to the newest files. Do NOT run a scan yet. If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates: Ad-Aware SE Setup Don't run it yet! Next, please reboot your computer in SafeMode by doing the following:
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u Close HiJackThis. Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply. Open Ad-aware and do a full scan. Remove all it finds. Run Ewido:
Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present. Reboot back into Windows and click the Panda ActiveScan shortcut. ** click on "Free use ActiveScan" located on the top right hand corner
Let us know if any problems persist.
__________________
No one can make you feel inferior without your consent.- Eleanor Roosevelt 
|
|
|
|
|
01-04-2006, 12:58 PM
|
#4 (permalink) |
|
Manager, The Conversation Pit/Analyst, Security Team
Join Date: Apr 2002
Location: NW Territory circa 1787
Posts: 11,143
OS: winxp pro sp2
|
Rename this file from .zip to .exe and then run it.
__________________
No one can make you feel inferior without your consent.- Eleanor Roosevelt
|
|
|
|
|
01-04-2006, 02:15 PM
|
#5 (permalink) |
|
Registered User
Join Date: Jan 2006
Posts: 8
OS: XP
|
I am following the steps provided and had a questionon the following step:
Now scan with HJT and place a checkmark next to each of the following items (if they exist) and click O4 - HKLM\..\Run: [javalv32.exe] C:\WINDOWS\javalv32.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u All I did was place a check mark by these 2 lines and then closed Hijack this. I am now running the smitrem.exe tool. Was this correct, or was I supposed to fix the items selected in hijack this? If I was supposed to fix them, can I go back and do that now that I have run the Smitrem.exe tool? |
|
|
|
|
01-04-2006, 05:57 PM
|
#6 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,559
OS: 2000 Pro; XP Pro; XP Home
|
Yes, please. Run a new scan with HJT, see if those entries are there, check them and click Fix Checked. Looks like a bit of instructions got chopped off.
If this entry is present, fix it too: O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpB21A.tmp Also have a look for this file and delete it if found: C:\WINDOWS\javalv32.exe It's ok if you ran smitrem already. Then continue with the fix.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Please do not ask for help via Private Message. |
|
|
|
|
01-04-2006, 07:04 PM
|
#7 (permalink) |
|
Registered User
Join Date: Jan 2006
Posts: 8
OS: XP
|
Ok, I followed all of the steps and here are the saved logs for each program:
HIJACK THIS: Logfile of HijackThis v1.99.1 Scan saved at 8:02:32 PM, on 1/4/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\NavNT\defwatch.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\00THotkey.exe C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe C:\Program Files\NavNT\rtvscan.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\System32\EZSP_PX.EXE C:\toshiba\ivp\ism\pinger.exe C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe C:\Program Files\ltmoh\Ltmoh.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\TPWRTRAY.EXE C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe C:\WINDOWS\system32\TFNF5.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\NavNT\vptray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\MsgSys.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Chad Corbett\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbssportsline.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local., O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpB21A.tmp (file missing) O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\EZSP_PX.EXE O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 28 O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe" O4 - HKLM\..\RunOnce: [Panda_cleaner_170495] C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavdr.exe 170495 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Panda Antispam Engine (pmshellsrv) - PANDA SOFTWARE - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe Panda: Panda Platinum 2006 Internet Security incident report Filter selected:Virus detected, Suspicious file, Dangerous file, Script execution, Phone connection, Connection attempt, Port scan attack, Denial of service attack, Spoofing, Attacking IP address blocked, Enabled, Disabled, Update, Scan started, Scan complete, Date: All INCIDENT NOTIFIED BY DATE-TIME RESULT ADDITIONAL INFORMATION ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Scan complete On-demand antivirus scan 01/04/06 19:44:51 Scan: Potentially unwanted program detecte... On-demand antivirus scan 01/04/06 19:00:10 Notified Path: C:\Documents and Settings\Chad Corbett\Desktop\smitRem.exe.zip[Process.exe] Potentially unwanted program detecte... On-demand antivirus scan 01/04/06 19:00:05 Notified Path: C:\Documents and Settings\Chad Corbett\Desktop\smitRem.exe\smitRem.exe\Process.exe Scan started On-demand antivirus scan 01/04/06 18:54:13 Scan: Potentially unwanted program detecte... Antivirus protection 01/04/06 14:05:54 Blocked Path: c:\documents and settings\chad corbett\desktop\smitrem.exe\smitrem.exe\process.exe Potentially unwanted program detecte... Antivirus protection 01/04/06 14:04:58 Blocked Path: c:\documents and settings\chad corbett\desktop\smitrem.exe\smitrem.exe\process.exe Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 14:04:29 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Potentially unwanted program detecte... Antivirus protection 01/04/06 14:03:58 Blocked Path: c:\documents and settings\chad corbett\desktop\smitrem.exe\smitrem\process.exe Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 14:00:02 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:59:56 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:59:53 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/2o7.net Antivirus protection 01/04/06 13:57:04 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@2o7[1].txt Potentially unwanted program detecte... Antivirus protection 01/04/06 13:55:04 Disinfected Path: c:\documents and settings\chad corbett\local settings\temporary internet files\content.ie5\4m0p8r25\smitrem[1].exe[Process.exe] Potentially unwanted program detecte... Antivirus protection 01/04/06 13:55:01 Blocked Path: c:\documents and settings\chad corbett\local settings\temporary internet files\content.ie5\4m0p8r25\smitrem[1].exe[Process.exe] Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:54:43 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:54:33 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:54:28 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Connection attempt Firewall protection 01/04/06 13:53:45 Blocked Source IP address: 255.255.255.255 Spyware detected: Cookie/2o7.net Antivirus protection 01/04/06 13:53:34 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@2o7[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:49:14 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:45:06 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Connection attempt Firewall protection 01/04/06 13:44:03 Blocked Source IP address: 192.168.1.255 Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:43:20 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:42:17 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:42:12 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:39:53 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Potentially unwanted program detecte... Antivirus protection 01/04/06 13:39:47 Disinfected Path: c:\documents and settings\chad corbett\local settings\temporary internet files\content.ie5\4f5vayrp\smitrem[1].exe[Process.exe] Potentially unwanted program detecte... Antivirus protection 01/04/06 13:39:45 Blocked Path: c:\documents and settings\chad corbett\local settings\temporary internet files\content.ie5\4f5vayrp\smitrem[1].exe[Process.exe] Potentially unwanted program detecte... Antivirus protection 01/04/06 13:39:43 Blocked Path: c:\documents and settings\chad corbett\local settings\temporary internet files\content.ie5\4f5vayrp\smitrem[1].exe[Process.exe] Potentially unwanted program detecte... Antivirus protection 01/04/06 13:39:41 Blocked Path: c:\documents and settings\chad corbett\local settings\temporary internet files\content.ie5\4f5vayrp\smitrem[1].exe[Process.exe] Potentially unwanted program detecte... Antivirus protection 01/04/06 13:39:38 Blocked Path: c:\documents and settings\chad corbett\local settings\temporary internet files\content.ie5\4f5vayrp\smitrem[1].exe[Process.exe] Potentially unwanted program detecte... Antivirus protection 01/04/06 13:39:34 Blocked Path: c:\documents and settings\chad corbett\local settings\temporary internet files\content.ie5\4f5vayrp\smitrem[1].exe[Process.exe] Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:38:52 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:38:30 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:37:31 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:37:26 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:37:22 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:35:28 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:35:24 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:35:19 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:34:52 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:34:39 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:34:27 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:34:24 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:34:04 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:33:55 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:33:48 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:32:25 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Potentially unwanted program detecte... Antivirus protection 01/04/06 13:32:02 Disinfected Path: c:\documents and settings\chad corbett\local settings\temporary internet files\content.ie5\w5afwp67\smitrem[1].exe[Process.exe] Potentially unwanted program detecte... Antivirus protection 01/04/06 13:31:59 Blocked Path: c:\documents and settings\chad corbett\local settings\temporary internet files\content.ie5\w5afwp67\smitrem[1].exe[Process.exe] Potentially unwanted program detecte... Antivirus protection 01/04/06 13:31:57 Blocked Path: c:\documents and settings\chad corbett\local settings\temporary internet files\content.ie5\w5afwp67\smitrem[1].exe[Process.exe] Potentially unwanted program detecte... Antivirus protection 01/04/06 13:31:55 Blocked Path: c:\documents and settings\chad corbett\local settings\temporary internet files\content.ie5\w5afwp67\smitrem[1].exe[Process.exe] Potentially unwanted program detecte... Antivirus protection 01/04/06 13:31:54 Blocked Path: c:\documents and settings\chad corbett\local settings\temporary internet files\content.ie5\w5afwp67\smitrem[1].exe[Process.exe] Potentially unwanted program detecte... Antivirus protection 01/04/06 13:31:52 Blocked Path: c:\documents and settings\chad corbett\local settings\temporary internet files\content.ie5\w5afwp67\smitrem[1].exe[Process.exe] Potentially unwanted program detecte... Antivirus protection 01/04/06 13:31:50 Blocked Path: c:\documents and settings\chad corbett\local settings\temporary internet files\content.ie5\w5afwp67\smitrem[1].exe[Process.exe] Potentially unwanted program detecte... Antivirus protection 01/04/06 13:31:48 Blocked Path: c:\documents and settings\chad corbett\local settings\temporary internet files\content.ie5\w5afwp67\smitrem[1].exe[Process.exe] Potentially unwanted program detecte... Antivirus protection 01/04/06 13:31:45 Blocked Path: c:\documents and settings\chad corbett\local settings\temporary internet files\content.ie5\w5afwp67\smitrem[1].exe[Process.exe] Potentially unwanted program detecte... Antivirus protection 01/04/06 13:31:44 Blocked Path: c:\documents and settings\chad corbett\local settings\temporary internet files\content.ie5\w5afwp67\smitrem[1].exe[Process.exe] Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:30:17 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:29:33 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Potentially unwanted program detecte... Antivirus protection 01/04/06 13:28:55 Disinfected Path: c:\documents and settings\chad corbett\local settings\temporary internet files\content.ie5\stq7k1mb\smitrem[1].exe[Process.exe] Potentially unwanted program detecte... Antivirus protection 01/04/06 13:28:53 Blocked Path: c:\documents and settings\chad corbett\local settings\temporary internet files\content.ie5\stq7k1mb\smitrem[1].exe[Process.exe] Potentially unwanted program detecte... Antivirus protection 01/04/06 13:28:48 Blocked Path: c:\documents and settings\chad corbett\local settings\temporary internet files\content.ie5\stq7k1mb\smitrem[1].exe[Process.exe] Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:28:32 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@ca0py34t.txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:28:32 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Potentially unwanted program detecte... Antivirus protection 01/04/06 13:28:25 Disinfected Path: c:\documents and settings\chad corbett\local settings\temporary internet files\content.ie5\k1u7wl2r\smitrem[1].exe[Process.exe] Potentially unwanted program detecte... Antivirus protection 01/04/06 13:28:21 Blocked Path: c:\documents and settings\chad corbett\local settings\temporary internet files\content.ie5\k1u7wl2r\smitrem[1].exe[Process.exe] Potentially unwanted program detecte... Antivirus protection 01/04/06 13:28:03 Disinfected Path: c:\documents and settings\chad corbett\local settings\temporary internet files\content.ie5\knev6det\smitrem[1].exe[Process.exe] Potentially unwanted program detecte... Antivirus protection 01/04/06 13:28:00 Blocked Path: c:\documents and settings\chad corbett\local settings\temporary internet files\content.ie5\knev6det\smitrem[1].exe[Process.exe] Potentially unwanted program detecte... Antivirus protection 01/04/06 13:27:56 Blocked Path: c:\documents and settings\chad corbett\local settings\temporary internet files\content.ie5\knev6det\smitrem[1].exe[Process.exe] Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:27:23 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:27:14 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:27:01 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:26:31 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:26:06 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:26:01 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 13:26:01 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 12:50:36 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 12:50:25 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 12:49:47 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 12:49:03 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 12:47:43 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 12:47:34 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 12:46:48 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 12:45:14 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 12:44:57 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 12:44:40 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 12:44:24 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 12:44:09 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/04/06 12:44:09 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Connection attempt Firewall protection 01/04/06 12:43:26 Blocked Source IP address: 192.168.1.255 Connection attempt Firewall protection 01/04/06 12:43:23 Blocked Source IP address: 255.255.255.255 Connection attempt Firewall protection 01/03/06 22:56:57 Blocked Source IP address: 192.168.1.255 Scan complete On-demand antivirus scan 01/03/06 22:56:37 Scan: Dialer detected: Dialer.EXV On-demand antivirus scan 01/03/06 22:53:50 Disinfected Path: C:\WINDOWS\Temp\cjgnopmd.exe Dialer detected: Dialer.EXV On-demand antivirus scan 01/03/06 22:53:50 Disinfected Path: C:\WINDOWS\Temp\bplmbkoa.exe Adware detected: Adware/SecurityError On-demand antivirus scan 01/03/06 22:51:16 Disinfected Path: C:\WINDOWS\system32\ld851B.tmp Adware detected: Adware/SpyAxe On-demand antivirus scan 01/03/06 22:49:18 Disinfected Path: C:\WINDOWS\system32\1024\ldA16.tmp Spyware detected: Cookie/PointRoll Antivirus protection 01/03/06 22:18:39 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@cagdk1gv.txt Spyware detected: Cookie/PointRoll Antivirus protection 01/03/06 22:18:39 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@ads.pointroll[1].txt Spyware detected: Cookie/PointRoll Antivirus protection 01/03/06 22:18:39 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@ads.pointroll[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/03/06 22:18:39 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/PointRoll Antivirus protection 01/03/06 22:18:39 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@ads.pointroll[1].txt Spyware detected: Cookie/PointRoll Antivirus protection 01/03/06 22:14:11 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@ads.pointroll[1].txt Spyware detected: Cookie/PointRoll Antivirus protection 01/03/06 22:14:10 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@ads.pointroll[1].txt Spyware detected: Cookie/PointRoll Antivirus protection 01/03/06 22:14:10 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@ads.pointroll[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/03/06 22:14:10 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/PointRoll Antivirus protection 01/03/06 22:14:00 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@ads.pointroll[1].txt Spyware detected: Cookie/PointRoll Antivirus protection 01/03/06 22:14:00 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@ads.pointroll[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/03/06 22:13:59 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/PointRoll Antivirus protection 01/03/06 22:13:45 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@caujkfpi.txt Spyware detected: Cookie/PointRoll Antivirus protection 01/03/06 22:13:45 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@cap8qxtn.txt Spyware detected: Cookie/PointRoll Antivirus protection 01/03/06 22:13:45 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@ads.pointroll[1].txt Spyware detected: Cookie/PointRoll Antivirus protection 01/03/06 22:13:45 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@ads.pointroll[1].txt Spyware detected: Cookie/PointRoll Antivirus protection 01/03/06 22:13:42 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@ads.pointroll[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/03/06 22:13:42 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/PointRoll Antivirus protection 01/03/06 22:13:21 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@cai7wxg9.txt Spyware detected: Cookie/PointRoll Antivirus protection 01/03/06 22:13:21 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@ads.pointroll[1].txt Spyware detected: Cookie/PointRoll Antivirus protection 01/03/06 22:13:21 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@ads.pointroll[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/03/06 22:13:19 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@cagl2rkh.txt Spyware detected: Spyware/Altnet On-demand antivirus scan 01/03/06 22:13:08 Disinfected Path: C:\Documents and Settings\Chad Corbett\Local Settings\Temp\__unin__.exe Adware detected: Adware/KeenValue On-demand antivirus scan 01/03/06 22:12:17 Disinfected Path: C:\Documents and Settings\Chad Corbett\Local Settings\Temp\remove.exe Dialer detected: Dialer.EXV On-demand antivirus scan 01/03/06 22:11:22 Disinfected Path: C:\Documents and Settings\Chad Corbett\Local Settings\Temp\dhilicod.exe Virus detected: Bck/Agent.J On-demand antivirus scan 01/03/06 22:10:00 Disinfected Path: C:\Documents and Settings\Chad Corbett\Desktop\backups\backup-20040701-220250-272.dll Adware detected: adware/securityerror On-demand antivirus scan 01/03/06 22:09:12 Disinfected Path: C:\WINDOWS\SYSTEM32\ncompat.tlb Adware detected: adware/spyaxe On-demand antivirus scan 01/03/06 22:09:12 Disinfected Path: C:\WINDOWS\SYSTEM32\hpB21A.tmp Adware detected: adware/spyaxe On-demand antivirus scan 01/03/06 22:08:54 Disinfected Path: C:\WINDOWS\system32\hpB21A.tmp Scan started On-demand antivirus scan 01/03/06 22:08:50 Scan: Scan complete On-demand antivirus scan 01/03/06 22:07:00 Scan: Adware detected: adware/spyaxe On-demand antivirus scan 01/03/06 22:07:00 Disinfected Path: C:\WINDOWS\SYSTEM32\hpB21A.tmp Scan complete On-demand antivirus scan 01/03/06 22:04:11 Scan: Spyware detected: spyware/searchcentrix On-demand antivirus scan 01/03/06 22:04:03 Disinfected Path: HKEY_CURRENT_USER\SOFTWARE\DYNAMIC TOOLBAR Adware detected: adware/keenvalue On-demand antivirus scan 01/03/06 22:03:41 Disinfected Path: C:\PROGRAM FILES\PerfectNav Potentially unwanted program detecte... On-demand antivirus scan 01/03/06 22:03:40 Deleted Path: C:\PROGRAM FILES\MyWay Spyware detected: application/bestoffer On-demand antivirus scan 01/03/06 22:03:29 Disinfected Path: C:\WINDOWS\smdat32a.sys Adware detected: adware/topspyware On-demand antivirus scan 01/03/06 22:03:25 Disinfected Path: C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\wmplayer.exe.tmp Adware detected: adware/securityerror On-demand antivirus scan 01/03/06 22:03:24 Disinfected Path: C:\WINDOWS\SYSTEM32\mscornet.exe Adware detected: adware/spyaxe On-demand antivirus scan 01/03/06 22:03:22 Disinfected Path: C:\WINDOWS\SYSTEM32\hpB21A.tmp Adware detected: adware/p2pnetworking On-demand antivirus scan 01/03/06 22:03:20 Disinfected Path: C:\Documents and Settings\Chad Corbett\Local Settings\Temp\p2psetup.exe Adware detected: adware/gator On-demand antivirus scan 01/03/06 22:03:14 Disinfected Path: C:\Documents and Settings\Chad Corbett\Local Settings\Temp\bundle.inf Spyware detected: spyware/altnet On-demand antivirus scan 01/03/06 22:03:10 Disinfected Path: C:\Documents and Settings\Chad Corbett\Local Settings\Temp\asmfiles.cab Scan started On-demand antivirus scan 01/03/06 22:01:16 Scan: Scan started On-demand antivirus scan 01/03/06 21:58:42 Scan: Update Update system 01/03/06 21:58:01 Correct New virus signatures: 3130 Connection attempt Firewall protection 01/03/06 21:56:41 Blocked Source IP address: 192.168.1.255 Port scan attack Firewall protection 01/03/06 21:56:40 Blocked Source IP address: 192.168.1.34 EWIDO: --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 6:42:24 PM, 1/4/2006 + Report-Checksum: 3D34D263 + Scan result: No infected objects found. ::Report End SMITFILES: smitRem © log file version 2.7 by noahdfear Microsoft Windows XP [Version 5.1.2600] The current date is: Wed 01/04/2006 The current time is: 16:55:06.86 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! :) Do I need to do anything else with this? I appreciate your help on this. |
|
|
|
|
01-05-2006, 04:57 AM
|
#8 (permalink) |
|
Manager, The Conversation Pit/Analyst, Security Team
Join Date: Apr 2002
Location: NW Territory circa 1787
Posts: 11,143
OS: winxp pro sp2
|
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. Also if you have any programs that may prevent system changes (like Spybot's TeaTimer program, Ad-aware's Ad-Watch, and others), make sure you disable them before doing any of the fixes (or accept the changes for the fix we give you when asked by the programs).
Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Don't run it yet. Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one: O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpB21A.tmp (file missing) Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff. Restart and run another Panda Scan along with a fres HJT log. Are you having any more difficulties?
__________________
No one can make you feel inferior without your consent.- Eleanor Roosevelt
|
|
|
|
|
01-05-2006, 04:07 PM
|
#9 (permalink) |
|
Registered User
Join Date: Jan 2006
Posts: 8
OS: XP
|
OK, I did everything in the last step. Everything seems to be working except my computer seems to be running a little slow? I installed Panda for the trial period, could that have something to do with it, or maybe all of the cleaning programs I downloaded? Do I need to keep all of these or should I uninstall them when I am through? Also, how do I get all of my settings back to normal? Thanks so much for your help on this. Here is the log Hijack this (I will post the Panda log in another message, because it said its too long):
Logfile of HijackThis v1.99.1 Scan saved at 3:02:34 PM, on 1/5/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\NavNT\defwatch.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\NavNT\rtvscan.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\MsgSys.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\00THotkey.exe C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\System32\EZSP_PX.EXE C:\toshiba\ivp\ism\pinger.exe C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\system32\TPWRTRAY.EXE C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TFNF5.exe C:\Program Files\NavNT\vptray.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Documents and Settings\Chad Corbett\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbssportsline.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local., O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - (no file) O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\EZSP_PX.EXE O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 28 O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe" O4 - HKLM\..\RunOnce: [Panda_cleaner_170495] C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavdr.exe 170495 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Panda Antispam Engine (pmshellsrv) - PANDA SOFTWARE - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe |
|
|
|
|
01-05-2006, 04:09 PM
|
#10 (permalink) |
|
Registered User
Join Date: Jan 2006
Posts: 8
OS: XP
|
This is an add on to previous message:
Panda: Panda Platinum 2006 Internet Security incident report Filter selected:Virus detected, Suspicious file, Dangerous file, Script execution, Phone connection, Connection attempt, Port scan attack, Denial of service attack, Spoofing, Attacking IP address blocked, Enabled, Disabled, Update, Scan started, Scan complete, Date: All INCIDENT NOTIFIED BY DATE-TIME RESULT ADDITIONAL INFORMATION ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Scan started On-demand antivirus scan 01/05/06 14:24:00 Scan: Connection attempt Firewall protection 01/05/06 13:08:40 Blocked Source IP address: 192.168.1.34 Connection attempt Firewall protection 01/05/06 12:49:31 Blocked Source IP address: 192.168.2.255 Connection attempt Firewall protection 01/05/06 11:49:32 Blocked Source IP address: 192.168.2.255 Connection attempt Firewall protection 01/05/06 10:49:31 Blocked Source IP address: 192.168.2.255 Connection attempt Firewall protection 01/05/06 10:47:02 Blocked Source IP address: 255.255.255.255 Spyware detected: Cookie/Tribalfusion Antivirus protection 01/05/06 10:24:39 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/05/06 10:24:25 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/05/06 10:24:02 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/05/06 10:24:02 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/2o7.net Antivirus protection 01/05/06 10:23:54 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@2o7[1].txt Connection attempt Firewall protection 01/05/06 09:49:31 Blocked Source IP address: 192.168.2.255 Connection attempt Firewall protection 01/05/06 08:49:31 Blocked Source IP address: 192.168.2.255 Connection attempt Firewall protection 01/05/06 07:49:31 Blocked Source IP address: 192.168.2.255 Connection attempt Firewall protection 01/05/06 07:46:58 Blocked Source IP address: 192.168.2.1 Connection attempt Firewall protection 01/05/06 06:49:31 Blocked Source IP address: 192.168.2.255 Connection attempt Firewall protection 01/05/06 05:49:31 Blocked Source IP address: 192.168.2.255 Connection attempt Firewall protection 01/05/06 04:49:31 Blocked Source IP address: 192.168.2.255 Connection attempt Firewall protection 01/05/06 03:49:31 Blocked Source IP address: 192.168.2.255 Connection attempt Firewall protection 01/05/06 02:49:31 Blocked Source IP address: 192.168.2.255 Connection attempt Firewall protection 01/05/06 01:49:31 Blocked Source IP address: 192.168.2.255 Spyware detected: Cookie/QuestionMarket Antivirus protection 01/05/06 01:08:42 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@questionmarket[1].txt Spyware detected: Cookie/2o7.net Antivirus protection 01/05/06 01:08:35 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@2o7[1].txt Spyware detected: Cookie/2o7.net Antivirus protection 01/05/06 01:08:00 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@2o7[1].txt Spyware detected: Cookie/2o7.net Antivirus protection 01/05/06 01:07:02 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@2o7[1].txt Spyware detected: Cookie/2o7.net Antivirus protection 01/05/06 01  12 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@2o7[1].txt Spyware detected: Cookie/2o7.net Antivirus protection 01/05/06 01:05:35 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@2o7[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:15 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:14 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:13 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:12 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@caoxankl.txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:12 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@caapi909.txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:12 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@cawt2v8p.txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:11 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@catubn5q.txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:11 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:11 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:11 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:11 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:10 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@ca9frhv1.txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:10 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:10 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:10 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:10 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:10 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:10 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@ca6us1xo.txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:10 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:10 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:09 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:09 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@caoxczsv.txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:09 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:09 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:08 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:08 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:08 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:08 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:07 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@capwnibd.txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:07 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:07 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@cactuld6.txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:07 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:06 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:06 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:05 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@caevu9y9.txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:05 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:05 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:05 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:05 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:04 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@ca323t5v.txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:04 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:04 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:04 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:04 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:04 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@cau7e5sd.txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:04 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:04 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:03 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:03 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:03 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:03 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:01 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:05:00 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:59 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:59 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:58 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:58 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:58 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:57 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:57 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:56 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:55 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:55 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:54 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:54 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:54 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:53 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:53 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:53 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:52 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@can0hnz8.txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:52 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:29 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:28 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:28 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:28 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:28 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:27 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:26 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:26 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:25 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:25 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@can7s2rx.txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:25 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:24 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:24 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:24 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:24 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@cacz44nx.txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:24 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:24 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:23 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:21 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:21 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:21 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:20 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@caef8te3.txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:20 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@ca8lebc5.txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:20 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@cagje7mz.txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:19 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:19 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@ca30405d.txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:19 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:19 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:19 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:19 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:19 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:19 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:16 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:16 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:16 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:15 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@caubs9a3.txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:15 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:15 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:13 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:12 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:12 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:12 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:12 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:12 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:11 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@cayvarih.txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:11 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:10 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:10 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:09 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:09 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:08 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@caufchm7.txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:08 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:08 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:08 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:07 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:07 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:06 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@ca5rn148.txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:06 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:06 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:06 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:06 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:06 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:05 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:05 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@catwref3.txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:05 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:05 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:03 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:02 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:01 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:00 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:00 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:04:00 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:03:59 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:03:59 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/go Antivirus protection 01/05/06 01:03:59 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@go[1].txt Spyware detected: Cookie/Adserver Antivirus protection 01/05/06 01:01:25 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@z1.adserver[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/05/06 01:01:21 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/05/06 01:01:21 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/05/06 01:00:08 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/05/06 00:59:45 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/05/06 00:59:39 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/05/06 00:59:08 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Spyware detected: Cookie/Tribalfusion Antivirus protection 01/05/06 00:59:07 Disinfected Path: c:\documents and settings\chad corbett\cookies\chad corbett@tribalfusion[1].txt Connection attempt Firewall protection 01/05/06 00:49:43 Blocked Source IP address: 192.168.2.255 |
|
|
|
|
01-05-2006, 06:01 PM
|
#11 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,559
OS: 2000 Pro; XP Pro; XP Home
|
It appears as though that may be the case. You now have two AV programs on your system, and this can cause conflicts and slowness. What you were to do was run an online scan, not install the trial version. Panda can prove as difficult to remove as Norton at times, but choose one, remove the other, and let us know how you're getting on.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
01-10-2006, 02:40 PM
|
#12 (permalink) |
|
Registered User
Join Date: Jan 2006
Posts: 8
OS: XP
|
so far so good
Everything seems to be working ok now. I had to uninstall Panda manually and don't think I was able to get rid of it completely, but the computer is moving faster and I haven't gotten any other warning messages. Is there some type of program or software I can use to protect my computer better?
Thanks for all of your help on this. |
|
|
|
|
01-10-2006, 07:09 PM
|
#13 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,559
OS: 2000 Pro; XP Pro; XP Home
|
Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few items to address.
Reset hidden/system files and folders
Create a new System Restore point
Enable Windows Auto Update
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
If you do not have a firewall, here are 4 free ones available for personal use: In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
| Thread Tools | |
|
|
