Problem running Panda. I try to run Panda Activescan and a window pops up saying "Connect to acs.pandasoftware.com" with space for user name and password . No login combination (computer user, etc etc) have seemed to work, and if I press cancel it says the scan had error etc. So I haven't been able to run that scan yet. Any idea why it's doing that? Never did that to me before this pc got upgraded to XP.
Anyway, here's smitfiles:
smitRem log file
version 2.3
by noahdfear
The current date is: Sun 08/14/2005
The current time is: 12:10:36.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run Files Present
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
oleadm.dll
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Post-run Files Present
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
oleadm.dll
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Wininet.dll ~~~
CLEAN!
And the Ewido log:
--------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 1:25:42 PM, 8/14/2005
+ Report-Checksum: 90BC3BCB
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{4E1075F4-EEC4-4a86-ADD7-CD5F52858C31} -> Spyware.2020Search : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{09CA52B3-703C-4B17-9690-C13F736E3DCD} -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-436374069-839522115-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6828CA-9E42-462C-BC60-418C8144012C} -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\oleadm.dll -> Trojan.Agent.eq : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gdnUS2044.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\gdnUS2044.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\gdnUS2044.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\gdnUS2044.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\gdnUS2044.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\msits.exe -> TrojanDownloader.Petrolin.a : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\gdnUS2044.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\gdnUS2044.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\gdnUS2044.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.9\gdnUS2044.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\Otis Pewett\Cookies\otis
[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Otis Pewett\Cookies\otis
[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Otis Pewett\Cookies\otis
[email protected][1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Otis Pewett\Cookies\otis pewett@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkospajsepwudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Otis Pewett\Application Data\Mozilla\Firefox\Profiles\rfw95zem.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\otis
[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\otis
[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\otis
[email protected][1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\otis pewett@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkospajsepwudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\System Volume Information\_restore{173CC4EF-A041-4F32-8AC5-05F8563261CA}\RP7\A0000257.dll -> TrojanDownloader.Agent.mk : Cleaned with backup
C:\System Volume Information\_restore{173CC4EF-A041-4F32-8AC5-05F8563261CA}\RP7\A0000261.dll -> TrojanDownloader.Agent.mk : Cleaned with backup
::Report End
And here's a fresh HJT (note this is pre-Panda. Hopefully you can help me get that working
)
Logfile of HijackThis v1.99.1
Scan saved at 1:56:03 PM, on 8/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Documents and Settings\All Users\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://start.earthlink.netR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.earthlink...ton/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.att.net/i...arch/index.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.att.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.att.netR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\CCHELPER.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\PSTOPPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~6\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft...free/asinst.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/bin/msnchat45.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{5BAEEE49-E02D-46BF-B978-3DC5181868A2}: NameServer = 12.102.240.2 204.127.160.4
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe