Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

trojan virus [RESOLVED]

Started by renditions` , Aug 20 2005 01:46 AM

Page 3 of 6
1
2
3
4
5

This topic is locked

#31
Rawe

Posted 23 August 2005 - 12:11 AM

Visiting Staff

Member
4,746 posts

What's the browser you're using to run the scan?

#32
renditions`

Posted 23 August 2005 - 12:16 AM

Member

Topic Starter
Member
123 posts

firefox

#33
Rawe

Posted 23 August 2005 - 12:21 AM

Visiting Staff

Member
4,746 posts

Install the latest Java Runtime Environment here:
http://www.java.com/...load/manual.jsp

If you have it already, uninstall it. Install the latest Java, access it and update. Reboot and try Trendmicro again. :tazz:

#34
renditions`

Posted 23 August 2005 - 01:04 AM

Member

Topic Starter
Member
123 posts

scanned and it says only 1 file was infected which was the l2mfix

#35
Rawe

Posted 23 August 2005 - 07:01 AM

Visiting Staff

Member
4,746 posts

Ok can you post a fresh HiJackThis log.

#36
renditions`

Posted 23 August 2005 - 04:00 PM

Member

Topic Starter
Member
123 posts

heres the new HJT log

Logfile of HijackThis v1.99.1
Scan saved at 12:00:19 PM, on 8/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\McAfee.com\Agent\MCAGENT.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\System32\msblank.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.download.com/
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\MCAGENT.EXE
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124684073609
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FEB3068-D693-4AC9-A1B2-223AA563D956}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{68F9CBAA-0A17-4E23-902F-3D21201EFE11}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{E143A775-1FD6-454F-A401-1E80FFF8B702}: NameServer = 69.50.176.158,85.255.112.8
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

#37
Rawe

Posted 24 August 2005 - 05:57 AM

Visiting Staff

Member
4,746 posts

Do you have any problems now?

If so can you post a new Panda log.. If not, let me know. :tazz:

#38
renditions`

Posted 24 August 2005 - 11:19 PM

Member

Topic Starter
Member
123 posts

heres my mcaffe log of what im getting

08/23/05 06:58:38 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 218.66.104.140. The remote port was 45930. The local port on your PC was 1027 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 53 00 00 40 00 27 11 52 16 da 42 68 8c 42 4b 7b 6a b3 6a 04 03 01 3f c5 12 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:05:41 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 220.184.162.1. The remote port was 2313 [ephemeral]. The local port on your PC was 1434 [MS-SQL]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 94 fa 48 00 00 66 11 1c a1 dc b8 a2 01 42 4b 7b 6a 09 09 05 9a 01 80 ef d2 04 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 ".

08/23/05 07:12:30 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.10.254.100. The remote port was 60277. The local port on your PC was 1027 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 83 00 00 40 00 29 11 b7 45 dd 0a fe 64 42 4b 7b 6a eb 75 04 03 01 6f 4b d2 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:12:30 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.10.254.100. The remote port was 60277. The local port on your PC was 1028 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 83 00 00 40 00 29 11 b7 45 dd 0a fe 64 42 4b 7b 6a eb 75 04 04 01 6f 4b d1 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:12:30 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.10.254.100. The remote port was 60277. The local port on your PC was 1026 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 83 00 00 40 00 29 11 b7 45 dd 0a fe 64 42 4b 7b 6a eb 75 04 02 01 6f 4b d3 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:12:30 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.10.254.100. The remote port was 60277. The local port on your PC was 1029 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 83 00 00 40 00 29 11 b7 45 dd 0a fe 64 42 4b 7b 6a eb 75 04 05 01 6f 4b d0 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:16:25 PM Blocked incoming TCP
McAfee Firewall blocked an incoming TCP packet. The remote address associated with the traffic was 69.17.4.59. The remote port was 3521 [ephemeral]. The local port on your PC was 143. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 20 00 30 ab c1 40 00 70 06 57 e5 45 11 04 3b 42 4b 7b 6a 0d c1 00 8f ad 60 b2 e4 00 00 00 00 70 02 40 00 cd 88 00 00 02 04 05 b4 01 01 04 02 ".

08/23/05 07:17:25 PM C:\Program Files\Lineage II\LineageII.exe was started
McAfee Firewall detected the program "C:\Program Files\Lineage II\LineageII.exe" located in "C:\Program Files\Lineage II\LineageII.exe" attempting to access the Internet. The program was granted filtered access to the Internet.

08/23/05 07:17:28 PM C:\Program Files\Lineage II\LineageII.exe will be filtered
The user requested McAfee Firewall to change the allowed or blocked status of the Internet program "C:\Program Files\Lineage II\LineageII.exe" located in "C:\Program Files\Lineage II\LineageII.exe". The program will be automatically allowed filtered access to the Internet. An attempt to communicate outside the range of expected traffic will cause an alert and may indicate the program has been taken over by a trojan.

08/23/05 07:17:29 PM C:\Program Files\Lineage II\LineageII.exe closed
The Internet program "C:\Program Files\Lineage II\LineageII.exe" located in "C:\Program Files\Lineage II\LineageII.exe" closed.

08/23/05 07:17:45 PM Firefox v1.7.10: 2005071605 was started
McAfee Firewall detected the program "Firefox v1.7.10: 2005071605" located in "C:\Program Files\Mozilla Firefox\firefox.exe" attempting to access the Internet. The program was granted full access to the Internet.

08/23/05 07:19:22 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 65.205.186.80. The remote port was 11071. The local port on your PC was 33438. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 00 20 02 0f 00 00 01 11 fd eb 41 cd ba 50 42 4b 7b 6a 2b 3f 82 9e 00 0c e1 87 69 56 4d 47 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:19:28 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 2947 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 84 87 40 00 80 06 94 d0 42 4b 7b 6a cd b4 56 0e 0b 83 00 50 c0 67 47 fa 19 ac 8c 9d 50 11 fc 8d 17 4f 00 00 ".

08/23/05 07:19:29 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 2948 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 84 91 40 00 80 06 94 c6 42 4b 7b 6a cd b4 56 0e 0b 84 00 50 a1 c9 cd c3 2d 38 0a 74 50 11 fc d8 1e 75 00 00 ".

08/23/05 07:19:32 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 2965 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 85 3e 40 00 80 06 94 19 42 4b 7b 6a cd b4 56 0e 0b 95 00 50 a2 23 e2 e7 59 89 20 38 50 11 fc 72 c7 36 00 00 ".

08/23/05 07:19:36 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 2992 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 86 03 40 00 80 06 93 54 42 4b 7b 6a cd b4 56 0e 0b b0 00 50 99 7b d9 b9 fd 55 b3 1b 50 11 fc bc a1 f7 00 00 ".

08/23/05 07:19:37 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 2993 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 86 3f 40 00 80 06 93 18 42 4b 7b 6a cd b4 56 0e 0b b1 00 50 20 b6 ae 8b b0 d4 56 9a 50 11 fc df ee c9 00 00 ".

08/23/05 07:19:37 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 2995 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 86 73 40 00 80 06 92 e4 42 4b 7b 6a cd b4 56 0e 0b b3 00 50 0d 33 5a 8d 30 f0 49 7b 50 11 fd f6 e2 35 00 00 ".

08/23/05 07:19:38 PM Blocked incoming TCP
McAfee Firewall blocked an incoming TCP packet. The remote address associated with the traffic was 216.52.17.116. The remote port was 80 [HTTP]. The local port on your PC was 2946 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 00 30 00 00 40 00 2d 06 a6 6a d8 34 11 74 42 4b 7b 6a 00 50 0b 82 0a 70 92 1b 33 cb 55 fa 70 12 16 d0 93 0e 00 00 02 04 05 64 01 01 04 02 ".

08/23/05 07:20:06 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 2947 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 8e a5 40 00 80 06 8a b2 42 4b 7b 6a cd b4 56 0e 0b 83 00 50 c0 67 47 fa 19 ac 8c 9d 50 11 fc 8d 17 4f 00 00 ".

08/23/05 07:20:09 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 3030 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 8e a9 40 00 80 06 8a ae 42 4b 7b 6a cd b4 56 0e 0b d6 00 50 51 2f aa 47 5d 50 16 72 50 11 fc 76 56 85 00 00 ".

08/23/05 07:20:09 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 2948 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 8e ab 40 00 80 06 8a ac 42 4b 7b 6a cd b4 56 0e 0b 84 00 50 a1 c9 cd c3 2d 38 0a 74 50 11 fc d8 1e 75 00 00 ".

08/23/05 07:20:11 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 3041 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 8e b0 40 00 80 06 8a a7 42 4b 7b 6a cd b4 56 0e 0b e1 00 50 95 ab 24 2c f8 3a a7 49 50 11 fd f6 6a d7 00 00 ".

08/23/05 07:20:12 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 2965 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 8e ba 40 00 80 06 8a 9d 42 4b 7b 6a cd b4 56 0e 0b 95 00 50 a2 23 e2 e7 59 89 20 38 50 11 fc 72 c7 36 00 00 ".

08/23/05 07:20:14 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 2992 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 8e cb 40 00 80 06 8a 8c 42 4b 7b 6a cd b4 56 0e 0b b0 00 50 99 7b d9 b9 fd 55 b3 1b 50 11 fc bc a1 f7 00 00 ".

08/23/05 07:20:17 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 2993 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 8e eb 40 00 80 06 8a 6c 42 4b 7b 6a cd b4 56 0e 0b b1 00 50 20 b6 ae 8b b0 d4 56 9a 50 11 fc df ee c9 00 00 ".

08/23/05 07:20:17 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 2995 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 8e ed 40 00 80 06 8a 6a 42 4b 7b 6a cd b4 56 0e 0b b3 00 50 0d 33 5a 8d 30 f0 49 7b 50 11 fd f6 e2 35 00 00 ".

08/23/05 07:20:18 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 3071 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 8e ef 40 00 80 06 8a 68 42 4b 7b 6a cd b4 56 0e 0b ff 00 50 3f 81 37 6b 91 b6 76 8e 50 11 fd c0 45 1a 00 00 ".

08/23/05 07:20:18 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 3072 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 8e f0 40 00 80 06 8a 67 42 4b 7b 6a cd b4 56 0e 0c 00 00 50 da 99 f4 a9 d9 fc 72 44 50 11 fc 96 a9 ef 00 00 ".

08/23/05 07:20:19 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 3075 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 8e f1 40 00 80 06 8a 66 42 4b 7b 6a cd b4 56 0e 0c 03 00 50 9b bc 6e 6c 2c 26 14 28 50 11 fd f6 79 9a 00 00 ".

08/23/05 07:20:26 PM Blocked incoming TCP
McAfee Firewall blocked an incoming TCP packet. The remote address associated with the traffic was 216.52.17.116. The remote port was 80 [HTTP]. The local port on your PC was 2946 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 00 30 00 00 40 00 2d 06 a6 6a d8 34 11 74 42 4b 7b 6a 00 50 0b 82 0a 70 92 1b 33 cb 55 fa 70 12 16 d0 93 0e 00 00 02 04 05 64 01 01 04 02 ".

08/23/05 07:20:29 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 216.52.17.116. The remote port was 80 [HTTP]. The local port on your PC was 3101 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 8f 1b 40 00 80 06 c4 56 42 4b 7b 6a d8 34 11 74 0c 1d 00 50 37 ed 1c 4f 35 a2 f8 4e 50 11 fc fa 7c e0 00 00 ".

08/23/05 07:20:32 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 3122 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 8f 34 40 00 80 06 8a 23 42 4b 7b 6a cd b4 56 0e 0c 32 00 50 97 09 b5 e2 3e 0c cf a8 50 11 fd c0 69 77 00 00 ".

08/23/05 07:20:34 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 3137 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 8f 36 40 00 80 06 8a 21 42 4b 7b 6a cd b4 56 0e 0c 41 00 50 df f8 1f 37 36 12 c7 16 50 11 fd c0 c7 b0 00 00 ".

08/23/05 07:20:35 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 3145 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 8f 37 40 00 80 06 8a 20 42 4b 7b 6a cd b4 56 0e 0c 49 00 50 ea e6 45 ff f7 9b 59 ef 50 11 fe 9a 40 b6 00 00 ".

08/23/05 07:20:39 PM Blocked incoming TCP
McAfee Firewall blocked an incoming TCP packet. The remote address associated with the traffic was 70.85.119.132. The remote port was 80 [HTTP]. The local port on your PC was 3113 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 00 30 00 00 40 00 27 06 d8 39 46 55 77 84 42 4b 7b 6a 00 50 0c 29 96 58 98 3b ba 84 82 58 70 12 16 d0 78 c6 00 00 02 04 05 b4 01 01 04 02 ".

08/23/05 07:20:42 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 205.113.115.23. The remote port was 11944. The local port on your PC was 1026 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 03 8c 82 aa 00 00 6e 11 c8 78 cd 71 73 17 42 4b 7b 6a 2e a8 04 02 03 78 00 00 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:20:42 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 205.125.55.58. The remote port was 31877. The local port on your PC was 1027 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 03 8c 87 72 00 00 6e 11 ff 81 cd 7d 37 3a 42 4b 7b 6a 7c 85 04 03 03 78 00 00 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:20:42 PM Blocked incoming TCP
McAfee Firewall blocked an incoming TCP packet. The remote address associated with the traffic was 67.15.52.14. The remote port was 80 [HTTP]. The local port on your PC was 3129 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 00 30 00 00 40 00 2c 06 19 f6 43 0f 34 0e 42 4b 7b 6a 00 50 0c 39 98 51 24 1f b9 f4 5f 6f 70 12 16 d0 55 0f 00 00 02 04 05 b4 01 01 04 02 ".

08/23/05 07:20:49 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 3030 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 8f a2 40 00 80 06 89 b5 42 4b 7b 6a cd b4 56 0e 0b d6 00 50 51 2f aa 47 5d 50 16 72 50 11 fc 76 56 85 00 00 ".

08/23/05 07:20:49 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 3041 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 8f d9 40 00 80 06 89 7e 42 4b 7b 6a cd b4 56 0e 0b e1 00 50 95 ab 24 2c f8 3a a7 49 50 11 fd f6 6a d7 00 00 ".

08/23/05 07:20:58 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 3071 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 92 4d 40 00 80 06 87 0a 42 4b 7b 6a cd b4 56 0e 0b ff 00 50 3f 81 37 6b 91 b6 76 8e 50 11 fd c0 45 1a 00 00 ".

08/23/05 07:20:58 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 3072 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 92 4e 40 00 80 06 87 09 42 4b 7b 6a cd b4 56 0e 0c 00 00 50 da 99 f4 a9 d9 fc 72 44 50 11 fc 96 a9 ef 00 00 ".

08/23/05 07:20:59 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 3075 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 92 51 40 00 80 06 87 06 42 4b 7b 6a cd b4 56 0e 0c 03 00 50 9b bc 6e 6c 2c 26 14 28 50 11 fd f6 79 9a 00 00 ".

08/23/05 07:21:09 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 216.52.17.116. The remote port was 80 [HTTP]. The local port on your PC was 3101 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 93 f7 40 00 80 06 bf 7a 42 4b 7b 6a d8 34 11 74 0c 1d 00 50 37 ed 1c 4f 35 a2 f8 4e 50 11 fc fa 7c e0 00 00 ".

08/23/05 07:21:12 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 3122 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 93 fb 40 00 80 06 85 5c 42 4b 7b 6a cd b4 56 0e 0c 32 00 50 97 09 b5 e2 3e 0c cf a8 50 11 fd c0 69 77 00 00 ".

08/23/05 07:21:14 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 3137 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 93 fd 40 00 80 06 85 5a 42 4b 7b 6a cd b4 56 0e 0c 41 00 50 df f8 1f 37 36 12 c7 16 50 11 fd c0 c7 b0 00 00 ".

08/23/05 07:21:15 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 3145 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 93 fe 40 00 80 06 85 59 42 4b 7b 6a cd b4 56 0e 0c 49 00 50 ea e6 45 ff f7 9b 59 ef 50 11 fe 9a 40 b6 00 00 ".

08/23/05 07:21:27 PM Blocked incoming TCP
McAfee Firewall blocked an incoming TCP packet. The remote address associated with the traffic was 70.85.119.132. The remote port was 80 [HTTP]. The local port on your PC was 3113 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 00 30 00 00 40 00 27 06 d8 39 46 55 77 84 42 4b 7b 6a 00 50 0c 29 96 58 98 3b ba 84 82 58 70 12 16 d0 78 c6 00 00 02 04 05 b4 01 01 04 02 ".

08/23/05 07:21:27 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 3165 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 94 5d 40 00 80 06 84 fa 42 4b 7b 6a cd b4 56 0e 0c 5d 00 50 77 b0 d6 b4 32 8d 5f ed 50 11 fc 6b e4 62 00 00 ".

08/23/05 07:21:28 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 3170 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 94 5f 40 00 80 06 84 f8 42 4b 7b 6a cd b4 56 0e 0c 62 00 50 8c 1c fe 3c 28 a6 47 45 50 11 fc a1 ca c2 00 00 ".

08/23/05 07:21:31 PM Blocked incoming TCP
McAfee Firewall blocked an incoming TCP packet. The remote address associated with the traffic was 67.15.52.14. The remote port was 80 [HTTP]. The local port on your PC was 3129 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 00 30 00 00 40 00 2c 06 19 f6 43 0f 34 0e 42 4b 7b 6a 00 50 0c 39 98 51 24 1f b9 f4 5f 6f 70 12 16 d0 55 0f 00 00 02 04 05 b4 01 01 04 02 ".

08/23/05 07:21:39 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 3206 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 94 89 40 00 80 06 84 ce 42 4b 7b 6a cd b4 56 0e 0c 86 00 50 7b 79 10 6a 1c 35 78 b5 50 11 fc 07 a4 af 00 00 ".

08/23/05 07:21:40 PM Blocked incoming TCP
McAfee Firewall blocked an incoming TCP packet. The remote address associated with the traffic was 204.11.109.62. The remote port was 80 [HTTP]. The local port on your PC was 3187 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 00 28 6e fb 00 00 2c 06 28 d6 cc 0b 6d 3e 42 4b 7b 6a 00 50 0c 73 bd 31 97 e0 e5 e6 d0 3d 50 14 f0 00 b0 d6 00 00 00 00 00 00 00 00 ".

08/23/05 07:21:42 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 3205 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 94 b7 40 00 80 06 84 a0 42 4b 7b 6a cd b4 56 0e 0c 85 00 50 75 41 18 f5 9d 1f 64 d3 50 11 fb f0 35 6c 00 00 ".

08/23/05 07:22:08 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 3165 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 96 ef 40 00 80 06 82 68 42 4b 7b 6a cd b4 56 0e 0c 5d 00 50 77 b0 d6 b4 32 8d 5f ed 50 11 fc 6b e4 62 00 00 ".

08/23/05 07:22:08 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 3170 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 96 f4 40 00 80 06 82 63 42 4b 7b 6a cd b4 56 0e 0c 62 00 50 8c 1c fe 3c 28 a6 47 45 50 11 fc a1 ca c2 00 00 ".

08/23/05 07:22:19 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 3206 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 98 02 40 00 80 06 81 55 42 4b 7b 6a cd b4 56 0e 0c 86 00 50 7b 79 10 6a 1c 35 78 b5 50 11 fc 07 a4 af 00 00 ".

08/23/05 07:22:22 PM Blocked outgoing TCP
McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 205.180.86.14. The remote port was 80 [HTTP]. The local port on your PC was 3205 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 05 5f ec 1c 8c 00 e0 29 9a 12 29 08 00 45 00 00 28 98 5a 40 00 80 06 80 fd 42 4b 7b 6a cd b4 56 0e 0c 85 00 50 75 41 18 f5 9d 1f 64 d3 50 11 fb f0 35 6c 00 00 ".

08/23/05 07:22:37 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.211.255.13. The remote port was 33047. The local port on your PC was 1026 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 f3 00 00 40 00 26 11 b8 63 dd d3 ff 0d 42 4b 7b 6a 81 17 04 02 01 df 41 48 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:22:37 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.211.255.13. The remote port was 33047. The local port on your PC was 1027 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 f3 00 00 40 00 26 11 b8 63 dd d3 ff 0d 42 4b 7b 6a 81 17 04 03 01 df 41 47 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:26:50 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.10.254.100. The remote port was 60277. The local port on your PC was 1026 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 83 00 00 40 00 29 11 b7 45 dd 0a fe 64 42 4b 7b 6a eb 75 04 02 01 6f d0 94 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:26:57 PM Firefox v1.7.10: 2005071605 closed
The Internet program "Firefox v1.7.10: 2005071605" located in "C:\Program Files\Mozilla Firefox\firefox.exe" closed.

08/23/05 07:27:23 PM nProtect GameGuard Launcher v2005, 2, 3, 1 was started
McAfee Firewall detected the program "nProtect GameGuard Launcher v2005, 2, 3, 1" located in "C:\Program Files\Lineage II\System\GameGuard.des" attempting to access the Internet. The program was granted filtered access to the Internet.

08/23/05 07:27:26 PM nProtect GameGuard Launcher v2005, 2, 3, 1 will be filtered
The user requested McAfee Firewall to change the allowed or blocked status of the Internet program "nProtect GameGuard Launcher v2005, 2, 3, 1" located in "C:\Program Files\Lineage II\System\GameGuard.des". The program will be automatically allowed filtered access to the Internet. An attempt to communicate outside the range of expected traffic will cause an alert and may indicate the program has been taken over by a trojan.

08/23/05 07:27:32 PM nProtect GameGuard Launcher v2005, 2, 3, 1 closed
The Internet program "nProtect GameGuard Launcher v2005, 2, 3, 1" located in "C:\Program Files\Lineage II\System\GameGuard.des" closed.

08/23/05 07:29:49 PM An error occurred in McAfee Firewall
McAfee Firewall encountered an unexpected error in module Fwlearn.cpp, line 343. The related error code, if any, is 3. If you believe this error is causing the Firewall to function improperly, please report this error to McAfee Technical Support.

08/23/05 07:29:49 PM was started
McAfee Firewall detected the program "" located in "" attempting to access the Internet. The program was granted full access to the Internet.

08/23/05 07:31:28 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 61.152.160.63. The remote port was 32875. The local port on your PC was 1027 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 fa 00 00 40 00 27 11 b6 66 3d 98 a0 3f 42 4b 7b 6a 80 6b 04 03 01 e6 4d 00 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:37:51 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 222.141.102.13. The remote port was 40934. The local port on your PC was 1026 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 b9 00 00 40 00 26 11 50 e4 de 8d 66 0d 42 4b 7b 6a 9f e6 04 02 01 a5 07 64 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:41:39 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 61.233.40.84. The remote port was 33211. The local port on your PC was 1026 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 5a 00 00 40 00 22 11 33 a1 3d e9 28 54 42 4b 7b 6a 81 bb 04 02 01 46 7e 1b 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:41:39 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 61.233.40.84. The remote port was 33212. The local port on your PC was 1027 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 5a 00 00 40 00 22 11 33 a1 3d e9 28 54 42 4b 7b 6a 81 bc 04 03 01 46 7e 19 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:42:03 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 219.150.118.46. The remote port was 26348. The local port on your PC was 1026 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 02 8d c7 e2 00 00 64 11 7d 03 db 96 76 2e 42 4b 7b 6a 66 ec 04 02 02 79 00 00 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:42:23 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.211.255.8. The remote port was 50278. The local port on your PC was 1026 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 bb 00 00 40 00 26 11 b8 a0 dd d3 ff 08 42 4b 7b 6a c4 66 04 02 01 a7 92 e2 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:42:23 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.211.255.8. The remote port was 50278. The local port on your PC was 1027 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 bb 00 00 40 00 26 11 b8 a0 dd d3 ff 08 42 4b 7b 6a c4 66 04 03 01 a7 92 e1 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:45:27 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.10.254.100. The remote port was 60277. The local port on your PC was 1027 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 83 00 00 40 00 29 11 b7 45 dd 0a fe 64 42 4b 7b 6a eb 75 04 03 01 6f d0 93 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:45:27 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.10.254.100. The remote port was 60277. The local port on your PC was 1028 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 83 00 00 40 00 29 11 b7 45 dd 0a fe 64 42 4b 7b 6a eb 75 04 04 01 6f d0 92 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:49:04 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.211.255.13. The remote port was 33050. The local port on your PC was 1026 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 f3 00 00 40 00 26 11 b8 63 dd d3 ff 0d 42 4b 7b 6a 81 1a 04 02 01 df 37 ad 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:49:12 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 205.25.66.115. The remote port was 6489. The local port on your PC was 1026 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 03 8c 91 9b 00 00 6d 11 eb 83 cd 19 42 73 42 4b 7b 6a 19 59 04 02 03 78 00 00 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:49:38 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 70.85.178.66. The remote port was 35301. The local port on your PC was 1026 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 de 00 00 40 00 2e 11 94 c2 46 55 b2 42 42 4b 7b 6a 89 e5 04 02 01 ca e3 3b 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:51:34 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 222.141.102.13. The remote port was 47823. The local port on your PC was 1026 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 b9 00 00 40 00 26 11 50 e4 de 8d 66 0d 42 4b 7b 6a ba cf 04 02 01 a5 0f af 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:54:11 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 216.33.199.196. The remote port was 19023. The local port on your PC was 1026 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 03 8c 2d 65 00 00 6d 11 bf 60 d8 21 c7 c4 42 4b 7b 6a 4a 4f 04 02 03 78 00 00 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:54:46 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.10.254.100. The remote port was 60277. The local port on your PC was 1027 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 83 00 00 40 00 29 11 b7 45 dd 0a fe 64 42 4b 7b 6a eb 75 04 03 01 6f d0 93 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:54:46 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.10.254.100. The remote port was 60277. The local port on your PC was 1028 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 83 00 00 40 00 29 11 b7 45 dd 0a fe 64 42 4b 7b 6a eb 75 04 04 01 6f d0 92 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:54:46 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.10.254.100. The remote port was 60277. The local port on your PC was 1029 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 83 00 00 40 00 29 11 b7 45 dd 0a fe 64 42 4b 7b 6a eb 75 04 05 01 6f d0 91 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:54:46 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.10.254.100. The remote port was 60277. The local port on your PC was 1026 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 83 00 00 40 00 29 11 b7 45 dd 0a fe 64 42 4b 7b 6a eb 75 04 02 01 6f d0 94 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 07:56:09 PM Blocked incoming TCP
McAfee Firewall blocked an incoming TCP packet. The remote address associated with the traffic was 212.218.193.99. The remote port was 2689 [ephemeral]. The local port on your PC was 3306 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 00 30 3a 78 40 00 67 06 85 5c d4 da c1 63 42 4b 7b 6a 0a 81 0c ea 99 32 d9 4f 00 00 00 00 70 02 40 00 65 3e 00 00 02 04 05 b4 01 01 04 02 ".

08/23/05 08:01:23 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 61.138.137.10. The remote port was 44765. The local port on your PC was 1026 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 5c 00 00 40 00 26 11 cf 47 3d 8a 89 0a 42 4b 7b 6a ae dd 04 02 01 48 bc 1a 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 08:02:03 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 61.153.208.254. The remote port was 1126 [ephemeral]. The local port on your PC was 1434 [MS-SQL]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 94 97 23 00 00 65 11 f0 e8 3d 99 d0 fe 42 4b 7b 6a 04 66 05 9a 01 80 64 98 04 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 ".

08/23/05 08:04:04 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.10.254.100. The remote port was 60277. The local port on your PC was 1029 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 83 00 00 40 00 29 11 b7 45 dd 0a fe 64 42 4b 7b 6a eb 75 04 05 01 6f d0 91 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 08:13:16 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 222.136.188.49. The remote port was 56648. The local port on your PC was 1026 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 f4 00 00 40 00 26 11 fa 89 de 88 bc 31 42 4b 7b 6a dd 48 04 02 01 e0 71 9a 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 08:13:24 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.10.254.100. The remote port was 60277. The local port on your PC was 1027 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 83 00 00 40 00 29 11 b7 45 dd 0a fe 64 42 4b 7b 6a eb 75 04 03 01 6f d0 93 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 08:13:24 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.10.254.100. The remote port was 60277. The local port on your PC was 1026 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 83 00 00 40 00 29 11 b7 45 dd 0a fe 64 42 4b 7b 6a eb 75 04 02 01 6f d0 94 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 08:13:24 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.10.254.100. The remote port was 60277. The local port on your PC was 1028 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 83 00 00 40 00 29 11 b7 45 dd 0a fe 64 42 4b 7b 6a eb 75 04 04 01 6f d0 92 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 08:13:24 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.10.254.100. The remote port was 60277. The local port on your PC was 1029 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 83 00 00 40 00 29 11 b7 45 dd 0a fe 64 42 4b 7b 6a eb 75 04 05 01 6f d0 91 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 08:15:29 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.211.255.13. The remote port was 33050. The local port on your PC was 1026 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 f3 00 00 40 00 26 11 b8 63 dd d3 ff 0d 42 4b 7b 6a 81 1a 04 02 01 df 8f 45 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 08:22:42 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.10.254.100. The remote port was 60277. The local port on your PC was 1027 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 83 00 00 40 00 29 11 b7 45 dd 0a fe 64 42 4b 7b 6a eb 75 04 03 01 6f d0 93 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 08:22:42 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.10.254.100. The remote port was 60277. The local port on your PC was 1028 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 83 00 00 40 00 29 11 b7 45 dd 0a fe 64 42 4b 7b 6a eb 75 04 04 01 6f d0 92 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 08:22:42 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.10.254.100. The remote port was 60277. The local port on your PC was 1026 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 83 00 00 40 00 29 11 b7 45 dd 0a fe 64 42 4b 7b 6a eb 75 04 02 01 6f d0 94 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 08:23:37 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 60.18.168.25. The remote port was 1030 [ephemeral]. The local port on your PC was 1434 [MS-SQL]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 94 15 28 00 00 67 11 9b 50 3c 12 a8 19 42 4b 7b 6a 04 06 05 9a 01 80 8f 64 04 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 ".

08/23/05 08:27:58 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 222.141.102.13. The remote port was 38123. The local port on your PC was 1026 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 b9 00 00 40 00 26 11 50 e4 de 8d 66 0d 42 4b 7b 6a 94 eb 04 02 01 a5 fe 7c 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 08:32:00 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.10.254.100. The remote port was 60277. The local port on your PC was 1027 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 83 00 00 40 00 29 11 b7 45 dd 0a fe 64 42 4b 7b 6a eb 75 04 03 01 6f d0 93 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 08:32:00 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.10.254.100. The remote port was 60277. The local port on your PC was 1028 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 83 00 00 40 00 29 11 b7 45 dd 0a fe 64 42 4b 7b 6a eb 75 04 04 01 6f d0 92 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 08:32:00 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.10.254.100. The remote port was 60277. The local port on your PC was 1026 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 83 00 00 40 00 29 11 b7 45 dd 0a fe 64 42 4b 7b 6a eb 75 04 02 01 6f d0 94 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 08:32:00 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.10.254.100. The remote port was 60277. The local port on your PC was 1029 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 83 00 00 40 00 29 11 b7 45 dd 0a fe 64 42 4b 7b 6a eb 75 04 05 01 6f d0 91 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 08:41:18 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.10.254.100. The remote port was 60277. The local port on your PC was 1026 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 83 00 00 40 00 29 11 b7 45 dd 0a fe 64 42 4b 7b 6a eb 75 04 02 01 6f d0 94 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 08:41:18 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.10.254.100. The remote port was 60277. The local port on your PC was 1028 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 83 00 00 40 00 29 11 b7 45 dd 0a fe 64 42 4b 7b 6a eb 75 04 04 01 6f d0 92 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 08:41:18 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.10.254.100. The remote port was 60277. The local port on your PC was 1029 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 83 00 00 40 00 29 11 b7 45 dd 0a fe 64 42 4b 7b 6a eb 75 04 05 01 6f d0 91 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 08:41:38 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 222.141.102.13. The remote port was 45093. The local port on your PC was 1026 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 b9 00 00 40 00 26 11 50 e4 de 8d 66 0d 42 4b 7b 6a b0 25 04 02 01 a5 53 d8 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 08:41:52 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 221.211.255.13. The remote port was 33050. The local port on your PC was 1027 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 f3 00 00 40 00 26 11 b8 63 dd d3 ff 0d 42 4b 7b 6a 81 1a 04 03 01 df a3 b6 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 08:42:48 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 222.241.95.69. The remote port was 32876. The local port on your PC was 1027 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 f5 00 00 40 00 27 11 56 0c de f1 5f 45 42 4b 7b 6a 80 6c 04 03 01 e1 20 66 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 08:43:52 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 220.168.156.71. The remote port was 35291. The local port on your PC was 1026 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in the packet was "00 e0 29 9a 12 29 00 05 5f ec 1c 8c 08 00 45 00 01 de 00 00 40 00 27 11 1b 6a dc a8 9c 47 42 4b 7b 6a 89 db 04 02 01 ca f8 3c 04 00 28 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ".

08/23/05 08:47:07 PM Blocked incoming UDP
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 218.66.104.140. The remote port was 45930. The local port on your PC was 1026 [ephemeral]. The network adapter for the traffic was "SMC EZ Connect USB/Ethernet Series Converter".

The binary data contained in th

#39
renditions`

Posted 24 August 2005 - 11:28 PM

Member

Topic Starter
Member
123 posts

Heres the new Panda Log along w/ a new HJT Log....

PANDA:

Incident Status Location

Adware:adware/popuper No disinfected C:\DOCUMENTS AND SETTINGS\NESTOOOOR\FAVORITES\Black Jack Online.url
Adware:adware/cws No disinfected C:\DOCUMENTS AND SETTINGS\NESTOOOOR\FAVORITES\Online Sex Poker Rooms.url
Spyware:spyware/petro-line No disinfected C:\DOCUMENTS AND SETTINGS\NESTOOOOR\FAVORITES\SITES ABOUT\Broadband comparison.url
Adware:adware/wupd No disinfected Windows Registry
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\neSTOOOOR\Desktop\l2mfix\backup.zip[dkmsadsn.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\neSTOOOOR\Desktop\l2mfix\backup.zip[lyhsvc.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\neSTOOOOR\Desktop\l2mfix\backup.zip[mntask.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\neSTOOOOR\Desktop\l2mfix\backup.zip[guard.tmp]

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 7:25:55 PM, on 8/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\McAfee.com\Agent\MCAGENT.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\System32\msblank.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.download.com/
O1 - Hosts: 65.69.44.51 L2authd.lineage2.com
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\MCAGENT.EXE
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124684073609
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FEB3068-D693-4AC9-A1B2-223AA563D956}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{68F9CBAA-0A17-4E23-902F-3D21201EFE11}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{E143A775-1FD6-454F-A401-1E80FFF8B702}: NameServer = 69.50.176.158,85.255.112.8
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

#40
Rawe

Posted 25 August 2005 - 04:36 AM

Visiting Staff

Member
4,746 posts

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
Double-click the file to install it as follows:
- Click "Next", read the agreement, Click "Next"
- Choose "Custom" click "Next".
- Leave the default installation directoy as it is, then click "Next".
- UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
- On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
- Finally, click "Install"
Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Disable SpySweeper Shields
- Click Shields on the left.
- Click Internet Explorer and uncheck all items.
- Click Windows System and uncheck all items.
- Click Startup Programs and uncheck all items.
Once the definitions are installed and shields disabled, click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.
Paste the contents of the session log you copied into your next reply.

#41
renditions`

Posted 26 August 2005 - 02:34 AM

Member

Topic Starter
Member
123 posts

heres the spysweeper log..

********
10:18 PM: |··· Start of Session, Thursday, August 25, 2005 ···|
10:18 PM: Spy Sweeper started
10:18 PM: Sweep initiated using definitions version 522
10:18 PM: Starting Memory Sweep
10:21 PM: Memory Sweep Complete, Elapsed Time: 00:03:11
10:21 PM: Starting Registry Sweep
10:21 PM: Found Adware: cws_cassandra
10:21 PM: HKU\S-1-5-21-57989841-1659004503-1326574676-1003\software\microsoft\internet explorer\main\ || hpded (ID = 117048)
10:21 PM: HKU\S-1-5-21-57989841-1659004503-1326574676-1003\software\microsoft\internet explorer\main\ || spded (ID = 117049)
10:21 PM: Found Adware: instant access
10:21 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\system32\ia.dll (ID = 128825)
10:21 PM: Found Trojan Horse: trojan-downloader-pacisoft
10:21 PM: HKU\S-1-5-21-57989841-1659004503-1326574676-1003\software\psof1\ (ID = 136530)
10:21 PM: Found Adware: searchtoolbar
10:21 PM: HKU\S-1-5-21-57989841-1659004503-1326574676-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {08bec6aa-49fc-4379-3587-4b21e286c19e} (ID = 139177)
10:21 PM: Found Adware: quicklink search toolbar
10:21 PM: HKU\S-1-5-21-57989841-1659004503-1326574676-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {08bec6aa-49fc-4379-3587-4b21e286c19e} (ID = 139177)
10:21 PM: HKU\S-1-5-21-57989841-1659004503-1326574676-1003\software\searchtoolbar\ (5 subtraces) (ID = 141343)
10:21 PM: HKLM\software\searchtoolbar\ (3 subtraces) (ID = 141346)
10:21 PM: Found Trojan Horse: topconverting downloader
10:21 PM: HKLM\software\classes\tpusn\ (1 subtraces) (ID = 143805)
10:21 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/website.ocx\ (2 subtraces) (ID = 143817)
10:21 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\website.ocx (ID = 143831)
10:21 PM: HKCR\tpusn\ (1 subtraces) (ID = 143835)
10:21 PM: Found Trojan Horse: trojan-downloader-wareout
10:21 PM: HKU\S-1-5-21-57989841-1659004503-1326574676-1003\software\microsoft\internet explorer\extensions\cmdmapping\ || {bf69df00-2734-477f-8257-27cd04f88779} (ID = 144839)
10:21 PM: Found Adware: websearch toolbar
10:21 PM: HKCR\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\ (7 subtraces) (ID = 146339)
10:21 PM: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\ (7 subtraces) (ID = 146402)
10:21 PM: Found Adware: winad
10:21 PM: HKLM\software\media access\ (1 subtraces) (ID = 147182)
10:21 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaaccx.dll\ (2 subtraces) (ID = 147191)
10:21 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaaccx.dll (ID = 147221)
10:21 PM: Found Adware: ist yoursitebar
10:21 PM: HKCR\clsid\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}\ (8 subtraces) (ID = 147829)
10:21 PM: Found Adware: ist software
10:21 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/ysbactivex.dll\ (2 subtraces) (ID = 147854)
10:21 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\ysbactivex.dll (ID = 147857)
10:21 PM: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\ (7 subtraces) (ID = 155047)
10:21 PM: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\implemented categories\ (5 subtraces) (ID = 155058)
10:21 PM: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\implemented categories\{7dd95801-9882-11cf-9fa9-00aa006c42c4}\ (1 subtraces) (ID = 155060)
10:21 PM: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\implemented categories\{7dd95802-9882-11cf-9fa9-00aa006c42c4}\ (1 subtraces) (ID = 155062)
10:21 PM: Found Adware: icannnews
10:21 PM: HKCR\activexctrl\ (3 subtraces) (ID = 169450)
10:21 PM: HKCR\clsid\{3bfadce2-1141-4b81-8878-49af625f0fdc}\ (3 subtraces) (ID = 169451)
10:21 PM: HKCR\clsid\{4208fb4d-4e53-4f5a-bf7a-3e047ddb5281}\ (21 subtraces) (ID = 169452)
10:21 PM: HKCR\interface\{980ad470-04ea-4d1d-bd26-e178b7bda6d8}\ (8 subtraces) (ID = 169454)
10:21 PM: HKCR\interface\{fd39937a-c583-4aac-9332-8a3e44988a67}\ (8 subtraces) (ID = 169455)
10:21 PM: HKCR\typelib\{ee5ac3d6-6f43-4047-af0a-d66fc2cf8f42}\ (9 subtraces) (ID = 169456)
10:21 PM: HKLM\software\classes\activexctrl\ (3 subtraces) (ID = 169457)
10:21 PM: HKLM\software\classes\clsid\{3bfadce2-1141-4b81-8878-49af625f0fdc}\ (3 subtraces) (ID = 169458)
10:21 PM: HKLM\software\classes\clsid\{4208fb4d-4e53-4f5a-bf7a-3e047ddb5281}\ (21 subtraces) (ID = 169459)
10:21 PM: HKLM\software\classes\interface\{980ad470-04ea-4d1d-bd26-e178b7bda6d8}\ (8 subtraces) (ID = 169461)
10:21 PM: HKLM\software\classes\interface\{fd39937a-c583-4aac-9332-8a3e44988a67}\ (8 subtraces) (ID = 169462)
10:21 PM: HKLM\software\classes\typelib\{ee5ac3d6-6f43-4047-af0a-d66fc2cf8f42}\ (9 subtraces) (ID = 169463)
10:21 PM: Found Adware: msblank hijack
10:21 PM: HKU\S-1-5-21-57989841-1659004503-1326574676-1003\software\microsoft\internet explorer\main\ || start page (ID = 169497)
10:21 PM: Found Trojan Horse: trojan-downloader-ruin
10:21 PM: HKLM\software\microsoft\windows\currentversion\urls\ (9 subtraces) (ID = 605127)
10:21 PM: HKLM\software\microsoft\windows\currentversion\ruins\ (33 subtraces) (ID = 605128)
10:21 PM: Registry Sweep Complete, Elapsed Time:00:00:17
10:21 PM: Starting Cookie Sweep
10:21 PM: Found Spy Cookie: 2o7.net cookie
10:21 PM: nestoooor@2o7[2].txt (ID = 1957)
10:21 PM: Found Spy Cookie: advertising cookie
10:21 PM: nestoooor@advertising[2].txt (ID = 2175)
10:21 PM: Found Spy Cookie: atwola cookie
10:21 PM: [email protected][2].txt (ID = 2256)
10:21 PM: Found Spy Cookie: atlas dmt cookie
10:21 PM: nestoooor@atdmt[2].txt (ID = 2253)
10:21 PM: nestoooor@atwola[1].txt (ID = 2255)
10:21 PM: Found Spy Cookie: servedby advertising cookie
10:21 PM: [email protected][2].txt (ID = 3335)
10:21 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
10:21 PM: Starting File Sweep
10:22 PM: rdt(3).ini (ID = 73426)
10:22 PM: Warning: Failed to read file "c:\documents and settings\nestoooor\local settings\temp\perflib_perfdata_304.dat". System Error. Code: 32.
The process cannot access the file because it is being used by another process
10:22 PM: rdt(2).ini (ID = 73426)
10:25 PM: Found Adware: coolwebsearch (cws)
10:25 PM: credit counseling.url (ID = 130668)
10:25 PM: insurance home.url (ID = 130676)
10:25 PM: mortgage life insurance.url (ID = 130681)
10:25 PM: help desk software.url (ID = 130675)
10:25 PM: videos.url (ID = 130694)
10:25 PM: what is hydrocodone.url (ID = 130695)
10:25 PM: online gambling casino.url (ID = 130684)
10:25 PM: refinancing my mortgage.url (ID = 130691)
10:25 PM: debt credit card.url (ID = 130671)
10:25 PM: fha.url (ID = 130673)
10:25 PM: loan for debt consolidation.url (ID = 130677)
10:25 PM: health insurance.url (ID = 130674)
10:25 PM: personal loans online.url (ID = 130688)
10:25 PM: payroll advance.url (ID = 130687)
10:25 PM: marketing email.url (ID = 130679)
10:25 PM: prescription drugs rx online.url (ID = 130690)
10:25 PM: credit report.url (ID = 130669)
10:25 PM: tahoe vacation rental.url (ID = 130692)
10:25 PM: escorts.url (ID = 130672)
10:25 PM: order phentermine.url (ID = 130686)
10:25 PM: mortgage insurance.url (ID = 130680)
10:25 PM: personal loans with bad credit.url (ID = 130689)
10:26 PM: crm software.url (ID = 130670)
10:26 PM: nevada corporations.url (ID = 130682)
10:26 PM: unsecured bad credit loans.url (ID = 130693)
10:26 PM: loan for people with bad credit.url (ID = 130678)
10:26 PM: broadband comparison.url (ID = 130667)
10:26 PM: online betting site.url (ID = 130683)
10:26 PM: online instant loan.url (ID = 130685)
10:26 PM: File Sweep Complete, Elapsed Time: 00:04:36
10:26 PM: Full Sweep has completed. Elapsed time 00:08:11
10:26 PM: Traces Found: 276
10:28 PM: Removal process initiated
10:28 PM: Quarantining All Traces: cws_cassandra
10:28 PM: Quarantining All Traces: instant access
10:28 PM: Quarantining All Traces: trojan-downloader-pacisoft
10:28 PM: Quarantining All Traces: searchtoolbar
10:28 PM: Quarantining All Traces: quicklink search toolbar
10:28 PM: Quarantining All Traces: topconverting downloader
10:28 PM: Quarantining All Traces: trojan-downloader-wareout
10:28 PM: Quarantining All Traces: websearch toolbar
10:28 PM: Quarantining All Traces: winad
10:28 PM: Quarantining All Traces: ist yoursitebar
10:28 PM: Quarantining All Traces: ist software
10:28 PM: Quarantining All Traces: icannnews
10:28 PM: Quarantining All Traces: msblank hijack
10:28 PM: Quarantining All Traces: trojan-downloader-ruin
10:28 PM: Quarantining All Traces: 2o7.net cookie
10:28 PM: Quarantining All Traces: advertising cookie
10:28 PM: Quarantining All Traces: atwola cookie
10:28 PM: Quarantining All Traces: atlas dmt cookie
10:28 PM: Quarantining All Traces: servedby advertising cookie
10:28 PM: Quarantining All Traces: coolwebsearch (cws)
10:28 PM: Removal process completed. Elapsed time 00:00:34
********
10:15 PM: |··· Start of Session, Thursday, August 25, 2005 ···|
10:15 PM: Spy Sweeper started
10:16 PM: Processing Hosts File Alerts
10:16 PM: Allowed Hosts File entry: L2authd.lineage2.com
10:18 PM: |··· End of Session, Thursday, August 25, 2005 ···|

#42
renditions`

Posted 26 August 2005 - 02:34 AM

Member

Topic Starter
Member
123 posts

oops double post lagged =)

Edited by renditions`, 26 August 2005 - 02:40 AM.

#43
Rawe

Posted 26 August 2005 - 07:57 AM

Visiting Staff

Member
4,746 posts

Delete these files if present and empty recycle bin:

C:\DOCUMENTS AND SETTINGS\NESTOOOOR\FAVORITES\Black Jack Online.url
C:\DOCUMENTS AND SETTINGS\NESTOOOOR\FAVORITES\Online Sex Poker Rooms.url
C:\DOCUMENTS AND SETTINGS\NESTOOOOR\FAVORITES\SITES ABOUT\Broadband comparison.url

Then run Hackercheck here (It asks you to put your email address in, then you will receive an email to enter the Hackercheck);

http://www.hackercheck.com/

Run the scan. It will show you if any Ports are open. If there are, can you close them up in your Firewall settings and then post me a fresh HiJackThis log and let me know if you're noticing any problems.

#44
renditions`

Posted 26 August 2005 - 08:14 PM

Member

Topic Starter
Member
123 posts

scanned with the hackercheck i have no open ports here my new HJT LOG...

Logfile of HijackThis v1.99.1
Scan saved at 4:12:46 PM, on 8/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\MCAGENT.EXE
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.download.com/
O1 - Hosts: 65.69.44.51 L2authd.lineage2.com
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\MCAGENT.EXE
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124684073609
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FEB3068-D693-4AC9-A1B2-223AA563D956}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{68F9CBAA-0A17-4E23-902F-3D21201EFE11}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{E143A775-1FD6-454F-A401-1E80FFF8B702}: NameServer = 69.50.176.158,85.255.112.8
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#45
Rawe

Posted 27 August 2005 - 01:35 AM

Visiting Staff

Member
4,746 posts

Do you still have problems?

Run a scan with HiJackThis and check the following objects for removal:

O17 - HKLM\System\CCS\Services\Tcpip\..\{4FEB3068-D693-4AC9-A1B2-223AA563D956}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{68F9CBAA-0A17-4E23-902F-3D21201EFE11}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{E143A775-1FD6-454F-A401-1E80FFF8B702}: NameServer = 69.50.176.158,85.255.112.8

Close ALL open windows except for HiJackThis and hit FIX CHECKED.

Reboot. Any problems? :tazz: