Re: Base Line Security Analyzer

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Security Bulletins for July 04 13 July 2004 Today Microsoft released the following Security Bulletins. Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details. Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided. Bulletin Summaries: http://www.microsoft.com/technet/security/bulletin/ms04-jul.mspx Critical Bulletins: MS04-022 - Vulnerability in Task Scheduler Could Allow Code Execution (841873) http://www.microsoft.com/technet/security/bulletin/ms04-022.mspx MS04-023 - Vulnerability in HTML Help Could Allow Code Execution (840315) http://www.microsoft.com/technet/security/bulletin/ms04-023.mspx Important Bulletins: MS04-019 - Vulnerability in Utility Manager Could Allow Code Execution (842526) http://www.microsoft.com/technet/security/bulletin/ms04-019.mspx MS04-020 - Vulnerability in POSIX Could Allow Code Execution (841872) http://www.microsoft.com/technet/security/bulletin/ms04-020.mspx MS04-021 - Security Update for IIS 4.0 (841373) http://www.microsoft.com/technet/security/bulletin/ms04-021.mspx MS04-024 - Vulnerability in Windows Shell Could Allow Remote Code Execution (839645) http://www.microsoft.com/technet/security/bulletin/ms04-024.mspx Moderate Bulletins: MS04-018 - Cumulative Security Update for Outlook Express (823353) http://www.microsoft.com/technet/security/bulletin/ms04-018.mspx This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so. If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary. Tag: Re: Base Line Security Analyzer Tag: 57157
  - 2
    - Base Line Security Analyzer I recently used the tool to analyze my computer and when it was done it said I had patches that needed to be patched that I had already out on my computer is this normal. I do not know if I am secure or not. Tag: Re: Base Line Security Analyzer Tag: 57156
  - 3
    - cant reinstall norton securtity One day my Norton Internet Security 2004 package was there then the next day it had gone. When i tried to click on the icon on the desktop it told me there was an error and that i need to uninstall norton then reinstall it. So thats what i did, uninstalled it however when i put my disk in to reinstall, it would get so far then tell me there was an error 1722, a problem with Windows Installer Package, how do i resolve this? Please help!! Tag: Re: Base Line Security Analyzer Tag: 57153
  - 4
    - Can have a CA that is accepted by default in browsers? How can I, instead of self-signing the certs for each server, have them signed by a CA that is accepted by default in browsers. Non AD environment currently as well. Thanks. Tag: Re: Base Line Security Analyzer Tag: 57152
  - 5
    - WMP Why is it that all music uploaded to windows media player is protected, but all other music isn't? I cannot access it at all! Tag: Re: Base Line Security Analyzer Tag: 57147
  - 6
    - "Trial Version of Delphi"....Help! i used to have windows 98, when entering "my computer" or any other places on my pc, an error message would appear saying Error "Trail version of Delphi has expried" but was able to use my pc to an extent. I decided to upgrade to xp hoping this would solve the problem but now i cannot see my harddrive or enter the control panels?? Any ideas would be much appreciated.! Do i have a virus??? Tag: Re: Base Line Security Analyzer Tag: 57144
  - 7
    - About EventComboMT I want to know the ways to customize the outeput files of eventcombMt. Suppose i want to know the total number of occurances of an event in each machine... Tag: Re: Base Line Security Analyzer Tag: 57140
  - 8
    - remove res://cooup.dll/index.html#37049 res://cooup.dll/index.html#37049 This is my current internet explorere homepage, annoyingly, no spyware programmes recognise it. Does anyone know how to get rid of it? Thanks Rachel PS. Someone suggested using Netscape instead of internet explorer, does Netscape really have fewer pop ups and sypware downloads? Tag: Re: Base Line Security Analyzer Tag: 57138
  - 9
    - MS04-11 for NT4 Applied patch to multiple systems. All installed correctly. However, a number of Elonex Prosentia / DG Aviion clients on reboot have developed errors causing the keyboard, video, mouse and DHCP services to fail, e.g.: Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7026 Description: The description for Event ID ( 7026 ) in Source ( Service Control Manager ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: Kbdclass Mouclass msi804 Grateful for any assitance. Tag: Re: Base Line Security Analyzer Tag: 57137
  - 10
    - Host-based security Hello, at present I write my diploma thesis with the topic "host- based security". The emphasis is situated however not on the clientprotection but the protection of the servers in a network environment. Can you recommend some sources to me, where I can find material? For example Microsoft-Security-Guru Steve Riley held a lecture on "Death OF the DMZ", that deals with this topic. The slides I have about this presentation are not informative because Steve just says, that he does not use any slides during his lecture... Unfortunately I did not hear the lecture. If you have any usable information I would be very grateful!! Tag: Re: Base Line Security Analyzer Tag: 57131
  - 11
    - certificate and smartcard Hi, I am currently working on a project using smartcards for authentication. Everything work fine but I have to automate the process and I wonder if you can advise me. Here is the list of the tasks I would like to automate : * Generate a user certificate * Copy this certificate on the smartcard * 'DUMP' smartcard data (serial number, ... so I will be able to store the data in a database for admin purpose) * copy the user certificate in the AD account (certificate mapping). I you can advise me that would be great. Best regards FE Tag: Re: Base Line Security Analyzer Tag: 57129
  - 12
    - non-encrypted cookies When I visit some websites they use cookies to find out what I am interested in and even record my passwords. Those cookies are mostly non-encrypted cookies. Who can see those cookies except myself? webmasters of the websites? Tag: Re: Base Line Security Analyzer Tag: 57128
  - 13
    - will nortan's stop a virus through messenger so if we both have nortans installes does it scan our post? So therefore we should n't get a virus? Is that right Tag: Re: Base Line Security Analyzer Tag: 57124
  - 14
    - Slow login Hi! guys, my problem is this..we have a w2k server 2000 and 5 client running w2k pro.. when the other client login its very slow its almost 20 mints before he going to desktop..but the other client its working fine..and their is no error in my events log. any idea guys?? Many thanks, Joey Tag: Re: Base Line Security Analyzer Tag: 57122
  - 15
    - can I get a worm/virus from useing MSN messenger I only use msn messegner between myself and my sister is it possible to get a virus or worm by talking only back and forth between ourselves. If so how do I stop from getting one? Tag: Re: Base Line Security Analyzer Tag: 57121
  - 16
    - can't get rid of spyware & pop ups I'm pretty much a newbie so please help. I have adaware 6.0, spybot, spysweeper, spysubtract, cw shredder, and spyware blaster and I'm still getting spyware and tons of pop ups. How can I get rid of this stuff? Tag: Re: Base Line Security Analyzer Tag: 57118
  - 17
    - Browser security I can't get onto certain sites because of a security issue.The sites won't allow me on and the error page say's that I should check my internet browser settings in the tool bar. I have done this and all are checked properly. Is there something I'm missing? Tag: Re: Base Line Security Analyzer Tag: 57117
  - 18
    - Who is www.updatenow.org??? They keep sending me popup messages that I have security problems. The sight looks professional, but no names, address, and etc. Is this a hox?? They want me to download a fix! Tag: Re: Base Line Security Analyzer Tag: 57116
  - 19
    - Help reading attachments with Outlook express 5.5 Hi can anyone help me with email attachements in outlook express 5.5 I keep getting an error message that the email can not be displayed click on view and then folder options however, what do I put this as?? NOVICE here! Thanks! Patt Tag: Re: Base Line Security Analyzer Tag: 57114
  - 20
    - Punk Buster Anti-Cheat Software for online gaming Hello, I do not want to go into to much detail about what Punk Buster is but it is something that a few very popular games are starting to use. It is supposed to prevent people from cheating in online games. A lot of online game servers require Punk Buster in order to play the game. My problem: In order for Punk Buster to work you must be logged in as an administrator or grant some extra privileges to the user account. I really do not want to log in as an administrator so I am left with the second option of modifying privileges. Punk Buster has provided a solution to the problem and I have listed it below. My concern is that the solution might compromise the security of my machine. My Question: In there anyone out there who understands what Punk Buster is suggesting below and can you tell me if it is alright to change the privileges suggested? Best Regards and Thanks, Shawn Punk Buster Solution from FAQ: Is there some way to modify my system configuration to be an administrator equivalent from Punk Buster's perspective in Win2k/XP Pro? Yes (under Win XP Pro or Win 2K). This can be accomplished by setting certain privileges for the user that will run the game. To do this, first temporarily log in as an Administrator. Then go to Control Panel => Administrative Tools => Local Security Policy. This will open up the Local Security setting window. Expand the Local Policies folder and select User Rights Assignment. This will bring up a list of security settings for the computer. You will need to add the user that will be launching the game to have the following privileges. If the user is logged in while making changes, the user must be logged out and back in for the changes to take effect. Debug Programs Load and unload device drivers Manage auditing and security log Modify Firmware environment values Profile Single Process This is done by double clicking on the setting and then the "Add User or Group" button. You can either type the user or group name into the field or click on advanced to select from a list. If you select advanced, you may need to click on the "Object Types" button and make sure all 3 boxes are checked. Then click "OK". Click on the "Find Now" button to generate a full list of all users and groups on the system. Highlight the user you want to add the rights to and click "OK". Keep clicking "OK" until you are back at the Local Security Settings window. Repeat this process for the rest of the list. That user will now be able to play on PB servers without getting kicked for "Inadequate O/S Privileges". Tag: Re: Base Line Security Analyzer Tag: 57112
  - 21
    - CA Root Certs help with IE6 'this CA root cert is not trusted. To enable trust, instal...etc.' When I install it is fine. BUT, is there a way to have it automatically get installed without prompting? Can I setup a central Cert Athorities Store to all read from that? Basically, we get prompted when attaching to other servers within our system when we try to connect to the management agent page. We don't want to be prompted and install it manually each server. Any help is appreciated. Thanks. Tag: Re: Base Line Security Analyzer Tag: 57105
  - 22
    - messenger service i am continually receiving messages from "messenger service" how can i stop them????? Tag: Re: Base Line Security Analyzer Tag: 57102
  - 23
    - Mywebsearch tool bar invasion Can anyone help me remove this ad-ware from my computer please Tag: Re: Base Line Security Analyzer Tag: 57101
  - 24
    - HTTP Error 403 - 403.5 Forbidden: SSL 128 required I posted this on the 8th and it got buried: When trying to access my bank, I get the following error: HTTP Error 403 403.5 Forbidden: SSL 128 required This error message indicates that the resource you are trying to access is secured with a 128-bit version of Secure Sockets Layer (SSL). In order to view this resource, you need a browser that supports this level of SSL. Please confirm that your browser supports 128-bit SSL security. If it does, then contact the Web server's administrator and report the problem. I am using MSIE 6, Win2k pro sp4, Norton Internet Sec. v 2004. Help anyone??? Tag: Re: Base Line Security Analyzer Tag: 57094
  - 25
    - Reformat or wipe? Thanks for the advice and info below - rather than stretch the thread, I would be even more grateful for some answers to these questions: 1 Is it PREFERABLE to wipe the HDD or go through malware removal proceses? I don't care about losing data, I just want to know whether reformating is relatively quick and easy and not likely to have any adverse effects on my system (assuming it's a fairly standard system to save time). Malware removal appears to be laborious and often not 100% effective. A reformat would be "the ultimate weapon", right? 2 What's the best malware protetion for broadband users (pipex is my isp)? I used Zonealarm before, and liked it. Is this sufficient to keep spyware, tojans, etc at bay? Opinions appreciated. Thanks again. Tag: Re: Base Line Security Analyzer Tag: 57087
- Next
  - 1
    - Microsoft Internet Explorer Remote Application.Shell Exploit http://www.k-otik.com/exploits/07072004.IEApplicationShell.php So what's the official Microsoft status and/or comment on this one? I can't find any info on their site. This is different than the ADODB.Stream update that was released recently (that just freezes the computer from what I understand, this one is easy code execution). For an easy demonstration without reading through all the demo code on that page type: shell:\WINDOWS\notepad.exe into the address bar of IE. That site provides a regfile fix for which is effectively: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{13709620-C279-11CE-A49E-444553540000}] "Compatibility Flags"=dword:00000400 But I don't really know what all that does so I'm reluctant to deploy that to all my machines. -Mike Tag: Re: Base Line Security Analyzer Tag: 57086
  - 2
    - Should I let the firewall access the internet? My firewall alert asked me, and I ask you for a proper action. Tag: Re: Base Line Security Analyzer Tag: 57076
  - 3
    - Should we check all the digital signature of the utilities installed on our computers? Should we do that to ensure the rescources of software? If so, how can we check them one by one? Tag: Re: Base Line Security Analyzer Tag: 57075
  - 4
    - Can I let the netstat.exe or tcpview.exe access to the internet? Can the two commands work without accessing to the internet? Tag: Re: Base Line Security Analyzer Tag: 57074
  - 5
    - In my personal opinion we should let all the updater of Apps access the internet Because the update especially the security update of Applications is vital to all of us. Is that right? Tag: Re: Base Line Security Analyzer Tag: 57073
  - 6
    - Can I let the all the updater of Apps access the internet? My firewall always ask me about that. So should I let it " remember the setting"? Tag: Re: Base Line Security Analyzer Tag: 57071
  - 7
    - A firewall alert My firewall alert always asks me if the Live update Module (of Symantec AV) can access the internet. Should I keep it accessing to the internet? (make the program always access to the internet) Tag: Re: Base Line Security Analyzer Tag: 57070
  - 8
    - Norton Internet Security Hello can any one help me Ive got s few security issues i need sorting out. Right these are the issues 1)SSH. TCP connections to this port might indicate a search for SSH, which has a few exploitable features. SSH is a secure replacement for Telnet. The most common uses of SSH are to securely login and copy files from a server. 2)Ping. Ping is a network troubleshooting utility. It asks your computer to acknowledge its existence. If your computer responds positively to a ping, hackers are more likely to target your computer. 2)HTTP (Hypertext Transfer Protocol). HTTP is used to transfer Web pages over the Internet. Port 80 should be open only if you're running a Web server 4)Unused Windows Services Block Can anyone help me to sort these issues out. Norton Internet Security 2004 i got these errors when i did a security check on Nortons site tried to look at the surport but all the thing they say it is. Dosnt have any thing to do with this can any one please help me Running on windows xp. Thanks Tag: Re: Base Line Security Analyzer Tag: 57069
  - 9
    - Norton Firewall & Internet Security I am trying to access a particular site (FreeBMD), but when I do, I am informed that there is a problem and that the problem may be that: 1. I must not use a third party add-on programme to search FreeBMD. 2. I must not use search forms on other web sites to search FreeBMD. 3. Firewall & internet security products can interfere with FreeBMD. Please turn OFF Referer blocking for freebmd.rootsweb.com and www.freebmd.org.uk. In Zone Alarm, I should also select 'permit private header information' under Cookies and Privacy. I am pretty sure item 3 is my problem, but can't figure out how to do what it says, ie turn off refere blocking etc. Any ideas? Please keep answres in simple-speak if possible! -- Liz Tag: Re: Base Line Security Analyzer Tag: 57068
  - 10
    - Blocked packet by firewall Hi,all I couldn't visit some websites (URLs)recently. I viewed my firewall logs and found that it blocked some packet sent from my computer to DNS( the protocol is UDP, remote port is 53). Did that cause the problem? If so, should I add the IP address of DNS to the trusted zone? If I did, could the action be risky? Thanks. Tag: Re: Base Line Security Analyzer Tag: 57067
  - 11
    - VB Security Poblems Hello!! I need to find information about Security Problems using Visual Basic. Thanks!! Tag: Re: Base Line Security Analyzer Tag: 57062
  - 12
    - canot find file message i get this message" cannot find file mswavedll.exe....." followed by "cannot load mswavedll.exe, the files missing"... can u help me to resolve this problem! cheers Tag: Re: Base Line Security Analyzer Tag: 57060
  - 13
    - Multiple assault Have just inherited a newish PC with XP Home, and also just set up an ADSL connection. Previous user had major probs with spyware, etc., and I foolishly believed him when he said he had fixed the problems. So I now find such uninvited guests as mssys, istbar, pleasure zone running rampant across my system. I can see that there is a lot of work involved in identifying and eliminating all these nasties (I have Ad-aware, which seems pretty ineffective), so I would be grateful for any opinions on the quickest fix. I'm specifically thinking about reformatting my hard drive as the easiest and most complete way of sorting this out - would this do the trick? Are there any handy guides for how to do this? I don't have much data to lose, the PC being newly acquired. Also, last time I had Broadband, found that Zonealarm was the only security application I needed - any opinions on whether this would be sufficient on its own to keep future incursions at bay? Thanks in advance. Tag: Re: Base Line Security Analyzer Tag: 57048
  - 14
    - trouble posting did this work? Tag: Re: Base Line Security Analyzer Tag: 57044
  - 15
    - "Connection Refused" Msg. Who Sent It?? I have a near new Dell 8300 running Win XP Pro and Norton Internet Security 2004. I have Windows ICF turned off. Today I get a message with "Alert" in the title bar, and the message is "The connection was refused when attempting to contact forum.us.dell.com". Who sent this message, and what do I do about it. I had no trouble making the connection yesterday. Tag: Re: Base Line Security Analyzer Tag: 57041
  - 16
    - hijacking browser Hi Experts, Thank you in advance.Sorry, as i entered before i could say thanks Tag: Re: Base Line Security Analyzer Tag: 57037
  - 17
    - Hijacking Browser Hi experts, I have recently downloaded ad aware 6.0 and it detected a registry value with an attempt to hijack my browser .It redirects to a blacklisted site it says.I have tried to delete it so many times and each time i do another search it again shows attempted browser hijack.I m sending my log file for your analysis Lavasoft Ad-aware Personal Build 6.181 Logfile created on :11 July 2004 17:00:41 Created with Ad-aware Personal, free for private use. Using reference-file :01R331 08.07.2004 ______________________________________________________ Ad-aware Settings ========================= Set : Activate in-depth scan (Recommended) Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep scan registry 11-07-2004 17:00:41 - Scan started. (Smart mode) Listing running processes Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ #:1 [smss.exe] FilePath : \SystemRoot\System32\ ThreadCreationTime : 11-07-2004 15:56:23 BasePriority : Normal #:2 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ThreadCreationTime : 11-07-2004 15:56:26 BasePriority : High #:3 [services.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 11-07-2004 15:56:27 BasePriority : Normal FileSize : 99 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe OriginalFilename : services.exe ProductName : Microsoft Created on : 31/12/1979 23:00:00 Last accessed : 10/07/2004 23:00:00 Last modified : 18/08/2001 19:00:00 #:4 [lsass.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 11-07-2004 15:56:27 BasePriority : Normal FileSize : 11 KB FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe OriginalFilename : lsass.exe ProductName : Microsoft Created on : 31/12/1979 23:00:00 Last accessed : 10/07/2004 23:00:00 Last modified : 29/08/2002 02:41:26 #:5 [svchost.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 11-07-2004 15:56:28 BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 31/12/1979 23:00:00 Last accessed : 10/07/2004 23:00:00 Last modified : 18/08/2001 19:00:00 #:6 [svchost.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 11-07-2004 15:56:28 BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 31/12/1979 23:00:00 Last accessed : 10/07/2004 23:00:00 Last modified : 18/08/2001 19:00:00 #:7 [ccsetmgr.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ThreadCreationTime : 11-07-2004 15:56:31 BasePriority : Normal FileSize : 229 KB FileVersion : 2.1.1.700 ProductVersion : 2.1.1.700 Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. CompanyName : Symantec Corporation FileDescription : Common Client Settings Manager Service InternalName : ccSetMgr OriginalFilename : ccSetMgr.exe ProductName : Common Client Created on : 08/12/2003 16:18:44 Last accessed : 10/07/2004 23:00:00 Last modified : 08/12/2003 16:18:44 #:8 [ccevtmgr.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ThreadCreationTime : 11-07-2004 15:56:31 BasePriority : Normal FileSize : 249 KB FileVersion : 2.1.1.700 ProductVersion : 2.1.1.700 Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. CompanyName : Symantec Corporation FileDescription : Common Client Event Manager Service InternalName : ccEvtMgr OriginalFilename : ccEvtMgr.exe ProductName : Common Client Created on : 08/12/2003 16:18:36 Last accessed : 10/07/2004 23:00:00 Last modified : 08/12/2003 16:18:36 #:9 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 11-07-2004 15:56:32 BasePriority : Normal FileSize : 50 KB FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe OriginalFilename : spoolsv.exe ProductName : Microsoft Created on : 31/12/1979 23:00:00 Last accessed : 10/07/2004 23:00:00 Last modified : 18/08/2001 19:00:00 #:10 [explorer.exe] FilePath : C:\WINDOWS\ ThreadCreationTime : 11-07-2004 15:56:35 BasePriority : Normal FileSize : 973 KB FileVersion : 6.00.2800.1221 (xpsp2.030511-1403) ProductVersion : 6.00.2800.1221 CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer OriginalFilename : EXPLORER.EXE ProductName : Microsoft Created on : 11/05/2003 20:12:10 Last accessed : 10/07/2004 23:00:00 Last modified : 11/05/2003 20:12:10 #:11 [ccproxy.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ThreadCreationTime : 11-07-2004 15:56:35 BasePriority : Normal FileSize : 213 KB FileVersion : 2.1.2.800 ProductVersion : 2.1.2.800 Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. CompanyName : Symantec Corporation FileDescription : Common Client Network Proxy Service InternalName : ccProxy OriginalFilename : ccProxy.exe ProductName : Common Client Created on : 30/06/2004 12:28:10 Last accessed : 10/07/2004 23:00:00 Last modified : 27/01/2004 18:06:54 #:12 [mdm.exe] FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\ ThreadCreationTime : 11-07-2004 15:56:35 BasePriority : Normal FileSize : 314 KB FileVersion : 7.00.9466 ProductVersion : 7.00.9466 CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe OriginalFilename : mdm.exe ProductName : Microsoft Created on : 19/06/2003 22:25:00 Last accessed : 10/07/2004 23:00:00 Last modified : 19/06/2003 22:25:00 #:13 [navapsvc.exe] FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\ ThreadCreationTime : 11-07-2004 15:56:36 BasePriority : Normal FileSize : 155 KB FileVersion : 10.00.2 ProductVersion : 10.00.2 Copyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved. CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC OriginalFilename : NAVAPSVC.EXE ProductName : Norton AntiVirus Created on : 30/06/2004 12:28:09 Last accessed : 10/07/2004 23:00:00 Last modified : 23/04/2004 10:04:18 #:14 [savscan.exe] FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\ ThreadCreationTime : 11-07-2004 15:56:36 BasePriority : Normal FileSize : 189 KB FileVersion : 9.2.1.14 ProductVersion : 9.2 Copyright : Copyright (c) 2003 Symantec Corporation CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus Scanner InternalName : SAVSCAN OriginalFilename : SAVSCAN.EXE ProductName : Symantec AntiVirus AutoProtect Created on : 07/11/2003 17:46:58 Last accessed : 10/07/2004 23:00:00 Last modified : 07/11/2003 17:46:58 #:15 [sndsrvc.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ThreadCreationTime : 11-07-2004 15:56:37 BasePriority : Normal FileSize : 189 KB FileVersion : 5.3.2.67 ProductVersion : 5.3 Copyright : Copyright 2002, 2003 Symantec Corporation CompanyName : Symantec Corporation FileDescription : Network Driver Service InternalName : SndSrvc OriginalFilename : SndSrvc.exe ProductName : Symantec Security Drivers Created on : 29/06/2004 15:14:38 Last accessed : 10/07/2004 23:00:00 Last modified : 29/06/2004 15:14:38 #:16 [svchost.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 11-07-2004 15:56:38 BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 31/12/1979 23:00:00 Last accessed : 10/07/2004 23:00:00 Last modified : 18/08/2001 19:00:00 #:17 [symlcsvc.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\ ThreadCreationTime : 11-07-2004 15:56:38 BasePriority : Normal FileSize : 572 KB FileVersion : 1, 8, 48, 79 ProductVersion : 1, 8, 48, 79 Copyright : Copyright (C) 2003 CompanyName : Symantec Corporation FileDescription : Symantec Core Component InternalName : symlcsvc OriginalFilename : symlcsvc.exe ProductName : Symantec Core Component Created on : 30/06/2004 11:44:40 Last accessed : 10/07/2004 23:00:00 Last modified : 30/06/2004 11:44:42 #:18 [igfxtray.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 11-07-2004 15:56:39 BasePriority : Normal FileSize : 152 KB FileVersion : 3,0,0,2104 ProductVersion : 7,0,0,2104 Copyright : Copyright 1999-2003, Intel Corporation CompanyName : Intel Corporation FileDescription : igfxTray Module InternalName : IGFXTRAY OriginalFilename : IGFXTRAY.EXE ProductName : Intel(R) Common User Interface Created on : 19/05/2003 22:52:39 Last accessed : 10/07/2004 23:00:00 Last modified : 06/04/2003 23:19:52 #:19 [hkcmd.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 11-07-2004 15:56:39 BasePriority : Normal FileSize : 112 KB FileVersion : 3,0,0,2104 ProductVersion : 7,0,0,2104 Copyright : Copyright 1999-2003, Intel Corporation CompanyName : Intel Corporation FileDescription : hkcmd Module InternalName : HKCMD OriginalFilename : HKCMD.EXE ProductName : Intel(R) Common User Interface Created on : 19/05/2003 22:52:38 Last accessed : 10/07/2004 23:00:00 Last modified : 06/04/2003 23:07:38 #:20 [almxptray.exe] FilePath : C:\Program Files\Acer\Notebook Manager\ ThreadCreationTime : 11-07-2004 15:56:39 BasePriority : Normal FileSize : 498 KB FileVersion : 2.0.10.3 ProductVersion : 2.0.10 CompanyName : Acer Created on : 16/05/2003 16:09:34 Last accessed : 10/07/2004 23:00:00 Last modified : 16/05/2003 16:09:34 #:21 [syntplpr.exe] FilePath : C:\Program Files\Synaptics\SynTP\ ThreadCreationTime : 11-07-2004 15:56:39 BasePriority : Normal FileSize : 108 KB FileVersion : 7.5.5 24Apr03 ProductVersion : 7.5.5 24Apr03 Copyright : Copyright (C) Synaptics, Inc. 1996-2003 CompanyName : Synaptics, Inc. FileDescription : TouchPad Driver Helper Application InternalName : SynTPLpr OriginalFilename : SynTPLpr.exe ProductName : Progressive Touch Created on : 26/05/2003 14:30:15 Last accessed : 10/07/2004 23:00:00 Last modified : 24/04/2003 15:51:36 #:22 [syntpenh.exe] FilePath : C:\Program Files\Synaptics\SynTP\ ThreadCreationTime : 11-07-2004 15:56:40 BasePriority : Normal FileSize : 596 KB FileVersion : 7.5.5 24Apr03 ProductVersion : 7.5.5 24Apr03 Copyright : Copyright (C) Synaptics, Inc. 1996-2003 CompanyName : Synaptics, Inc. FileDescription : Synaptics TouchPad Enhancements InternalName : Scrolleroo OriginalFilename : SynTPEnh.exe ProductName : Progressive Touch Created on : 26/05/2003 14:30:15 Last accessed : 10/07/2004 23:00:00 Last modified : 24/04/2003 15:44:56 #:23 [launchap.exe] FilePath : C:\Program Files\Launch Manager\ ThreadCreationTime : 11-07-2004 15:56:40 BasePriority : Normal FileSize : 32 KB FileVersion : 1, 0, 0, 3 ProductVersion : 1, 0, 0, 3 Copyright : Copyright (C) 2001 FileDescription : LaunchAp MFC Application InternalName : LaunchAp OriginalFilename : LaunchAp.EXE ProductName : LaunchAp Application Created on : 19/05/2003 22:58:00 Last accessed : 10/07/2004 23:00:00 Last modified : 12/05/2003 13:28:50 #:24 [powerkey.exe] FilePath : C:\Program Files\Launch Manager\ ThreadCreationTime : 11-07-2004 15:56:40 BasePriority : Normal FileSize : 92 KB FileVersion : 1, 4, 4, 0 ProductVersion : 1, 4, 4, 0 Copyright : Copyright FileDescription : Powerkey InternalName : Powerkey OriginalFilename : Powerkey.exe Created on : 02/06/2003 10:45:26 Last accessed : 10/07/2004 23:00:00 Last modified : 30/08/2002 14:02:48 #:25 [hotkeyapp.exe] FilePath : C:\Program Files\Launch Manager\ ThreadCreationTime : 11-07-2004 15:56:40 BasePriority : Normal FileSize : 44 KB FileVersion : 1, 0, 4, 7 ProductVersion : 1, 0, 4, 7 Copyright : Copyright c 2002 CompanyName : Wistron FileDescription : HotkeyApp InternalName : HotkeyApp OriginalFilename : HotkeyApp.exe ProductName : Wistron HotkeyApp Created on : 02/06/2003 10:45:25 Last accessed : 10/07/2004 23:00:00 Last modified : 19/05/2003 10:51:32 #:26 [ctrlvol.exe] FilePath : C:\Program Files\Launch Manager\ ThreadCreationTime : 11-07-2004 15:56:41 BasePriority : Normal FileSize : 164 KB FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 Copyright : Copyright c 2003 CompanyName : Wistron FileDescription : ctrlvol InternalName : ctrlvol OriginalFilename : ctrlvol.exe ProductName : Wistron ctrlvol Created on : 02/06/2003 10:45:25 Last accessed : 10/07/2004 23:00:00 Last modified : 12/05/2003 14:05:16 #:27 [wbutton.exe] FilePath : C:\Program Files\Launch Manager\ ThreadCreationTime : 11-07-2004 15:56:41 BasePriority : Normal FileSize : 52 KB FileVersion : 1, 0, 2, 4 ProductVersion : 1, 0, 2, 4 Copyright : Copyright (C) 2001 FileDescription : WButton MFC Application InternalName : WButton OriginalFilename : WButton.EXE ProductName : WButton Application Created on : 02/06/2003 10:45:25 Last accessed : 10/07/2004 23:00:00 Last modified : 28/05/2003 09:02:34 #:28 [agrsmmsg.exe] FilePath : C:\WINDOWS\ ThreadCreationTime : 11-07-2004 15:56:41 BasePriority : Normal FileSize : 86 KB FileVersion : 2.1.25 2.1.25 02/14/2003 11:58:58 ProductVersion : 2.1.25 2.1.25 02/14/2003 11:58:58 Copyright : Copyright CompanyName : Agere Systems FileDescription : SoftModem Messaging Applet InternalName : smdmstat.exe OriginalFilename : smdmstat.exe ProductName : Agere SoftModem Messaging Applet Created on : 31/12/1979 23:00:00 Last accessed : 10/07/2004 23:00:00 Last modified : 14/02/2003 10:59:00 #:29 [ltmoh.exe] FilePath : C:\Program Files\ltmoh\ ThreadCreationTime : 11-07-2004 15:56:41 BasePriority : Normal FileSize : 168 KB FileVersion : 1.68 ProductVersion : 1.68 Copyright : Agere Copyright CompanyName : Agere Systems FileDescription : LtMoh MFC Application InternalName : LtMoh OriginalFilename : LtMoh.EXE ProductName : LtMoh Application Created on : 29/06/2004 20:22:24 Last accessed : 10/07/2004 23:00:00 Last modified : 25/11/2002 09:23:20 #:30 [ccapp.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ThreadCreationTime : 11-07-2004 15:56:41 BasePriority : Normal FileSize : 69 KB FileVersion : 2.1.1.700 ProductVersion : 2.1.1.700 Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. CompanyName : Symantec Corporation FileDescription : Common Client User Session InternalName : ccApp OriginalFilename : ccApp.exe ProductName : Common Client Created on : 08/12/2003 16:18:34 Last accessed : 10/07/2004 23:00:00 Last modified : 08/12/2003 16:18:34 #:31 [realplay.exe] FilePath : C:\Program Files\Real\RealPlayer\ ThreadCreationTime : 11-07-2004 15:56:42 BasePriority : Normal FileSize : 20 KB FileVersion : 6.0.8.122 ProductVersion : 6.0.8.122 Copyright : Copyright CompanyName : RealNetworks, Inc. FileDescription : RealPlayer InternalName : REALPLAY OriginalFilename : REALPLAY.EXE ProductName : RealPlayer (32-bit) Created on : 02/07/2004 10:02:07 Last accessed : 10/07/2004 23:00:00 Last modified : 02/07/2004 10:02:08 #:32 [lvcoms.exe] FilePath : C:\Program Files\Common Files\Logitech\QCDriver3\ ThreadCreationTime : 11-07-2004 15:56:42 BasePriority : Normal FileSize : 124 KB FileVersion : 7.3.0.1113 ProductVersion : 7.3.0.1113 Copyright : (c) 1996-2002 Logitech. All rights reserved. CompanyName : Logitech Inc. FileDescription : LVCom Server InternalName : LVComS.exe OriginalFilename : LVComS.exe ProductName : Logitech ImageStudio Created on : 02/07/2004 10:05:06 Last accessed : 10/07/2004 23:00:00 Last modified : 10/12/2002 16:54:04 #:33 [logitray.exe] FilePath : C:\Program Files\Logitech\ImageStudio\ ThreadCreationTime : 11-07-2004 15:56:42 BasePriority : Normal FileSize : 60 KB FileVersion : 7.3.0.1113 ProductVersion : 7.3.0.1113 Copyright : (c) 1996-2002 Logitech. All rights reserved. CompanyName : Logitech Inc. FileDescription : ImageStudio Tray Application InternalName : LogiTray.exe OriginalFilename : LogiTray.exe ProductName : Logitech ImageStudio Created on : 10/12/2002 17:31:34 Last accessed : 10/07/2004 23:00:00 Last modified : 10/12/2002 17:31:34 #:34 [backweb-8876480.exe] FilePath : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\ ThreadCreationTime : 11-07-2004 15:56:42 BasePriority : Normal FileSize : 16 KB Created on : 02/07/2004 10:00:27 Last accessed : 10/07/2004 23:00:00 Last modified : 02/07/2004 10:00:26 #:35 [ctfmon.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 11-07-2004 15:56:42 BasePriority : Normal FileSize : 13 KB FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON OriginalFilename : CTFMON.EXE ProductName : Microsoft Created on : 31/12/1979 23:00:00 Last accessed : 10/07/2004 23:00:00 Last modified : 29/08/2002 02:41:22 #:36 [hpotdd01.exe] FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\ ThreadCreationTime : 11-07-2004 15:56:43 BasePriority : Normal FileSize : 28 KB FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 Copyright : Copyright CompanyName : Hewlett-Packard FileDescription : hpotdd01 InternalName : hpotdd01 OriginalFilename : hpotdd01.exe ProductName : Hewlett-Packard hpotdd01 Created on : 06/04/2003 00:06:58 Last accessed : 10/07/2004 23:00:00 Last modified : 06/04/2003 00:06:58 #:37 [hpobnz08.exe] FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\ ThreadCreationTime : 11-07-2004 15:56:43 BasePriority : Normal FileSize : 316 KB FileVersion : 4.2.0.020 ProductVersion : 2.4.1.020 Copyright : Copyright (C) Hewlett-Packard Co. 1995-2001 CompanyName : Hewlett-Packard Co. FileDescription : HP OfficeJet COM Device Objects InternalName : HPOBNZ08 OriginalFilename : HPOBNZ08.EXE ProductName : hp digital imaging - hp all-in-one series Created on : 05/04/2003 23:37:10 Last accessed : 10/07/2004 23:00:00 Last modified : 05/04/2003 23:37:10 #:38 [msmsgs.exe] FilePath : C:\Program Files\Messenger\ ThreadCreationTime : 11-07-2004 15:56:50 BasePriority : Normal FileSize : 1456 KB FileVersion : 4.7.2009 ProductVersion : Version 4.7 Copyright : Copyright (c) Microsoft Corporation 1997-2003 CompanyName : Microsoft Corporation FileDescription : Messenger InternalName : msmsgs OriginalFilename : msmsgs.exe ProductName : Messenger Created on : 14/04/2003 18:30:14 Last accessed : 10/07/2004 23:00:00 Last modified : 14/04/2003 18:30:14 #:39 [hpoevm08.exe] FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\ ThreadCreationTime : 11-07-2004 15:56:52 BasePriority : Normal FileSize : 280 KB FileVersion : 4.2.0.020 ProductVersion : 2.4.1.020 Copyright : Copyright (C) Hewlett-Packard Co. 1995-2001 CompanyName : Hewlett-Packard Co. FileDescription : HP OfficeJet COM Event Manager InternalName : HPOEVM08 OriginalFilename : HPOEVM08.EXE ProductName : hp digital imaging - hp all-in-one series Created on : 05/04/2003 23:45:10 Last accessed : 10/07/2004 23:00:00 Last modified : 05/04/2003 23:45:10 #:40 [tesconet.exe] FilePath : C:\Program Files\Tesconet\ ThreadCreationTime : 11-07-2004 15:56:53 BasePriority : Normal FileSize : 120 KB FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 Copyright : Copyright (C) Rytec Consultants Ltd 2001. CompanyName : Rytec Consultants Ltd. FileDescription : RyDial MFC Application InternalName : RyDial OriginalFilename : RyDial.EXE ProductName : RyDial Application Created on : 01/08/2002 16:58:42 Last accessed : 10/07/2004 23:00:00 Last modified : 01/08/2002 16:58:42 #:41 [hposts08.exe] FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\ ThreadCreationTime : 11-07-2004 15:56:57 BasePriority : Normal FileSize : 304 KB FileVersion : 4.2.0.020 ProductVersion : 2.4.1.020 Copyright : Copyright (C) Hewlett-Packard Co. 1995-2001 CompanyName : Hewlett-Packard Co. FileDescription : HP OfficeJet Status InternalName : HPOSTS08 OriginalFilename : HPOSTS08.EXE ProductName : hp digital imaging - hp all-in-one series Created on : 05/04/2003 23:55:04 Last accessed : 10/07/2004 23:00:00 Last modified : 05/04/2003 23:55:04 #:42 [ad-aware.exe] FilePath : C:\PROGRA~1\LAVASOFT\AD-AWA~1\ ThreadCreationTime : 11-07-2004 16:00:24 BasePriority : Normal FileSize : 668 KB FileVersion : 6.0.1.181 ProductVersion : 6.0.0.0 Copyright : Copyright CompanyName : Lavasoft Sweden FileDescription : Ad-aware 6 core application InternalName : Ad-aware.exe OriginalFilename : Ad-aware.exe ProductName : Lavasoft Ad-aware Plus Created on : 10/07/2004 22:56:32 Last accessed : 10/07/2004 23:00:00 Last modified : 12/07/2003 20:00:20 Memory scan result : Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ New objects : 0 Objects found so far: 0 Started registry scan Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ Registry scan result : Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ New objects : 0 Objects found so far: 0 Started deep registry scan Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank Possible Browser Hijack attempt Object recognized! Type : RegData Data : "about:blank" Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Internet Explorer\Main Value : Start Page Data : "about:blank" Deep registry scan result : Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ New objects : 1 Objects found so far: 1 Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ Deep scanning and examining files (C:) Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ Performing conditional scans.. Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ Conditional scan result: Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ New objects : 0 Objects found so far: 1 17:03:18 Scan complete Summary of this scan Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯Â¯ Total scanning time :00:02:36:445 Objects scanned :48661 Objects identified :1 Objects ignored :0 New objects :1 Tag: Re: Base Line Security Analyzer Tag: 57036
  - 18
    - Secedit /export behavior on Windows XP I have a vbscript I have used on Windows 2000 for a while. It uses regular expressions to parse text file output from "secedit /export /cfg c:\temp\policy.txt". When I run the command command string on a Windows XP Prof. system all that is in it is (nothing to parse/search through): [Version] signature="$CHICAGO$" Revision=1 [Profile Description] Description=Default Security Settings. (Windows Professional) I have search technet and google and have not had any luck. Thoughts? Tag: Re: Base Line Security Analyzer Tag: 57034
  - 19
    - please recommend some websites that provides free encrypted email service Tag: Re: Base Line Security Analyzer Tag: 57030
  - 20
    - look porn errors after removing vuiruses mostly in ie Tag: Re: Base Line Security Analyzer Tag: 57025
  - 21
    - email titled internet security update I just recieved an email called internet security update , claiming to be from Microsoft support. It has Microsoft headers and footers. it came from lmalhrn@yuvrp.net , and has an attachment which windows typed as a text document called Norton Antivusdeleted1.txt. My concern is that Norton Antivirus flagged it as containing a virus , has anyone else recieved it ? What is it , and I am going to delete it , unless somebody wants it. Tag: Re: Base Line Security Analyzer Tag: 57022
  - 22
    - defrag.exe & dfrgntfs.exe ?? All of a sudden, If I have not touched the PC for around 15 minutes, I noticed my hard drive starts whirring like mad ... Obviously a bit concerned over that as I've not installed anything new for a while, I opened up Task Manager to see what was there. The next time it occured, I noticed that two new processes had sprung to life, namely; "defrag.exe" and "dfrgntfs.exe" Now, I presume these have something to do with disk management or defragmentation, but as I use Diskkeeper Pro 8 for this, I've not set either of these to run (nothing is in the Task Scheduler to start these off). Any idea what these are and why they keep wanting to run every time the PC sits idle? Were these both enabled following a recent Windows Update? and can I turn them off as it's rather annoying !! Many thanks ! -- Nige Tag: Re: Base Line Security Analyzer Tag: 57017
  - 23
    - win2k3 complex pwd Hi there, How can I disable the complex pwd requiered in win2k3 server? I edit the policy, but it doesn't work. tks. tDL Tag: Re: Base Line Security Analyzer Tag: 57010
  - 24
    - internet connection sharing scare! plz help! This prg repeatedly requests permission through zone alarm to access the internet when I turn on my pc. Im not on a network, and keep saying ' no' but it returns about every 5 minutes to ask again. Last night I inadvertantly clicked 'yes'......didn't realise til I went to shut down my pc and got a message telling me that by doing so I would disconnect 2 other users! Does this mean that someone else was using my net access? or accessing my computer? I think this all started after I re-installed windows me a month or so ago. am running win me, with ie6. can anyone enlighten me on this? thanks :-) Tag: Re: Base Line Security Analyzer Tag: 57009
  - 25
    - Unwanted Web page - replaced 404 error Hi, I think that somehow I have got a program on my computer. The best way that I can describe it is when a web page is not found I use to get the 404 error, or this page cannot be found. But now I get redirected to a search engine http://www.perfectnav.com/index.cfm etc etc. How can I get rid of this? I think that what it is doing is using the web page that I looked for, or rather could not find and replaced the "page not found" page with a link. What is this file called? Can anyone help?? Cheers Steve Tag: Re: Base Line Security Analyzer Tag: 57008

Indeed - I seem to have gone backwards with 835732... There seems to be some confusion
about
the version number. I do have the most recent directx.
-----------------------------
Score IssueResult
Check failed (non-critical)Windows Security Updates3 security updates are out of date or
could not be confirmed.
Security UpdateDescriptionReason
MS04-011Security Update for Microsoft Windows (835732)File version is greater than
expected. [C:\WINNT\system32\umandlg.dll, 1.0.0.5 > 1.0.0.4]

MS03-030Unchecked Buffer in DirectX Could Enable System Compromise (819696)Please refer to
306460 for a detailed explanation.

MS04-016Vulnerability in DirectPlay Could Allow Denial of Service (839643)Please refer to
306460 for a detailed explanation.

Check failed (non-critical)MSXML Security Updates1 security updates are out-of-date.
Security UpdateDescriptionReason
MSXML 3.0MSXML 3.0 SP3The latest service pack for this product is not installed. Currently
SP3 is installed. The latest service pack is SP4.

Top

Re: Base Line Security Analyzer by fygar

fygar
Wed Jul 14 07:11:19 CDT 2004

On Tue, 13 Jul 2004 14:05:11 -0400, "BeamGuy" <no@spam.com> wrote:

>Indeed - I seem to have gone backwards with 835732... There seems to be some confusion
>about
>the version number. I do have the most recent directx.
>-----------------------------
>Score IssueResult
>Check failed (non-critical)Windows Security Updates3 security updates are out of date or
>could not be confirmed.
>Security UpdateDescriptionReason
>MS04-011Security Update for Microsoft Windows (835732)File version is greater than
>expected. [C:\WINNT\system32\umandlg.dll, 1.0.0.5 > 1.0.0.4]
>

If you notice, it says the file version is GREATER than expected.

http://www.microsoft.com/technet/security/tools/mbsaqa.mspx

Q. Why am I getting incorrect security update reports from MBSA even
after I install updates flagged in the scan results?

A. Some security updates issued by Microsoft contain warnings or
workarounds for items that the tools cannot easily scan, such as
MS99-041, which did not include a patch, but rather a tool for users
to modify a specific service on their systems. These types of security
bulletins are referred to as "note" or "warning" messages. By default,
HFNetChk will display these "note" and "warning" messages, unless the
-s switch is used to suppress these messages. MBSA will also show
"note" messages by default, and they are marked with blue asterisks in
the scan reports to indicate that the tool could not confirm if the
security bulletin fix was applied. Even after users apply a specific
"note" security update, the tool will continue to include these
security bulletins in the scan results. For more information on "note"
messages, please see the following KB article:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;306460&sd=tech.

In addition, users may see certain updates flagged as having greater
file versions than expected (noted by yellow X's in the scan report).
These warning messages are a result of files being updated by
non-security related updates after a previous security-related update
was applied to the system. MBSA V1.2 addresses many of these cases
through its use of alternate file versions, which allows multiple sets
of file details to be checked for a particular security update. This
set of file details can cover both files from security updates as well
as files from non-security updates.

...butch()

Top