Jump to content

P2PAlaska

Member
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

  • Donations

    0.00 USD 

  • Country

    United States

About P2PAlaska

P2PAlaska's Achievements

0

Reputation

  1. P2PAlaska
    No I dident change anything prior to it messing up, I first noticed it when one of my allowed ports closed, then went to access firewall settings and got the "due to an unidentified problem windows can not display windows firewall settings", as near as I could determine ICF was blocking all ports except http at that point, went to services to stop ICF and it would not stop, I had to disable the service and reboot to stop it.
  2. P2PAlaska
    I have sygate pro, zonealarm pro and mcafee in my software collection I'll check out outpost pro now. I have a old dell P3 I might load linux and smoothwall and use it as a firewall. I sure would like to find out why xp firewall quit, part curiosity and part stubbornness lol.
  3. P2PAlaska
    Thanks for the great post Tarun, other than my original problem with the firewall my system is working great, if I can't find the fix I think I'll just leave xp firewall disabled and go with another one. Have a good one buddy!
  4. P2PAlaska
    I'm starting to agree with the re-install, but other than this my system is working great & very stable, I've always thought a re-install was a cop out but this one has me stumped. I'm still hoping to run across someone who has had the same problem...oh well standing by if anyone has a fix. Thanks again matrix.
  5. P2PAlaska
    Thanks for the quick reply, regarding the things to remove, idmmbc.dll is part of internet download manager and rpcapd.ini is for remote packet capture with WinPcap 3.1 beta4. I use ethereal for packet capture now so I can loose WinPcap. I do use IDM daily. But please let me know if it's a threat. Again thanks for the help. Update: removed above, still no access to firewall settings.
  6. P2PAlaska
    Here is my log as requested by users in my original thread here I did not see anything suspicious in it but I want to cover all my bases, Thanks. Logfile of HijackThis v1.99.1 Scan saved at 10:53:37 AM, on 4/22/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe C:\Program Files\Hmonitor\hmonitor.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe C:\Program Files\Lexmark X5100 Series\lxbabmon.exe C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe D:\Program Files\Internet Download Manager\IDMan.exe D:\Program Files\HDD Thermometer\HDD Thermometer.exe C:\Program Files\Fanix Software\As-U-Type\asutype.exe C:\Program Files\Globe Software\StatBar\StatBar.exe D:\Program Files\McAfee\McAfee QuickClean\Plguni.exe D:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe C:\Program Files\WhatPulse\WhatPulse.exe C:\Program Files\FeedReader\feedreader.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\Program Files\Azureus\Azureus.exe C:\Program Files\Java\jre1.5.0_01\bin\javaw.exe C:\Program Files\Firefox\firefox.exe C:\Program Files\PeerGuardian2\pg2.exe C:\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - Default URLSearchHook is missing O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe" O4 - HKLM\..\Run: [hmonitor] C:\Program Files\Hmonitor\hmonitor.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe O4 - HKCU\..\Run: [iDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [RSD_HDDThermo] D:\Program Files\HDD Thermometer\HDD Thermometer.exe O4 - HKCU\..\Run: [As-U-Type 2.1] C:\Program Files\Fanix Software\As-U-Type\asutype.exe O4 - HKCU\..\Run: [statBar] C:\Program Files\Globe Software\StatBar\StatBar.exe O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] D:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START O4 - HKCU\..\Run: [bandwidth Monitor Pro] "D:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe O4 - HKCU\..\Run: [feedreader.exe] C:\Program Files\FeedReader\feedreader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: SmartWhois - {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - C:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE O9 - Extra button: (no name) - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE O9 - Extra 'Tools' menuitem: SmartWhois - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\PROGRA~1\SMARTW~1\SWMSIE~1.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...463/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8D0E5AFA-8F7E-4EF8-B144-91CEE716D035}: NameServer = 209.193.4.7,209.193.4.8 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
  7. P2PAlaska
    My first guess was an exploit of some kind, I religiously use S&D, adaware and spywareblaster (all updated) & Mcafee 2005 for anti-virus. I would have thought if I was infected doing a system restore to an earlier date would have some effect. Just ran a hijackthis scan and found nothing that should not be there, I will post the log just to be sure. Of course I could re-install but I'm hesitant to do that because I've got XP tweaked just the way I like it. I do have a great slipstream version to try if all else fails. Anyways Thanks for the quick replys and I'll post my hijackthis log now. Update: Just posted my HiJackThis log Here Looks ok to me but I'll wait for a pro opinion Thanks Again.
  8. P2PAlaska
    Hi, the firewall in my xp pro sp2 build 2600 just started acting up, It started blocking all my ports and when I tried to access the firewall settings it came up "due to an unidentified problem windows can not display windows firewall settings". i've googled this problem and have not been able to find the answer, I tried uninstalling and reinstalling sp2 to no effect, I also restored my system to a time I knew the firewall was working correctly also without effect. I also checked the reg for obvious problems and found none. I have had to disable the firewall service to open my ports. Any suggestions? Thanks very much.
×
×
  • Create New...