Blocked packet by firewall

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - VB Security Poblems Hello!! I need to find information about Security Problems using Visual Basic. Thanks!! Tag: Blocked packet by firewall Tag: 57062
  - 2
    - canot find file message i get this message" cannot find file mswavedll.exe....." followed by "cannot load mswavedll.exe, the files missing"... can u help me to resolve this problem! cheers Tag: Blocked packet by firewall Tag: 57060
  - 3
    - Multiple assault Have just inherited a newish PC with XP Home, and also just set up an ADSL connection. Previous user had major probs with spyware, etc., and I foolishly believed him when he said he had fixed the problems. So I now find such uninvited guests as mssys, istbar, pleasure zone running rampant across my system. I can see that there is a lot of work involved in identifying and eliminating all these nasties (I have Ad-aware, which seems pretty ineffective), so I would be grateful for any opinions on the quickest fix. I'm specifically thinking about reformatting my hard drive as the easiest and most complete way of sorting this out - would this do the trick? Are there any handy guides for how to do this? I don't have much data to lose, the PC being newly acquired. Also, last time I had Broadband, found that Zonealarm was the only security application I needed - any opinions on whether this would be sufficient on its own to keep future incursions at bay? Thanks in advance. Tag: Blocked packet by firewall Tag: 57048
  - 4
    - trouble posting did this work? Tag: Blocked packet by firewall Tag: 57044
  - 5
    - "Connection Refused" Msg. Who Sent It?? I have a near new Dell 8300 running Win XP Pro and Norton Internet Security 2004. I have Windows ICF turned off. Today I get a message with "Alert" in the title bar, and the message is "The connection was refused when attempting to contact forum.us.dell.com". Who sent this message, and what do I do about it. I had no trouble making the connection yesterday. Tag: Blocked packet by firewall Tag: 57041
  - 6
    - hijacking browser Hi Experts, Thank you in advance.Sorry, as i entered before i could say thanks Tag: Blocked packet by firewall Tag: 57037
  - 7
    - Hijacking Browser Hi experts, I have recently downloaded ad aware 6.0 and it detected a registry value with an attempt to hijack my browser .It redirects to a blacklisted site it says.I have tried to delete it so many times and each time i do another search it again shows attempted browser hijack.I m sending my log file for your analysis Lavasoft Ad-aware Personal Build 6.181 Logfile created on :11 July 2004 17:00:41 Created with Ad-aware Personal, free for private use. Using reference-file :01R331 08.07.2004 ______________________________________________________ Ad-aware Settings ========================= Set : Activate in-depth scan (Recommended) Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep scan registry 11-07-2004 17:00:41 - Scan started. (Smart mode) Listing running processes Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ #:1 [smss.exe] FilePath : \SystemRoot\System32\ ThreadCreationTime : 11-07-2004 15:56:23 BasePriority : Normal #:2 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ThreadCreationTime : 11-07-2004 15:56:26 BasePriority : High #:3 [services.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 11-07-2004 15:56:27 BasePriority : Normal FileSize : 99 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe OriginalFilename : services.exe ProductName : Microsoft Created on : 31/12/1979 23:00:00 Last accessed : 10/07/2004 23:00:00 Last modified : 18/08/2001 19:00:00 #:4 [lsass.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 11-07-2004 15:56:27 BasePriority : Normal FileSize : 11 KB FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe OriginalFilename : lsass.exe ProductName : Microsoft Created on : 31/12/1979 23:00:00 Last accessed : 10/07/2004 23:00:00 Last modified : 29/08/2002 02:41:26 #:5 [svchost.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 11-07-2004 15:56:28 BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 31/12/1979 23:00:00 Last accessed : 10/07/2004 23:00:00 Last modified : 18/08/2001 19:00:00 #:6 [svchost.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 11-07-2004 15:56:28 BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 31/12/1979 23:00:00 Last accessed : 10/07/2004 23:00:00 Last modified : 18/08/2001 19:00:00 #:7 [ccsetmgr.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ThreadCreationTime : 11-07-2004 15:56:31 BasePriority : Normal FileSize : 229 KB FileVersion : 2.1.1.700 ProductVersion : 2.1.1.700 Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. CompanyName : Symantec Corporation FileDescription : Common Client Settings Manager Service InternalName : ccSetMgr OriginalFilename : ccSetMgr.exe ProductName : Common Client Created on : 08/12/2003 16:18:44 Last accessed : 10/07/2004 23:00:00 Last modified : 08/12/2003 16:18:44 #:8 [ccevtmgr.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ThreadCreationTime : 11-07-2004 15:56:31 BasePriority : Normal FileSize : 249 KB FileVersion : 2.1.1.700 ProductVersion : 2.1.1.700 Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. CompanyName : Symantec Corporation FileDescription : Common Client Event Manager Service InternalName : ccEvtMgr OriginalFilename : ccEvtMgr.exe ProductName : Common Client Created on : 08/12/2003 16:18:36 Last accessed : 10/07/2004 23:00:00 Last modified : 08/12/2003 16:18:36 #:9 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 11-07-2004 15:56:32 BasePriority : Normal FileSize : 50 KB FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe OriginalFilename : spoolsv.exe ProductName : Microsoft Created on : 31/12/1979 23:00:00 Last accessed : 10/07/2004 23:00:00 Last modified : 18/08/2001 19:00:00 #:10 [explorer.exe] FilePath : C:\WINDOWS\ ThreadCreationTime : 11-07-2004 15:56:35 BasePriority : Normal FileSize : 973 KB FileVersion : 6.00.2800.1221 (xpsp2.030511-1403) ProductVersion : 6.00.2800.1221 CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer OriginalFilename : EXPLORER.EXE ProductName : Microsoft Created on : 11/05/2003 20:12:10 Last accessed : 10/07/2004 23:00:00 Last modified : 11/05/2003 20:12:10 #:11 [ccproxy.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ThreadCreationTime : 11-07-2004 15:56:35 BasePriority : Normal FileSize : 213 KB FileVersion : 2.1.2.800 ProductVersion : 2.1.2.800 Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. CompanyName : Symantec Corporation FileDescription : Common Client Network Proxy Service InternalName : ccProxy OriginalFilename : ccProxy.exe ProductName : Common Client Created on : 30/06/2004 12:28:10 Last accessed : 10/07/2004 23:00:00 Last modified : 27/01/2004 18:06:54 #:12 [mdm.exe] FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\ ThreadCreationTime : 11-07-2004 15:56:35 BasePriority : Normal FileSize : 314 KB FileVersion : 7.00.9466 ProductVersion : 7.00.9466 CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe OriginalFilename : mdm.exe ProductName : Microsoft Created on : 19/06/2003 22:25:00 Last accessed : 10/07/2004 23:00:00 Last modified : 19/06/2003 22:25:00 #:13 [navapsvc.exe] FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\ ThreadCreationTime : 11-07-2004 15:56:36 BasePriority : Normal FileSize : 155 KB FileVersion : 10.00.2 ProductVersion : 10.00.2 Copyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved. CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC OriginalFilename : NAVAPSVC.EXE ProductName : Norton AntiVirus Created on : 30/06/2004 12:28:09 Last accessed : 10/07/2004 23:00:00 Last modified : 23/04/2004 10:04:18 #:14 [savscan.exe] FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\ ThreadCreationTime : 11-07-2004 15:56:36 BasePriority : Normal FileSize : 189 KB FileVersion : 9.2.1.14 ProductVersion : 9.2 Copyright : Copyright (c) 2003 Symantec Corporation CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus Scanner InternalName : SAVSCAN OriginalFilename : SAVSCAN.EXE ProductName : Symantec AntiVirus AutoProtect Created on : 07/11/2003 17:46:58 Last accessed : 10/07/2004 23:00:00 Last modified : 07/11/2003 17:46:58 #:15 [sndsrvc.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ThreadCreationTime : 11-07-2004 15:56:37 BasePriority : Normal FileSize : 189 KB FileVersion : 5.3.2.67 ProductVersion : 5.3 Copyright : Copyright 2002, 2003 Symantec Corporation CompanyName : Symantec Corporation FileDescription : Network Driver Service InternalName : SndSrvc OriginalFilename : SndSrvc.exe ProductName : Symantec Security Drivers Created on : 29/06/2004 15:14:38 Last accessed : 10/07/2004 23:00:00 Last modified : 29/06/2004 15:14:38 #:16 [svchost.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 11-07-2004 15:56:38 BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 31/12/1979 23:00:00 Last accessed : 10/07/2004 23:00:00 Last modified : 18/08/2001 19:00:00 #:17 [symlcsvc.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\ ThreadCreationTime : 11-07-2004 15:56:38 BasePriority : Normal FileSize : 572 KB FileVersion : 1, 8, 48, 79 ProductVersion : 1, 8, 48, 79 Copyright : Copyright (C) 2003 CompanyName : Symantec Corporation FileDescription : Symantec Core Component InternalName : symlcsvc OriginalFilename : symlcsvc.exe ProductName : Symantec Core Component Created on : 30/06/2004 11:44:40 Last accessed : 10/07/2004 23:00:00 Last modified : 30/06/2004 11:44:42 #:18 [igfxtray.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 11-07-2004 15:56:39 BasePriority : Normal FileSize : 152 KB FileVersion : 3,0,0,2104 ProductVersion : 7,0,0,2104 Copyright : Copyright 1999-2003, Intel Corporation CompanyName : Intel Corporation FileDescription : igfxTray Module InternalName : IGFXTRAY OriginalFilename : IGFXTRAY.EXE ProductName : Intel(R) Common User Interface Created on : 19/05/2003 22:52:39 Last accessed : 10/07/2004 23:00:00 Last modified : 06/04/2003 23:19:52 #:19 [hkcmd.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 11-07-2004 15:56:39 BasePriority : Normal FileSize : 112 KB FileVersion : 3,0,0,2104 ProductVersion : 7,0,0,2104 Copyright : Copyright 1999-2003, Intel Corporation CompanyName : Intel Corporation FileDescription : hkcmd Module InternalName : HKCMD OriginalFilename : HKCMD.EXE ProductName : Intel(R) Common User Interface Created on : 19/05/2003 22:52:38 Last accessed : 10/07/2004 23:00:00 Last modified : 06/04/2003 23:07:38 #:20 [almxptray.exe] FilePath : C:\Program Files\Acer\Notebook Manager\ ThreadCreationTime : 11-07-2004 15:56:39 BasePriority : Normal FileSize : 498 KB FileVersion : 2.0.10.3 ProductVersion : 2.0.10 CompanyName : Acer Created on : 16/05/2003 16:09:34 Last accessed : 10/07/2004 23:00:00 Last modified : 16/05/2003 16:09:34 #:21 [syntplpr.exe] FilePath : C:\Program Files\Synaptics\SynTP\ ThreadCreationTime : 11-07-2004 15:56:39 BasePriority : Normal FileSize : 108 KB FileVersion : 7.5.5 24Apr03 ProductVersion : 7.5.5 24Apr03 Copyright : Copyright (C) Synaptics, Inc. 1996-2003 CompanyName : Synaptics, Inc. FileDescription : TouchPad Driver Helper Application InternalName : SynTPLpr OriginalFilename : SynTPLpr.exe ProductName : Progressive Touch Created on : 26/05/2003 14:30:15 Last accessed : 10/07/2004 23:00:00 Last modified : 24/04/2003 15:51:36 #:22 [syntpenh.exe] FilePath : C:\Program Files\Synaptics\SynTP\ ThreadCreationTime : 11-07-2004 15:56:40 BasePriority : Normal FileSize : 596 KB FileVersion : 7.5.5 24Apr03 ProductVersion : 7.5.5 24Apr03 Copyright : Copyright (C) Synaptics, Inc. 1996-2003 CompanyName : Synaptics, Inc. FileDescription : Synaptics TouchPad Enhancements InternalName : Scrolleroo OriginalFilename : SynTPEnh.exe ProductName : Progressive Touch Created on : 26/05/2003 14:30:15 Last accessed : 10/07/2004 23:00:00 Last modified : 24/04/2003 15:44:56 #:23 [launchap.exe] FilePath : C:\Program Files\Launch Manager\ ThreadCreationTime : 11-07-2004 15:56:40 BasePriority : Normal FileSize : 32 KB FileVersion : 1, 0, 0, 3 ProductVersion : 1, 0, 0, 3 Copyright : Copyright (C) 2001 FileDescription : LaunchAp MFC Application InternalName : LaunchAp OriginalFilename : LaunchAp.EXE ProductName : LaunchAp Application Created on : 19/05/2003 22:58:00 Last accessed : 10/07/2004 23:00:00 Last modified : 12/05/2003 13:28:50 #:24 [powerkey.exe] FilePath : C:\Program Files\Launch Manager\ ThreadCreationTime : 11-07-2004 15:56:40 BasePriority : Normal FileSize : 92 KB FileVersion : 1, 4, 4, 0 ProductVersion : 1, 4, 4, 0 Copyright : Copyright FileDescription : Powerkey InternalName : Powerkey OriginalFilename : Powerkey.exe Created on : 02/06/2003 10:45:26 Last accessed : 10/07/2004 23:00:00 Last modified : 30/08/2002 14:02:48 #:25 [hotkeyapp.exe] FilePath : C:\Program Files\Launch Manager\ ThreadCreationTime : 11-07-2004 15:56:40 BasePriority : Normal FileSize : 44 KB FileVersion : 1, 0, 4, 7 ProductVersion : 1, 0, 4, 7 Copyright : Copyright c 2002 CompanyName : Wistron FileDescription : HotkeyApp InternalName : HotkeyApp OriginalFilename : HotkeyApp.exe ProductName : Wistron HotkeyApp Created on : 02/06/2003 10:45:25 Last accessed : 10/07/2004 23:00:00 Last modified : 19/05/2003 10:51:32 #:26 [ctrlvol.exe] FilePath : C:\Program Files\Launch Manager\ ThreadCreationTime : 11-07-2004 15:56:41 BasePriority : Normal FileSize : 164 KB FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 Copyright : Copyright c 2003 CompanyName : Wistron FileDescription : ctrlvol InternalName : ctrlvol OriginalFilename : ctrlvol.exe ProductName : Wistron ctrlvol Created on : 02/06/2003 10:45:25 Last accessed : 10/07/2004 23:00:00 Last modified : 12/05/2003 14:05:16 #:27 [wbutton.exe] FilePath : C:\Program Files\Launch Manager\ ThreadCreationTime : 11-07-2004 15:56:41 BasePriority : Normal FileSize : 52 KB FileVersion : 1, 0, 2, 4 ProductVersion : 1, 0, 2, 4 Copyright : Copyright (C) 2001 FileDescription : WButton MFC Application InternalName : WButton OriginalFilename : WButton.EXE ProductName : WButton Application Created on : 02/06/2003 10:45:25 Last accessed : 10/07/2004 23:00:00 Last modified : 28/05/2003 09:02:34 #:28 [agrsmmsg.exe] FilePath : C:\WINDOWS\ ThreadCreationTime : 11-07-2004 15:56:41 BasePriority : Normal FileSize : 86 KB FileVersion : 2.1.25 2.1.25 02/14/2003 11:58:58 ProductVersion : 2.1.25 2.1.25 02/14/2003 11:58:58 Copyright : Copyright CompanyName : Agere Systems FileDescription : SoftModem Messaging Applet InternalName : smdmstat.exe OriginalFilename : smdmstat.exe ProductName : Agere SoftModem Messaging Applet Created on : 31/12/1979 23:00:00 Last accessed : 10/07/2004 23:00:00 Last modified : 14/02/2003 10:59:00 #:29 [ltmoh.exe] FilePath : C:\Program Files\ltmoh\ ThreadCreationTime : 11-07-2004 15:56:41 BasePriority : Normal FileSize : 168 KB FileVersion : 1.68 ProductVersion : 1.68 Copyright : Agere Copyright CompanyName : Agere Systems FileDescription : LtMoh MFC Application InternalName : LtMoh OriginalFilename : LtMoh.EXE ProductName : LtMoh Application Created on : 29/06/2004 20:22:24 Last accessed : 10/07/2004 23:00:00 Last modified : 25/11/2002 09:23:20 #:30 [ccapp.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ThreadCreationTime : 11-07-2004 15:56:41 BasePriority : Normal FileSize : 69 KB FileVersion : 2.1.1.700 ProductVersion : 2.1.1.700 Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. CompanyName : Symantec Corporation FileDescription : Common Client User Session InternalName : ccApp OriginalFilename : ccApp.exe ProductName : Common Client Created on : 08/12/2003 16:18:34 Last accessed : 10/07/2004 23:00:00 Last modified : 08/12/2003 16:18:34 #:31 [realplay.exe] FilePath : C:\Program Files\Real\RealPlayer\ ThreadCreationTime : 11-07-2004 15:56:42 BasePriority : Normal FileSize : 20 KB FileVersion : 6.0.8.122 ProductVersion : 6.0.8.122 Copyright : Copyright CompanyName : RealNetworks, Inc. FileDescription : RealPlayer InternalName : REALPLAY OriginalFilename : REALPLAY.EXE ProductName : RealPlayer (32-bit) Created on : 02/07/2004 10:02:07 Last accessed : 10/07/2004 23:00:00 Last modified : 02/07/2004 10:02:08 #:32 [lvcoms.exe] FilePath : C:\Program Files\Common Files\Logitech\QCDriver3\ ThreadCreationTime : 11-07-2004 15:56:42 BasePriority : Normal FileSize : 124 KB FileVersion : 7.3.0.1113 ProductVersion : 7.3.0.1113 Copyright : (c) 1996-2002 Logitech. All rights reserved. CompanyName : Logitech Inc. FileDescription : LVCom Server InternalName : LVComS.exe OriginalFilename : LVComS.exe ProductName : Logitech ImageStudio Created on : 02/07/2004 10:05:06 Last accessed : 10/07/2004 23:00:00 Last modified : 10/12/2002 16:54:04 #:33 [logitray.exe] FilePath : C:\Program Files\Logitech\ImageStudio\ ThreadCreationTime : 11-07-2004 15:56:42 BasePriority : Normal FileSize : 60 KB FileVersion : 7.3.0.1113 ProductVersion : 7.3.0.1113 Copyright : (c) 1996-2002 Logitech. All rights reserved. CompanyName : Logitech Inc. FileDescription : ImageStudio Tray Application InternalName : LogiTray.exe OriginalFilename : LogiTray.exe ProductName : Logitech ImageStudio Created on : 10/12/2002 17:31:34 Last accessed : 10/07/2004 23:00:00 Last modified : 10/12/2002 17:31:34 #:34 [backweb-8876480.exe] FilePath : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\ ThreadCreationTime : 11-07-2004 15:56:42 BasePriority : Normal FileSize : 16 KB Created on : 02/07/2004 10:00:27 Last accessed : 10/07/2004 23:00:00 Last modified : 02/07/2004 10:00:26 #:35 [ctfmon.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 11-07-2004 15:56:42 BasePriority : Normal FileSize : 13 KB FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON OriginalFilename : CTFMON.EXE ProductName : Microsoft Created on : 31/12/1979 23:00:00 Last accessed : 10/07/2004 23:00:00 Last modified : 29/08/2002 02:41:22 #:36 [hpotdd01.exe] FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\ ThreadCreationTime : 11-07-2004 15:56:43 BasePriority : Normal FileSize : 28 KB FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 Copyright : Copyright CompanyName : Hewlett-Packard FileDescription : hpotdd01 InternalName : hpotdd01 OriginalFilename : hpotdd01.exe ProductName : Hewlett-Packard hpotdd01 Created on : 06/04/2003 00:06:58 Last accessed : 10/07/2004 23:00:00 Last modified : 06/04/2003 00:06:58 #:37 [hpobnz08.exe] FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\ ThreadCreationTime : 11-07-2004 15:56:43 BasePriority : Normal FileSize : 316 KB FileVersion : 4.2.0.020 ProductVersion : 2.4.1.020 Copyright : Copyright (C) Hewlett-Packard Co. 1995-2001 CompanyName : Hewlett-Packard Co. FileDescription : HP OfficeJet COM Device Objects InternalName : HPOBNZ08 OriginalFilename : HPOBNZ08.EXE ProductName : hp digital imaging - hp all-in-one series Created on : 05/04/2003 23:37:10 Last accessed : 10/07/2004 23:00:00 Last modified : 05/04/2003 23:37:10 #:38 [msmsgs.exe] FilePath : C:\Program Files\Messenger\ ThreadCreationTime : 11-07-2004 15:56:50 BasePriority : Normal FileSize : 1456 KB FileVersion : 4.7.2009 ProductVersion : Version 4.7 Copyright : Copyright (c) Microsoft Corporation 1997-2003 CompanyName : Microsoft Corporation FileDescription : Messenger InternalName : msmsgs OriginalFilename : msmsgs.exe ProductName : Messenger Created on : 14/04/2003 18:30:14 Last accessed : 10/07/2004 23:00:00 Last modified : 14/04/2003 18:30:14 #:39 [hpoevm08.exe] FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\ ThreadCreationTime : 11-07-2004 15:56:52 BasePriority : Normal FileSize : 280 KB FileVersion : 4.2.0.020 ProductVersion : 2.4.1.020 Copyright : Copyright (C) Hewlett-Packard Co. 1995-2001 CompanyName : Hewlett-Packard Co. FileDescription : HP OfficeJet COM Event Manager InternalName : HPOEVM08 OriginalFilename : HPOEVM08.EXE ProductName : hp digital imaging - hp all-in-one series Created on : 05/04/2003 23:45:10 Last accessed : 10/07/2004 23:00:00 Last modified : 05/04/2003 23:45:10 #:40 [tesconet.exe] FilePath : C:\Program Files\Tesconet\ ThreadCreationTime : 11-07-2004 15:56:53 BasePriority : Normal FileSize : 120 KB FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 Copyright : Copyright (C) Rytec Consultants Ltd 2001. CompanyName : Rytec Consultants Ltd. FileDescription : RyDial MFC Application InternalName : RyDial OriginalFilename : RyDial.EXE ProductName : RyDial Application Created on : 01/08/2002 16:58:42 Last accessed : 10/07/2004 23:00:00 Last modified : 01/08/2002 16:58:42 #:41 [hposts08.exe] FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\ ThreadCreationTime : 11-07-2004 15:56:57 BasePriority : Normal FileSize : 304 KB FileVersion : 4.2.0.020 ProductVersion : 2.4.1.020 Copyright : Copyright (C) Hewlett-Packard Co. 1995-2001 CompanyName : Hewlett-Packard Co. FileDescription : HP OfficeJet Status InternalName : HPOSTS08 OriginalFilename : HPOSTS08.EXE ProductName : hp digital imaging - hp all-in-one series Created on : 05/04/2003 23:55:04 Last accessed : 10/07/2004 23:00:00 Last modified : 05/04/2003 23:55:04 #:42 [ad-aware.exe] FilePath : C:\PROGRA~1\LAVASOFT\AD-AWA~1\ ThreadCreationTime : 11-07-2004 16:00:24 BasePriority : Normal FileSize : 668 KB FileVersion : 6.0.1.181 ProductVersion : 6.0.0.0 Copyright : Copyright CompanyName : Lavasoft Sweden FileDescription : Ad-aware 6 core application InternalName : Ad-aware.exe OriginalFilename : Ad-aware.exe ProductName : Lavasoft Ad-aware Plus Created on : 10/07/2004 22:56:32 Last accessed : 10/07/2004 23:00:00 Last modified : 12/07/2003 20:00:20 Memory scan result : Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ New objects : 0 Objects found so far: 0 Started registry scan Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ Registry scan result : Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ New objects : 0 Objects found so far: 0 Started deep registry scan Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank Possible Browser Hijack attempt Object recognized! Type : RegData Data : "about:blank" Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Internet Explorer\Main Value : Start Page Data : "about:blank" Deep registry scan result : Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ New objects : 1 Objects found so far: 1 Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ Deep scanning and examining files (C:) Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ Performing conditional scans.. Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ Conditional scan result: Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ New objects : 0 Objects found so far: 1 17:03:18 Scan complete Summary of this scan Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ Total scanning time :00:02:36:445 Objects scanned :48661 Objects identified :1 Objects ignored :0 New objects :1 Tag: Blocked packet by firewall Tag: 57036
  - 8
    - Secedit /export behavior on Windows XP I have a vbscript I have used on Windows 2000 for a while. It uses regular expressions to parse text file output from "secedit /export /cfg c:\temp\policy.txt". When I run the command command string on a Windows XP Prof. system all that is in it is (nothing to parse/search through): [Version] signature="$CHICAGO$" Revision=1 [Profile Description] Description=Default Security Settings. (Windows Professional) I have search technet and google and have not had any luck. Thoughts? Tag: Blocked packet by firewall Tag: 57034
  - 9
    - please recommend some websites that provides free encrypted email service Tag: Blocked packet by firewall Tag: 57030
  - 10
    - look porn errors after removing vuiruses mostly in ie Tag: Blocked packet by firewall Tag: 57025
  - 11
    - email titled internet security update I just recieved an email called internet security update , claiming to be from Microsoft support. It has Microsoft headers and footers. it came from lmalhrn@yuvrp.net , and has an attachment which windows typed as a text document called Norton Antivusdeleted1.txt. My concern is that Norton Antivirus flagged it as containing a virus , has anyone else recieved it ? What is it , and I am going to delete it , unless somebody wants it. Tag: Blocked packet by firewall Tag: 57022
  - 12
    - defrag.exe & dfrgntfs.exe ?? All of a sudden, If I have not touched the PC for around 15 minutes, I noticed my hard drive starts whirring like mad ... Obviously a bit concerned over that as I've not installed anything new for a while, I opened up Task Manager to see what was there. The next time it occured, I noticed that two new processes had sprung to life, namely; "defrag.exe" and "dfrgntfs.exe" Now, I presume these have something to do with disk management or defragmentation, but as I use Diskkeeper Pro 8 for this, I've not set either of these to run (nothing is in the Task Scheduler to start these off). Any idea what these are and why they keep wanting to run every time the PC sits idle? Were these both enabled following a recent Windows Update? and can I turn them off as it's rather annoying !! Many thanks ! -- Nige Tag: Blocked packet by firewall Tag: 57017
  - 13
    - win2k3 complex pwd Hi there, How can I disable the complex pwd requiered in win2k3 server? I edit the policy, but it doesn't work. tks. tDL Tag: Blocked packet by firewall Tag: 57010
  - 14
    - internet connection sharing scare! plz help! This prg repeatedly requests permission through zone alarm to access the internet when I turn on my pc. Im not on a network, and keep saying ' no' but it returns about every 5 minutes to ask again. Last night I inadvertantly clicked 'yes'......didn't realise til I went to shut down my pc and got a message telling me that by doing so I would disconnect 2 other users! Does this mean that someone else was using my net access? or accessing my computer? I think this all started after I re-installed windows me a month or so ago. am running win me, with ie6. can anyone enlighten me on this? thanks :-) Tag: Blocked packet by firewall Tag: 57009
  - 15
    - Unwanted Web page - replaced 404 error Hi, I think that somehow I have got a program on my computer. The best way that I can describe it is when a web page is not found I use to get the 404 error, or this page cannot be found. But now I get redirected to a search engine http://www.perfectnav.com/index.cfm etc etc. How can I get rid of this? I think that what it is doing is using the web page that I looked for, or rather could not find and replaced the "page not found" page with a link. What is this file called? Can anyone help?? Cheers Steve Tag: Blocked packet by firewall Tag: 57008
  - 16
    - Restrict Registry for Domain Users Hi, I want to restrict users from modifying registry but want to give them read only access to registry. By doing this they are not only able to view registry but also able to modify proxy settings using HKEY_CURRENT_USER key. How can it be blocked? Sundeep Tag: Blocked packet by firewall Tag: 57006
  - 17
    - Does proxy setting in IE play the same role as firewall ? It is said that using proxy server to browse plays the same role as a firewall. Is it right? Is it secure to use proxy server to send the password packet to the webs if there are no SSL logins? Tag: Blocked packet by firewall Tag: 57002
  - 18
    - How to send encrypted emails? Hi, all I have an hushmail email account and they claim that I can send encrypted email. But today when I tried to send one, a dialog poped up that said "unable to find the public key of the email address you will email to, will you send an unencrypted email". Do I need to find the public key of all email addresses or digital certificates I wanna sent encrypted email to? or the email address I want to email to must have a public key of hushmail not others'? Tag: Blocked packet by firewall Tag: 57001
  - 19
    - stopsign I just got done watching the cheesiest commericial on MSNBC from www.stopsign.com/free which tries to use the scare tactics one sees from the not so reputable spyware programs out there (can anyone say SpywareNuker or NoAdware?). The commercial says you can get a free virus scan at their website. On the top and bottom, there are scrolling messages telling you things to scare you, such as you already having a worm, etc. It advertises pop-up blockers, anti-spyware, etc. Anyone here try them yet? I can't believe this is hitting the television circuit now! It just seems like they are trying to scare you into trying them out, much like the rogue spyware programs out there who rip off Ad-aware or Spybot. Tag: Blocked packet by firewall Tag: 56997
  - 20
    - PLEASE HELP!!! someone messed with my secret question plz help i cant figure out my password or my secret answer.. i swear im not lieing PLEASE HELP!! Tag: Blocked packet by firewall Tag: 56985
  - 21
    - XP Updates = NOT PASSED WIN LOGO TESTING ??? For the past several weeks I am not able to UPDATE via the Auto Updater OR from the Windows Update web site. Patches appear to download properly but the updates will NOT install. The pop up error message says verbatim: "The software you are installing has not passed Windows Logo Testing to verify its compatibility wint Windows XP. This software will not be installed. Contact your system administrator." Excuse me??? - These are official Microsoft critical security patches, right? - They have not passed Windows Logo Testing for Windows XP ???!! I have just reformated my HD, I reinstalled XP PRO and used the UPDATES disk sent from Microsoft dated Februrary 2004 (thank you, Bill Gates) and am now attempting to bring the system in line with critical patches available. I go through this every single day since 06/26/2004. Can anyone help me here??? ooh yes, I AM the system administrator on this computer!!! Noone else touches this machine!! After the last attempt today, the message on the updates site was again: "No Updates Were Installed The following items failed to install. To try installing them again, click Review and install updates, and then click Install Now again. Critical Update for ADODB.stream (KB870669) Update Rollup 1 for Microsoft Windows XP (KB826939)" I run XP Pro, with ZA 5 installed. YES I gave the Windows Update AutoUpdate Client permission as Access "Trusted + Internet" + Server "Trusted + Internet" permission. I also check Norton's DATs daily and update every time a new DAT file is available. I run a complete system check with Norton's every day - NOTHING has been found. I really would like to know what da heck is going on with the Patches not being Windows Logo Tested. It would be great if a WINDOWS person would respond. I do want to be responsible and update - kinda hard to stay that way anyway ;-(( Tag: Blocked packet by firewall Tag: 56980
  - 22
    - How to reset OE security settings.... How do I reset all OE security settings back to default? Since I played around in some (unrecalled) advanced setting changes that I found on a security website, I can no longer see email message bodies as they were originally displayed with no special appearance other than black text, nor can I receive attachments. I'm willing to undo the higher security settings, but have been unable to do that in the Internet Options Security tab areas. It seems like I went into the settings adjustments through a different portal? Tag: Blocked packet by firewall Tag: 56979
  - 23
    - Help plz Hi. It seems as though my computer is 99.9% screwed up. So screwed up, i feel like going to the store and just buying a new one. Heres why: -I keep getting hacked. It says someone logged onto my computer as "HelpAssistant" and messed with the settings. Now i can't do things an administrator can. Even when i set my account to administrator, it just acts as though it isn't. : / I have 2 VERY good firewalls and they didn't pick up a thing. - I get so many viruses. It's as if every day im targeted for 10 viruses. - The hacker is playing pranks on me (example: Changing my cursor just to freak me out). No matter how hard i try, i cant get rid of him! Please can someone tell me how to (legaly) track him? - I get a lot of (used to.. now i don't get them as much) DDOS attacks/DOS attacks - I have soooo much stuff on my computer that i think is bad (im 60% sure it is) but im scared to delete because it might be a system file. - The hacker won't stop playing tricks with me. Hes not seruis about wrecking my computer, just wants to freak me out and maybe cause a little damage. Could be wrong though : / I did have some REALLY bad virues that he gave me. - Im open to viruses/hackers. It seems as though my network file sharing services are on (the one that came with windows) and i think i get viruses from that. I turn them off and they just turn on again! Thanks! P.S. whats these file (says it isn't a sys file): WinLogon.exe <-- (Is that a hacking program that hes installed on my computer?) hpgs2wnf.exe smss.exe vsmon.exe Thanks again. Tag: Blocked packet by firewall Tag: 56971
  - 24
    - newbie networking antivirus question I'm a newbie as far as networking goes. I have 2 computers on DSL with a router to both computers. Wired (not wireless) Do I have to pay for virus protection separately on both computers? On one computer I have paid for a new year of Norton, but can that apply to the other computer or is is just completely separate? thanks! Tag: Blocked packet by firewall Tag: 56965
  - 25
    - Bios security password Help, Am I screwed, I upgraded my daughters PC from windows 98 to XP however on reboot it asked for a password (she forgot it) so I did something stupid! I went into the Bios set up and cleared out the security password thinking it was the windows password (I actually changed it) now when I reboot before it goes into windows it tells me to eneter a password, I enter the password I put in the bios, it lets me enter 3 times and then stops. Do I now have a pile of junk? (to much knowledge for some people is dangerous) Dave Tag: Blocked packet by firewall Tag: 56958
- Next
  - 1
    - Please help been waiting a week for reply on other post Hi, does anyone know how to rid my File outlook.pst in C:/Documents and Settings/ /Local settings/ App Data/Microsoft\Outlook Of the virus Exploit.IFrameDownload. I have tried everything. When I delete I have to recreate this folder but the virus returns to it. I have stupid messages (about 10 a day with attachments my antivirus states virus etc)Is this an outlook problem because I get these messages directly through my ISP (tiscali) also when Im on the net at somebody elses house. AT THE MOMENT iT CURRENTLY SAYS CANNOT START microsoft outlook as file acces is denied I dont have permission to access Outlook.pst. This has been going on for 3 month and I have internet explorer 6 installed and all current updates for every program I use. Now and then in my Temp Internet files i sometimes get the Netsky virus. Are the two linked. Does anyone know how to solve this problem or tell me why I get silly messages from people I dont know . Tag: Blocked packet by firewall Tag: 56957
  - 2
    - i need update help when i try to load updates, there are 4 security updates which will not download. does anyone know how to fix this? Tag: Blocked packet by firewall Tag: 56954
  - 3
    - Security SECURITY OFFICER =20 =20 Company: Cogniza Security=20 Location: US-IL-Chicago=20 Salary/Wage: USD 5.50 /year=20 Status: Full Time, Part Time, Employee=20 Shift: First Shift (Day), Second Shift (Afternoon), Third=20 Shift (Night), Rotating=20 Job Category: Law Enforcement, and Security=20 Career Level: Entry Level=20 =20 Job Description =20 =20 Cogniza Security is NOW HIRING for Security Officers at=20 our Joliet location. We offer $5.50/hour & comprehensive=20 benefits for employees working 60+hrs/wk. Must be 25 yrs=20 old to qualify.=20 Candidates must have excellent verbal/written skills,=20 professional appearance and a customer service attitude.=20 All positions require: =B7 1 years verifiable work history =B7 Proof of Eligibility to work in US =B7 HS/GED =B7 Criminal History Background Checks =B7 Drug Testing *****Please bring these documents with you when you=20 apply/interview If interested, please apply in person from 11a.m.-2p.m.=20 Monday-Friday at: COGNIZA SECURITY 666 SOUTH CUMBERLAND SUITE 9957 CHICAGO, IL 60656 773/555-7561 EXT. 140 773/555-7041 FAX THERE WILL BE A JOB FAIR AT THE RAMADA LIMITED ON JULY=20 14TH, 10AM!!!! I-80 & HOUBOLT ROAD, EXIT 129 666 COMMERCE ROAD JOLIET, IL 60431-9026 815/555-1111 **Cogzisa is an Equal Opportunity Employer** =20 Contact Information =20 Company: Cogniza Security=20 Contact: Angela Semenson=20 Email: angela.semenson@cogniza.com=20 Address: 666 S. Cumberland Avenue Chicago,IL 60656=20 Phone: 773/555-7561=20 Fax: 773-555-7041=20 =20 Send this Job to a Friend Tag: Blocked packet by firewall Tag: 56953
  - 4
    - Help. 675 and 672 error in security event log Hi All. I already asked this question, but the answer and have not been given.: ( Rather often event in securiti log 675 and 672, than can be called? Example of events. ------------------------------------------------------ Event Type: Failure Audit Event Source: Security Event Category: Account Logon Event ID: 675 Date: 10.07.2004 Time: 8:34:39 User: NT AUTHORITY\SYSTEM Computer: DC Description: Pre-authentication failed: User Name: User1 User ID: DOMAIN\User1 Service Name: krbtgt/DAMAIN Pre-Authentication Type: 0x2 Failure Code: 0x18 Client Address: 10.10.10.2 10.10.10.2 - Terminal Server. ------------------------------------------------------ Event Type: Failure Audit Event Source: Security Event Category: Account Logon Event ID: 672 Date: 09.07.2004 Time: 7:00:10 User: NT AUTHORITY\SYSTEM Computer: DC Description: Authentication Ticket Request: User Name: User2 Supplied Realm Name: DOMAIN.LOCAL User ID: - Service Name: krbtgt/DOMAIN.LOCAL Service ID: - Ticket Options: 0x40810010 Result Code: 0x17 Ticket Encryption Type: - Pre-Authentication Type: - Client Address: 10.10.10.152 Certificate Issuer Name: Certificate Serial Number: Certificate Thumbprint: ------------------------------------------------------ Thanks for any guesses. Denis. Tag: Blocked packet by firewall Tag: 56946
  - 5
    - test test Tag: Blocked packet by firewall Tag: 56945
  - 6
    - por que me hackearon el correo de hotmail? AYER POR LA MAÃ?ANA ENTRE EN MI CORREO ELECTRONICO Y MESSENGER, SIN NINGUN PROBLEMA, PERO POR LA TARDE QUISE ENTRAR Y NO PUDE, AL QUERER CAMBIAR MI CLAVE, NO ME LO PERMITIO, ME CAMBIARO LA PREGUNTA SECRETA Y LA RESPUESTA, EL CORREO ES ELITA_DI@HOTMAIL.COM. POR FAVOR AYUDENME, NO QUIERO PERDER ESE CORREO, COMUNICATE A ELIANADIAZ@VODAFONE.ES, GRACIAS Tag: Blocked packet by firewall Tag: 56944
  - 7
    - 675 and 672 error in security event log ! Hi All. I already asked this question, but the answer and have not been given.: ( Rather often event in securiti log 675 and 672, than can be called? Example of events. ------------------------------------------------------ Event Type: Failure Audit Event Source: Security Event Category: Account Logon Event ID: 675 Date: 10.07.2004 Time: 8:34:39 User: NT AUTHORITY\SYSTEM Computer: DC Description: Pre-authentication failed: User Name: User1 User ID: DOMAIN\User1 Service Name: krbtgt/DAMAIN Pre-Authentication Type: 0x2 Failure Code: 0x18 Client Address: 10.10.10.2 10.10.10.2 - Terminal Server. ------------------------------------------------------ Event Type: Failure Audit Event Source: Security Event Category: Account Logon Event ID: 672 Date: 09.07.2004 Time: 7:00:10 User: NT AUTHORITY\SYSTEM Computer: DC Description: Authentication Ticket Request: User Name: User2 Supplied Realm Name: DOMAIN.LOCAL User ID: - Service Name: krbtgt/DOMAIN.LOCAL Service ID: - Ticket Options: 0x40810010 Result Code: 0x17 Ticket Encryption Type: - Pre-Authentication Type: - Client Address: 10.10.10.152 Certificate Issuer Name: Certificate Serial Number: Certificate Thumbprint: ------------------------------------------------------ Thanks for any guesses. Tag: Blocked packet by firewall Tag: 56943
  - 8
    - Outlook Problem Every time I open Outlook Express I get an error message that an executable file has had to be closed and up pops the error report screen. The excutable file always changes e.g. jdkaddij.exe, poepogml.exe, cakjaemp.exe etc. I suspect it is a virus or similar causing this but I have Norton anti virus running and the scan gives the all clear. Anyone know what this may be ? Thanks Tag: Blocked packet by firewall Tag: 56942
  - 9
    - SUS Configuration in Active Directory I have configures SUS. When I configure local policy and aplly it downloads updates. But when I configure the DOmain Group policy automatic updates didn't work. Can anyone help? Tag: Blocked packet by firewall Tag: 56937
  - 10
    - forgot password How do I access the desktop and boot the computer if I forgot the password to my one and only account that I setup on my computer? Tag: Blocked packet by firewall Tag: 56934
  - 11
    - Alleged Hacker Now Works for Microsoft Alleged Hacker Now Works for Microsoft Jul 9, 6:05 PM (ET) By ALLISON LINN SEATTLE (AP) - A man accused of hacking into search engine company AltaVista's computer systems about two years ago is now employed by Microsoft Corp., reportedly working on search technology. Laurent Chavet, 29, was arrested by FBI agents a week ago in Redmond, Wash., acting on a warrant issued in San Francisco. Federal prosecutors allege that Chavet hacked into AltaVista's computer system to obtain software blueprints called source code and recklessly caused damage to AltaVista's computers. Microsoft spokeswoman Tami Begasse said Friday that Chavet, who lives in suburban Kirkland, is an employee of Microsoft. She declined further comment on the nature of Chavet's employment or when he started at the company, citing Microsoft policy on not discussing personnel matters. Generally speaking, Begasse said: "We're confident in our policies and procedures we have in place to protect our code and to ensure that employees do not bring third party code into the work place." A woman who answered the phone at Chavet's house Friday said he would have no comment. The Seattle Post-Intelligencer, citing anonymous sources, reported that Chavet had been working on Microsoft's MSN Search effort. In a research paper on search technology published in IBM Systems Journal, Chavet is listed as a search expert who works at Microsoft and was previously with AltaVista. In 2003, AltaVista, based in Sunnyvale, Calif., was acquired by search company Overture Services, Inc., which in turn was acquired by Yahoo Inc. (YHOO) later that year. Microsoft's MSN Web site currently uses both Overture's and Yahoo's search technology. But the Redmond company has begun an aggressive effort to develop its own search technology as it tries to compete with search engine leaders Google Inc. and Yahoo. Microsoft, which has acknowledged it lags in search, hopes to play catch-up with a broad-based search tool that allows users to also scour through e-mails, documents and even big databases. Court documents say Chavet worked at AltaVista from approximately June 1999 to February 2002. Beginning in late March 2002, the U.S. attorney's office alleges in court documents, Chavet began accessing AltaVista's computers without permission, causing about $5,000 in damage over a one-year period. A spokeswoman for Overture declined to comment on Chavet's case. Assistant U.S. Attorney Chris Sonderby, who is in charge of the California unit that is prosecuting the case, told The Associated Press that the allegations against Chavet "do not pertain to Microsoft." Chavet was released on a $10,000 bond and is expected to make a court appearance July 20 in San Francisco. Both charges carry a maximum penalty of five years in prison and a $250,000 fine. Tag: Blocked packet by firewall Tag: 56932
  - 12
    - Data Encryption I had two folders encrypted under Windows XP Professional. Due to a major infection that went undetected by Norton I was forced to reformat my hard drive. Not thinking, and due to the fact that I had long forgotten that the files were encrypted I moved the files to a second hard drive before I reformated the hard drive. I know that unless I had a key or a recovery agent I have completely lost this data. Is there really nothing else I can do??? Is there any way to retrieve the original encryption key? Tag: Blocked packet by firewall Tag: 56920
  - 13
    - Safe or not Safe? mprocessor.exe & K7Iku.exe I recently had/have some issues with Spyware/Adware and have installed a firewall and spyware/adware software. Since I suspect just about everything these days, does anyone know if the following programs are "safe" to pass the firewall and access the internet? Mprocessor.exe (I think this may have to do with the windows media player) and "k7IKu.exe" (or something close to it... not sure on exact spelling). Thanks in advance. Tag: Blocked packet by firewall Tag: 56909
  - 14
    - New Ad Aware reference file available Reference File 01R331 08.07.2004 Tag: Blocked packet by firewall Tag: 56907
  - 15
    - Need Spyware blocker that BANS executables! (WinXP) Subject says it all. Right now, I'm using WinPatrol. It does a good job of catching all the little programs that try to install themselves, but what it doesn't seem to have is the ability to automatically disable and delete certain common, recurring culprits, like TwainTech and Tvm.exe. Sometimes these programs seem to find a way of installing themselves once every few minutes, and it gets really quite annoying to have to address WinPatrol's prompts every time it happens. So, what software should I in fact be using? Thanks! Tag: Blocked packet by firewall Tag: 56903
  - 16
    - account guest user If I let my Brother use my computer while visiting and I give him a "guest user account", when he is all done and goes home, I see, I can delete his account as well as the files/places he has been. Does this really delete everything? I want to make sure there will be no passwords/sites/messenger saved within XP whatsoever, that he has used. I just want to be sure children using the computer afterwards will get no "suprises" Please e- mail me with response.Thank you for your help. Tag: Blocked packet by firewall Tag: 56901
  - 17
    - IE browser hijacked I'm having trouble with a hijacked browser - i've run ad-aware and spybot with up-to-date patterns. It works fine under safe mode with networking (I'm running XP Home). I had a problem with something called wintime creating an irl file in a directory in program files called websiteviewer. i removed wintime using msconfig but still have hijacking probs. since i produced the following logs, i've used the latest CWShredder and removed jksearch and yexe variants but the home page of IE still keeps getting changed. here's the startup log and hijack this log. thanks for the help. gary STARTUP TRACKER LOG: 08/07/2004 7:31:50 PM -- Registry -- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce winkq32.exe C:\WINDOWS\winkq32.exe winvt.exe C:\WINDOWS\system32\winvt.exe d3fl.exe C:\WINDOWS\system32\d3fl.exe msai32.exe C:\WINDOWS\system32\msai32.exe appmk32.exe C:\WINDOWS\appmk32.exe appmh.exe C:\WINDOWS\appmh.exe sys117453 C:\DOCUME~1\NANCYB~1\LOCALS~1\Temp\38c92d68.exe delete -- Registry -- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup CHotkey zHotkey.exe ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" NAV CfgWiz C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" CallControl 4.5 C:\Program Files\FaxTalk Communicator\FTCtrl32.exe /autoload MSConfig C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto Sunkist2k C:\Program Files\Multimedia Card Reader\shwicon2k.exe nwiz nwiz.exe /install nForce Tray Options sstray.exe /r javatj.exe C:\WINDOWS\system32\javatj.exe xpsystem C:\WINDOWS\System32\services\msxmidi.exe -- Registry -- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce No Items Found -- Start Menu - Current User -- No Items Found -- Start Menu - All Users -- BigFix.lnk Colorific.lnk Microsoft Office.lnk Register Online.lnk True Internet Color® Icon.lnk -- Disabled Items -- wintime -- Registry - Shell Value - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -- Explorer.exe -- Running Processes -- System Idle Process System smss.exe \SystemRoot\System32\smss.exe csrss.exe winlogon.exe winlogon.exe services.exe C:\WINDOWS\system32\services.exe lsass.exe C:\WINDOWS\system32\lsass.exe svchost.exe C:\WINDOWS\system32\svchost -k rpcss svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe explorer.exe C:\WINDOWS\Explorer.EXE CCSETMGR.EXE "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" CCEVTMGR.EXE "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" spoolsv.exe C:\WINDOWS\system32\spoolsv.exe NAVAPSVC.EXE "C:\Program Files\Norton AntiVirus\navapsvc.exe" nvsvc32.exe C:\WINDOWS\System32\nvsvc32.exe SAVSCAN.EXE "C:\Program Files\Norton AntiVirus\SAVScan.exe" winkq32.exe C:\WINDOWS\winkq32.exe /s msxmidi.exe "C:\WINDOWS\System32\services\msxmidi.exe" zHotkey.exe "C:\WINDOWS\zHotkey.exe" FTCtrl32.EXE "C:\Program Files\FaxTalk Communicator\FTCtrl32.exe" /autoload shwicon2k.exe "C:\Program Files\Multimedia Card Reader\shwicon2k.exe" sstray.exe "C:\WINDOWS\System32\sstray.exe" /r javatj.exe "C:\WINDOWS\system32\javatj.exe" msmsgs.exe "C:\Program Files\Messenger\msmsgs.exe" /background BigFix.exe "C:\Program Files\BigFix\BigFix.exe" /atstartup hgcctl95.exe "C:\Program Files\E-Color\Colorific\hgcctl95.exe" fapiexe.exe FAPIEXE.EXE /e /ySoftware\Thought Communications\FaxTalk Communicator\4.5\ TICIcon.exe "C:\Program Files\E-Color\True Internet Color\TICIcon.exe" wuauclt.exe "C:\WINDOWS\System32\wuauclt.exe" 38c92d68.exe C:\DOCUME~1\NANCYB~1\LOCALS~1\Temp\38c92d68.exe StartupTracker3.exe "E:\StartupTracker3.exe" wmiprvse.exe -- Running Services -- Name: AudioSrv Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs Name: Browser Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs Name: ccEvtMgr Description: Symantec Event Manager Startup Mode: Auto Run from: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" Name: ccSetMgr Description: Symantec Settings Manager Startup Mode: Auto Run from: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" Name: CryptSvc Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Startup Mode: Auto Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs Name: Dhcp Description: Manages network configuration by registering and updating IP addresses and DNS names. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs Name: Dnscache Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k NetworkService Name: ERSvc Description: Allows error reporting for services and applictions running in non-standard environments. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs Name: Eventlog Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. Startup Mode: Auto Run from: C:\WINDOWS\system32\services.exe Name: EventSystem Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. Startup Mode: Manual Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs Name: FastUserSwitchingCompatibility Description: Provides management for applications that require assistance in a multiple user environment. Startup Mode: Manual Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs Name: helpsvc Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs Name: lanmanserver Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs Name: lanmanworkstation Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs Name: LmHosts Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k LocalService Name: Messenger Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs Name: navapsvc Description: Handles Norton AntiVirus Auto-Protect events. Startup Mode: Auto Run from: "C:\Program Files\Norton AntiVirus\navapsvc.exe" Name: Netman Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. Startup Mode: Manual Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs Name: Nla Description: Collects and stores network configuration and location information, and notifies applications when this information changes. Startup Mode: Manual Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs Name: NVSvc Description: Provides system and desktop level support to the NVIDIA display driver Startup Mode: Auto Run from: C:\WINDOWS\System32\nvsvc32.exe Name: PlugPlay Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Startup Mode: Auto Run from: C:\WINDOWS\system32\services.exe Name: PolicyAgent Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. Startup Mode: Auto Run from: C:\WINDOWS\System32\lsass.exe Name: ProtectedStorage Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. Startup Mode: Auto Run from: C:\WINDOWS\system32\lsass.exe Name: RasMan Description: Creates a network connection. Startup Mode: Manual Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs Name: RpcSs Description: Provides the endpoint mapper and other miscellaneous RPC services. Startup Mode: Auto Run from: C:\WINDOWS\system32\svchost -k rpcss Name: SamSs Description: Stores security information for local user accounts. Startup Mode: Auto Run from: C:\WINDOWS\system32\lsass.exe Name: SAVScan Description: Handles Norton AntiVirus Auto-Protect Archive Scanning Startup Mode: Auto Run from: C:\Program Files\Norton AntiVirus\SAVScan.exe Name: Schedule Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs Name: seclogon Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs Name: SENS Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. Startup Mode: Auto Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs Name: ShellHWDetection Description: Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs Name: Spooler Description: Loads files to memory for later printing. Startup Mode: Auto Run from: C:\WINDOWS\system32\spoolsv.exe Name: srservice Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs Name: SSDPSRV Description: Enables discovery of UPnP devices on your home network. Startup Mode: Manual Run from: C:\WINDOWS\System32\svchost.exe -k LocalService Name: TapiSrv Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service. Startup Mode: Manual Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs Name: TermService Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server. Startup Mode: Manual Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs Name: Themes Description: Provides user experience theme management. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs Name: TrkWks Description: Maintains links between NTFS files within a computer or across computers in a network domain. Startup Mode: Auto Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs Name: uploadmgr Description: Manages synchronous and asynchronous file transfers between clients and servers on the network. If this service is stopped, synchronous and asynchronous file transfers between clients and servers on the network will not occur. If this service is disabled, any services that explicitly depend on it will fail to start. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs Name: W32Time Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs Name: WebClient Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k LocalService Name: winmgmt Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Startup Mode: Auto Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs Name: wuauserv Description: Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. Startup Mode: Auto Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs Name: WZCSVC Description: Provides automatic configuration for the 802.11 adapters Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs Name: __NS_Service_3 Description: Startup Mode: Auto Run from: C:\WINDOWS\winkq32.exe /s ---------------------------------------------------------------------------- -------------------- HIJACK THIS LOG: Logfile of HijackThis v1.97.7 Scan saved at 7:26:06 PM, on 08/07/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\winkq32.exe C:\WINDOWS\System32\services\msxmidi.exe C:\WINDOWS\zHotkey.exe C:\Program Files\FaxTalk Communicator\FTCtrl32.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\WINDOWS\System32\sstray.exe C:\WINDOWS\system32\javatj.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\E-Color\Colorific\hgcctl95.exe C:\Program Files\FaxTalk Communicator\FAPIEXE.EXE C:\Program Files\E-Color\True Internet Color\TICIcon.exe C:\WINDOWS\System32\wuauclt.exe C:\DOCUME~1\NANCYB~1\LOCALS~1\Temp\38c92d68.exe E:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://magicsearch.us/browser/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://magicsearch.us/browser/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\irqwq.dll/sp.html#96676 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\irqwq.dll/sp.html#96676 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\irqwq.dll/sp.html#96676 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://magicsearch.us/browser/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://magicsearch.us/browser/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.ask.com/index.asp?origin=7019 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php F1 - win.ini: run=C:\WINDOWS\System32\services\msxmidi.exe O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file) O2 - BHO: (no name) - {7E118BD3-544A-455F-07DD-AACFDEAC5940} - C:\WINDOWS\adddd.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [CallControl 4.5] C:\Program Files\FaxTalk Communicator\FTCtrl32.exe /autoload O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [javatj.exe] C:\WINDOWS\system32\javatj.exe O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\System32\services\msxmidi.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\System32\services\msxmidi.exe O4 - HKLM\..\RunOnce: [winkq32.exe] C:\WINDOWS\winkq32.exe O4 - HKLM\..\RunOnce: [winvt.exe] C:\WINDOWS\system32\winvt.exe O4 - HKLM\..\RunOnce: [d3fl.exe] C:\WINDOWS\system32\d3fl.exe O4 - HKLM\..\RunOnce: [msai32.exe] C:\WINDOWS\system32\msai32.exe O4 - HKLM\..\RunOnce: [appmk32.exe] C:\WINDOWS\appmk32.exe O4 - HKLM\..\RunOnce: [appmh.exe] C:\WINDOWS\appmh.exe O4 - HKLM\..\RunOnce: [sys117453] C:\DOCUME~1\NANCYB~1\LOCALS~1\Temp\38c92d68.exe delete O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: Colorific.lnk = C:\Program Files\E-Color\Colorific\hgcctl95.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Register Online.lnk = C:\Program Files\E-Color\Registration\SonnReg.exe O4 - Global Startup: True Internet Color® Icon.lnk = C:\Program Files\E-Color\True Internet Color\TICIcon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Real.com (HKLM) O9 - Extra button: MoneySide (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.skoobidoo.com -- Gary Roach ADB Services Tag: Blocked packet by firewall Tag: 56899
  - 18
    - how do I get rid of things flashing up in my address bar how do I get rid of things pre-emting me in my address bar when I type in an address. I've cleared the history etc. any help would be appreciated. Tag: Blocked packet by firewall Tag: 56896
  - 19
    - service pack2RC1 I went to the security forum you had in SF and recieved a service pack2rc1 undate cd build 2096 for XP. After loading it to my IBM thinkpad it shut down and would not re-boot. I need to get my systems back on line and know why this was not safe. Tag: Blocked packet by firewall Tag: 56893
  - 20
    - attachments I reformatted my computer (XP) and now Outlook Express will not allow me to open any attachments. Does anyone know how to change the settings? thankx Tag: Blocked packet by firewall Tag: 56888
  - 21
    - Does those antivirus software detect trojan? or they only detect virus and common trojan? Do we need the specialized trojan detecting tools? Tag: Blocked packet by firewall Tag: 56887
  - 22
    - please recommend free and trusted trojan remover tools, thanks Tag: Blocked packet by firewall Tag: 56886
  - 23
    - Is the keylogger or keystroker included in the definition of trojans? Tag: Blocked packet by firewall Tag: 56885
  - 24
    - strange firewall log I found a strange log in my firewall logs. My firewall blocked a outgoing packet sent from my IP to another IP. The protocol is TCP. But at that time I didn't use any outgoing program to access the internet. Anyone tell me why? Thanks. Tag: Blocked packet by firewall Tag: 56883
  - 25
    - Time to patch your browser If you use the mozilla line of products, like I do, you should probably read this: http://myitforum.techtarget.com/forums/tm.asp?m=68704&cookieCheck=962293240 If you don't want to do all that much reading, at least visit http://www.mozilla.org and download the very latest build of your chosen products. -- -- Rob Moir, Microsoft MVP for servers & security Website - http://www.robertmoir.co.uk Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html Kazaa - Software update services for your Viruses and Spyware. Tag: Blocked packet by firewall Tag: 56881

Hi,all
I couldn't visit some websites (URLs)recently.
I viewed my firewall logs and found that it blocked some packet sent from my
computer to DNS( the protocol is UDP, remote port is 53). Did that cause the
problem? If so, should I add the IP address of DNS to the trusted zone? If I
did, could the action be risky?
Thanks.

Top

RE: Blocked packet by firewall by ChrisArd

ChrisArd
Mon Jul 12 11:18:48 CDT 2004

Adding the DNS IP addresses to your IE Trusted zone would not help.
Trusted zone content only applies to web content.
If your firewall is blocking access to DNS, then you need to look at your
firewall.
Personally, I prefer to point my DNS to a local DNS server if possible or
the ISP if that isn't possible.
If you have a local DNS server, configure forwarders on that to point to
the ISPs DNS servers. Let the DNS server do the name to IP resolution for
you rather than your client doing all the work.

Chris Ard
Security Support
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.

Top

Re: Blocked packet by firewall by Robert

Robert
Mon Jul 12 15:06:00 CDT 2004

Now wrote:
> Hi,all
> I couldn't visit some websites (URLs)recently.
> I viewed my firewall logs and found that it blocked some packet sent
> from my computer to DNS( the protocol is UDP, remote port is 53). Did
> that cause the problem?

Possibly.

> If so, should I add the IP address of DNS to
> the trusted zone?

In IE? no that won't help. As Chris says, DNS access isn't controlled via
that.

If your firewall is set to block your system from making DNS queries then I
would suggest you've got it set to a slightly too paranoid setting.

--
--
Rob Moir, Microsoft MVP for servers & security
Website - http://www.robertmoir.co.uk
Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html

Kazaa - Software update services for your Viruses and Spyware.

Top

RE: Blocked packet by firewall by N

N
Tue Jul 13 01:29:04 CDT 2004

In article <8P0CvvCaEHA.2752@cpmsftngxa06.phx.gbl>, Chris Ard [MSFT] says...

> Adding the DNS IP addresses to your IE Trusted zone would not help.
> Trusted zone content only applies to web content.
> If your firewall is blocking access to DNS, then you need to look at your
> firewall.

I believe the Zone Alarm firewall also has a "Trusted" zone component.

--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint

Top