Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AdAware FOUND something...

Started by TonyTTurner , Apr 30 2005 03:07 AM

  • This topic is locked This topic is locked

#1
TonyTTurner
Posted 30 April 2005 - 03:07 AM

TonyTTurner

    Member

  • Member
  • PipPip
  • 30 posts
:tazz:
I had run HJT, but I found this Ad-Aware posting so please help me...
Thanks in advance, Tony
Here's my situation:
----------------------------------------------

Ad-Aware SE Build 1.05
Logfile Created on:Saturday, April 30, 2005 1:37:25 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt(TAC index:3):1 total references
SahAgent(TAC index:9):26 total references
Tracking Cookie(TAC index:3):16 total references
YourSiteBar(TAC index:6):8 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 2
Processor architecture : Intel Pentium IV
Memory available:26 %
Total physical memory:490988 kb
Available physical memory:125272 kb
Total page file size:1149160 kb
Available on page file:863564 kb
Total virtual memory:2097024 kb
Available virtual memory:2034392 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


4-30-2005 1:37:25 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 500
ThreadCreationTime : 4-30-2005 5:37:41 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 548
ThreadCreationTime : 4-30-2005 5:37:42 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 572
ThreadCreationTime : 4-30-2005 5:37:42 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 616
ThreadCreationTime : 4-30-2005 5:37:43 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 628
ThreadCreationTime : 4-30-2005 5:37:43 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 788
ThreadCreationTime : 4-30-2005 5:37:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 836
ThreadCreationTime : 4-30-2005 5:37:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 928
ThreadCreationTime : 4-30-2005 5:37:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [incdsrv.exe]
ModuleName : C:\Program Files\Ahead\InCD\InCDsrv.exe
Command Line : "C:\Program Files\Ahead\InCD\InCDsrv.exe"
ProcessID : 948
ThreadCreationTime : 4-30-2005 5:37:44 AM
BasePriority : Normal
FileVersion : 4, 3, 11, 1
ProductVersion : 4, 3, 11, 1
ProductName : Nero AG incdsrv
CompanyName : Nero AG
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Nero AG
OriginalFilename : incdsrv.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k LocalService
ProcessID : 1084
ThreadCreationTime : 4-30-2005 5:37:45 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 1208
ThreadCreationTime : 4-30-2005 5:37:46 AM
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1232
ThreadCreationTime : 4-30-2005 5:37:46 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 1240
ThreadCreationTime : 4-30-2005 5:37:46 AM
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:14 [aolacsd.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
Command Line : C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
ProcessID : 1388
ThreadCreationTime : 4-30-2005 5:37:54 AM
BasePriority : Normal


#:15 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
ProcessID : 1400
ThreadCreationTime : 4-30-2005 5:37:54 AM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:16 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
ProcessID : 1464
ThreadCreationTime : 4-30-2005 5:37:55 AM
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:17 [cisvc.exe]
ModuleName : C:\WINDOWS\system32\cisvc.exe
Command Line : C:\WINDOWS\system32\cisvc.exe
ProcessID : 1492
ThreadCreationTime : 4-30-2005 5:37:55 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:18 [lxrjd31s.exe]
ModuleName : C:\WINDOWS\system32\LxrJD31s.exe
Command Line : LxrJD31s.exe
ProcessID : 1528
ThreadCreationTime : 4-30-2005 5:37:55 AM
BasePriority : Normal


#:19 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
ProcessID : 1540
ThreadCreationTime : 4-30-2005 5:37:55 AM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:20 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1640
ThreadCreationTime : 4-30-2005 5:37:55 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:21 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1932
ThreadCreationTime : 4-30-2005 5:37:59 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:22 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 620
ThreadCreationTime : 4-30-2005 5:38:13 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:23 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
ProcessID : 632
ThreadCreationTime : 4-30-2005 5:38:20 AM
BasePriority : Normal


#:24 [msnve.exe]
ModuleName : C:\Program Files\MSN Video Enhanced\MSNVE.exe
Command Line : "C:\Program Files\MSN Video Enhanced\MSNVE.exe"
ProcessID : 820
ThreadCreationTime : 4-30-2005 5:38:20 AM
BasePriority : Normal
FileVersion : 1, 1, 3, 1
ProductVersion : 1, 1, 3, 1
ProductName : MSN Video Enhanced
CompanyName : Microsoft
FileDescription : MSN Video Enhanced
InternalName : MSN Video Enhanced
LegalCopyright : Copyright © 2003
OriginalFilename : MSNVE.exe

#:25 [mm_tray.exe]
ModuleName : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
Command Line : "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
ProcessID : 892
ThreadCreationTime : 4-30-2005 5:38:20 AM
BasePriority : Normal
FileVersion : 9.00.0172
ProductVersion : 9.00.0172
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mm_tray.exe

#:26 [mmtask.exe]
ModuleName : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
Command Line : "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
ProcessID : 912
ThreadCreationTime : 4-30-2005 5:38:20 AM
BasePriority : Normal
FileVersion : 9.0.0.1
ProductVersion : 9.0.0.1
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch Inc.
FileDescription : <Musicmatch System Tray Application>
InternalName : mmtask.exe
LegalCopyright : © Musicmatch Inc.. All rights reserved.
OriginalFilename : mmtask.exe

#:27 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
ProcessID : 1668
ThreadCreationTime : 4-30-2005 5:38:20 AM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:28 [gnotify.exe]
ModuleName : C:\Program Files\Google\Gmail Notifier\gnotify.exe
Command Line : "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
ProcessID : 2116
ThreadCreationTime : 4-30-2005 5:38:21 AM
BasePriority : Normal
FileVersion : 1.0.24.0
ProductVersion : 1.0.24.0
ProductName : Gmail
CompanyName : Google Inc.
FileDescription : Gmail Notifier
LegalCopyright : Copyright © Google Inc. 2004
OriginalFilename : gnotify.exe

#:29 [avgemc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"
ProcessID : 2224
ThreadCreationTime : 4-30-2005 5:38:21 AM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:30 [x8skplay.exe]
ModuleName : C:\Program Files\Excite\PrvtMsgr\bin\x8SkPlay.exe
Command Line : "C:\Program Files\Excite\PrvtMsgr\bin\x8SkPlay.exe" Notifier
ProcessID : 2416
ThreadCreationTime : 4-30-2005 5:38:22 AM
BasePriority : Normal
FileVersion : 1, 0, 3, 2
ProductVersion : 1, 0, 3, 2
ProductName : Excite Community Tools
CompanyName : The Excite Network, Inc.
FileDescription : Excite Skin Player
InternalName : x8SkPlay
LegalCopyright : Copyright © 2001, 2002, 2003
OriginalFilename : x8SkPlay.exe

#:31 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 2464
ThreadCreationTime : 4-30-2005 5:38:23 AM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:32 [mssysmgr.exe]
ModuleName : C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
Command Line : "C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe"
ProcessID : 2572
ThreadCreationTime : 4-30-2005 5:38:24 AM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.1.0
ProductName : Nero PhotoShow Media Manager
CompanyName : Ahead Software
FileDescription : Nero PhotoShow Media Manager
LegalCopyright : Copyright © 2004 Ahead Software AG
OriginalFilename : mssysmgr.exe

#:33 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k imgsvc
ProcessID : 2648
ThreadCreationTime : 4-30-2005 5:38:25 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:34 [answers.exe]
ModuleName : C:\Program Files\1-Click Answers\answers.exe
Command Line : "C:\Program Files\1-Click Answers\answers.exe"
ProcessID : 3184
ThreadCreationTime : 4-30-2005 5:38:29 AM
BasePriority : Normal
FileVersion : 1.0 (build 128)
ProductVersion : 1.0 (build 128)
ProductName : Answers
CompanyName : GuruNet Corporation
FileDescription : 1-Click Answers Client
InternalName : 1-Click Answers Client
LegalCopyright : Copyright © GuruNet Corporation 1999-2005
OriginalFilename : Answers.exe

#:35 [agtserv.exe]
ModuleName : C:\PROGRA~1\COMMON~1\GURUNE~1\agtserv.exe
Command Line : C:\PROGRA~1\COMMON~1\GURUNE~1\agtserv.exe 131472
ProcessID : 3628
ThreadCreationTime : 4-30-2005 5:38:31 AM
BasePriority : Normal
FileVersion : 7.0 (build 128)
ProductVersion : 7.0 (build 128)
ProductName : ScreenScraper SDK
CompanyName : GuruNet Corporation
FileDescription : AgtServ main executable
InternalName : AgtServ
LegalCopyright : Copyright © GuruNet Corporation 1999-2005
OriginalFilename : AgtServ.exe

#:36 [ymsgr_tray.exe]
ModuleName : C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
Command Line : "C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe" -ymsgr
ProcessID : 3768
ThreadCreationTime : 4-30-2005 5:38:33 AM
BasePriority : Normal


#:37 [ggviewer.exe]
ModuleName : C:\Program Files\Google\deskbar-0.5.95.0\ggviewer.exe
Command Line : "C:\Program Files\Google\deskbar-0.5.95.0\ggviewer.exe"
ProcessID : 492
ThreadCreationTime : 4-30-2005 5:38:34 AM
BasePriority : Normal
FileVersion : 0, 5, 95, 0
ProductVersion : 0, 5, 95, 0
ProductName : Google Deskbar
CompanyName : Google
FileDescription : Google Deskbar
LegalCopyright : Copyright 2004 Google

#:38 [wmiprvse.exe]
ModuleName : C:\WINDOWS\system32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding
ProcessID : 2928
ThreadCreationTime : 4-30-2005 5:38:41 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:39 [cidaemon.exe]
ModuleName : C:\WINDOWS\system32\cidaemon.exe
Command Line : "cidaemon.exe" DownLevelDaemon "c:\system volume information\catalog.wci" 196672l 1492l
ProcessID : 4068
ThreadCreationTime : 4-30-2005 5:45:26 AM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe

#:40 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : ctfmon.exe
ProcessID : 3140
ThreadCreationTime : 4-30-2005 7:39:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:41 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\IEXPLORE.EXE
Command Line : "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
ProcessID : 3584
ThreadCreationTime : 4-30-2005 8:04:40 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:42 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1976
ThreadCreationTime : 4-30-2005 8:26:16 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

YourSiteBar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}

YourSiteBar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}
Value :

YourSiteBar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}

YourSiteBar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}
Value :

YourSiteBar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}

SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup

SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : DllName

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : HtmlName

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : EulaDate

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : EulaStatus

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : InstallLocation

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : InstPath

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : BundleKey

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : PackageLocation

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : PackageName

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : PrefsServer

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : PrefsPath

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : PrefsXML

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : BundlePackage

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : iniName

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : CookieUserAgent

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : BrowserType

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : BundleProgress

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : UniqueBundleKey

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : UniqueBundleID

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : GUID

SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "SAHBundle"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : SAHBundle

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 28
Objects found so far: 28


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 28


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tony@valueclick[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 4-19-2030 4:55:22 AM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tony@statcounter[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 4-23-2010 11:42:14 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tony@overture[2].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:[email protected]/
Expires : 4-26-2015 1:37:58 AM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 4-28-2006 1:37:52 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tony@excite[1].txt
Category : Data Miner
Comment : Hits:23
Value : Cookie:[email protected]/
Expires : 12-29-2010 4:24:00 PM
LastSync : Hits:23
UseCount : 0
Hits : 23

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:14
Value : Cookie:[email protected]/
Expires : 10-22-2005 4:54:32 AM
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tony@hitbox[2].txt
Category : Data Miner
Comment : Hits:71
Value : Cookie:[email protected]/
Expires : 4-28-2006 1:37:52 AM
LastSync : Hits:71
UseCount : 0
Hits : 71

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 4-23-2006 10:45:30 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tony@2o7[1].txt
Category : Data Miner
Comment : Hits:90
Value : Cookie:[email protected]/
Expires : 4-28-2010 7:16:36 PM
LastSync : Hits:90
UseCount : 0
Hits : 90

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tony@tripod[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 4-25-2006 4:10:50 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:11
Value : Cookie:[email protected]/
Expires : 4-27-2006 1:00:10 AM
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tony@247realmedia[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 12-31-2010 5:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:39
Value : Cookie:[email protected]/
Expires : 4-26-2006 11:18:22 PM
LastSync : Hits:39
UseCount : 0
Hits : 39

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:70
Value : Cookie:[email protected]/
Expires : 12-31-2099 5:00:00 PM
LastSync : Hits:70
UseCount : 0
Hits : 70

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 4-25-2009 5:55:50 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tony@realmedia[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:[email protected]/
Expires : 4-24-2006 2:41:42 AM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 16
Objects found so far: 44



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

SahAgent Object Recognized!
Type : File
Data : V04HAHI0.dll
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Matt\Local Settings\Temp\
FileVersion : 4, 0, 0, 1
ProductVersion : 4, 0, 0, 1


SahAgent Object Recognized!
Type : File
Data : UABBJGF2.dll
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Tony\Local Settings\Temp\
FileVersion : 4, 0, 0, 1
ProductVersion : 4, 0, 0, 1


YourSiteBar Object Recognized!
Type : File
Data : A0008253.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{8C9B2068-F1AB-4DDE-93CC-69145A769CE1}\RP47\
FileVersion : 1, 2, 0, 4
ProductVersion : 1, 2, 0, 4
ProductName : YourSiteBar
FileDescription : YourSiteBar
InternalName : YourSiteBar
LegalCopyright : Copyright 2004
OriginalFilename : ysb.dll


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 47


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
23433 entries scanned.
New critical objects:0
Objects found so far: 47



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Forum windowspower.de - windows with iexplorer start.url
Category : Misc
Comment : Problematic URL discovered: http://216.239.39.10...l...GLD:en&sa=N
Object : C:\Documents and Settings\Tony\Favorites\HELP -TECH- & SUPPORT (MICROSOFT,MSN,OTHERS) 3\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

YourSiteBar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

YourSiteBar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar
Value : Locked

SahAgent Object Recognized!
Type : File
Data : BundleLite_westfrontier1001.exe
Category : Data Miner
Comment :
Object : C:\DOCUME~1\Tony\LOCALS~1\Temp\
FileVersion : 4, 0, 0, 3
ProductVersion : 4, 0, 0, 3


Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 51

1:48:53 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:28.93
Objects scanned:225755
Objects identified:51
Objects ignored:0
New critical objects:51

Thank you to whomever could assist me.
;)
  • 0

Advertisements

#2
Rawe
Posted 30 April 2005 - 04:54 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Welcome! ;)

Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R42 28.04.2005 * definition file.


Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);

Run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click Ok.

Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to SahAgent ONLY. Click next, Click Ok.

If problems are caused by deleting a family, just leave it.


Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Don't open any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your fresh scanlog in THIS topic.

- Rawe :tazz:
  • 0

#3
Rawe
Posted 30 April 2005 - 09:47 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
I'm worried about this...

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
23433 entries scanned.


If your system is running a program which changes the hosts file or you have added listings to the hosts file, then there is no need to check further. Otherwise, download the "Host file viewer" by Option^Explicit. It is a 65K program which will allow you to find/view/open/read/edit/restore to default settings your hosts file. Instructions are on the display screen of the program. Select the option to restore to default settings.
http://members.acces...sFileReader.zip

- Rawe :tazz:
  • 0

#4
Rawe
Posted 30 April 2005 - 02:46 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
First, you will need to follow my removal instructions.
Then we will continue from there.

- Rawe :tazz:
  • 0

#5
TonyTTurner
Posted 01 May 2005 - 08:35 PM

TonyTTurner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hey Rawe,
I tried to follow your instructions, best I could, but I still get pop-ups from
"http:69.42.87.22/leadermarkets/(blah blah...)"
Any ideas?
Tony
---------------
Here's my latest Scan Log
----------------------------

Ad-Aware SE Build 1.05
Logfile Created on:Sunday, May 01, 2005 6:47:20 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt(TAC index:3):1 total references
YourSiteBar(TAC index:6):8 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 2
Processor architecture : Intel Pentium IV
Memory available:11 %
Total physical memory:490988 kb
Available physical memory:49192 kb
Total page file size:1149160 kb
Available on page file:801348 kb
Total virtual memory:2097024 kb
Available virtual memory:1998544 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-1-2005 6:47:20 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 500
ThreadCreationTime : 5-2-2005 1:17:41 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 548
ThreadCreationTime : 5-2-2005 1:17:43 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 572
ThreadCreationTime : 5-2-2005 1:17:43 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 616
ThreadCreationTime : 5-2-2005 1:17:43 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 628
ThreadCreationTime : 5-2-2005 1:17:43 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 808
ThreadCreationTime : 5-2-2005 1:17:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 852
ThreadCreationTime : 5-2-2005 1:17:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 944
ThreadCreationTime : 5-2-2005 1:17:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [incdsrv.exe]
ModuleName : C:\Program Files\Ahead\InCD\InCDsrv.exe
Command Line : "C:\Program Files\Ahead\InCD\InCDsrv.exe"
ProcessID : 964
ThreadCreationTime : 5-2-2005 1:17:45 AM
BasePriority : Normal
FileVersion : 4, 3, 11, 1
ProductVersion : 4, 3, 11, 1
ProductName : Nero AG incdsrv
CompanyName : Nero AG
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Nero AG
OriginalFilename : incdsrv.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k LocalService
ProcessID : 1080
ThreadCreationTime : 5-2-2005 1:17:45 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 1216
ThreadCreationTime : 5-2-2005 1:17:46 AM
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1244
ThreadCreationTime : 5-2-2005 1:17:46 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 1252
ThreadCreationTime : 5-2-2005 1:17:46 AM
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:14 [aolacsd.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
Command Line : C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
ProcessID : 1404
ThreadCreationTime : 5-2-2005 1:17:55 AM
BasePriority : Normal


#:15 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
ProcessID : 1416
ThreadCreationTime : 5-2-2005 1:17:55 AM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:16 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
ProcessID : 1480
ThreadCreationTime : 5-2-2005 1:17:55 AM
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:17 [cisvc.exe]
ModuleName : C:\WINDOWS\system32\cisvc.exe
Command Line : C:\WINDOWS\system32\cisvc.exe
ProcessID : 1512
ThreadCreationTime : 5-2-2005 1:17:55 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:18 [lxrjd31s.exe]
ModuleName : C:\WINDOWS\system32\LxrJD31s.exe
Command Line : LxrJD31s.exe
ProcessID : 1552
ThreadCreationTime : 5-2-2005 1:17:55 AM
BasePriority : Normal


#:19 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
ProcessID : 1564
ThreadCreationTime : 5-2-2005 1:17:55 AM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:20 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1608
ThreadCreationTime : 5-2-2005 1:17:56 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:21 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 188
ThreadCreationTime : 5-2-2005 1:18:00 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:22 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 380
ThreadCreationTime : 5-2-2005 1:18:00 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:23 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : ctfmon.exe
ProcessID : 424
ThreadCreationTime : 5-2-2005 1:18:00 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:24 [p2p networking.exe]
ModuleName : C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
Command Line : "C:\WINDOWS\system32\P2P Networking\P2P Networking.exe" /AUTOSTART
ProcessID : 2024
ThreadCreationTime : 5-2-2005 1:18:02 AM
BasePriority : Normal
FileVersion : 1, 26, 0, 10
ProductVersion : 1, 26, 0, 10
ProductName : P2P Networking
CompanyName : Joltid Ltd.
FileDescription : P2P Networking
InternalName : P2P Networking
LegalCopyright : Copyright © 2001 - 2004 Joltid Ltd. All Rights Reserved.
LegalTrademarks : Joltid is a registered trademark of Joltid Ltd.
OriginalFilename : P2P Networking.exe

#:25 [itouch.exe]
ModuleName : C:\Program Files\Logitech\iTouch\iTouch.exe
Command Line : "C:\Program Files\Logitech\iTouch\iTouch.exe"
ProcessID : 2028
ThreadCreationTime : 5-2-2005 1:18:02 AM
BasePriority : Normal
FileVersion : 2.22.289
ProductVersion : 2.22.289
ProductName : iTouch
CompanyName : Logitech Inc.
FileDescription : iTouch Application
InternalName : iTouch
LegalCopyright : © 1998-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and iTouch® are registered trademarks of Logitech Inc.
OriginalFilename : iTouch.exe
Comments : Created by the iTouch team

#:26 [ybrwicon.exe]
ModuleName : C:\Program Files\Yahoo!\browser\ybrwicon.exe
Command Line : "C:\Program Files\Yahoo!\browser\ybrwicon.exe"
ProcessID : 2040
ThreadCreationTime : 5-2-2005 1:18:02 AM
BasePriority : Normal
FileVersion : 2003, 7, 11, 1
ProductVersion : 1, 0, 0, 1
ProductName : Yahoo!, Inc. YBrwIcon
CompanyName : Yahoo!, Inc.
FileDescription : YBrwIcon
InternalName : YBrwIcon
LegalCopyright : Copyright © 2003
OriginalFilename : YBrwIcon.exe

#:27 [soundman.exe]
ModuleName : C:\WINDOWS\SOUNDMAN.EXE
Command Line : "C:\WINDOWS\SOUNDMAN.EXE"
ProcessID : 124
ThreadCreationTime : 5-2-2005 1:18:02 AM
BasePriority : Normal
FileVersion : 5.1.0.24
ProductVersion : 5.1.0.24
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001-2003 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager

#:28 [keyhook.exe]
ModuleName : C:\WINDOWS\system32\keyhook.exe
Command Line : "C:\WINDOWS\system32\keyhook.exe"
ProcessID : 144
ThreadCreationTime : 5-2-2005 1:18:02 AM
BasePriority : Normal
FileVersion : 0.0.0.3570
ProductVersion : 0.0.0.3570
ProductName : SIS ® Compatible Super VGA keyboard daemon
CompanyName : Silicon Integrated Systems Corporation
FileDescription : SiS Compatible Super VGA Keyboard Daemon
InternalName : KEYHOOK 3.57.51
LegalCopyright : Copyright © Silicon Integrated Systems Corp. 1998-2004
OriginalFilename : KEYHOOK.EXE
Comments : SiS Compatible Super VGA Keyboard Daemon

#:29 [pdvdserv.exe]
ModuleName : C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
Command Line : "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
ProcessID : 136
ThreadCreationTime : 5-2-2005 1:18:02 AM
BasePriority : Normal
FileVersion : 5.00.0000
ProductVersion : 5.00.0000
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright © CyberLink Corp. 1997-2002
OriginalFilename : PDVDSERV.EXE

#:30 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 232
ThreadCreationTime : 5-2-2005 1:18:06 AM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:31 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
ProcessID : 400
ThreadCreationTime : 5-2-2005 1:18:07 AM
BasePriority : Normal


#:32 [msnve.exe]
ModuleName : C:\Program Files\MSN Video Enhanced\MSNVE.exe
Command Line : "C:\Program Files\MSN Video Enhanced\MSNVE.exe"
ProcessID : 520
ThreadCreationTime : 5-2-2005 1:18:07 AM
BasePriority : Normal
FileVersion : 1, 1, 3, 1
ProductVersion : 1, 1, 3, 1
ProductName : MSN Video Enhanced
CompanyName : Microsoft
FileDescription : MSN Video Enhanced
InternalName : MSN Video Enhanced
LegalCopyright : Copyright © 2003
OriginalFilename : MSNVE.exe

#:33 [mm_tray.exe]
ModuleName : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
Command Line : "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
ProcessID : 544
ThreadCreationTime : 5-2-2005 1:18:07 AM
BasePriority : Normal
FileVersion : 9.00.0172
ProductVersion : 9.00.0172
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mm_tray.exe

#:34 [mmtask.exe]
ModuleName : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
Command Line : "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
ProcessID : 632
ThreadCreationTime : 5-2-2005 1:18:07 AM
BasePriority : Normal
FileVersion : 9.0.0.1
ProductVersion : 9.0.0.1
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch Inc.
FileDescription : <Musicmatch System Tray Application>
InternalName : mmtask.exe
LegalCopyright : © Musicmatch Inc.. All rights reserved.
OriginalFilename : mmtask.exe

#:35 [x8impipe.exe]
ModuleName : C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
Command Line : "C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe"
ProcessID : 908
ThreadCreationTime : 5-2-2005 1:18:07 AM
BasePriority : Normal
FileVersion : 1, 0, 3, 2
ProductVersion : 1, 0, 3, 2
ProductName : Excite Community Tools
CompanyName : The Excite Network, Inc.
FileDescription : Excite Community Tools
InternalName : x8IMPipe
LegalCopyright : Copyright © 2001, 2002, 2003
OriginalFilename : x8IMPipe.exe

#:36 [ycommon.exe]
ModuleName : C:\PROGRA~1\Yahoo!\browser\ycommon.exe
Command Line : C:\PROGRA~1\Yahoo!\browser\ycommon.exe -Embedding
ProcessID : 916
ThreadCreationTime : 5-2-2005 1:18:07 AM
BasePriority : Normal
FileVersion : 2003, 9, 3, 1
ProductVersion : 1, 0, 0, 1
ProductName : YCommon Exe Module
CompanyName : Yahoo!, Inc.
FileDescription : YCommon Exe Module
InternalName : YCommonExe
LegalCopyright : Copyright 2003 Yahoo! Inc.
OriginalFilename : YCommon.EXE

#:37 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
ProcessID : 928
ThreadCreationTime : 5-2-2005 1:18:07 AM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:38 [aoldial.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
ProcessID : 976
ThreadCreationTime : 5-2-2005 1:18:07 AM
BasePriority : Normal
FileVersion : 2.0.20.1.US.1
ProductVersion : 2.0.20.1.US.1
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe

#:39 [aolsp scheduler.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
Command Line : "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
ProcessID : 1116
ThreadCreationTime : 5-2-2005 1:18:07 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 69
ProductVersion : 1, 0, 0, 69
ProductName : AOLSP Scheduler
FileDescription : AOLSP Scheduler
InternalName : AOLSP Scheduler
LegalCopyright : Copyright © America Online, Inc. 2004
OriginalFilename : AOLSP Scheduler.exe

#:40 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 1124
ThreadCreationTime : 5-2-2005 1:18:08 AM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:41 [gnotify.exe]
ModuleName : C:\Program Files\Google\Gmail Notifier\gnotify.exe
Command Line : "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
ProcessID : 1340
ThreadCreationTime : 5-2-2005 1:18:08 AM
BasePriority : Normal
FileVersion : 1.0.24.0
ProductVersion : 1.0.24.0
ProductName : Gmail
CompanyName : Google Inc.
FileDescription : Gmail Notifier
LegalCopyright : Copyright © Google Inc. 2004
OriginalFilename : gnotify.exe

#:42 [picasamediadetector.exe]
ModuleName : C:\Program Files\Picasa2\PicasaMediaDetector.exe
Command Line : "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
ProcessID : 676
ThreadCreationTime : 5-2-2005 1:18:08 AM
BasePriority : Normal


#:43 [incd.exe]
ModuleName : C:\Program Files\Ahead\InCD\InCD.exe
Command Line : "C:\Program Files\Ahead\InCD\InCD.exe"
ProcessID : 1992
ThreadCreationTime : 5-2-2005 1:18:08 AM
BasePriority : Normal
FileVersion : 4, 3, 11, 1
ProductVersion : 4, 3, 11, 1
ProductName : Nero AG InCD
CompanyName : Nero AG
FileDescription : InCD
InternalName : InCD
LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Nero AG
OriginalFilename : InCD.exe

#:44 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 2072
ThreadCreationTime : 5-2-2005 1:18:08 AM
BasePriority : Normal
FileVersion : 0.1.0.3249
ProductVersion : 0.1.0.3249
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:45 [avgemc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"
ProcessID : 2088
ThreadCreationTime : 5-2-2005 1:18:08 AM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:46 [2portalmon.exe]
ModuleName : C:\Program Files\2Wire\2PortalMon.exe
Command Line : "C:\Program Files\2Wire\2PortalMon.exe"
ProcessID : 2104
ThreadCreationTime : 5-2-2005 1:18:08 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : HomePortal Monitor Application
CompanyName : 2Wire, Inc.
FileDescription : HomePortal Monitor Application by 2Wire Engineering
InternalName : HomePortal Monitor
LegalCopyright : Copyright © 1999, 2000, 2001, 2wire, Inc. All Rights Reserved
LegalTrademarks : Copyright © 1999, 2000, 2001, 2wire, Inc. All Rights Reserved
OriginalFilename : HomePortal Monitor.EXE
Comments : HomePortal Monitor Application by 2Wire Engineering

#:47 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 2176
ThreadCreationTime : 5-2-2005 1:18:09 AM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:48 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 2188
ThreadCreationTime : 5-2-2005 1:18:09 AM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:49 [x8skplay.exe]
ModuleName : C:\Program Files\Excite\PrvtMsgr\bin\x8SkPlay.exe
Command Line : "C:\Program Files\Excite\PrvtMsgr\bin\x8SkPlay.exe" Notifier
ProcessID : 2204
ThreadCreationTime : 5-2-2005 1:18:09 AM
BasePriority : Normal
FileVersion : 1, 0, 3, 2
ProductVersion : 1, 0, 3, 2
ProductName : Excite Community Tools
CompanyName : The Excite Network, Inc.
FileDescription : Excite Skin Player
InternalName : x8SkPlay
LegalCopyright : Copyright © 2001, 2002, 2003
OriginalFilename : x8SkPlay.exe

#:50 [mssysmgr.exe]
ModuleName : C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
Command Line : "C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe"
ProcessID : 2228
ThreadCreationTime : 5-2-2005 1:18:09 AM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.1.0
ProductName : Nero PhotoShow Media Manager
CompanyName : Ahead Software
FileDescription : Nero PhotoShow Media Manager
LegalCopyright : Copyright © 2004 Ahead Software AG
OriginalFilename : mssysmgr.exe

#:51 [nclaunch.exe]
ModuleName : C:\WINDOWS\NCLAUNCH.EXe
Command Line : "C:\WINDOWS\NCLAUNCH.EXe"
ProcessID : 2280
ThreadCreationTime : 5-2-2005 1:18:09 AM
BasePriority : Normal
FileVersion : 2, 2, 0, 150
ProductVersion : 2, 2, 0, 150
ProductName : Northcode NCLaunch
CompanyName : Northcode Inc.
FileDescription : NCLaunch
InternalName : NCLaunch
LegalCopyright : Copyright © 2000-2004
LegalTrademarks : All Rights Reserved
OriginalFilename : NCLaunch.exe
Comments : File launcher used by SWF Studio screensavers on Windows NT, 2000 and XP

#:52 [answers.exe]
ModuleName : C:\Program Files\1-Click Answers\answers.exe
Command Line : "C:\Program Files\1-Click Answers\answers.exe"
ProcessID : 2300
ThreadCreationTime : 5-2-2005 1:18:09 AM
BasePriority : Normal
FileVersion : 1.0 (build 128)
ProductVersion : 1.0 (build 128)
ProductName : Answers
CompanyName : GuruNet Corporation
FileDescription : 1-Click Answers Client
InternalName : 1-Click Answers Client
LegalCopyright : Copyright © GuruNet Corporation 1999-2005
OriginalFilename : Answers.exe

#:53 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k imgsvc
ProcessID : 2352
ThreadCreationTime : 5-2-2005 1:18:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:54 [em_exec.exe]
ModuleName : C:\Program Files\Logitech\MouseWare\system\em_exec.exe
Command Line : "C:\Program Files\Logitech\MouseWare\system\em_exec.exe"
ProcessID : 2428
ThreadCreationTime : 5-2-2005 1:18:11 AM
BasePriority : Normal
FileVersion : 9.79.019
ProductVersion : 9.79.019
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Events Handler Application
InternalName : Em_Exec
LegalCopyright : © 1987-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Em_Exec.exe
Comments : Created by the MouseWare team

#:55 [agtserv.exe]
ModuleName : C:\PROGRA~1\COMMON~1\GURUNE~1\agtserv.exe
Command Line : C:\PROGRA~1\COMMON~1\GURUNE~1\agtserv.exe 66374
ProcessID : 2680
ThreadCreationTime : 5-2-2005 1:18:14 AM
BasePriority : Normal
FileVersion : 7.0 (build 128)
ProductVersion : 7.0 (build 128)
ProductName : ScreenScraper SDK
CompanyName : GuruNet Corporation
FileDescription : AgtServ main executable
InternalName : AgtServ
LegalCopyright : Copyright © GuruNet Corporation 1999-2005
OriginalFilename : AgtServ.exe

#:56 [virtuagirl2.exe]
ModuleName : C:\Program Files\Vg\VirtuaGirl2.exe
Command Line : "C:\Program Files\Vg\VirtuaGirl2.exe"
ProcessID : 2700
ThreadCreationTime : 5-2-2005 1:18:14 AM
BasePriority : Normal


#:57 [ymsgr_tray.exe]
ModuleName : C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
Command Line : "C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe" -ymsgr
ProcessID : 3916
ThreadCreationTime : 5-2-2005 1:18:20 AM
BasePriority : Normal


#:58 [ggviewer.exe]
ModuleName : C:\Program Files\Google\deskbar-0.5.95.0\ggviewer.exe
Command Line : "C:\Program Files\Google\deskbar-0.5.95.0\ggviewer.exe"
ProcessID : 216
ThreadCreationTime : 5-2-2005 1:18:22 AM
BasePriority : Normal
FileVersion : 0, 5, 95, 0
ProductVersion : 0, 5, 95, 0
ProductName : Google Deskbar
CompanyName : Google
FileDescription : Google Deskbar
LegalCopyright : Copyright 2004 Google

#:59 [wmiprvse.exe]
ModuleName : C:\WINDOWS\system32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding
ProcessID : 2080
ThreadCreationTime : 5-2-2005 1:18:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:60 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe" -nohome "http://gmail.google.com/gmail"
ProcessID : 3368
ThreadCreationTime : 5-2-2005 1:20:42 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:61 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3776
ThreadCreationTime : 5-2-2005 1:23:48 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:62 [cidaemon.exe]
ModuleName : C:\WINDOWS\system32\cidaemon.exe
Command Line : "cidaemon.exe" DownLevelDaemon "c:\system volume information\catalog.wci" 196672l 1512l
ProcessID : 3324
ThreadCreationTime : 5-2-2005 1:25:26 AM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe

#:63 [itunes.exe]
ModuleName : C:\Program Files\iTunes\iTunes.exe
Command Line : "C:\Program Files\iTunes\iTunes.exe" /play "C:\Program Files\Lavasoft\Ad-Aware SE Personal\alert.wav"
ProcessID : 2488
ThreadCreationTime : 5-2-2005 1:42:56 AM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunes
InternalName : iTunes
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunes.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

YourSiteBar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}

YourSiteBar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}
Value :

YourSiteBar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}

YourSiteBar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}
Value :

YourSiteBar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 5


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

YourSiteBar Object Recognized!
Type : File
Data : A0008253.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{8C9B2068-F1AB-4DDE-93CC-69145A769CE1}\RP47\
FileVersion : 1, 2, 0, 4
ProductVersion : 1, 2, 0, 4
ProductName : YourSiteBar
FileDescription : YourSiteBar
InternalName : YourSiteBar
LegalCopyright : Copyright 2004
OriginalFilename : ysb.dll


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
23433 entries scanned.
New critical objects:0
Objects found so far: 6



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Forum windowspower.de - windows with iexplorer start.url
Category : Misc
Comment : Problematic URL discovered: http://216.239.39.10...l...GLD:en&sa=N
Object : C:\Documents and Settings\Tony\Favorites\HELP -TECH- & SUPPORT (MICROSOFT,MSN,OTHERS) 3\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

YourSiteBar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

YourSiteBar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar
Value : Locked

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 9

7:07:23 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:20:02.953
Objects scanned:215699
Objects identified:9
Objects ignored:0
New critical objects:9
  • 0

#6
Rawe
Posted 01 May 2005 - 11:33 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Restore your hosts file to default, post a fresh log, and I'll take a look ;)

- Rawe :tazz:
  • 0

#7
TonyTTurner
Posted 02 May 2005 - 12:36 AM

TonyTTurner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
;)
Yikes...
How do I restore my host files to default? ;)
Thanks for your patience...
I hope I'm not being a pest.

Tony :tazz:
  • 0

#8
Rawe
Posted 02 May 2005 - 04:22 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
No problem, here is the instructions ;)

Download the "Host file viewer" by Option^Explicit here;
http://members.acces...sFileReader.zip
When installed, open it up and select the option to restore to default settings.
If problems, instructions are on the display screen of the program.
Should be fixed with it.

- Rawe :tazz:

After restored, post a fresh log and I'll tell you what to do ;)
  • 0

#9
TonyTTurner
Posted 02 May 2005 - 05:29 AM

TonyTTurner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Ok, Rawe...
I hit the "Reset Default" button, got the following in the little window at the bottom:
"C:\WINDOWS\System32\Drivers\etc\Hosts" ...THEN, I hit "Scan for Hosts", and after some time ( about 1 1/2 mins.) I got this big log which I copied from the "Use Notepad" button:
Is this what you were looking for?
(Hope Hope Hope) ;)
----------------------------


# Modifications by SpyBlocker Software
#
127.0.0.1 localhost
127.0.0.1 pop3.norton.antivirus
127.0.0.1 pop3.spa.norton.antivirus
127.0.0.1 a1.g.akamai.net
127.0.0.1 a2.g.akamai.net
127.0.0.1 a3.g.akamai.net
127.0.0.1 a5.g.akamai.net
127.0.0.1 a6.g.akamai.net
127.0.0.1 a7.g.akamai.net
127.0.0.1 a8.g.akamai.net
127.0.0.1 a9.g.akamai.net
127.0.0.1 a10.g.akamai.net
127.0.0.1 a11.g.akamai.net
127.0.0.1 a12.g.akamai.net
127.0.0.1 a13.g.akamai.net
127.0.0.1 a14.g.akamai.net
127.0.0.1 a15.g.akamai.net
127.0.0.1 a16.g.akamai.net
127.0.0.1 a17.g.akamai.net
127.0.0.1 a18.g.akamai.net
127.0.0.1 a19.g.akamai.net
127.0.0.1 a20.g.akamai.net
127.0.0.1 a21.g.akamai.net
127.0.0.1 a22.g.akamai.net
127.0.0.1 a23.g.akamai.net
127.0.0.1 a24.g.akamai.net
127.0.0.1 a25.g.akamai.net
127.0.0.1 a26.g.akamai.net
127.0.0.1 a27.g.akamai.net
127.0.0.1 a29.g.akamai.net
127.0.0.1 a30.g.akamai.net
127.0.0.1 a31.g.akamai.net
127.0.0.1 a32.g.akamai.net
127.0.0.1 a33.g.akamai.net
127.0.0.1 a34.g.akamai.net
127.0.0.1 a35.g.akamai.net
127.0.0.1 a36.g.akamai.net
127.0.0.1 a37.g.akamai.net
127.0.0.1 a38.g.akamai.net
127.0.0.1 a39.g.akamai.net
127.0.0.1 a40.g.akamai.net
127.0.0.1 a41.g.akamai.net
127.0.0.1 a42.g.akamai.net
127.0.0.1 a43.g.akamai.net
127.0.0.1 a44.g.akamai.net
127.0.0.1 a45.g.akamai.net
127.0.0.1 a46.g.akamai.net
127.0.0.1 a47.g.akamai.net
127.0.0.1 a48.g.akamai.net
127.0.0.1 a49.g.akamai.net
127.0.0.1 a50.g.akamai.net
127.0.0.1 a51.g.akamai.net
127.0.0.1 a52.g.akamai.net
127.0.0.1 a53.g.akamai.net
127.0.0.1 a54.g.akamai.net
127.0.0.1 a55.g.akamai.net
127.0.0.1 a56.g.akamai.net
127.0.0.1 a57.g.akamai.net
127.0.0.1 a58.g.akamai.net
127.0.0.1 a59.g.akamai.net
127.0.0.1 a60.g.akamai.net
127.0.0.1 a61.g.akamai.net
127.0.0.1 a62.g.akamai.net
127.0.0.1 a63.g.akamai.net
127.0.0.1 a64.g.akamai.net
127.0.0.1 a65.g.akamai.net
127.0.0.1 a66.g.akamai.net
127.0.0.1 a67.g.akamai.net
127.0.0.1 a68.g.akamai.net
127.0.0.1 a69.g.akamai.net
127.0.0.1 a70.g.akamai.net
127.0.0.1 a71.g.akamai.net
127.0.0.1 a72.g.akamai.net
127.0.0.1 a73.g.akamai.net
127.0.0.1 a74.g.akamai.net
127.0.0.1 a75.g.akamai.net
127.0.0.1 a76.g.akamai.net
127.0.0.1 a77.g.akamai.net
127.0.0.1 a78.g.akamai.net
127.0.0.1 a79.g.akamai.net
127.0.0.1 a80.g.akamai.net
127.0.0.1 a81.g.akamai.net
127.0.0.1 a82.g.akamai.net
127.0.0.1 a83.g.akamai.net
127.0.0.1 a84.g.akamai.net
127.0.0.1 a85.g.akamai.net
127.0.0.1 a86.g.akamai.net
127.0.0.1 a88.g.akamai.net
127.0.0.1 a89.g.akamai.net
127.0.0.1 a90.g.akamai.net
127.0.0.1 a91.g.akamai.net
127.0.0.1 a93.g.akamai.net
127.0.0.1 a94.g.akamai.net
127.0.0.1 a95.g.akamai.net
127.0.0.1 a96.g.akamai.net
127.0.0.1 a98.g.akamai.net
127.0.0.1 a99.g.akamai.net
127.0.0.1 a100.g.akamai.net
127.0.0.1 a100.g.akamaitech.net
127.0.0.1 a1028.g.akamai.net
127.0.0.1 a1040.g.akamai.net
127.0.0.1 a108.g.akamai.net
127.0.0.1 a1112.g.akamai.net
127.0.0.1 a1156.g.akamai.net
127.0.0.1 a1172.g.akamaitech.net
127.0.0.1 a1196.g.akamai.net
127.0.0.1 a1204.g.akamai.net
127.0.0.1 a1224.g.akamaitech.net
127.0.0.1 a1228.g.akamai.net
127.0.0.1 a1240.g.akamaitech.net
127.0.0.1 a1252.g.akamai.net
127.0.0.1 a1284.g.akamai.net
127.0.0.1 a1300.g.akamai.net
127.0.0.1 a1356.g.akamai.net
127.0.0.1 a1428.g.akamai.net
127.0.0.1 a1444.g.akamai.net
127.0.0.1 a1484.g.akamaitech.net
127.0.0.1 a1508.g.akamaitech.net
127.0.0.1 a1568.g.akamai.net
127.0.0.1 a1604.g.akamai.net
127.0.0.1 a1624.g.akamai.net
127.0.0.1 a164.g.akamaitech.net
127.0.0.1 a1656.g.akamaitech.net
127.0.0.1 a1732.g.akamaitech.net
127.0.0.1 a1780.g.akamai.net
127.0.0.1 a1800.g.akamai.net
127.0.0.1 a1868.g.akamai.net
127.0.0.1 a1879.g.ak.nbci.com
127.0.0.1 a1884.g.ak.playboy.com
127.0.0.1 a1884.g.akamai.net
127.0.0.1 a1896.g.akamaitech.net
127.0.0.1 a192-232-16-077.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-078.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-079.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-080.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-081.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-082.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-083.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-084.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-085.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-086.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-087.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-088.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-089.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-090.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-091.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-092.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-093.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-098.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-099.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-64.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-65.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-66.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-67.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-68.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-69.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-70.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-71.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-72.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-73.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-74.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-75.deploy.akamaitechnologies.com
127.0.0.1 a192-232-16-76.deploy.akamaitechnologies.com
127.0.0.1 a1944.g.akamai.net
127.0.0.1 a1964.g.akamaitech.net
127.0.0.1 a2.g.akamaitech.net
127.0.0.1 a2028.g.akamai.net
127.0.0.1 a204-176-7-193.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-194.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-195.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-196.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-197.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-198.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-199.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-200.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-201.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-202.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-203.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-204.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-205.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-206.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-207.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-208.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-209.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-210.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-211.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-212.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-213.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-214.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-215.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-216.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-217.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-218.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-219.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-220.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-221.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-222.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-223.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-224.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-225.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-226.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-227.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-228.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-229.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-230.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-231.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-232.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-233.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-234.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-235.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-236.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-237.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-238.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-239.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-240.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-241.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-242.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-243.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-244.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-245.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-246.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-247.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-248.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-249.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-250.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-251.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-252.deploy.akamaitechnologies.com
127.0.0.1 a204-176-7-253.deploy.akamaitechnologies.com
127.0.0.1 a204-178-107-225.deploy.akamaitechnologies.com
127.0.0.1 a204-178-107-226.deploy.akamaitechnologies.com
127.0.0.1 a204-178-107-227.deploy.akamaitechnologies.com
127.0.0.1 a204-178-107-233.deploy.akamaitechnologies.com
127.0.0.1 a204-178-107-234.deploy.akamaitechnologies.com
127.0.0.1 a204-178-107-235.deploy.akamaitechnologies.com
127.0.0.1 a204-178-107-236.deploy.akamaitechnologies.com
127.0.0.1 a204-178-107-239.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-1.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-10.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-11.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-12.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-13.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-14.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-16.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-17.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-18.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-19.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-2.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-20.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-21.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-22.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-23.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-24.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-25.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-26.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-27.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-28.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-29.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-3.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-33.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-34.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-35.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-36.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-37.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-38.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-39.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-4.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-40.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-41.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-42.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-43.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-44.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-45.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-46.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-47.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-48.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-49.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-5.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-50.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-51.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-52.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-53.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-54.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-55.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-56.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-57.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-58.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-59.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-6.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-60.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-61.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-65.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-66.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-67.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-68.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-69.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-70.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-73.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-74.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-75.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-76.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-77.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-78.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-79.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-80.deploy.akamaitechnologies.com
127.0.0.1 a204-178-110-9.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-100.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-101.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-102.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-103.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-104.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-105.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-106.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-107.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-108.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-109.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-110.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-111.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-112.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-113.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-114.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-115.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-116.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-129.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-130.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-131.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-132.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-133.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-134.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-135.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-136.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-137.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-138.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-139.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-140.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-141.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-142.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-143.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-144.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-145.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-146.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-147.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-148.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-149.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-150.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-151.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-152.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-153.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-154.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-155.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-156.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-157.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-161.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-162.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-163.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-164.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-165.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-166.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-167.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-168.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-169.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-170.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-171.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-172.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-173.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-174.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-175.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-176.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-193.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-194.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-195.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-196.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-197.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-198.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-199.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-200.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-201.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-202.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-203.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-204.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-205.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-206.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-207.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-208.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-33.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-34.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-35.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-36.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-38.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-41.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-42.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-43.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-44.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-45.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-46.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-47.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-48.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-49.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-54.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-55.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-56.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-57.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-58.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-59.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-60.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-61.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-65.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-66.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-67.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-68.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-69.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-70.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-71.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-72.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-73.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-74.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-75.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-76.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-77.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-78.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-79.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-80.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-81.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-82.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-83.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-84.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-85.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-86.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-87.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-88.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-89.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-90.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-91.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-92.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-93.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-97.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-98.deploy.akamaitechnologies.com
127.0.0.1 a204-178-123-99.deploy.akamaitechnologies.com
127.0.0.1 a206-191-161-51.deploy.akamaitechnologies.com
127.0.0.1 a216-32-60-140.deploy.akamaitechnologies.com
127.0.0.1 a216-37-32-45.deploy.akamaitechnologies.com
127.0.0.1 a216-52-135-133.deploy.akamaitechnologies.com
127.0.0.1 a248.g.akamai.net
127.0.0.1 a252.g.akamai.net
127.0.0.1 a284.g.akamai.net
127.0.0.1 a32.g.a.yimg.com
127.0.0.1 a332.g.akamai.net
127.0.0.1 a333.g.akamai.net
127.0.0.1 a338.g.akamai.net
127.0.0.1 a339.g.akamai.net
127.0.0.1 a352.g.akamaitech.net
127.0.0.1 a372.g.a.yimg.com
127.0.0.1 a372.g.akamai.net
127.0.0.1 a372.g.akamaitech.net
127.0.0.1 a388.g.akamai.net
127.0.0.1 a388.g.akamaitech.net
127.0.0.1 a4.g.akamaitech.net
127.0.0.1 a456.g.akamaitech.net
127.0.0.1 a516.g.akamaitech.net
127.0.0.1 a52.g.akamaitech.net
127.0.0.1 a552.g.akamai.net
127.0.0.1 a556.g.ak.nbci.com
127.0.0.1 a556.g.ak.snap.com
127.0.0.1 a600.g.akamaitech.net
127.0.0.1 a648.g.akamai.net
127.0.0.1 a676.g.akamai.net
127.0.0.1 a680.g.akamaitech.net
127.0.0.1 a692.g.akamai.net
127.0.0.1 a716.g.akamai.net
127.0.0.1 a76.g.ak.playboy.com
127.0.0.1 a772.g.akamai.net
127.0.0.1 a799.g.akamai.net
127.0.0.1 a8.g.akamaitech.net
127.0.0.1 a852.g.akamai.net
127.0.0.1 a868.x.akamai.net
127.0.0.1 a900.g.akamai.net
127.0.0.1 a932.g.akamai.net
127.0.0.1 akamai.net
127.0.0.1 akamaitech.net
127.0.0.1 a.r.tv.com
127.0.0.1 a1.g.a.yimg.com
127.0.0.1 br.yimg.com
127.0.0.1 brunnock.server.com
127.0.0.1 ccdev.mediaexchange.com
127.0.0.1 cgi.server.com
127.0.0.1 disc.server.com
127.0.0.1 dynamic.isyndicate.com
127.0.0.1 gs.cdnow.com
127.0.0.1 headlines.isyndicate.com
127.0.0.1 hitometer.netscape.com
127.0.0.1 images.paypal.com
127.0.0.1 images.real.com
127.0.0.1 img.techweb.com
127.0.0.1 img.web.de
127.0.0.1 mei.medianext.com
127.0.0.1 meibak.medianext.com
127.0.0.1 msdev.mediaexchange.com
127.0.0.1 ns.server.com
127.0.0.1 real.com
127.0.0.1 registration-server.com
127.0.0.1 router2.mediaexchange.com
127.0.0.1 server.com
127.0.0.1 sg.yimg.com
127.0.0.1 sitestatic.netscape.com
127.0.0.1 staging.mediaexchange.com
127.0.0.1 store1.yimg.com
127.0.0.1 u16931-gw.uunt.net
127.0.0.1 upi.mediaexchange.com
127.0.0.1 util.anonymizer.com
127.0.0.1 video.server.com
127.0.0.1 www.mediaexchange.com
127.0.0.1 www.server.com
127.0.0.1 www.verisign.com
127.0.0.1 www2.server.com
127.0.0.1 xch.mediaexchange.com
127.0.0.1 us.al.yimg.com
127.0.0.1 adcenter.scripps.com
127.0.0.1 counter.advancewebhosting.com
127.0.0.1 counters.honesty.com
127.0.0.1 ct5.hypercount.com
127.0.0.1 de.nedstat.net
127.0.0.1 hanky.imedia.net
127.0.0.1 lstat.susanin.com
127.0.0.1 spinbox.consumerreview.com
127.0.0.1 tracker.advancewebhosting.com
127.0.0.1 victory.cnn.com
127.0.0.1 icover.realmedia.com

-----------------
I'll be waiting :tazz:
Tony
  • 0

#10
Rawe
Posted 02 May 2005 - 05:34 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello again.
What I meant was that you should first restore hosts file to default, then post a fresh log from Ad-aware ;)
Though those seem to be safe entries..
Are you sure that you don't have any program which changes your hosts file?
Or are you sure you haven't added listings to your hosts file?
Post a fresh Ad-aware log from "Full system scan" here, and I'll take a look...

- Rawe :tazz:
  • 0

Advertisements

#11
TonyTTurner
Posted 02 May 2005 - 06:32 AM

TonyTTurner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Sorry 4 the confusion there...
-
Actually, I am not certain WHAT "effects" some of the downloaded programs could be having...
Do you have any "Forum postable" ideas and/or sites I could seek out for such matters? (That is, if it cannot be resolved here)
---------
Oh, I just went to Microsoft to download their "beta" version of Anti-Spyware, but I haven't Run it yet.
---------
Incidentally, I have AVG Free, Ad-Aware SE Personal, Spyware Blaster, CCleaner (which you recommended), HiJackThis, [TweakNow, & Spybot Search and Destroy (the last two (2), I'm almost Afraid to Run because I don't want to Delete something really Vital]
-
Without further delay, here's my latest Ad-Aware scan:
Tony :tazz:
------------------------------------------------------------------------

Ad-Aware SE Build 1.05
Logfile Created on:Monday, May 02, 2005 4:49:38 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt(TAC index:3):1 total references
Tracking Cookie(TAC index:3):5 total references
YourSiteBar(TAC index:6):8 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654


Memory + processor status:
==========================
Number of processors : 2
Processor architecture : Intel Pentium IV
Memory available:24 %
Total physical memory:490988 kb
Available physical memory:113872 kb
Total page file size:1149160 kb
Available on page file:851360 kb
Total virtual memory:2097024 kb
Available virtual memory:2032852 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-2-2005 4:49:38 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 500
ThreadCreationTime : 5-2-2005 11:37:05 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 548
ThreadCreationTime : 5-2-2005 11:37:07 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 572
ThreadCreationTime : 5-2-2005 11:37:07 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 616
ThreadCreationTime : 5-2-2005 11:37:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 628
ThreadCreationTime : 5-2-2005 11:37:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 792
ThreadCreationTime : 5-2-2005 11:37:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 840
ThreadCreationTime : 5-2-2005 11:37:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 932
ThreadCreationTime : 5-2-2005 11:37:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [incdsrv.exe]
ModuleName : C:\Program Files\Ahead\InCD\InCDsrv.exe
Command Line : "C:\Program Files\Ahead\InCD\InCDsrv.exe"
ProcessID : 952
ThreadCreationTime : 5-2-2005 11:37:09 AM
BasePriority : Normal
FileVersion : 4, 3, 11, 1
ProductVersion : 4, 3, 11, 1
ProductName : Nero AG incdsrv
CompanyName : Nero AG
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Nero AG
OriginalFilename : incdsrv.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k LocalService
ProcessID : 1076
ThreadCreationTime : 5-2-2005 11:37:10 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : C:\WINDOWS\system32\LEXBCES.EXE
ProcessID : 1216
ThreadCreationTime : 5-2-2005 11:37:11 AM
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1240
ThreadCreationTime : 5-2-2005 11:37:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : LEXPPS.EXE
ProcessID : 1248
ThreadCreationTime : 5-2-2005 11:37:11 AM
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:14 [aolacsd.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
Command Line : C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
ProcessID : 1396
ThreadCreationTime : 5-2-2005 11:37:18 AM
BasePriority : Normal


#:15 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
ProcessID : 1408
ThreadCreationTime : 5-2-2005 11:37:18 AM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:16 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
ProcessID : 1476
ThreadCreationTime : 5-2-2005 11:37:19 AM
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:17 [cisvc.exe]
ModuleName : C:\WINDOWS\system32\cisvc.exe
Command Line : C:\WINDOWS\system32\cisvc.exe
ProcessID : 1504
ThreadCreationTime : 5-2-2005 11:37:19 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:18 [lxrjd31s.exe]
ModuleName : C:\WINDOWS\system32\LxrJD31s.exe
Command Line : LxrJD31s.exe
ProcessID : 1540
ThreadCreationTime : 5-2-2005 11:37:19 AM
BasePriority : Normal


#:19 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
ProcessID : 1552
ThreadCreationTime : 5-2-2005 11:37:19 AM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:20 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1600
ThreadCreationTime : 5-2-2005 11:37:19 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:21 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1952
ThreadCreationTime : 5-2-2005 11:37:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:22 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 324
ThreadCreationTime : 5-2-2005 11:39:41 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:23 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : ctfmon.exe
ProcessID : 336
ThreadCreationTime : 5-2-2005 11:39:41 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:24 [p2p networking.exe]
ModuleName : C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
Command Line : "C:\WINDOWS\system32\P2P Networking\P2P Networking.exe" /AUTOSTART
ProcessID : 1496
ThreadCreationTime : 5-2-2005 11:39:47 AM
BasePriority : Normal
FileVersion : 1, 26, 0, 10
ProductVersion : 1, 26, 0, 10
ProductName : P2P Networking
CompanyName : Joltid Ltd.
FileDescription : P2P Networking
InternalName : P2P Networking
LegalCopyright : Copyright © 2001 - 2004 Joltid Ltd. All Rights Reserved.
LegalTrademarks : Joltid is a registered trademark of Joltid Ltd.
OriginalFilename : P2P Networking.exe

#:25 [itouch.exe]
ModuleName : C:\Program Files\Logitech\iTouch\iTouch.exe
Command Line : "C:\Program Files\Logitech\iTouch\iTouch.exe"
ProcessID : 1028
ThreadCreationTime : 5-2-2005 11:39:48 AM
BasePriority : Normal
FileVersion : 2.22.289
ProductVersion : 2.22.289
ProductName : iTouch
CompanyName : Logitech Inc.
FileDescription : iTouch Application
InternalName : iTouch
LegalCopyright : © 1998-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and iTouch® are registered trademarks of Logitech Inc.
OriginalFilename : iTouch.exe
Comments : Created by the iTouch team

#:26 [ybrwicon.exe]
ModuleName : C:\Program Files\Yahoo!\browser\ybrwicon.exe
Command Line : "C:\Program Files\Yahoo!\browser\ybrwicon.exe"
ProcessID : 1072
ThreadCreationTime : 5-2-2005 11:39:48 AM
BasePriority : Normal
FileVersion : 2003, 7, 11, 1
ProductVersion : 1, 0, 0, 1
ProductName : Yahoo!, Inc. YBrwIcon
CompanyName : Yahoo!, Inc.
FileDescription : YBrwIcon
InternalName : YBrwIcon
LegalCopyright : Copyright © 2003
OriginalFilename : YBrwIcon.exe

#:27 [soundman.exe]
ModuleName : C:\WINDOWS\SOUNDMAN.EXE
Command Line : "C:\WINDOWS\SOUNDMAN.EXE"
ProcessID : 1092
ThreadCreationTime : 5-2-2005 11:39:48 AM
BasePriority : Normal
FileVersion : 5.1.0.24
ProductVersion : 5.1.0.24
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001-2003 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager

#:28 [keyhook.exe]
ModuleName : C:\WINDOWS\system32\keyhook.exe
Command Line : "C:\WINDOWS\system32\keyhook.exe"
ProcessID : 1132
ThreadCreationTime : 5-2-2005 11:39:48 AM
BasePriority : Normal
FileVersion : 0.0.0.3570
ProductVersion : 0.0.0.3570
ProductName : SIS ® Compatible Super VGA keyboard daemon
CompanyName : Silicon Integrated Systems Corporation
FileDescription : SiS Compatible Super VGA Keyboard Daemon
InternalName : KEYHOOK 3.57.51
LegalCopyright : Copyright © Silicon Integrated Systems Corp. 1998-2004
OriginalFilename : KEYHOOK.EXE
Comments : SiS Compatible Super VGA Keyboard Daemon

#:29 [pdvdserv.exe]
ModuleName : C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
Command Line : "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
ProcessID : 1348
ThreadCreationTime : 5-2-2005 11:39:48 AM
BasePriority : Normal
FileVersion : 5.00.0000
ProductVersion : 5.00.0000
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright © CyberLink Corp. 1997-2002
OriginalFilename : PDVDSERV.EXE

#:30 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1620
ThreadCreationTime : 5-2-2005 11:39:48 AM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:31 [ycommon.exe]
ModuleName : C:\PROGRA~1\Yahoo!\browser\ycommon.exe
Command Line : C:\PROGRA~1\Yahoo!\browser\ycommon.exe -Embedding
ProcessID : 1656
ThreadCreationTime : 5-2-2005 11:39:49 AM
BasePriority : Normal
FileVersion : 2003, 9, 3, 1
ProductVersion : 1, 0, 0, 1
ProductName : YCommon Exe Module
CompanyName : Yahoo!, Inc.
FileDescription : YCommon Exe Module
InternalName : YCommonExe
LegalCopyright : Copyright 2003 Yahoo! Inc.
OriginalFilename : YCommon.EXE

#:32 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
ProcessID : 1528
ThreadCreationTime : 5-2-2005 11:39:50 AM
BasePriority : Normal


#:33 [msnve.exe]
ModuleName : C:\Program Files\MSN Video Enhanced\MSNVE.exe
Command Line : "C:\Program Files\MSN Video Enhanced\MSNVE.exe"
ProcessID : 632
ThreadCreationTime : 5-2-2005 11:39:50 AM
BasePriority : Normal
FileVersion : 1, 1, 3, 1
ProductVersion : 1, 1, 3, 1
ProductName : MSN Video Enhanced
CompanyName : Microsoft
FileDescription : MSN Video Enhanced
InternalName : MSN Video Enhanced
LegalCopyright : Copyright © 2003
OriginalFilename : MSNVE.exe

#:34 [mm_tray.exe]
ModuleName : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
Command Line : "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
ProcessID : 1716
ThreadCreationTime : 5-2-2005 11:39:50 AM
BasePriority : Normal
FileVersion : 9.00.0172
ProductVersion : 9.00.0172
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mm_tray.exe

#:35 [mmtask.exe]
ModuleName : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
Command Line : "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
ProcessID : 1928
ThreadCreationTime : 5-2-2005 11:39:50 AM
BasePriority : Normal
FileVersion : 9.0.0.1
ProductVersion : 9.0.0.1
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch Inc.
FileDescription : <Musicmatch System Tray Application>
InternalName : mmtask.exe
LegalCopyright : © Musicmatch Inc.. All rights reserved.
OriginalFilename : mmtask.exe

#:36 [x8impipe.exe]
ModuleName : C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
Command Line : "C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe"
ProcessID : 1948
ThreadCreationTime : 5-2-2005 11:39:50 AM
BasePriority : Normal
FileVersion : 1, 0, 3, 2
ProductVersion : 1, 0, 3, 2
ProductName : Excite Community Tools
CompanyName : The Excite Network, Inc.
FileDescription : Excite Community Tools
InternalName : x8IMPipe
LegalCopyright : Copyright © 2001, 2002, 2003
OriginalFilename : x8IMPipe.exe

#:37 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
ProcessID : 2052
ThreadCreationTime : 5-2-2005 11:39:50 AM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:38 [aoldial.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
ProcessID : 2072
ThreadCreationTime : 5-2-2005 11:39:50 AM
BasePriority : Normal
FileVersion : 2.0.20.1.US.1
ProductVersion : 2.0.20.1.US.1
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe

#:39 [aolsp scheduler.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
Command Line : "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
ProcessID : 2144
ThreadCreationTime : 5-2-2005 11:39:51 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 69
ProductVersion : 1, 0, 0, 69
ProductName : AOLSP Scheduler
FileDescription : AOLSP Scheduler
InternalName : AOLSP Scheduler
LegalCopyright : Copyright © America Online, Inc. 2004
OriginalFilename : AOLSP Scheduler.exe

#:40 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 2220
ThreadCreationTime : 5-2-2005 11:39:51 AM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:41 [em_exec.exe]
ModuleName : C:\Program Files\Logitech\MouseWare\system\em_exec.exe
Command Line : "C:\Program Files\Logitech\MouseWare\system\em_exec.exe"
ProcessID : 2280
ThreadCreationTime : 5-2-2005 11:39:51 AM
BasePriority : Normal
FileVersion : 9.79.019
ProductVersion : 9.79.019
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Events Handler Application
InternalName : Em_Exec
LegalCopyright : © 1987-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Em_Exec.exe
Comments : Created by the MouseWare team

#:42 [gnotify.exe]
ModuleName : C:\Program Files\Google\Gmail Notifier\gnotify.exe
Command Line : "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
ProcessID : 2288
ThreadCreationTime : 5-2-2005 11:39:51 AM
BasePriority : Normal
FileVersion : 1.0.24.0
ProductVersion : 1.0.24.0
ProductName : Gmail
CompanyName : Google Inc.
FileDescription : Gmail Notifier
LegalCopyright : Copyright © Google Inc. 2004
OriginalFilename : gnotify.exe

#:43 [picasamediadetector.exe]
ModuleName : C:\Program Files\Picasa2\PicasaMediaDetector.exe
Command Line : "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
ProcessID : 2296
ThreadCreationTime : 5-2-2005 11:39:51 AM
BasePriority : Normal


#:44 [incd.exe]
ModuleName : C:\Program Files\Ahead\InCD\InCD.exe
Command Line : "C:\Program Files\Ahead\InCD\InCD.exe"
ProcessID : 2320
ThreadCreationTime : 5-2-2005 11:39:52 AM
BasePriority : Normal
FileVersion : 4, 3, 11, 1
ProductVersion : 4, 3, 11, 1
ProductName : Nero AG InCD
CompanyName : Nero AG
FileDescription : InCD
InternalName : InCD
LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Nero AG
OriginalFilename : InCD.exe

#:45 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 2336
ThreadCreationTime : 5-2-2005 11:39:52 AM
BasePriority : Normal
FileVersion : 0.1.0.3249
ProductVersion : 0.1.0.3249
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:46 [avgemc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"
ProcessID : 2360
ThreadCreationTime : 5-2-2005 11:39:52 AM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:47 [2portalmon.exe]
ModuleName : C:\Program Files\2Wire\2PortalMon.exe
Command Line : "C:\Program Files\2Wire\2PortalMon.exe"
ProcessID : 2392
ThreadCreationTime : 5-2-2005 11:39:52 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : HomePortal Monitor Application
CompanyName : 2Wire, Inc.
FileDescription : HomePortal Monitor Application by 2Wire Engineering
InternalName : HomePortal Monitor
LegalCopyright : Copyright © 1999, 2000, 2001, 2wire, Inc. All Rights Reserved
LegalTrademarks : Copyright © 1999, 2000, 2001, 2wire, Inc. All Rights Reserved
OriginalFilename : HomePortal Monitor.EXE
Comments : HomePortal Monitor Application by 2Wire Engineering

#:48 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 2508
ThreadCreationTime : 5-2-2005 11:39:53 AM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:49 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 2520
ThreadCreationTime : 5-2-2005 11:39:53 AM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:50 [x8skplay.exe]
ModuleName : C:\Program Files\Excite\PrvtMsgr\bin\x8SkPlay.exe
Command Line : "C:\Program Files\Excite\PrvtMsgr\bin\x8SkPlay.exe" Notifier
ProcessID : 2540
ThreadCreationTime : 5-2-2005 11:39:54 AM
BasePriority : Normal
FileVersion : 1, 0, 3, 2
ProductVersion : 1, 0, 3, 2
ProductName : Excite Community Tools
CompanyName : The Excite Network, Inc.
FileDescription : Excite Skin Player
InternalName : x8SkPlay
LegalCopyright : Copyright © 2001, 2002, 2003
OriginalFilename : x8SkPlay.exe

#:51 [mssysmgr.exe]
ModuleName : C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
Command Line : "C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe"
ProcessID : 2588
ThreadCreationTime : 5-2-2005 11:39:54 AM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.1.0
ProductName : Nero PhotoShow Media Manager
CompanyName : Ahead Software
FileDescription : Nero PhotoShow Media Manager
LegalCopyright : Copyright © 2004 Ahead Software AG
OriginalFilename : mssysmgr.exe

#:52 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k imgsvc
ProcessID : 2604
ThreadCreationTime : 5-2-2005 11:39:55 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:53 [nclaunch.exe]
ModuleName : C:\WINDOWS\NCLAUNCH.EXe
Command Line : "C:\WINDOWS\NCLAUNCH.EXe"
ProcessID : 2780
ThreadCreationTime : 5-2-2005 11:39:55 AM
BasePriority : Normal
FileVersion : 2, 2, 0, 150
ProductVersion : 2, 2, 0, 150
ProductName : Northcode NCLaunch
CompanyName : Northcode Inc.
FileDescription : NCLaunch
InternalName : NCLaunch
LegalCopyright : Copyright © 2000-2004
LegalTrademarks : All Rights Reserved
OriginalFilename : NCLaunch.exe
Comments : File launcher used by SWF Studio screensavers on Windows NT, 2000 and XP

#:54 [answers.exe]
ModuleName : C:\Program Files\1-Click Answers\answers.exe
Command Line : "C:\Program Files\1-Click Answers\answers.exe"
ProcessID : 3212
ThreadCreationTime : 5-2-2005 11:39:58 AM
BasePriority : Normal
FileVersion : 1.0 (build 128)
ProductVersion : 1.0 (build 128)
ProductName : Answers
CompanyName : GuruNet Corporation
FileDescription : 1-Click Answers Client
InternalName : 1-Click Answers Client
LegalCopyright : Copyright © GuruNet Corporation 1999-2005
OriginalFilename : Answers.exe

#:55 [ymsgr_tray.exe]
ModuleName : C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
Command Line : "C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe" -ymsgr
ProcessID : 3728
ThreadCreationTime : 5-2-2005 11:40:00 AM
BasePriority : Normal


#:56 [agtserv.exe]
ModuleName : C:\PROGRA~1\COMMON~1\GURUNE~1\agtserv.exe
Command Line : C:\PROGRA~1\COMMON~1\GURUNE~1\agtserv.exe 66594
ProcessID : 3780
ThreadCreationTime : 5-2-2005 11:40:01 AM
BasePriority : Normal
FileVersion : 7.0 (build 128)
ProductVersion : 7.0 (build 128)
ProductName : ScreenScraper SDK
CompanyName : GuruNet Corporation
FileDescription : AgtServ main executable
InternalName : AgtServ
LegalCopyright : Copyright © GuruNet Corporation 1999-2005
OriginalFilename : AgtServ.exe

#:57 [virtuagirl2.exe]
ModuleName : C:\Program Files\Vg\VirtuaGirl2.exe
Command Line : "C:\Program Files\Vg\VirtuaGirl2.exe"
ProcessID : 3816
ThreadCreationTime : 5-2-2005 11:40:01 AM
BasePriority : Normal


#:58 [wmiprvse.exe]
ModuleName : C:\WINDOWS\system32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding
ProcessID : 2440
ThreadCreationTime : 5-2-2005 11:40:04 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:59 [ggviewer.exe]
ModuleName : C:\Program Files\Google\deskbar-0.5.95.0\ggviewer.exe
Command Line : "C:\Program Files\Google\deskbar-0.5.95.0\ggviewer.exe"
ProcessID : 2472
ThreadCreationTime : 5-2-2005 11:40:05 AM
BasePriority : Normal
FileVersion : 0, 5, 95, 0
ProductVersion : 0, 5, 95, 0
ProductName : Google Deskbar
CompanyName : Google
FileDescription : Google Deskbar
LegalCopyright : Copyright 2004 Google

#:60 [cidaemon.exe]
ModuleName : C:\WINDOWS\system32\cidaemon.exe
Command Line : "cidaemon.exe" DownLevelDaemon "c:\system volume information\catalog.wci" 196672l 1504l
ProcessID : 1180
ThreadCreationTime : 5-2-2005 11:44:47 AM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe

#:61 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 332
ThreadCreationTime : 5-2-2005 11:49:03 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

YourSiteBar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}

YourSiteBar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}
Value :

YourSiteBar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}

YourSiteBar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}
Value :

YourSiteBar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 5


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tony@hitbox[2].txt
Category : Data Miner
Comment : Hits:241
Value : Cookie:[email protected]/
Expires : 5-2-2006 3:11:32 AM
LastSync : Hits:241
UseCount : 0
Hits : 241

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tony@2o7[1].txt
Category : Data Miner
Comment : Hits:22
Value : Cookie:[email protected]/
Expires : 5-1-2010 3:14:58 AM
LastSync : Hits:22
UseCount : 0
Hits : 22

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tony@tripod[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 5-2-2006 1:41:38 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:[email protected]/
Expires : 5-2-2006 12:48:12 AM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:115
Value : Cookie:[email protected]/
Expires : 5-2-2006 3:11:32 AM
LastSync : Hits:115
UseCount : 0
Hits : 115

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 10



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

YourSiteBar Object Recognized!
Type : File
Data : A0008253.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{8C9B2068-F1AB-4DDE-93CC-69145A769CE1}\RP47\
FileVersion : 1, 2, 0, 4
ProductVersion : 1, 2, 0, 4
ProductName : YourSiteBar
FileDescription : YourSiteBar
InternalName : YourSiteBar
LegalCopyright : Copyright 2004
OriginalFilename : ysb.dll


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 11



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Forum windowspower.de - windows with iexplorer start.url
Category : Misc
Comment : Problematic URL discovered: http://216.239.39.10...l...GLD:en&sa=N
Object : C:\Documents and Settings\Tony\Favorites\HELP -TECH- & SUPPORT (MICROSOFT,MSN,OTHERS) 3\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

YourSiteBar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

YourSiteBar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar
Value : Locked

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 14

5:05:20 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:15:41.296
Objects scanned:192932
Objects identified:14
Objects ignored:0
New critical objects:14
  • 0

#12
Rawe
Posted 02 May 2005 - 06:39 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hosts file are at good condition now.
They have only 1 entry, and that is what it should be.
Good.
(Btw, SpyBot S&D doesn't remove anything vital..)
Wait a sec, I'll post my instructions, which you should do.
Note; don't get confused about that you have "allready" followed these instructions, because SahAgent needs to be removed always first, then the others...
But, let's try.
I'll post them in couple of secs...

- Rawe :tazz:
  • 0

#13
Rawe
Posted 02 May 2005 - 06:41 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
And here they are.

Ad-aware has found object(s) on your computer

If you chose to clean your computer from what Ad-aware found, follow these instructions below…

Make sure that you are using the * SE1R42 28.04.2005 * definition file.


Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.

Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);

Run CCleaner to help in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click Ok.

Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.

When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to any objects you wish to remove. Click next, Click Ok.

If problems are caused by deleting a family, just leave it.


Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Don't open any programs or connect to the internet at this time.

Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type.

Remember to post your fresh scanlog in THIS topic.

- Rawe :tazz:
  • 0

#14
TonyTTurner
Posted 02 May 2005 - 06:57 AM

TonyTTurner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Ok, Rawe, thanks for the info on Spybot S&D...And the Help.
BTW, can I Donate or something to your cause?
I work P/T at a Starbucks, and I'll bet lots of you ;) ToGo can use caffeine right?... :tazz:
But, SERIOUSLY, if I could donate something, funds, coffee, etc., please let me know, k? I mean it.
You all know how to reach me.

I'm out 4 now...
Tony
;)
  • 0

#15
Rawe
Posted 02 May 2005 - 07:09 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Actually, I don't want any donations. ;)
If you want to give donation...
You can consider giving a donation to Merijn, the creator of HiJackThis.
You can do it Here if you wish :)

- Rawe :tazz:

(And another thing, follow my latest removal instructions and post your log here, I'll take a look.. ;) )
  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP