it's baaaack. Downloader.exe back with friends.

Page 5 of 7 Previous  1, 2, 3, 4, 5, 6, 7  Next

View previous topic View next topic Go down

it's baaaack. Downloader.exe back with friends.

Post by raif on Tue 11 Nov 2008, 5:03 am

First topic message reminder :

PMP1 (1st computer) So I was running along excellent this am, as fast as ever. I got a pop up from Norton that it had found things needing attention. When I looked it was 2 downloader.exe's and a trojan horse. The computer is back to non-functioning!

Here is my Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:51:46 PM, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Network Drive Mapping Utility] "C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe" Z
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Network Drive Mapping Utility] "C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} (FileCruiser Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} (Specfile Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} (SISCtrl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - [You must be registered and logged in to see this link.]
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - [You must be registered and logged in to see this link.]
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - [You must be registered and logged in to see this link.]
O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} (LiteGridCtl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {84C81EF3-B20B-4773-8A86-DB90589B0F54} (webconference.Encoder) - [You must be registered and logged in to see this link.]
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} (DropList Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - [You must be registered and logged in to see this link.]
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Backup Exec Remote Agent for Windows Systems (BackupExecAgentAccelerator) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\beremote.exe
O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\benetns.exe
O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\pvlsvr.exe
O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\bengine.exe
O23 - Service: Backup Exec Server (BackupExecRPCService) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\beserver.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12866 bytes

raif

Rookie Surfer
Rookie Surfer

Posts: 88
Joined: 2008-11-10
Operating System: Windows XP

View user profile

Back to top Go down


Re: it's baaaack. Downloader.exe back with friends.

Post by raif on Wed 12 Nov 2008, 8:33 am

k

raif

Rookie Surfer
Rookie Surfer

Posts: 88
Joined: 2008-11-10
Operating System: Windows XP

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on Wed 12 Nov 2008, 8:35 am

when i run combo fix it says there is a newer version...but I can't get it w/o internet. Should I try to run it again in safe mode and get the newer version if I have internet in safe mode?

raif

Rookie Surfer
Rookie Surfer

Posts: 88
Joined: 2008-11-10
Operating System: Windows XP

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by Belahzur on Wed 12 Nov 2008, 8:40 am

You can try, but I doubt a new version will do anything.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.



If I have helped you, please consider donating to me.

Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts: 34919
Joined: 2008-08-04
Operating System: XP SP3 Media Centre

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on Wed 12 Nov 2008, 9:05 am

what are your thoughts on PMP2 - it's working fine, on the internet with good speed, works for a bit, stops suddenly, I run WinsockFix, reboot, it works great for a short time, over and over....(that is exactly what PMP1 does in safe mode...in normal mode internet loads in about 30 mins)

raif

Rookie Surfer
Rookie Surfer

Posts: 88
Joined: 2008-11-10
Operating System: Windows XP

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by Belahzur on Wed 12 Nov 2008, 9:11 am

Lets not run combofix on PMP2. I don't want it to change anything.
Do this instead.

Download OTViewIt to your desktop.

  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need to use two posts to get it all on the forum


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.



If I have helped you, please consider donating to me.

Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts: 34919
Joined: 2008-08-04
Operating System: XP SP3 Media Centre

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on Wed 12 Nov 2008, 9:23 am

OTViewIt Extras logfile created on: 11/11/2008 6:20:17 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.11 Mb Total Physical Memory | 415.11 Mb Available Physical Memory | 40.93% Memory free
2.38 Gb Paging File | 1.87 Gb Available in Paging File | 78.64% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 85.87 Gb Free Space | 55.99% Space Free | Partition Type: NTFS
Drive D: | 0.48 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 178.30 Gb Total Space | 31.22 Gb Free Space | 17.51% Space Free | Partition Type: NTFS

Computer Name: PMP2
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 07:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 07:00:00 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/11/10 09:18:02 | 00,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 07:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 07:00:00 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/11/10 09:18:02 | 00,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2008/10/29 18:39:36 | 25,798,440 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] -- C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/11/10 09:18:02 | 00,028,711 | ---- | M] (Logitech Inc.) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} (HKLM) [BackWeb GA Pluggable Protocol])
ipp: [HKLM - No CLSID value]
[2002/05/24 14:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
msdaipp: [HKLM - No CLSID value]
[2002/05/24 14:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2002/05/24 14:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2008/10/29 18:39:36 | 01,942,824 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{0837A661-FEC3-48B3-876C-91E7D32048A9}"=Macromedia Dreamweaver 8
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{16480125-0428-4097-9A2A-74464004D169}"=EOS Capture 1.3
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{20D4A895-748C-4D88-871C-FDB1695B0169}"=Platform
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe Extendscript Toolkit 2
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}"=Skype™ Beta 4.0
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}"=Adobe Flash Video Encoder
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}"=Canon Camera WIA Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35260E0B-A8C2-4D25-97E2-448DE7275C85}"=Canon Camera WIA Driver
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}"=Adobe Photoshop CS3
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}"=Macromedia Extension Manager
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{5D346AB1-7910-4115-B61B-468237D86C6B}"=Adobe Setup
"{6444D9D9-CD6C-4464-B970-55C606C944DC}"=Logitech QuickCam
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
"{652C4ADF-0A29-4B02-9211-EE61675847DE}"=Canon Camera WIA Driver
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}"=Adobe Flash Player 9 Plugin
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}"=Canon Camera WIA Driver
"{C614ED97-4594-4BE7-B6A4-471CDB77E8E0}"=Adobe Flash CS3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}"=GearDrvs
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}"=Nero 7 Essentials
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}"=Adobe Setup
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe Extendscript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1"=Adobe Photoshop CS3
"Adobe_aef45239e3987fdf2a5e406d559eb22"=Adobe Flash CS3 Professional
"CAL"=Canon Camera Access Library
"CameraWindowDVC5"=Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6"=Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC"=Canon Camera Window MC 6 for ZoomBrowser EX
"CSCLIB"=Canon Camera Support Core Library
"DPP"=Canon Utilities Digital Photo Professional 2.1
"EOS Utility"=Canon Utilities EOS Utility
"HDMI"=Intel(R) Graphics Media Accelerator Driver
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{16480125-0428-4097-9A2A-74464004D169}"=Canon Utilities EOS Capture 1.3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}"=VIA Platform Device Manager
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}"=Canon EOS Kiss_N REBEL_XT 350D WIA Driver
"InstallShield_{35260E0B-A8C2-4D25-97E2-448DE7275C85}"=Canon EOS-1D Mark II N WIA Driver
"InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}"=Canon EOS-1Ds Mark II WIA Driver
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}"=Canon EOS 5D WIA Driver
"lvdrivers_11.70"=Logitech QuickCam Driver Package
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSNINST"=MSN
"NAV"=Norton AntiVirus
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PhotomatixPro3_is1"=Photomatix Pro version 3.1
"PhotoStitch"=Canon Utilities PhotoStitch
"RAW Image Task"=Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask"=Canon RemoteCapture Task for ZoomBrowser EX
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"ZoomBrowser EX"=Canon Utilities ZoomBrowser EX

raif

Rookie Surfer
Rookie Surfer

Posts: 88
Joined: 2008-11-10
Operating System: Windows XP

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on Wed 12 Nov 2008, 9:23 am

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/28/2008 9:03:30 PM | Computer Name = PMP2 | Source = Application Hang | ID = 1001
Description = Fault bucket 983581070.

Error - 11/5/2008 4:52:12 PM | Computer Name = PMP2 | Source = Application Hang | ID = 1002
Description = Hanging application PhotomatixPro.exe, version 3.0.3218.18819, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/5/2008 4:52:16 PM | Computer Name = PMP2 | Source = Application Hang | ID = 1001
Description = Fault bucket 983581070.

Error - 11/7/2008 6:40:21 PM | Computer Name = PMP2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/9/2008 9:05:14 PM | Computer Name = PMP2 | Source = Application Error | ID = 1000
Description = Faulting application psexec.cfexe, version 1.71.0.0, faulting module
psexec.cfexe, version 1.71.0.0, fault address 0x00001b8d.

Error - 11/9/2008 9:05:56 PM | Computer Name = PMP2 | Source = Application Error | ID = 1000
Description = Faulting application psexec.cfexe, version 1.71.0.0, faulting module
psexec.cfexe, version 1.71.0.0, fault address 0x00001b8d.

Error - 11/10/2008 6:36:49 PM | Computer Name = PMP2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/10/2008 6:36:53 PM | Computer Name = PMP2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/10/2008 6:37:01 PM | Computer Name = PMP2 | Source = Application Hang | ID = 1001
Description = Fault bucket 939517030.

Error - 11/10/2008 6:37:02 PM | Computer Name = PMP2 | Source = Application Hang | ID = 1001
Description = Fault bucket 939517030.

[ System Events ]
Error - 11/11/2008 6:53:33 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.

Error - 11/11/2008 6:58:39 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.

Error - 11/11/2008 6:58:57 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.

Error - 11/11/2008 7:01:05 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.

Error - 11/11/2008 7:05:46 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.

Error - 11/11/2008 7:10:53 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.

Error - 11/11/2008 7:11:11 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.

Error - 11/11/2008 7:16:21 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.

Error - 11/11/2008 7:18:00 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.

Error - 11/11/2008 7:20:01 PM | Computer Name = PMP2 | Source = NetBT | ID = 4321
Description = The name "PMP :1d" could not be registered on the Interface
with IP address 192.168.1.3. The machine with the IP address 192.168.1.2 did not
allow the name to be claimed by this machine.


< End of report >

raif

Rookie Surfer
Rookie Surfer

Posts: 88
Joined: 2008-11-10
Operating System: Windows XP

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by Belahzur on Wed 12 Nov 2008, 9:38 am

Why didn't I think that before?
Give me a few minutes to research what these mean.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.



If I have helped you, please consider donating to me.

Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts: 34919
Joined: 2008-08-04
Operating System: XP SP3 Media Centre

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on Wed 12 Nov 2008, 9:40 am

do your thing dude, you have been great.

raif

Rookie Surfer
Rookie Surfer

Posts: 88
Joined: 2008-11-10
Operating System: Windows XP

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by Belahzur on Wed 12 Nov 2008, 9:43 am

Hello.
Your internet dropping could be coming from your router.

Are you using a normal router? the router is rejecting your router IP: 192.168.1.x

Are you using ICS (internet connection sharing?)


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.



If I have helped you, please consider donating to me.

Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts: 34919
Joined: 2008-08-04
Operating System: XP SP3 Media Centre

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on Wed 12 Nov 2008, 9:49 am

no I have Verizon FIOS and do not have a static IP

raif

Rookie Surfer
Rookie Surfer

Posts: 88
Joined: 2008-11-10
Operating System: Windows XP

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on Wed 12 Nov 2008, 9:51 am

according to Verizon right now PMP2 is 192.168.1.3...each are set to 'obtain automatically'


Last edited by raif on Wed 12 Nov 2008, 9:52 am; edited 1 time in total

raif

Rookie Surfer
Rookie Surfer

Posts: 88
Joined: 2008-11-10
Operating System: Windows XP

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on Wed 12 Nov 2008, 9:51 am

PMP1 is 192.168.1.4

raif

Rookie Surfer
Rookie Surfer

Posts: 88
Joined: 2008-11-10
Operating System: Windows XP

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by Belahzur on Wed 12 Nov 2008, 9:59 am

Obtain DNS automatically?

So PMP1 is 1.4. And PMP2 is 1.3

What's 1.1 and 1.2?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.



If I have helped you, please consider donating to me.

Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts: 34919
Joined: 2008-08-04
Operating System: XP SP3 Media Centre

View user profile

Back to top Go down

Re: it's baaaack. Downloader.exe back with friends.

Post by raif on Wed 12 Nov 2008, 10:01 am

I have a little network set up and my latptop is involved (i'm on internet now with it) Laptop is PMP3

Device Name: IP-STB2
Connection Type: Ethernet

IP Address: 192.168.1.100
Status: Inactive



PC Name: PMP3
Connection Type: Wireless

IP Address: 192.168.1.2
Status: Active
Remote Access: Enabled



PC Name: PMP2
Connection Type: Ethernet

IP Address: 192.168.1.3
Status: Active
Remote Access: Enabled



PC Name: PMP1
Connection Type: Ethernet

IP Address: 192.168.1.4
Status: Active
Remote Access: Enabled



Device Name: IP-STB1
Connection Type: Coax

IP Address: 192.168.1.103
Status: Inactive



Device Name: IP-STB4
Connection Type: Coax

IP Address: 192.168.1.104
Status: Inactive



PC Name: L00D18011185
Connection Type: Ethernet

IP Address: 192.168.1.5
Status: Inactive



PC Name:
Connection Type: Ethernet

IP Address: 192.168.1.40
Status: Active

raif

Rookie Surfer
Rookie Surfer

Posts: 88
Joined: 2008-11-10
Operating System: Windows XP

View user profile

Back to top Go down

Page 5 of 7 Previous  1, 2, 3, 4, 5, 6, 7  Next

View previous topic View next topic Back to top


Permissions in this forum:
You cannot reply to topics in this forum