Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack this log + smitfiles + Ad-aware log


  • Please log in to reply

#1
hesham

hesham

    New Member

  • Member
  • Pip
  • 2 posts
Hi,
I've tried all the steps as explained in the Spyaxe,winhood etc... removal instructions. However the system is still giving me pop ups to" download Anty spyware" and " your system is infected....etc "...
as advised hereunder the "Hijack this log" And "Smitfiles log" And "Ad-aware log" ...
I am not bale to run online Panda active scan !! (don't know why) !...everytime it gives me a blank window and nothing start.
also I'd run Norton anti virus 2008 and it gives me "no infected files".

Thanks in advance for your support and quick reply.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:46:43, on 27/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\ProgramData\eovfnsqm\jelgfopm.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\ProgramData\pwnkrobi\fwjmzaby.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [eovfnsqm] C:\ProgramData\eovfnsqm\jelgfopm.exe
O4 - HKCU\..\Run: [xXf2UQgaW7] C:\ProgramData\pwnkrobi\fwjmzaby.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10589 bytes



smitRem © log file
version 3.2

by noahdfear


Microsoft Windows [Version 6.0.6000]
"IE"="7.0000"
The current date is: 26/03/2008
The current time is: 22:22:21,41

Running from
C:\Users\helwakil\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Appinitdll check ........ Thank you Grinler!

dumphive.exe ©2000-2004 Markus Stephany
REGEDIT4

[Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000
"IconServiceLib"="IconCodecService.dll"
"DdeSendTimeout"=dword:00000000
"DesktopHeapLogging"=dword:00000001
"GDIProcessHandleQuota"=dword:00002710
"ShutdownWarningDialogTimeout"=dword:ffffffff
"USERPostMessageLimit"=dword:00002710
"USERProcessHandleQuota"=dword:00002710
@="mnmsrvc"
"DeviceNotSelectedTimeout"="15"
"Spooler"="yes"
"TransmissionRetryTimeout"="90"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present
VirusBurst uninstaller NOT present
BraveSentry uninstaller NOT present
AntiVermins uninstaller NOT present
VirusBursters uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

amcompat.tlb
logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1284 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

amcompat.tlb
logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~



~~~ Wininet.dll ~~~

CLEAN! :)




Ad-Aware 2007 Build
Log File Created on: 2008-03-26 22:57:02
Using Definitions File: C:\ProgramData\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name: HELWAKIL-PC
Name of user performing scan: SYSTEM

System information
===========================
Number of processors: 2
Processor type: Intel® Core™2 Duo CPU T7500 @ 2.20GHz
Memory Available: 67%
Total Physical Memory: 2145189888 Bytes
Available Physical Memory: 1424252928 Bytes
Total Page File Size: 4520861696 Bytes
Available On Page File: 3965927424 Bytes
Total Virtual Memory: 2147352576 Bytes
Available Virtual Memory: 1962225664 Bytes
OS: Microsoft Windows Vista (Build 6000)

Ad-Aware 2007 Settings
===========================
Skipping files larger than 1048576 kB
Ignoring infections with lower TAI than: 3


Extended Ad-Aware 2007 Settings
===========================
Unloading known modules during scan
Ignoring spanned files when scanning cab archives
Reanalyzing results after scanning before displaying results
Trying to unload modules prior to removal
Let Windows remove files currently in use at next reboot
Removing quarantined objects after restore
Deactivating Ad-Watch during scans
Writeprotecting system files after repairs
Include info about ignored objects in log file
Including basic settings in log file
Including advanced settings in log file
Including user and computer name in log file
Create and save WebUpdate log file

Databaseinfo
===========================
Version number: 64
Build Number: 0
Build Date and Time: 2008/03/25 11:52:38

Scan Statistics
===========================
Method: Full
Scan tracking cookies.............................: On
Scan ADS filestreams..............................: Off

Item Scanned: 453230
Infections Detected: 190
Infections Ignored: 0

Scan detailed statistics
===========================
Type Critical Total
Process Scan....: 0 0
Registry Scan...: 8 8
Registry PE Scan: 0 0
Hosts File Scan.: 0 0
File Scan.......: 0 0
Folder Scan.....: 0 0
LSP Scan........: 0 0
ADS Scan........: 0 0
Cookie Scan.....: 182 182
File Hash Scan..: 0 0

Infections Found
===========================
Family Id: 265 Name: CoolWebSearch Category: Malware TAI:10
Item Id: 300006366 Value: Root: HKU Path: S-1-5-21-3722661146-2297184255-2570840921-1000_Classes\clsid\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c}
Item Id: 300007092 Value: Root: HKU Path: S-1-5-21-3722661146-2297184255-2570840921-1000\software\microsoft\windows\currentversion\policies\system Value: NoDispBackgroundPage
Item Id: 300007093 Value: Root: HKU Path: S-1-5-21-3722661146-2297184255-2570840921-1000\software\microsoft\windows\currentversion\policies\system Value: NoDispAppearancePage
Family Id: 404 Name: Holystic-Dialer Category: Malware TAI:5
Item Id: 300009969 Value: Root: HKU Path: S-1-5-21-3722661146-2297184255-2570840921-1000_Classes\clsid\{0b682cc1-fb40-4006-a5dd-99edd3c9095d}
Item Id: 300009970 Value: Root: HKU Path: S-1-5-21-3722661146-2297184255-2570840921-1000_Classes\hol5_vxiewer.full.1
Family Id: 435 Name: InternetDelivery Category: DataMiner TAI:5
Item Id: 300010609 Value: Root: HKU Path: S-1-5-21-3722661146-2297184255-2570840921-1000\software\inet delivery
Family Id: 437 Name: Invictus MediaUpdate Category: DataMiner TAI:6
Item Id: 300010623 Value: Root: HKU Path: S-1-5-21-3722661146-2297184255-2570840921-1000_Classes\clsid\{b8c0220d-763d-49a4-95f4-61dfdec66ee6}
Item Id: 300010627 Value: Root: HKU Path: S-1-5-21-3722661146-2297184255-2570840921-1000\software\invictus
Family Id: 725 Name: Tracking Cookie Category: DataMiner TAI:3
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat ad.yieldmanager.com uid /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat ad.yieldmanager.com vuday1 /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat ad.yieldmanager.com ih /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat ad.yieldmanager.com bh /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat ad.yieldmanager.com liday1 /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat ad.yieldmanager.com crfb /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat ad.yieldmanager.com fl_inst /
Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat serving-sys.com U /
Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat serving-sys.com A2 /
Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat serving-sys.com B2 /
Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat serving-sys.com C3 /
Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat serving-sys.com D3 /
Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat serving-sys.com E2 /
Item Id: 600000171 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat bs.serving-sys.com eyeblaster /
Item Id: 600000179 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat atdmt.com AA002 /
Item Id: 600000187 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat advertising.com ACID /
Item Id: 600000187 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat advertising.com F1 /
Item Id: 600000144 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat doubleclick.net id /
Item Id: 600000225 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat weborama.fr AFFICHE_W /
Item Id: 600000225 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat weborama.fr wous /
Item Id: 600000225 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat weborama.fr wous_c /
Item Id: 600000225 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat weborama.fr aimfarcapping /
Item Id: 600000263 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat mediaplex.com svid /
Item Id: 600000144 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat doubleclick.net id /
Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat msnaccountservices.112.2o7.net s_vi /
Item Id: 600000083 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat real.com RNsites /
Item Id: 600000083 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat real.com geoloc /
Item Id: 600000083 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat real.com locin /
Item Id: 600000083 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat real.com __utma /
Item Id: 600000083 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat real.com __utmz /
Item Id: 600000179 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat atdmt.com AA002 /
Item Id: 600000138 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat fastclick.net pjw /
Item Id: 600000138 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat fastclick.net pluto /
Item Id: 600000138 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat fastclick.net adv_ic /
Item Id: 600000138 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat fastclick.net pop /
Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat pandasoftware.112.2o7.net s_vi /
Item Id: 600000001 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat smartadserver.com pbwmaj /
Item Id: 600000101 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat overture.com CMUserData /
Item Id: 600000083 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat 247realmedia.com RMID /
Item Id: 600000083 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat 247realmedia.com ingban /
Item Id: 600000187 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat advertising.com ACID /
Item Id: 600000187 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat advertising.com BASE /
Item Id: 600000187 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat advertising.com ROLL /
Item Id: 600000187 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat advertising.com F1 /
Item Id: 600000187 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat advertising.com C2 /
Item Id: 600000083 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat ads.realtechnetwork.net ajess1_4DF8CAAF679B8214949218ED /
Item Id: 600000083 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat ads.realtechnetwork.net ajcmp /
Item Id: 600000083 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat ads.realtechnetwork.net ajdotomin1 /
Item Id: 600000083 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat ads.realtechnetwork.net ajefc /
Item Id: 600000142 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat nl.sitestat.com s1 /ovr/ovr/
Item Id: 600000142 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat www4.addfreestats.com NC1U /cgi-bin
Item Id: 600000661 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat kontera.com cluid /
Item Id: 600000661 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat kontera.com imprs /
Item Id: 600000447 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat apmebf.com S /
Item Id: 600000513 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat adbrite.com Apache /
Item Id: 600000513 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat adbrite.com b /
Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat metacafe.122.2o7.net s_vi /
Item Id: 600000190 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat www.googleadservices.com Conversion /pagead/conversion/1066105921/
Item Id: 600000000 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat zedo.com ZEDOIDA /
Item Id: 600000142 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat estat.com e /
Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat hansenet.122.2o7.net s_vi /
Item Id: 600000173 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat bluestreak.com id /
Item Id: 600000412 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat searchportal.information.com ident /
Item Id: 600000412 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat searchportal.information.com song46arab.com /
Item Id: 600000412 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat searchportal.information.com Spusr /
Item Id: 600000434 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat casalemedia.com CMID /
Item Id: 600000434 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat casalemedia.com CMPS /
Item Id: 600000434 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat casalemedia.com CMPP /
Item Id: 600000434 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat casalemedia.com CMX4 /
Item Id: 600000434 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat casalemedia.com CMX1 /
Item Id: 600000434 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat casalemedia.com CMS /
Item Id: 600000434 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat casalemedia.com CMX2 /
Item Id: 600000416 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat revenue.net Train0 /
Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat msnportal.112.2o7.net s_vi /
Item Id: 600000001 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat adserver.adremedy.com JEB2 /
Item Id: 600000083 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat realtechnetwork.net u /
Item Id: 600000225 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat weborama.fr AFFICHE_W /
Item Id: 600000126 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat hitbox.com CTG /
Item Id: 600000126 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat hitbox.com WSS_GW /
Item Id: 600000126 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat ehg-adversitement.hitbox.com DM531208K4ZDV6 /
Item Id: 600000126 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat ehg-adversitement.hitbox.com DM570603NIMFV6 /
Item Id: 600000201 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat adrevolver.com prefs /
Item Id: 600000201 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat adrevolver.com prefs2 /
Item Id: 600000045 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat wl.webads.nl wlid /
Item Id: 600000045 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat wl.webads.nl wlrcmd /
Item Id: 600000420 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat partypoker.com PPID /
Item Id: 600000420 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat partypoker.com PPWMID /
Item Id: 600000142 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat www6.addfreestats.com NC1U /cgi-bin
Item Id: 600000385 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat www.zango.com SaneID /
Item Id: 600000363 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat fl01.ct2.comclick.com comTrackIdSurfeur /
Item Id: 600000363 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat fl01.ct2.comclick.com CKA /
Item Id: 600000363 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat fl01.ct2.comclick.com CKA_SIZE /
Item Id: 600000050 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat tribalfusion.com ANON_ID /
Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat partygaming.122.2o7.net s_vi /
Item Id: 600000089 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat pro-market.net anProfile /
Item Id: 600000089 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat pro-market.net anHistory /
Item Id: 600000142 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat nl.sitestat.com s1 /venw/venw/
Item Id: 600000093 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat ads.pointroll.com PRID /
Item Id: 600000093 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat ads.pointroll.com PRimp /
Item Id: 600000093 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat ads.pointroll.com PRca /
Item Id: 600000093 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat ads.pointroll.com PRcp /
Item Id: 600000093 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat ads.pointroll.com PRpl /
Item Id: 600000093 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat ads.pointroll.com PRcr /
Item Id: 600000093 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat ads.pointroll.com PRpc /
Item Id: 600000093 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat ads.pointroll.com PRev1592.22083 /
Item Id: 600000225 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat argenius.solution.weborama.fr _adpe /
Item Id: 600000225 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat argenius.solution.weborama.fr _adpp /
Item Id: 600000225 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat argenius.solution.weborama.fr _adpcr /
Item Id: 600000225 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat argenius.solution.weborama.fr _adpc /
Item Id: 600000171 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat bs.serving-sys.com eyeblaster /
Item Id: 600000045 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat webads.nl WebAdsP3P20031217 /
Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat divx.112.2o7.net s_vi /
Item Id: 600000476 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat statcounter.com session_3455161 /
Item Id: 600000476 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat statcounter.com session_1953821 /
Item Id: 600000476 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat statcounter.com session_3336085 /
Item Id: 600000476 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat statcounter.com session_2424768 /
Item Id: 600000476 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat statcounter.com session_3308419 /
Item Id: 600000415 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat revsci.net NETID01 /
Item Id: 600000415 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat revsci.net NETSEGS_K05540 /
Item Id: 600000415 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat revsci.net NETSEGS_G07609 /
Item Id: 600000415 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat revsci.net rsi_cls_1000000 /
Item Id: 600000415 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat revsci.net rsi_segs_1000000 /
Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat 2o7.net s_vi_hkghdx7Bfge /
Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat 2o7.net s_vi_igdx7Fxxaky /
Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat 2o7.net s_vi_gijupe /
Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat 2o7.net s_vi_igdx7Ealmg /
Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat 2o7.net s_vi_hfex7Dx7Bx7Cx7Flf /
Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat 2o7.net s_vi_x7Cbx7Fx7Ctcrdbeprx60acx7Eu /
Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat 2o7.net s_vi_fx60lnpbb /
Item Id: 600000085 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat questionmarket.com ES /
Item Id: 600000085 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat questionmarket.com CS1 /
Item Id: 600000085 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat questionmarket.com LP /
Item Id: 600000142 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat www7.addfreestats.com NC1U /cgi-bin
Item Id: 600000523 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat webstat.net webstat[18521] /
Item Id: 600000269 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat hotlog.ru ID /
Item Id: 600000234 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat tradedoubler.com TD_POOL /
Item Id: 600000234 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat tradedoubler.com TD_UNIQUE_IMP /
Item Id: 600000234 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat tradedoubler.com TD_PIC /
Item Id: 600000523 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat m1.webstats.motigo.com w4u_tp /
Item Id: 600000557 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat myfreepaysite.com __utma /
Item Id: 600000557 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat myfreepaysite.com __utmb /
Item Id: 600000557 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat myfreepaysite.com __utmz /
Item Id: 600000142 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat www8.addfreestats.com NC1U /cgi-bin
Item Id: 600000449 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat adultfriendfinder.com ffadult_tr /
Item Id: 600000449 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat adultfriendfinder.com HISTORY /
Item Id: 600000449 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat adultfriendfinder.com __utma /
Item Id: 600000449 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat adultfriendfinder.com __utmz /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat ad.yieldmanager.com uid /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat ad.yieldmanager.com vuday1 /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat ad.yieldmanager.com ih /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat ad.yieldmanager.com bh /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat ad.yieldmanager.com liday1 /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat ad.yieldmanager.com fl_inst /
Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat serving-sys.com U /
Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat serving-sys.com A2 /
Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat serving-sys.com B2 /
Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat serving-sys.com C3 /
Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat serving-sys.com D3 /
Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat serving-sys.com E2 /
Item Id: 600000068 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat statse.webtrendslive.com ACOOKIE /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\Cookies\index.dat ad.yieldmanager.com uid /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\Cookies\index.dat ad.yieldmanager.com vuday1 /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\Cookies\index.dat ad.yieldmanager.com ih /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\Cookies\index.dat ad.yieldmanager.com bh /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\Cookies\index.dat ad.yieldmanager.com liday1 /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\Cookies\index.dat ad.yieldmanager.com crfb /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\Cookies\index.dat ad.yieldmanager.com fl_inst /
Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\Cookies\index.dat serving-sys.com U /
Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\Cookies\index.dat serving-sys.com A2 /
Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\Cookies\index.dat serving-sys.com B2 /
Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\Cookies\index.dat serving-sys.com C3 /
Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\Cookies\index.dat serving-sys.com D3 /
Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\Cookies\index.dat serving-sys.com E2 /
Item Id: 600000171 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\Cookies\index.dat bs.serving-sys.com eyeblaster /
Item Id: 600000179 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\Cookies\index.dat atdmt.com AA002 /
Item Id: 600000187 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\Cookies\index.dat advertising.com ACID /
Item Id: 600000187 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\Cookies\index.dat advertising.com F1 /
Item Id: 600000144 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\Cookies\index.dat doubleclick.net id /
Item Id: 600000225 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\Cookies\index.dat weborama.fr AFFICHE_W /
Item Id: 600000225 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\Cookies\index.dat weborama.fr wous /
Item Id: 600000225 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\Cookies\index.dat weborama.fr wous_c /
Item Id: 600000225 Value: Browser: Internet Explorer Cookie: C:\Users\helwakil\Cookies\index.dat weborama.fr aimfarcapping /

Items Ignored During Scan
===========================


Listing of running processes
===========================
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WININIT.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\LSM.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AD-AWARE2007.EXE
End of Scan Section
===========================

Quarantined Infections
===========================
Root: HKU Path: S-1-5-21-3722661146-2297184255-2570840921-1000_Classes\clsid\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} belonging to CoolWebSearch
Root: HKU Path: S-1-5-21-3722661146-2297184255-2570840921-1000\software\microsoft\windows\currentversion\policies\system Value: NoDispBackgroundPage belonging to CoolWebSearch
Root: HKU Path: S-1-5-21-3722661146-2297184255-2570840921-1000\software\microsoft\windows\currentversion\policies\system Value: NoDispAppearancePage belonging to CoolWebSearch
Root: HKU Path: S-1-5-21-3722661146-2297184255-2570840921-1000_Classes\clsid\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} belonging to Holystic-Dialer
Root: HKU Path: S-1-5-21-3722661146-2297184255-2570840921-1000_Classes\hol5_vxiewer.full.1 belonging to Holystic-Dialer
Root: HKU Path: S-1-5-21-3722661146-2297184255-2570840921-1000\software\inet delivery belonging to InternetDelivery
Root: HKU Path: S-1-5-21-3722661146-2297184255-2570840921-1000_Classes\clsid\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} belonging to Invictus MediaUpdate
Root: HKU Path: S-1-5-21-3722661146-2297184255-2570840921-1000\software\invictus belonging to Invictus MediaUpdate
Root: HKU Path: S-1-5-21-3722661146-2297184255-2570840921-1000_Classes\clsid\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c}, Belonging to CoolWebSearch
Root: HKU Path: S-1-5-21-3722661146-2297184255-2570840921-1000\software\microsoft\windows\currentversion\policies\system Value: NoDispBackgroundPage, Belonging to CoolWebSearch
Root: HKU Path: S-1-5-21-3722661146-2297184255-2570840921-1000\software\microsoft\windows\currentversion\policies\system Value: NoDispAppearancePage, Belonging to CoolWebSearch
Root: HKU Path: S-1-5-21-3722661146-22971
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP