it's baaaack. Downloader.exe back with friends.

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 10th November 2008, 11:17 pm

While that is running, now PMP2 has stopped again. I ran combo fix and it says it 'detected root kit activity'...what is that? My LAn says connected and I've run WinsockFix

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by Belahzur on 10th November 2008, 11:25 pm

Please run a GMER Rootkit scan:

Download GMER's application from here:
[You must be registered and logged in to see this link.]

Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.

If you're having problems with running GMER.exe, try it in safe mode.
This tools works in safe mode. Other rootkitrevealers don't.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 10th November 2008, 11:32 pm

ok, i'm downloading it now. CF did reboot and finish after saying that and the log is here [You must be registered and logged in to see this link.]

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by Belahzur on 10th November 2008, 11:37 pm

Okay, will wait for gmer's log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 10th November 2008, 11:47 pm

PMP1 - malware detected no problems. O's across the board. I"m tryng now to restart it in normal mode and it's basically frozen still.

PMP2 - has just come back up and online after running combo fix again and winsockfix with a reboot.

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by Belahzur on 10th November 2008, 11:52 pm

Did GMER run?

I'm sick of this rootkit now, this should blow it away. Run this on PMP2.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


Files to delete:
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\f49f4daa.dat

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Don't tick the box below.
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 10th November 2008, 11:53 pm

PMP1 - the internet loads fine in safe mode freezes in normal

PMP2 -gmer running now but it's working and online

Which do you want the new instructions run on?

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by Belahzur on 10th November 2008, 11:54 pm

On PMP2 please, that's what CF is showing it on.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 11th November 2008, 12:05 am

PMP1 - still running fine, online, in safe mode. Stalling in normal.

PMP2- getting ready to run avenger. gmer log:

[You must be registered and logged in to see this link.]

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 11th November 2008, 12:12 am

PMP1 - same

PMP2 - rootkit scan is active, no rootkits found! (do you want me to still send everything for that?...I wasn't sure what a new HJT log was)

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by Belahzur on 11th November 2008, 12:14 am

Sigh. Yes, I need a new Hijack This log and the avengers log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 11th November 2008, 12:14 am

PMP2 - was working fine and now will no longer connect to the internet. LAN says connected, I"ll get the logs.

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 11th November 2008, 12:16 am

PMP1 says HP Boot OPtimizer has encountered a problem and needs to close - in normal mode

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 11th November 2008, 12:21 am

PMP2 avenger log :

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\TEMP\logishrd\LVPrcInj01.dll" deleted successfully.

Error: file "c:\windows\f49f4daa.dat" not found!
Deletion of file "c:\windows\f49f4daa.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 11th November 2008, 12:22 am

PMP2 HIjack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:16:46 PM, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 6490 bytes

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by Belahzur on 11th November 2008, 12:24 am

Yay, the file CF couldn't delete is gone.
Can't see anything wrong with the new Hijack This log.

RUN THIS NEXT FIX ON PMP1.
This will stop the HP boot error.


  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPBootOp"=-

  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 11th November 2008, 12:29 am

PMP2 back up and online fast!

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by Belahzur on 11th November 2008, 12:30 am

OMG. Holy crap.
Run the reg fix on machine PMP1.


How's machine 1 and 2 now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 11th November 2008, 12:34 am

PMP1 - ran reg fix in safe mode. Still barely starting in normal mode...should I try avenger on PMP1 or something?

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 11th November 2008, 12:40 am

PMP1 won't get past the login screen in normal mode after reg fix but will open internet in safe mode


Last edited by raif on 11th November 2008, 12:47 am; edited 1 time in total

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by Belahzur on 11th November 2008, 12:42 am

No. Don't run the avenger on PMP1.
I'm looking through a CF log of PMP1.
Don't touch PMP2 for now, we've fixed that.

Can you submit this file below
c:\windows\system32\spmsg2.dll
to here for a scan.
[You must be registered and logged in to see this link.]

Press the browse button to find the file, then double click it and hit the submit button to upload it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 11th November 2008, 12:59 am

PMP1

Scanner Malware name
A-Squared Trojan-Spy.Win32.Banker.JU!IK
AntiVir SPR/Tool.HideProc.O.1
ArcaVir X
Avast Win32:Trojan-gen {Other}
AVG Antivirus X
BitDefender X
ClamAV X
CPsecure X
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
G DATA X
Ikarus Trojan-Spy.Win32.Banker.JU
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 X

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by Belahzur on 11th November 2008, 1:00 am

Okay, it's come back as showing malware.

Delete this file.
c:\windows\system32\spmsg2.dll

Any better?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 11th November 2008, 1:09 am

sorry, hung up for a sec personally, i'll know soon!

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by Belahzur on 11th November 2008, 1:14 am

I'll hope for the best.
Going offline, won't be back till tomorrow night, so we can continue this then. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 11th November 2008, 1:27 am

ok, thanks man. I'll be here Smile PMP1 started in normal mode, seemingly quick, but it did not want to connect to the internet and timed out

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by Belahzur on 11th November 2008, 11:50 am

Hello.
At college and I can logon here, usually can't. LMBO or ROFL

Glad to here it booted, an adware banker variant stopped the boot? Wow, I think someone is out to get me.
Try winsock fix to repaid net connection?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 11th November 2008, 12:32 pm

PMP 1 - I ran WinsockFix on it and let it open it normal mode. It opened but seemed to not want to connect to the internet. I just left it alone and about a half hour later the page finally loaded. Then, same thing for a page change. So...it's connecting, just running at a snails pace!

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 11th November 2008, 12:35 pm

PMP 2- keeps running fine, with good speed, on the internet. Then all of a sudden it will just stop and nothing will load. As soon as I run Winsock Fix and reboot, it starts up great, with Internet, and then the same thing happens, I run Winsock......this happens over and over again. WInsock Fixes it, goes down alone.

PMP1 - I ran something called VundoFix that I saw on another blog and it found 8 corrupted files. I removed those, did a winsock fix, rebooted and Windows loads still but hasn't connected to Internet after 20 mins...finally connected but same thing with a page change.

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by Belahzur on 11th November 2008, 2:07 pm

I don't know why Vundofix found files, there was no presence of vundo in either of your logs.
From my point, it sounds like just your net connection is unstable.
I will talk to colleague and see what he thinks.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 11th November 2008, 2:14 pm

they were audio files or something

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by Belahzur on 11th November 2008, 2:33 pm

Hello.
I've asked Digitalocksmith to take a look, because I don't know what the next step is.
No matter what we do, things get worse. =/

Please stand by.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 11th November 2008, 2:38 pm

Thank you, I'm getting pretty nervous here also. Not looking good for me! I will be here for another half hour, if we need to try something quick, (10am US Eastern) then I have some shoots today and will be back at 5:00 US E

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 11th November 2008, 10:14 pm

ok I'm back here...any luck?

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by Belahzur on 11th November 2008, 10:29 pm

Nope, no PM back from digital yet.
To tell you the truth, i'm thinking format. Sad tearing


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 11th November 2008, 10:33 pm

k

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 11th November 2008, 10:35 pm

when i run combo fix it says there is a newer version...but I can't get it w/o internet. Should I try to run it again in safe mode and get the newer version if I have internet in safe mode?

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by Belahzur on 11th November 2008, 10:40 pm

You can try, but I doubt a new version will do anything.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 11th November 2008, 11:05 pm

what are your thoughts on PMP2 - it's working fine, on the internet with good speed, works for a bit, stops suddenly, I run WinsockFix, reboot, it works great for a short time, over and over....(that is exactly what PMP1 does in safe mode...in normal mode internet loads in about 30 mins)

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by Belahzur on 11th November 2008, 11:11 pm

Lets not run combofix on PMP2. I don't want it to change anything.
Do this instead.

Download [You must be registered and logged in to see this link.] to your desktop.

  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need to use two posts to get it all on the forum


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 11th November 2008, 11:23 pm

OTViewIt Extras logfile created on: 11/11/2008 6:20:17 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.11 Mb Total Physical Memory | 415.11 Mb Available Physical Memory | 40.93% Memory free
2.38 Gb Paging File | 1.87 Gb Available in Paging File | 78.64% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 85.87 Gb Free Space | 55.99% Space Free | Partition Type: NTFS
Drive D: | 0.48 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 178.30 Gb Total Space | 31.22 Gb Free Space | 17.51% Space Free | Partition Type: NTFS

Computer Name: PMP2
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 07:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 07:00:00 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/11/10 09:18:02 | 00,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 07:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 07:00:00 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/11/10 09:18:02 | 00,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2008/10/29 18:39:36 | 25,798,440 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] -- C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/11/10 09:18:02 | 00,028,711 | ---- | M] (Logitech Inc.) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} (HKLM) [BackWeb GA Pluggable Protocol])
ipp: [HKLM - No CLSID value]
[2002/05/24 14:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
msdaipp: [HKLM - No CLSID value]
[2002/05/24 14:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2002/05/24 14:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2008/10/29 18:39:36 | 01,942,824 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{0837A661-FEC3-48B3-876C-91E7D32048A9}"=Macromedia Dreamweaver 8
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{16480125-0428-4097-9A2A-74464004D169}"=EOS Capture 1.3
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{20D4A895-748C-4D88-871C-FDB1695B0169}"=Platform
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe Extendscript Toolkit 2
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}"=Skype™ Beta 4.0
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}"=Adobe Flash Video Encoder
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}"=Canon Camera WIA Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35260E0B-A8C2-4D25-97E2-448DE7275C85}"=Canon Camera WIA Driver
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}"=Adobe Photoshop CS3
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}"=Macromedia Extension Manager
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{5D346AB1-7910-4115-B61B-468237D86C6B}"=Adobe Setup
"{6444D9D9-CD6C-4464-B970-55C606C944DC}"=Logitech QuickCam
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
"{652C4ADF-0A29-4B02-9211-EE61675847DE}"=Canon Camera WIA Driver
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}"=Adobe Flash Player 9 Plugin
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}"=Canon Camera WIA Driver
"{C614ED97-4594-4BE7-B6A4-471CDB77E8E0}"=Adobe Flash CS3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}"=GearDrvs
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}"=Nero 7 Essentials
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}"=Adobe Setup
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe Extendscript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1"=Adobe Photoshop CS3
"Adobe_aef45239e3987fdf2a5e406d559eb22"=Adobe Flash CS3 Professional
"CAL"=Canon Camera Access Library
"CameraWindowDVC5"=Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6"=Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC"=Canon Camera Window MC 6 for ZoomBrowser EX
"CSCLIB"=Canon Camera Support Core Library
"DPP"=Canon Utilities Digital Photo Professional 2.1
"EOS Utility"=Canon Utilities EOS Utility
"HDMI"=Intel(R) Graphics Media Accelerator Driver
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{16480125-0428-4097-9A2A-74464004D169}"=Canon Utilities EOS Capture 1.3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}"=VIA Platform Device Manager
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}"=Canon EOS Kiss_N REBEL_XT 350D WIA Driver
"InstallShield_{35260E0B-A8C2-4D25-97E2-448DE7275C85}"=Canon EOS-1D Mark II N WIA Driver
"InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}"=Canon EOS-1Ds Mark II WIA Driver
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}"=Canon EOS 5D WIA Driver
"lvdrivers_11.70"=Logitech QuickCam Driver Package
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSNINST"=MSN
"NAV"=Norton AntiVirus
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PhotomatixPro3_is1"=Photomatix Pro version 3.1
"PhotoStitch"=Canon Utilities PhotoStitch
"RAW Image Task"=Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask"=Canon RemoteCapture Task for ZoomBrowser EX
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"ZoomBrowser EX"=Canon Utilities ZoomBrowser EX

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 11th November 2008, 11:23 pm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/28/2008 9:03:30 PM | Computer Name = PMP2 | Source = Application Hang | ID = 1001
Description = Fault bucket 983581070.

Error - 11/5/2008 4:52:12 PM | Computer Name = PMP2 | Source = Application Hang | ID = 1002
Description = Hanging application PhotomatixPro.exe, version 3.0.3218.18819, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/5/2008 4:52:16 PM | Computer Name = PMP2 | Source = Application Hang | ID = 1001
Description = Fault bucket 983581070.

Error - 11/7/2008 6:40:21 PM | Computer Name = PMP2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/9/2008 9:05:14 PM | Computer Name = PMP2 | Source = Application Error | ID = 1000
Description = Faulting application psexec.cfexe, version 1.71.0.0, faulting module
psexec.cfexe, version 1.71.0.0, fault address 0x00001b8d.

Error - 11/9/2008 9:05:56 PM | Computer Name = PMP2 | Source = Application Error | ID = 1000
Description = Faulting application psexec.cfexe, version 1.71.0.0, faulting module
psexec.cfexe, version 1.71.0.0, fault address 0x00001b8d.

Error - 11/10/2008 6:36:49 PM | Computer Name = PMP2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/10/2008 6:36:53 PM | Computer Name = PMP2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/10/2008 6:37:01 PM | Computer Name = PMP2 | Source = Application Hang | ID = 1001
Description = Fault bucket 939517030.

Error - 11/10/2008 6:37:02 PM | Computer Name = PMP2 | Source = Application Hang | ID = 1001
Description = Fault bucket 939517030.

[ System Events ]
Error - 11/11/2008 6:53:33 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.

Error - 11/11/2008 6:58:39 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.

Error - 11/11/2008 6:58:57 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.

Error - 11/11/2008 7:01:05 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.

Error - 11/11/2008 7:05:46 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.

Error - 11/11/2008 7:10:53 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.

Error - 11/11/2008 7:11:11 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.

Error - 11/11/2008 7:16:21 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.

Error - 11/11/2008 7:18:00 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.

Error - 11/11/2008 7:20:01 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.


< End of report >

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by Belahzur on 11th November 2008, 11:38 pm

Why didn't I think that before?
Give me a few minutes to research what these mean. LMBO or ROFL


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 11th November 2008, 11:40 pm

do your thing dude, you have been great.

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by Belahzur on 11th November 2008, 11:43 pm

Hello.
Your internet dropping could be coming from your router.

Are you using a normal router? the router is rejecting your router IP: 192.168.1.x

Are you using ICS (internet connection sharing?)


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 11th November 2008, 11:49 pm

no I have Verizon FIOS and do not have a static IP

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 11th November 2008, 11:51 pm

according to Verizon right now PMP2 is 192.168.1.3...each are set to 'obtain automatically'


Last edited by raif on 11th November 2008, 11:52 pm; edited 1 time in total

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 11th November 2008, 11:51 pm

PMP1 is 192.168.1.4

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by Belahzur on 11th November 2008, 11:59 pm

Obtain DNS automatically?

So PMP1 is 1.4. And PMP2 is 1.3

What's 1.1 and 1.2?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on 12th November 2008, 12:01 am

I have a little network set up and my latptop is involved (i'm on internet now with it) Laptop is PMP3

Device Name: IP-STB2
Connection Type: Ethernet

IP Address: 192.168.1.100
Status: Inactive



PC Name: PMP3
Connection Type: Wireless

IP Address: 192.168.1.2
Status: Active
Remote Access: Enabled



PC Name: PMP2
Connection Type: Ethernet

IP Address: 192.168.1.3
Status: Active
Remote Access: Enabled



PC Name: PMP1
Connection Type: Ethernet

IP Address: 192.168.1.4
Status: Active
Remote Access: Enabled



Device Name: IP-STB1
Connection Type: Coax

IP Address: 192.168.1.103
Status: Inactive



Device Name: IP-STB4
Connection Type: Coax

IP Address: 192.168.1.104
Status: Inactive



PC Name: L00D18011185
Connection Type: Ethernet

IP Address: 192.168.1.5
Status: Inactive



PC Name:
Connection Type: Ethernet

IP Address: 192.168.1.40
Status: Active

raif
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-11-09
OS OS : Windows XP
Points Points : 29510
# Likes # Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum