Author Topic: Adaware SE log file help (Read 6232 times)

Corrine · « **Reply #15 on:** April 30, 2006, 04:43:31 PM »

Take your time. In fact, you should have him print or copy paste the instructions to notepad and save to his desktop so he can check things off as he goes through the steps.

MargareeExpress · « **Reply #16 on:** May 01, 2006, 12:17:45 AM »

Ok I think we might be in business here. Let us know what you think?

The only thing we had trouble with was:

Quote

o Answer Yes to the question "Restore Trusted Zone ?" by typing Y
o Hit Enter.

There wasn't a prompt for this question. So do we have to restore the Trusted Zone some other way. Please advise!
Thanks again for all the help I knew I had reason to be excited finding this forum. Great job!

SmitFraudFix v2.37

Scan done at 14:49:04.89, Sun 04/30/2006
Run from C:\Documents and Settings\ISADORE\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\uniq Deleted
C:\WINDOWS\system32\intell321.exe Deleted
C:\WINDOWS\system32\oleext.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» End

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:         4:55:40 PM, 4/30/2006
+ Report-Checksum:      104033E3

+ Scan result:

   HKLM\SOFTWARE\Altnet -> Adware.Altnet : Error during cleaning
   HKLM\SOFTWARE\Altnet\Dashboard -> Adware.Altnet : Error during cleaning
   HKLM\SOFTWARE\Altnet\Dashboard\Messages -> Adware.Altnet : Error during cleaning
   HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Adware.Altnet : Error during cleaning
   C:\Downloads\FamilyFeudSetup-dm[1].exe.tcf -> Adware.Trymedia : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000248.exe -> Downloader.Small.csn : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000251.exe -> Downloader.Small.csn : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000252.exe -> Downloader.Small.csn : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000268.exe -> Downloader.Small.ctf : Cleaned with backup
   C:\WINDOWS\SYSTEM32\BO2801040128.dll -> Adware.BargainBuddy : Cleaned with backup
   C:\WINDOWS\SYSTEM32\egaccess4_1059.dll -> Trojan.Dialer.pc : Cleaned with backup
   C:\WINDOWS\SYSTEM32\egaccess4_1060.dll -> Dialer.InstantAccess.r : Cleaned with backup

::Report End

Logfile of HijackThis v1.99.1
Scan saved at 5:36:11 PM, on 4/30/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Startup: Internet Call Manager.LNK = C:\Program Files\Internet Call Manager\ICM.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Corrine · « **Reply #17 on:** May 01, 2006, 11:04:50 PM »

Hi, MargareeExpress. You and Coach have done a great job!

The "restore Trusted Zone" is an option. It is easy to check:

Launch Internet Explorer
Click Tools > Internet Options > Security
Single Click "Trusted Sites"

If sites have been added to the Trusted Sites, there will be an indication. See http://support.microsoft.com/?kbid=301689 for removal if there are sites you did not add and it was a result of the infection. You could also try Option 3 again.

(Note: if you do follow the Microsoft procedure, be sure to back up the registry first before doing any regedits.)

As to the setting for the Trusted Sites, the "Default level is "low", which I do not recommend. Medium should work just fine.

The next step is clearing System Restore and creating a fresh restore point while the system is clean and before installing Service Pack 2. I would then recommend a new restore point after Service Pack 2 and all Windows Updates have been installed. See Atribune's simple instructions on System Restore: http://www.atribune.org/sysrestore.html

For additional information on protecting your PC, please see Tony Klein's "So how did I get infected in the first place?" for important tips on how to prevent future infections. There is also a lot of helpful information in "Mitch's Good Stuff" linked from here. In the same thread you'll find a link to Ghost's site, with tutorials for installing the popular security software programs.

If you haven'tyet, install and update both SpywareBlaster & SpyGuard to prevent the installation of spyware and other potentially unwanted software:

SpywareBlaster -- http://www.javacoolsoftware.com/spywareblaster.html
SpywareGuard -- http://www.javacoolsoftware.com/spywareguard.html

If you use Internet Explorer, IE-Spyad will add thousands of sites into your IE restricted zone: http://www.spywarewarrior.com/uiuc/resource.htm .

Another useful program is StartupMonitor, which will warn you when somethings tries to sneak in: http://www.mlin.net/StartupMonitor.shtml

Regards,

Corrine

COACH · « **Reply #18 on:** May 02, 2006, 05:53:58 PM »

Hi Corrine!

Once again I have to thank you all for your patience & support you all have provided .
Margaree Express & myself.

I followed the steps However After installing SP 2 on restart .The windows security opened & when i tried to click Windows firewall settings .The following came up
Windows Security
Due to An unidentified problem.Windows cannot display windows firewall setttings..

I then tried to access windows firewall settings through the Control Panel . The same message popped up.

Then proceeded to do a D-Frag & then to Create a restore point after SP 2 installation.

ANy advice to fix the above problem?

Next I ran Adware SE (smart Scan)

After everything we've done the following remains

One object identified 1) Altnet BDE Tac index 4.

Here is the Scan Report.
Ad-Aware SE Build 1.06r1
Logfile Created on:Monday, May 01, 2006 11:23:52 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R105 26.04.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
AltnetBDE(TAC index:4):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R105 26.04.2006
Internal build : 125
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 623812 Bytes
Total size : 2049042 Bytes
Signature data size : 2011689 Bytes
Reference data size : 36841 Bytes
Signatures total : 56569
CSI Fingerprints total : 2406
CSI data size : 78138 Bytes
Target categories : 15
Target families : 880

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:61 %
Total physical memory:522224 kb
Available physical memory:314720 kb
Total page file size:1278580 kb
Available on page file:1000508 kb
Total virtual memory:2097024 kb
Available virtual memory:2044148 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects

5-1-2006 11:23:52 PM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 372
ThreadCreationTime : 5-2-2006 1:30:49 AM
BasePriority : Normal

#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 432
ThreadCreationTime : 5-2-2006 1:31:00 AM
BasePriority : Normal

#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 456
ThreadCreationTime : 5-2-2006 1:31:02 AM
BasePriority : High

#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 500
ThreadCreationTime : 5-2-2006 1:31:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 512
ThreadCreationTime : 5-2-2006 1:31:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 680
ThreadCreationTime : 5-2-2006 1:31:18 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 748
ThreadCreationTime : 5-2-2006 1:31:19 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 784
ThreadCreationTime : 5-2-2006 1:31:19 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 832
ThreadCreationTime : 5-2-2006 1:31:20 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 872
ThreadCreationTime : 5-2-2006 1:31:20 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 948
ThreadCreationTime : 5-2-2006 1:31:22 AM
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:12 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 984
ThreadCreationTime : 5-2-2006 1:31:23 AM
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:13 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 992
ThreadCreationTime : 5-2-2006 1:31:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [ewidoctrl.exe]
ModuleName : C:\Program Files\ewido anti-malware\ewidoctrl.exe
Command Line : "C:\Program Files\ewido anti-malware\ewidoctrl.exe"
ProcessID : 1144
ThreadCreationTime : 5-2-2006 1:31:24 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:15 [mcdetect.exe]
ModuleName : c:\program files\mcafee.com\agent\mcdetect.exe
Command Line : "c:\program files\mcafee.com\agent\mcdetect.exe"
ProcessID : 1216
ThreadCreationTime : 5-2-2006 1:31:29 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 19
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee WSC Integration Service
InternalName : McDetect
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : McDetect.exe
Comments : McAfee WSC Integration Service

#:16 [mcshield.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
ProcessID : 1256
ThreadCreationTime : 5-2-2006 1:31:29 AM
BasePriority : High

#:17 [mctskshd.exe]
ModuleName : c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
Command Line : c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
ProcessID : 1284
ThreadCreationTime : 5-2-2006 1:31:30 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 13
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee Task Scheduler
InternalName : McTskshd
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : McTskshd.exe

#:18 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1376
ThreadCreationTime : 5-2-2006 1:31:32 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:19 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1188
ThreadCreationTime : 5-2-2006 1:33:10 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:20 [mcagent.exe]
ModuleName : C:\PROGRA~1\mcafee.com\agent\mcagent.exe
Command Line : "C:\PROGRA~1\mcafee.com\agent\mcagent.exe"
ProcessID : 2988
ThreadCreationTime : 5-2-2006 1:34:38 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 16
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mcagent.exe

#:21 [oasclnt.exe]
ModuleName : C:\Program Files\McAfee.com\VSO\oasclnt.exe
Command Line : "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
ProcessID : 3032
ThreadCreationTime : 5-2-2006 1:34:43 AM
BasePriority : Normal
FileVersion : 10, 0, 0, 24
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan OAS Client
InternalName : OasClnt
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : OasClnt.exe
Comments : McAfee VirusScan OAS Client

#:22 [mcvsshld.exe]
ModuleName : c:\program files\mcafee.com\vso\mcvsshld.exe
Command Line : "c:\program files\mcafee.com\vso\mcvsshld.exe" -Embedding
ProcessID : 3064
ThreadCreationTime : 5-2-2006 1:34:45 AM
BasePriority : Normal
FileVersion : 10, 0, 0, 22
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : McVsShld
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : McVsShld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:23 [mcvsescn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\mcvsescn.exe
Command Line : "c:\progra~1\mcafee.com\vso\mcvsescn.exe" /disabled
ProcessID : 3120
ThreadCreationTime : 5-2-2006 1:34:48 AM
BasePriority : Normal
FileVersion : 10, 0, 0, 20
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:24 [mcvsftsn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\mcvsftsn.exe
Command Line : c:\progra~1\mcafee.com\vso\mcvsftsn.exe -Embedding
ProcessID : 3472
ThreadCreationTime : 5-2-2006 1:35:33 AM
BasePriority : Normal
FileVersion : 10, 0, 0, 19
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan Instant Messenger Scan Module
InternalName : mcvsftsn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsftsn.EXE
Comments : McAfee VirusScan Instant Messenger Scan Module

#:25 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" -Embedding
ProcessID : 3560
ThreadCreationTime : 5-2-2006 1:35:43 AM
BasePriority : Normal
FileVersion : 4.7.3000
ProductVersion : Version 4.7.3000
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:26 [msdtc.exe]
ModuleName : C:\WINDOWS\System32\msdtc.exe
Command Line : C:\WINDOWS\System32\msdtc.exe
ProcessID : 3896
ThreadCreationTime : 5-2-2006 1:36:13 AM
BasePriority : Normal
FileVersion : 2001.12.4414.258
ProductVersion : 03.01.00.4414
ProductName : Microsoft Distributed Transaction Coordinator
CompanyName : Microsoft Corporation
FileDescription : MS DTC console program
InternalName : MSDTC.EXE
LegalCopyright : Copyright (C) Microsoft Corp. 1995-1998
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation

#:27 [securitysuite.exe]
ModuleName : C:\Program Files\ewido anti-malware\SecuritySuite.exe
Command Line : "C:\Program Files\ewido anti-malware\SecuritySuite.exe"
ProcessID : 3240
ThreadCreationTime : 5-2-2006 2:03:10 AM
BasePriority : Normal
FileVersion : 3, 5, 0, 0
ProductVersion : 3, 5, 0, 0
ProductName : ewido anti-malware
CompanyName : ewido networks
FileDescription : anti-malware
InternalName : GuiLoader
LegalCopyright : © 2003 ewido networks
OriginalFilename : SecuritySuite.exe

#:28 [icm.exe]
ModuleName : C:\Program Files\Internet Call Manager\ICM.EXE
Command Line : "C:\Program Files\Internet Call Manager\ICM.EXE"
ProcessID : 3492
ThreadCreationTime : 5-2-2006 2:04:05 AM
BasePriority : Normal
FileVersion : 8, 24, 0, 23
ProductVersion : 8, 24, 0, 23
ProductName : Internet Call Manager
CompanyName : InfoInterActive Corp.
FileDescription : ICM Client Application
InternalName : ICM Client
LegalCopyright : Copyright (C) 1996-2003
OriginalFilename : ICM.EXE
Comments : ICM

#:29 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k netsvcs
ProcessID : 3724
ThreadCreationTime : 5-2-2006 2:05:05 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:30 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[e8c]SUSDS37a5c764a031004badedba8293ec469c
ProcessID : 184
ThreadCreationTime : 5-2-2006 2:23:14 AM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:31 [ewidoguard.exe]
ModuleName : C:\Program Files\ewido anti-malware\ewidoguard.exe
Command Line : n/a
ProcessID : 2584
ThreadCreationTime : 5-2-2006 2:23:15 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe

#:32 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2660
ThreadCreationTime : 5-2-2006 2:23:27 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:33 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : "C:\WINDOWS\system32\wuauclt.exe"
ProcessID : 2476
ThreadCreationTime : 5-2-2006 2:23:38 AM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

AltnetBDE Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\altnet

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Disk Scan Result for C:\DOCUME~1\ISADORE\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 1

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

11:27:24 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:03:31.625
Objects scanned:96159
Objects identified:1
Objects ignored:0
New critical objects:1

WE will await your reply!

Thanks Again!

Coach!!

winchester73 · « **Reply #19 on:** May 02, 2006, 06:14:23 PM »

See if this helps the firewall issue: http://windowsxp.mvps.org/sharedaccess.htm

COACH · « **Reply #20 on:** May 03, 2006, 06:39:20 PM »

Hey Winchester !

It worked : Thanks
Again COACH!

Corrine · « **Reply #21 on:** May 03, 2006, 06:55:50 PM »

Now why are you surprised?

winchester73 · « **Reply #22 on:** May 03, 2006, 07:28:27 PM »

Quote from: COACH on May 03, 2006, 06:39:20 PM

Hey Winchester !

It worked : Thanks
Again COACH!

Great news mate. Glad the problem is solved.

Should you need to troubleshoot anything, here is a Microsoft article: http://support.microsoft.com/default.aspx?kbid=875357

This will help you understand the firewall better: http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx

For suggestions on how to adjust the settings: http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfsettings.mspx

Post back if you encounter any further problems.

Quote from: Corrine on May 03, 2006, 06:55:50 PM

Now why are you surprised?

LandzDown Forum

News:

Author Topic: Adaware SE log file help (Read 6232 times)

Corrine

Re: Adaware SE log file help

MargareeExpress

Re: Adaware SE log file help

Corrine

Re: Adaware SE log file help

COACH

Re: Adaware SE log file help

winchester73

Re: Adaware SE log file help

COACH

Re: Adaware SE log file help

Corrine

Re: Adaware SE log file help

winchester73

Re: Adaware SE log file help