No virus? No spyware? No adware? Whats malware?, Loss of internet after Ad-Aware scan? Options

[Aria]

yeah i need to know if adaware is capable of doing this. i ran a scan recently and suddenly i lost ALL ability to get on the internet. its as though after i scanned and cleaned, the files to my router were deleted by adaware. i did a rollback on my windows a day before and i was fine...i ran another scan an hour later and it did it again. i rolled back again and i was fine...so i haven't used adaware for like 4 days now and i'm worried that i can't ever again if it ends up deleting important files for me to get through my router to the internet. if this is a serious bug that the developers have not found yet, they might want to look into it. i would like to see that on the next update, adaware won't delete those files again. but here's whats very odd. every time i did that scan, all it came up with was the usual adware files that i always get. nothing new or "odd" would be in the list. so i don;t know how adaware is deleting those files when they are not even in the lists of items that were a danger to my system. I serisously have not ever had a problem with adaware until now and i hate to have to drop the program cause it does this file deletion of files that i need and don;t even seem to show up in the programs list when i go to clean it. if anyone has any ideas that can help, by all means post. heck if a developer see's this post i beg him or her to find out why its doing this.

[SkittlesPC]

Some Malware infections can cause this type of problem.

I would recommend that you do the following:
1. Run an Online Scan (do a full system scan). As some infections will disable the AntiVirus installed on your PC, to hide it's presence.

Go here and run at least one of the online scans, allow them to delete whatever they find:

Panda ActiveScan
eTrust AntiVirus Web Scanner
Note any thing that can't be fixed
Reboot when done.

2. Run a AAW full system scan with the latest version of Ad-Aware (build 1.06r1), and ensure that you have the latest definition file by performing a webupdate once Ad-Aware is loaded, but since you lose your connection after running the AAW scan and fix, please just run the scan, but do not allow it to fix but save the log, so that you can post it here.

3. Post a HiJack This log, for the Malware Removal Experts to help you with.

Post all of your logs, here > HiJack This forum section.
Start your own thread, stating what problem you are having in the subject line, if you know the name of what you are infected with. Be sure to briefly explain your problem with your loss of connection after running the AAW scan and how you regain it after restoring to the point before the scan.

Please be patient, as there are alot of hjt logs that need to be read, and not all of the ppl here who try to help, such as myself are trained in reading hjt logs. And you need someone trained in this, who is a malware removal expert to help you. They will get to your log as soon as they get a chance.

Here are some instructions on how to post your HiJack This log, and the download link.

Download HijackThis.exe To your desk top.


Now Click start then my computer, then local disk Which is usually c:/
Now click file > new folder > name it hijackthis or hjt anything you like;)
You should get this.


Now right click on HijackThis.exe which you just downloaded.
It will look like this chose cut
Open the folder right click and chose paste.


After which you should get some thing like this.



Now start hijackthis. Do a system scan and save logfile, the saved the log file
will be in the folder you just created. Open the file click edit then select all click edit again then copy.
Return to the forum and start a new topic here then click edit then paste.

Now the fun begins.
Tutorial written by Little Eagle of Security Central and Revised by SkittlesPC

If you need instructions on posting your Ad-Aware scan log, here they are.

Please can you make sure that you are using
Ad-aware SE Build 106r1
Note: If your version is 6.0 and not the SE, you need to uninstall and get the latest version from the above link.

[if not Uninstall your old Ad-aware first then install SE]

Then use the WebUpDate
to get the latest Definition file
SE1R118 07.08.2006

To do this Open Ad-aware
Click the WebUpDate
button at the top right hand side of the Ad-aware screen (The world globe).
Click "Connect"
Ad-aware will then download the latest Definition file for you.
To make sure it is updated , look at the main
Ad-aware screen, and look under "Initialization Status"
It should say the Latest Definition file.

Now scan doing a "Full Scan"

Click the "Show Log" button, copy and paste it to your thread.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)

[Aria]

Hi there! i was told to make a "HijackThis" topic to get help on figuring out why i get loss of internet after a scan with Ad-Aware. Here are a few things that you might want to know and can help you guys eliminate the list of problems and fix the real thing.

1. I am running Windows XP proffessional and its up-to-date.
2. I am running Internet Explorer and is as well, up-to-date.
3. I have AVG antivirus running.(up-to-date)
4. I have Zone Alarm running.(up-to-date)
5. I have Spybot Search and Destroy (up-to-date)
6. I have Ad-Aware SE (up-to-date)

Other specific info:
I have uninstalled and reinstalled Ad-Aware and updated.
If i run spybot, it finds a few things and gets rid of them but i do not loose internet after using it.
I have run disk cleanup times before, deleted unneeded files and had no trouble.
This has never occured until this last recent update.
The loss of internet after a scan and cleaning with Ad-Aware occurs but ONLY after i close internet windows or chat programs. I get loss of email capabilities instantly, when i reopen a new IE window i cannot connect, and if i even close chat windows to a chatting program like icq or aim and reopen one to try to chat to someone, the connection of the chat programs is lost. Basically i keep my internet if i don't close any IE and chat windows but loss of email with outlookexpress is lost immediately after the scan.
After running a scan and looking at all the things in the scan, i never find anything out of the ordinary other than the cookies and mru lists that i have seen before.
Only way i am able to regain my internet is to do a rollback a day before but that mean files deleted get brought back.

Here is my Ad-Aware Scan log:

Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, August 08, 2006 3:45:08 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R118 07.08.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):13 total references.
Tracking Cookie(TAC index:3):16 total references.
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Prior to deletion, allow unloading Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic settings in log file
Set : Include additional settings in log file
Set : Include reference summary in log file
Set : Include Alternate Datastream details in log file
Set : Play sound at scan completion if scan locates critical objects


8-8-2006 3:45:08 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 464
ThreadCreationTime : 8-8-2006 5:49:45 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 524
ThreadCreationTime : 8-8-2006 5:49:47 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 548
ThreadCreationTime : 8-8-2006 5:49:48 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 592
ThreadCreationTime : 8-8-2006 5:49:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 604
ThreadCreationTime : 8-8-2006 5:49:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 760
ThreadCreationTime : 8-8-2006 5:49:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 804
ThreadCreationTime : 8-8-2006 5:49:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 872
ThreadCreationTime : 8-8-2006 5:49:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 916
ThreadCreationTime : 8-8-2006 5:49:51 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1012
ThreadCreationTime : 8-8-2006 5:49:51 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1188
ThreadCreationTime : 8-8-2006 5:49:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1480
ThreadCreationTime : 8-8-2006 5:49:57 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1536
ThreadCreationTime : 8-8-2006 5:49:58 PM
BasePriority : Normal
FileVersion : 7,1,0,381
ProductVersion : 7.1.0.381
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2006, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:14 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 1560
ThreadCreationTime : 8-8-2006 5:49:58 PM
BasePriority : Normal
FileVersion : 6.1.744.001
ProductVersion : 6.1.744.001
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:15 [icqlite.exe]
FilePath : C:\Program Files\ICQLite\
ProcessID : 1576
ThreadCreationTime : 8-8-2006 5:49:58 PM
BasePriority : Normal
FileVersion : 20, 52, 2573, 0
ProductVersion : 20, 52, 2573, 0
ProductName : ICQLite
CompanyName : ICQ Ltd.
FileDescription : ICQLite
InternalName : ICQ Lite
LegalCopyright : Copyright © 2002
OriginalFilename : ICQLite.exe

#:16 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 1584
ThreadCreationTime : 8-8-2006 5:49:58 PM
BasePriority : Normal


#:17 [teatimer.exe]
FilePath : C:\Program Files\Spybot - Search & Destroy\
ProcessID : 1592
ThreadCreationTime : 8-8-2006 5:49:58 PM
BasePriority : Idle
FileVersion : 1, 4, 0, 2
ProductVersion : 1, 4, 0, 3
ProductName : Spybot - Search & Destroy
CompanyName : Safer Networking Limited
FileDescription : System settings protector
InternalName : TeaTimer
LegalCopyright : © 2000-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : TeaTimer.exe
Comments : Schützt Systemeinstellungen vor ungewollten Änderungen.

#:18 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1844
ThreadCreationTime : 8-8-2006 5:50:01 PM
BasePriority : Normal
FileVersion : 7,1,0,365
ProductVersion : 7.1.0.365
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:19 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1856
ThreadCreationTime : 8-8-2006 5:50:01 PM
BasePriority : Normal
FileVersion : 7,1,0,349
ProductVersion : 7.1.0.349
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:20 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1880
ThreadCreationTime : 8-8-2006 5:50:01 PM
BasePriority : Normal
FileVersion : 7,1,0,371
ProductVersion : 7.1.0.371
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:21 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1972
ThreadCreationTime : 8-8-2006 5:50:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:22 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 128
ThreadCreationTime : 8-8-2006 5:50:02 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:23 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 244
ThreadCreationTime : 8-8-2006 5:50:03 PM
BasePriority : Normal
FileVersion : 6.1.744.001
ProductVersion : 6.1.744.001
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:24 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2060
ThreadCreationTime : 8-8-2006 5:50:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:25 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3924
ThreadCreationTime : 8-8-2006 5:52:39 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:26 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2664
ThreadCreationTime : 8-8-2006 8:44:14 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 0

MRU List Object Recognized:
Location: : C:\Documents and Settings\Holly Daughtrey\recent
Description : list of recently opened documents


MRU List Object Recognized:
Location: : S-1-5-21-1482476501-1336601894-682003330-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized:
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized:
Location: : S-1-5-21-1482476501-1336601894-682003330-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized:
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized:
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized:
Location: : S-1-5-21-1482476501-1336601894-682003330-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized:
Location: : S-1-5-21-1482476501-1336601894-682003330-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized:
Location: : S-1-5-21-1482476501-1336601894-682003330-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized:
Location: : S-1-5-21-1482476501-1336601894-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized:
Location: : S-1-5-21-1482476501-1336601894-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized:
Location: : S-1-5-21-1482476501-1336601894-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized:
Location: : S-1-5-21-1482476501-1336601894-682003330-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk



Started tracking cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized:
Type : IECache Entry
Data : holly daughtrey@fastclick[2].txt
TAC Index : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:holly daughtrey@fastclick.net/
Expires : 8-7-2008 2:35:50 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized:
Type : IECache Entry
Data : holly daughtrey@rambler[2].txt
TAC Index : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:holly daughtrey@rambler.ru/
Expires : 12-31-2007 7:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized:
Type : IECache Entry
Data : holly daughtrey@adrevolver[2].txt
TAC Index : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:holly daughtrey@media.adrevolver.com/adrevolver/
Expires : 4-30-2009 7:01:34 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized:
Type : IECache Entry
Data : holly daughtrey@ehg.hitbox[1].txt
TAC Index : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:holly daughtrey@ehg.hitbox.com/
Expires : 8-8-2007 1:03:52 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized:
Type : IECache Entry
Data : holly daughtrey@realmedia[2].txt
TAC Index : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:holly daughtrey@realmedia.com/
Expires : 12-31-2020 7:00:00 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized:
Type : IECache Entry
Data : holly daughtrey@trafficmp[2].txt
TAC Index : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:holly daughtrey@trafficmp.com/
Expires : 8-8-2007 1:09:06 PM
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized:
Type : IECache Entry
Data : holly daughtrey@casalemedia[1].txt
TAC Index : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:holly daughtrey@casalemedia.com/
Expires : 7-30-2007 10:50:10 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized:
Type : IECache Entry
Data : holly daughtrey@atdmt[2].txt
TAC Index : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:holly daughtrey@atdmt.com/
Expires : 8-6-2011 7:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized:
Type : IECache Entry
Data : holly daughtrey@doubleclick[1].txt
TAC Index : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:holly daughtrey@doubleclick.net/
Expires : 8-7-2009 12:55:10 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized:
Type : IECache Entry
Data : holly daughtrey@hitbox[2].txt
TAC Index : 3
Category : Data Miner
Comment : Hits:158
Value : Cookie:holly daughtrey@hitbox.com/
Expires : 8-8-2007 1:33:08 AM
LastSync : Hits:158
UseCount : 0
Hits : 158

Tracking Cookie Object Recognized:
Type : IECache Entry
Data : holly daughtrey@advertising[1].txt
TAC Index : 3
Category : Data Miner
Comment : Hits:14
Value : Cookie:holly daughtrey@advertising.com/
Expires : 8-7-2011 1:26:38 PM
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized:
Type : IECache Entry
Data : holly daughtrey@ehg-newegg.hitbox[2].txt
TAC Index : 3
Category : Data Miner
Comment : Hits:76
Value : Cookie:holly daughtrey@ehg-newegg.hitbox.com/
Expires : 8-8-2007 1:33:08 AM
LastSync : Hits:76
UseCount : 0
Hits : 76

Tracking Cookie Object Recognized:
Type : IECache Entry
Data : holly daughtrey@tribalfusion[2].txt
TAC Index : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:holly daughtrey@tribalfusion.com/
Expires : 12-31-2037 7:00:00 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized:
Type : IECache Entry
Data : holly daughtrey@mediaplex[1].txt
TAC Index : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:holly daughtrey@mediaplex.com/
Expires : 6-21-2009 7:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized:
Type : IECache Entry
Data : holly daughtrey@adrevolver[1].txt
TAC Index : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:holly daughtrey@adrevolver.com/
Expires : 8-8-2007 7:32:24 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized:
Type : IECache Entry
Data : holly daughtrey@2o7[2].txt
TAC Index : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:holly daughtrey@2o7.net/
Expires : 8-7-2011 1:26:50 PM
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 16
Objects found so far: 29



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk scan result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 29


Scanning Hosts file...
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New Critical Objects:0
Objects found so far: 29




Performing conditional scans..
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 29

3:52:00 PM Scan Complete

Summary of this scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:06:52.188
Objects scanned:152812
Objects identified:16
Objects ignored:0
New Critical Objects:16

Here is the logfile for hijackthis. i ran the scan and saved the logfile but did not remove anything from my system. i hope this helps.

Logfile of HijackThis v1.99.1
Scan saved at 4:57:21 PM, on 8/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Programs\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/channel/START
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2005\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2005\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2005\\Parser.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[Aria]

Not sure if its is allowed but i was hoping a bump might help me make sure this gets looked at.

[Aria]

i know everyone is busy but can anyone help me find out whats wrong? all my scans have produced nothing especially when i went to 2 scanners posted on my first thread. i just really would like to continuing to use ad-aware since i never had a problem with it till now.

[LS CalamityJane]

Hi Aria,

I've merged all your topics so I can keep everything together. Unfortunately, bumping your topics only delayed our seeing them because we try to work these threads from the oldest unreplied to the newest. So bumping back to the top had the opposite effect.

I'm now subscribed to this topic so I will receive a notice from the board as soon as you reply, so I can be here much more quickly than it has taken to get to your new topic.

I've reviewed all of your logs. Your HijackThis log is clean and not indicating any problems.

Your Ad-Aware scan log doesn't detect any harmful threats. MRU's are not a threat at all to your computer and neither are cookies, so these could not be affecting your connection. Was there a prior scan log from Ad-Aware where something else was detected, because it's not showing on this log.

[Aria]

YAY merging helped me find the topic faster...lol...sorry bout that, i'm so new i had no idea that bumping actually worsens the speed of response. hmm no threats huh? thats is odd...and no...nothing is scanned before this happens really...although i am reduced to running only clean disk and spybot since i can't use adaware to get some of the stuff spybot does not. but no...even if i restart my comp and run a fresh scan of adaware, if i clean my system with it i immediately loose internet again. no matter how hard i try to prevent it from causing it, adaware still causes me to loose internet until i do a rollback and regain lost files....so basically all the junk i just got rid of comes back..T.T i'm not sure what else could be the problem other than the newest update of adaware is different enough to cause this on my system. is there anything else you need me to do to find the real culprit?

[LS CalamityJane]

Honestly, I'm stumped. Reviewing that Ad-Aware log there is nothing but MRUs (which are not even a threat) and cookies (ditto - cannot harm your computer as they are only text files)

[Aria]

awww....*sigh* well, i DO remember a long time ago(definately nearly 5 years ago i think), this happened with a different computer...it was not as serisous back then cause when it got the next update it worked fine again. back then i wasn't using my computer for freelancing work. i could wait for the next update and see if it gets fixed then....if it doesn't do you have a reccomendation program to take adaware's place? T.T even though i hate to ask it cause i love adaware.

[LS CalamityJane]

Wait for the next update and we'll see I guess, but I haven't seen the problem reported elsewhere.

Try deselecting "search for neglible risk" items. MRUs are not a threat anyway and don't need to be deleted. But then, they have nothing to do with your internet connection either.

[Aria]

well i actuallly tried that at the suggestion of a friend techie...but i got the same result....so i don;t know...so what do you reccomend in a replacement for adaware until the new update?

[LS CalamityJane]

Spyware Warrior (Eric Howe's) list of Trustworthy Antispyware Products:
Trustworthy Anti-Spyware Products
http://spywarewarrior.com/rogue_anti-spyware.htm#trustworthy

And this is useful to know, a list of products to avoid:
Rogue/Suspect Anti-Spyware Products & Web SitesRogue/Suspect Anti-Spyware Products & Web Sites

[Aria]

thank you for all the help and reassurance. i definately don;t want to stop using adaware so i will still wait for the next update and see if that fixes my problem. in the meantime i will use just spybot and ewido(might actually purchase since it seems to be a good adware scanner to sit along side spyboth and adaware). i have been trying to keep my system safe by running scans regularly and it actually doesn;t surprise me that you found nothing malicious in my scan logs. thats how often i scan...alot of times once every day. my brother was the one who taught me to keep an eye on my comp and protect it like this a long time ago. although i still know my computer is kinda wonky and picky over certain programs. is there a task manager you reccomend to? maybe i can find out if programs are doin wierd things on my system that could be part of the reason why i loose internet after an adaware scan. but if you guys ever see another post from someone explaining loss of internet after a scan, drop me a line and i will be thankful to know it wasn't just me...LOL. again i thank you for your help and glad to know such nice, and helpful people.

[Ayla]

I also have the same probelm with Ad-aware 1.06R1

Run a scan and I am locked out of the Internet, when I reboot the computer, It sits on my windows password screen for a long time after I entered the pw, then loads or tries to load up into the desktop...
I receive no start button, no task-bar and no desktop icons.

I have to do a System Restore, to get it back up and running

I have done this 15 times trying to pin point what program was doing this..
It is Ad-aware.
So I have removed Ad-Aware from my system until this problem is taking care of..

I also am on DSL and running a 2-wire router
Win XP sp2

[LS CalamityJane]

Hi Ayla,

Do you have any idea of when this started happening?

[Ayla]

After the Adware update then every time I ran the scan

I would say about 3-4 weeks I have been working on this puzzle..

I came here today wondering if anyone else had problems with the new update ( which is why I posted under this thread)

.... I tested it out today again before I removed it.. then tried to open up a web page, it had me locked out. when I rebooted the system, I got the same old lock out desktop. and had to do another system restore.


never had a problem with Ad-ware in the past, so I did not think it was Ad-ware that was causing the problems..


But when cleaning up the files I usually run more then one program scan, so I removed all scanning programs, then added them back one by one, updated and ran.. to pin point the trouble.

as soon as I ran the Ad-ware scan. the trouble started all over again

[Ad Astra]

Hi Ayla / Aria

There is a lot of information in the thread so to help collate the info could you post back with a quick summary with answers to these questions please:

1) Which version of Ad-Aware SE are you using? Personal, Plus, Professional?

2) Which version of Windows and what service pack level are you at?

3) Does the loss of internet connection happen whilst just doing a scan or does it happen after removing items found?

Some of the info is available above but a quick summary would be a great help.

Thanks

[Ayla]

1. 1.06R1 SE Personal
2. XP Sp2
3. after removing items

[Ad Astra]

1. 1.06R1 SE Personal
2. XP Sp2
3. after removing items

OK item 3 is the key. It sounds like the Winsock stack in Windows got corrupted. This can sometimes happen when removing malware that have added items into the Winsock stack.

Can you see if you have an old log file form an Ad-Aware SE scan at the time?

The Logs are stored in the following folder where username is the account you log on with.

C:\Documents and Settings\username\Application Data\Lavasoft\Ad-aware\Logs

An easy way to get there is to

click Start,
click Run
then type in and then click the OK button:

%appdata%

in the explorer window that opens select Lavasoft, then Ad-Aware and then Logs.

scroll down to find the one from the time you had the issue.

Open it in notepad and then right mouse Click and select "select all" copy and then paste the contents of it here.


Item 2 is good news in that as you are on XP SP2 it is easy to reset the Winsock stack. I like to check for genuine third party entries first so if you could post the contents somebody can advise before resetting Winsock.

To post the Winsock contents:

press start then select run in the box please enter the following

cmd

click the OK button to proceed. This will open a command window (black background) now enter into the command window the following:

netsh winsock show catalog > C:\lsp.txt

then press the return key to run the command. This will output a listing of the current LSPs to a file.

Now open windows explorer and navigate to the top C: folder and double click on lsp.txt. This will open notepad with the contents of the file showing which Winsock LSPs are installed. Cut and paste the contents in a reply.

Once checked if it is OK to reset Winsock:

Start a command window (black background) as above and then enter:

netsh winsock reset catalog

press the return key to run the command and then reboot your PC.

This will restore the default windows LSPs, although it is worth checking for genuine third party LSPs first as, for example, some firewalls work by adding their own LSPs.

[Ayla]

sorry I do not have anything in the file under lavasoft... I removed it from my system after I found it to be the problem..

I was wondering if there is any updates for this fix yet.. If it was a file, How did it go bad, and why right after I updated the program?

It is understandable that I am now scared to try to download Ad-Ware once again and be faced with the same problem after I scan..

BTY I did remove the program and reinstalled it_ twice and also ran into the same problems..

I have used Ad-WAre for a long time and would like to use it again,

I just do not want to have to go though it all again, just tonight I got the Internet working as it should, and still may have to do a reformat


Thank you for taking the time with me to help me understand this problem.

Winsock Info

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [TCP/IP]
Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1001
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 1
Protocol: 6
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [UDP/IP]
Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1002
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 2
Protocol: 17
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [RAW/IP]
Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1003
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 3
Protocol: 0
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: RSVP UDP Service Provider
Provider ID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Provider Path: %SystemRoot%\system32\rsvpsp.dll
Catalog Entry ID: 1004
Version: 6
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 2
Protocol: 17
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: RSVP TCP Service Provider
Provider ID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Provider Path: %SystemRoot%\system32\rsvpsp.dll
Catalog Entry ID: 1005
Version: 6
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 1
Protocol: 6
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B6AC9C68-B947-4E75-82B3-8FA1D73D4B04}] SEQPACKET 4
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1014
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 5
Protocol: -4
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B6AC9C68-B947-4E75-82B3-8FA1D73D4B04}] DATAGRAM 4
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1015
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 2
Protocol: -4
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0EA76CE0-1995-4740-A4A7-1C44A3E28DC5}] SEQPACKET 0
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1016
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 5
Protocol: -2147483648
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0EA76CE0-1995-4740-A4A7-1C44A3E28DC5}] DATAGRAM 0
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1017
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 2
Protocol: -2147483648
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8C22942E-945B-4AA3-B3EA-108CB9D6ADF2}] SEQPACKET 1
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1018
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 5
Protocol: -1
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8C22942E-945B-4AA3-B3EA-108CB9D6ADF2}] DATAGRAM 1
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1019
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 2
Protocol: -1
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7CAE6127-7CF9-4C25-8C56-233EECDDC2A5}] SEQPACKET 2
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1020
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 5
Protocol: -2
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7CAE6127-7CF9-4C25-8C56-233EECDDC2A5}] DATAGRAM 2
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1021
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 2
Protocol: -2
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8A10E238-0259-4790-BB5B-6F194CC496D0}] SEQPACKET 3
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1022
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 5
Protocol: -3
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8A10E238-0259-4790-BB5B-6F194CC496D0}] DATAGRAM 3
Provider ID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1023
Version: 2
Address Family: 17
Max Address Length: 20
Min Address Length: 20
Socket Type: 2
Protocol: -3
Protocol Chain Length: 1

Name Space Provider Entry
------------------------------------------------------
Description: Tcpip
Provider ID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Name Space: 12
Active: 1
Version: 0


Name Space Provider Entry
------------------------------------------------------
Description: NTDS
Provider ID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Name Space: 32
Active: 1
Version: 0


Name Space Provider Entry
------------------------------------------------------
Description: Network Location Awareness (NLA) Namespace
Provider ID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Name Space: 15
Active: 1
Version: 0