P2PAlaska Posted April 22, 2005 Posted April 22, 2005 Here is my log as requested by users in my original thread here I did not see anything suspicious in it but I want to cover all my bases, Thanks.Logfile of HijackThis v1.99.1Scan saved at 10:53:37 AM, on 4/22/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEc:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exeC:\WINDOWS\system32\oodag.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEc:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\PROGRA~1\mcafee.com\vso\mcvsshld.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\Lexmark X5100 Series\lxbabmgr.exeC:\Program Files\Hmonitor\hmonitor.exeC:\Program Files\Java\jre1.5.0_01\bin\jusched.exeC:\Program Files\Google\Gmail Notifier\gnotify.exeC:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exeC:\Program Files\Lexmark X5100 Series\lxbabmon.exeC:\PROGRA~1\mcafee.com\vso\mcvsescn.exeC:\Program Files\Logitech\MouseWare\system\em_exec.exeD:\Program Files\Internet Download Manager\IDMan.exeD:\Program Files\HDD Thermometer\HDD Thermometer.exeC:\Program Files\Fanix Software\As-U-Type\asutype.exeC:\Program Files\Globe Software\StatBar\StatBar.exeD:\Program Files\McAfee\McAfee QuickClean\Plguni.exeD:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exeC:\Program Files\WhatPulse\WhatPulse.exeC:\Program Files\FeedReader\feedreader.exeC:\Program Files\VIA\RAID\raid_tool.exeC:\Program Files\Azureus\Azureus.exeC:\Program Files\Java\jre1.5.0_01\bin\javaw.exeC:\Program Files\Firefox\firefox.exeC:\Program Files\PeerGuardian2\pg2.exeC:\HiJackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - Default URLSearchHook is missingO2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dllO4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktaskO4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exeO4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exeO4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"O4 - HKLM\..\Run: [hmonitor] C:\Program Files\Hmonitor\hmonitor.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exeO4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exeO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exeO4 - HKCU\..\Run: [iDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onbootO4 - HKCU\..\Run: [RSD_HDDThermo] D:\Program Files\HDD Thermometer\HDD Thermometer.exeO4 - HKCU\..\Run: [As-U-Type 2.1] C:\Program Files\Fanix Software\As-U-Type\asutype.exeO4 - HKCU\..\Run: [statBar] C:\Program Files\Globe Software\StatBar\StatBar.exeO4 - HKCU\..\Run: [McAfee QuickClean Imonitor] D:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /STARTO4 - HKCU\..\Run: [bandwidth Monitor Pro] "D:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimizedO4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exeO4 - HKCU\..\Run: [feedreader.exe] C:\Program Files\FeedReader\feedreader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exeO4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exeO8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: SmartWhois - {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - C:\PROGRA~1\SMARTW~1\SWMSIE~1.EXEO9 - Extra button: (no name) - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\PROGRA~1\SMARTW~1\SWMSIE~1.EXEO9 - Extra 'Tools' menuitem: SmartWhois - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\PROGRA~1\SMARTW~1\SWMSIE~1.EXEO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...463/mcfscan.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{8D0E5AFA-8F7E-4EF8-B144-91CEE716D035}: NameServer = 209.193.4.7,209.193.4.8O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exeO23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exeO23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exeO23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exeO23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exeO23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
matrix0978 Posted April 23, 2005 Posted April 23, 2005 Keep these running processes:Running processes:C:\WINDOWS\System32\Smss.exeC:\WINDOWS\system32\Winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ati2evxx.exeC:\WINDOWS\system32\Svchost.exeC:\WINDOWS\System32\Svchost.exeC:\WINDOWS\system32\lexbces.exeC:\WINDOWS\system32\Spoolsv.exeC:\WINDOWS\system32\lexpps.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exeC:\WINDOWS\system32\oodag.exeC:\WINDOWS\System32\Svchost.exeC:\WINDOWS\system32\ati2evxx.exeC:\WINDOWS\explorer.exec:\PROGRA~1\mcafee.com\vso\Mcshield.exeC:\PROGRA~1\mcafee.com\vso\mcvsshld.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\Lexmark X5100 Series\lxbabmgr.exeC:\Program Files\Hmonitor\hmonitor.exeC:\Program Files\Java\jre1.5.0_01\bin\jusched.exeC:\Program Files\Google\Gmail Notifier\gnotify.exeC:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exeC:\Program Files\Lexmark X5100 Series\lxbabmon.exeC:\PROGRA~1\mcafee.com\vso\mcvsescn.exeC:\Program Files\Logitech\MouseWare\system\em_exec.exeD:\Program Files\Internet Download Manager\IDMan.exeD:\Program Files\HDD Thermometer\HDD Thermometer.exeC:\Program Files\Fanix Software\As-U-Type\asutype.exeC:\Program Files\Globe Software\StatBar\StatBar.exeD:\Program Files\McAfee\McAfee QuickClean\Plguni.exeD:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exeC:\Program Files\WhatPulse\WhatPulse.exeC:\Program Files\FeedReader\feedreader.exeC:\Program Files\VIA\RAID\raid_tool.exeC:\Program Files\Azureus\azureus.exeC:\Program Files\Java\jre1.5.0_01\bin\javaw.exeC:\Program Files\Firefox\firefox.exeC:\Program Files\PeerGuardian2\pg2.exeC:\HiJackThis\HijackThis.exeC:\PROGRA~1\SMARTW~1\SWMSIE~1.EXEThe following is Ok, and you may keep:R3 - Default URLSearchHook is missingO2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\acroiehelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dllO4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktaskO4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"O4 - HKLM\..\Run: [McAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exeO4 - HKLM\..\Run: [McUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exeO4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"O4 - HKLM\..\Run: [Hmonitor] C:\Program Files\Hmonitor\hmonitor.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exeO4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exeO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exeO4 - HKCU\..\Run: [iDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onbootO4 - HKCU\..\Run: [RSD_HDDThermo] D:\Program Files\HDD Thermometer\HDD Thermometer.exeO4 - HKCU\..\Run: [As-U-Type 2.1] C:\Program Files\Fanix Software\As-U-Type\asutype.exeO4 - HKCU\..\Run: [statBar] C:\Program Files\Globe Software\StatBar\StatBar.exeO4 - HKCU\..\Run: [McAfee QuickClean Imonitor] D:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /STARTO4 - HKCU\..\Run: [bandwidth Monitor Pro] "D:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimizedO4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exeO4 - HKCU\..\Run: [feedreader.exe] C:\Program Files\FeedReader\feedreader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exeO4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exeO8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: SmartWhois - {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - C:\PROGRA~1\SMARTW~1\SWMSIE~1.EXEO9 - Extra button: (no name) - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\PROGRA~1\SMARTW~1\SWMSIE~1.EXEO9 - Extra 'Tools' menuitem: SmartWhois - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} -O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...463/mcfscan.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{8D0E5AFA-8F7E-4EF8-B144-91CEE716D035}: NameServer = 209.193.4.7,209.193.4.8O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exeO23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\gearsec.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\lexbces.exeO23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\Mcshield.exeO23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exeO23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exeO23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exeO23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f May Delete the Following: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =------------------------------------------------The following are not good, permission to remove:O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll"%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
P2PAlaska Posted April 23, 2005 Author Posted April 23, 2005 Thanks for the quick reply, regarding the things to remove, idmmbc.dll is part of internet download manager and rpcapd.ini is for remote packet capture with WinPcap 3.1 beta4. I use ethereal for packet capture now so I can loose WinPcap. I do use IDM daily. But please let me know if it's a threat. Again thanks for the help. Update: removed above, still no access to firewall settings.
Tarun Posted April 23, 2005 Posted April 23, 2005 Generated by Tarun's HijackThis Converter.Changed registry value. Safe to remove:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =Created extra registry value where only one should be. Safe to remove:R3 - Default URLSearchHook is missingBecause download managers don't really work and are often packed with malware.Enumeration of existing IE's BHO's. Safe to remove:O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dllEnumeration of suspicious auto-loading registry entries. Safe to remove:O4 - HKLM\..\Run: [hmonitor] C:\Program Files\Hmonitor\hmonitor.exeOnly required for overclockers who want to check their system.O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exeNot needed, this can be checked from the Control Panel.O4 - HKCU\..\Run: [iDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onbootSee above about download managers.O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exeAbove are optional as well.Extra IE context menu items. Safe to remove:O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htmExtra "Tools" menu items and buttons. Safe to remove:O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: SmartWhois - {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - C:\PROGRA~1\SMARTW~1\SWMSIE~1.EXEO9 - Extra button: (no name) - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\PROGRA~1\SMARTW~1\SWMSIE~1.EXEO9 - Extra 'Tools' menuitem: SmartWhois - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\PROGRA~1\SMARTW~1\SWMSIE~1.EXEBroken Internet access. To fix these you will need LSPFix. Safe to remove:O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllDownloaded Program Files item. Safe to remove:O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...463/mcfscan.cabEnumeration of NT Services. Safe to remove:O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
P2PAlaska Posted April 23, 2005 Author Posted April 23, 2005 Thanks for the great post Tarun, other than my original problem with the firewall my system is working great, if I can't find the fix I think I'll just leave xp firewall disabled and go with another one. Have a good one buddy!
Tarun Posted April 23, 2005 Posted April 23, 2005 Thanks for the great post Tarun, other than my original problem with the firewall my system is working great, if I can't find the fix I think I'll just leave xp firewall disabled and go with another one. Have a good one buddy! <{POST_SNAPBACK}>Any firewall to use other than the XP firewall is a good move. Have you any in mind? As I can offer suggestions, such as Agnitum Outpost Pro and ZoneAlarm Pro. Personally I prefer Outpost.
P2PAlaska Posted April 23, 2005 Author Posted April 23, 2005 I have sygate pro, zonealarm pro and mcafee in my software collection I'll check out outpost pro now. I have a old dell P3 I might load linux and smoothwall and use it as a firewall. I sure would like to find out why xp firewall quit, part curiosity and part stubbornness lol.
Tarun Posted April 23, 2005 Posted April 23, 2005 I have sygate pro, zonealarm pro and mcafee in my software collection I'll check out outpost pro now. I have a old dell P3 I might load linux and smoothwall and use it as a firewall. I sure would like to find out why xp firewall quit, part curiosity and part stubbornness lol.<{POST_SNAPBACK}>Did you change any services or settings prior to this?
P2PAlaska Posted April 24, 2005 Author Posted April 24, 2005 No I dident change anything prior to it messing up, I first noticed it when one of my allowed ports closed, then went to access firewall settings and got the "due to an unidentified problem windows can not display windows firewall settings", as near as I could determine ICF was blocking all ports except http at that point, went to services to stop ICF and it would not stop, I had to disable the service and reboot to stop it.
Tarun Posted April 24, 2005 Posted April 24, 2005 No I dident change anything prior to it messing up, I first noticed it when one of my allowed ports closed, then went to access firewall settings and got the "due to an unidentified problem windows can not display windows firewall settings", as near as I could determine ICF was blocking all ports except http at that point, went to services to stop ICF and it would not stop, I had to disable the service and reboot to stop it. <{POST_SNAPBACK}>Sometimes Windows has flukes. I had a *.inf fluke that was a pain. I didn't bother fixing it cause I had a new hard drive coming.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now