Lavasoft Support Forums > Getting Rid Of Video Access Activex Object

regindr

Mar 23 2007, 07:10 AM

I need help deleting this folder and it's contents. I've tried deleting myself, but it wouldn't allow me. There was a "warningiepage" on my internet browser and i've figured out how to get rid of it, but the folder is still there and I can't get access to my email and some websites. At first I tried to follow what another post suggested, but thought that it would be wise to ask specifically for my PC. So if someone can please help me soon (I first got this problem this Tuesday), I would GREATLY appreciate it. Thanks. (:

HJThis

Mar 23 2007, 08:03 PM

Hello,regindr & Welcome

The best way for I we can help you is to show us both an updated Ad-Aware Se logfile and HijackThis logfile

Please run full scans with Ad-Aware SE and Spybot-S&D as follows:
(If you already have Ad-Aware SE 1.06 and Spybot 1.4 installed, you can skip the installation steps. If you don't, please uninstall your old versions and install the new ones from the links below.)

Full Ad-Aware Scan
Please download Ad-Aware SE from here:
http://www.majorgeeks.com/download506.html
Install Ad-Aware and run it. In the bottom-right hand corner, click "Check for updates now". Click "Connect" to download the newest reference file.

Now we will configure Ad-Aware to perform a full scan. In the Ad-Aware main window, click on the gear icon at the top of the screen to open the preferences window. In the "General" window, make sure the following options are selected:
1) Automatically save log-file
2) Automatically quarantine objects prior to removal
3) Safe Mode (always request confirmation)

Click the "Scanning" button on the left-hand side and make sure the following options are selected:
1) Scan within archives
2) Scan active processes
3) Scan registry
4) Deep scan registry
4) Scan my IE Favorites for banned URLs
5) Scan my Hosts file

Please also click on "Select drives & folders to scan" and select your hard drive(s). Then click the "Advanced" button on the left-hand side and make sure all the options under "Log-file Detail Level" are selected. Next, click the "Tweak" button on the left-hand side. Click on "Scanning Engine" and make sure the following options are selected:
1) Unload recognized processes & modules during scanning
2) Obtain command line of scanned processes
3) Scan registry for all users instead of current user only

Click on "Cleaning Engine" and make sure the following options are selected:
1) Always try to unload modules before deletion
2) During removal, unload Explorer and IE if necessary
3) Let Windows remove files in use at next reboot
4) Delete quarantined objects after restoring

Finally, click on "Safety Settings" and make sure the following options are selected:
1) Automatically select problematic objects in results lists
2) Write-protect system files after repair (Hosts file, etc)

Click on "Proceed" to save the preferences. Then please click the "Start" button on the bottom right side to begin a scan. Select "Use custom scanning options" and then click "Next". Ad-Aware will then scan for malware. When it is finished, make sure any objects listed in RED are selected and click "Next" to remove the objects. Then please restart your computer.

------------------------

When the scan has completed, click "Show Logfile". Copy/paste the complete log file in a thread of your own. Do not quarantine or remove anything at this time, just post a complete logfile. This sometimes takes 2-3 posts to get it all posted. You will know you are at the end when you see the "Summary of this scan" information has been posted.

------------------------

Please goto this site here and download the HijackThis Executable
http://www.trendsecure.com/portal/en-US/th...hijackthis.php#

NOTE: This is in beta version

Also

System requirements:

Operating System:

* Microsoftâ„¢ Windowsâ„¢ XP

* Microsoftâ„¢ Windowsâ„¢ 2000

*May require Visual Basic Runtime Libraries available from Microsoft here

Software:

* Microsoftâ„¢ Internet Explorer 7.0

* Microsoftâ„¢ Internet Explorer 6.0

* Mozillaâ„¢ Firefoxâ„¢ 1.5 or higher

Gogo

regindr

Mar 24 2007, 11:54 PM

here is the logfile from the ad_aware program. i think i did it right, except i wasn't sure if i was to get the logfile before restarting my pc, or to scan my pc again after the restart and scan again. but here if the logfile from before the restart:

Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, March 24, 2007 1:36:49 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R162 21.03.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):2 total references
MRU List(TAC index:0):61 total references
PestCapture(TAC index:5):1 total references
SpyLocked(TAC index:3):18 total references
Tracking Cookie(TAC index:3):136 total references
UCmore(TAC index:3):3 total references
Win32.Trojandownloader.Zlob(TAC index:10):5 total references
WindUpdates(TAC index:8):3 total references
Zango(TAC index:4):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R148 29.01.2007
Internal build : 185
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 963760 Bytes
Total size : 3144285 Bytes
Signature data size : 3094358 Bytes
Reference data size : 49415 Bytes
Signatures total : 83473
CSI Fingerprints total : 5528
CSI data size : 258028 Bytes
Target categories : 15
Target families : 1022

3-24-2007 1:02:21 PM Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R162 21.03.2007
Internal build : 202
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 1071291 Bytes
Total size : 3495467 Bytes
Signature data size : 3454955 Bytes
Reference data size : 40000 Bytes
Signatures total : 91752
CSI Fingerprints total : 6519
CSI data size : 323384 Bytes
Target categories : 15
Target families : 1078

3-24-2007 1:03:00 PM Success
Update successfully downloaded and installed.

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:34 %
Total physical memory:260400 kb
Available physical memory:87120 kb
Total page file size:640752 kb
Available on page file:230704 kb
Total virtual memory:2097024 kb
Available virtual memory:2018524 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

3-24-2007 1:36:49 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 320
ThreadCreationTime : 3-24-2007 5:40:30 PM
BasePriority : Normal

#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 376
ThreadCreationTime : 3-24-2007 5:40:33 PM
BasePriority : Normal

#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 400
ThreadCreationTime : 3-24-2007 5:40:34 PM
BasePriority : High

#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 444
ThreadCreationTime : 3-24-2007 5:40:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 456
ThreadCreationTime : 3-24-2007 5:40:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 620
ThreadCreationTime : 3-24-2007 5:40:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 664
ThreadCreationTime : 3-24-2007 5:40:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 704
ThreadCreationTime : 3-24-2007 5:40:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 848
ThreadCreationTime : 3-24-2007 5:40:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 880
ThreadCreationTime : 3-24-2007 5:40:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1012
ThreadCreationTime : 3-24-2007 5:40:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [guard.exe]
ModuleName : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Command Line : "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"
ProcessID : 1104
ThreadCreationTime : 3-24-2007 5:40:44 PM
BasePriority : Normal
FileVersion : 7, 5, 0, 47
ProductVersion : 7, 5, 0, 47
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware guard
InternalName : AVG Anti-Spyware guard
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : guard.exe

#:13 [kodakccs.exe]
ModuleName : C:\WINDOWS\system32\drivers\KodakCCS.exe
Command Line : C:\WINDOWS\system32\drivers\KodakCCS.exe
ProcessID : 1140
ThreadCreationTime : 3-24-2007 5:40:44 PM
BasePriority : Normal
FileVersion : 1.1.5100.4
ProductVersion : 4.4.0.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : KodakCCS.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2004
OriginalFilename : DcFsSvc.exe

#:14 [hwapi.exe]
ModuleName : C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
Command Line : "C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe"
ProcessID : 1172
ThreadCreationTime : 3-24-2007 5:40:44 PM
BasePriority : Normal
FileVersion : 8.1.105.0
ProductVersion : 8.1.105.0
ProductName : McAfee HackerWatch Service
CompanyName : McAfee, Inc.
FileDescription : McAfee HackerWatch Service
LegalCopyright : © McAfee, Inc. All rights reserved.
OriginalFilename : HWAPI.exe

#:15 [mclogsrv.exe]
ModuleName : C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
Command Line : C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
ProcessID : 1216
ThreadCreationTime : 3-24-2007 5:40:44 PM
BasePriority : Normal
FileVersion : 7,1,131,0
ProductVersion : 7,1,0,0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc.
FileDescription : MSC Log Manager
InternalName : mclogsrv
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : mclogsrv.exe

#:16 [mcupdmgr.exe]
ModuleName : C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
Command Line : C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
ProcessID : 1236
ThreadCreationTime : 3-24-2007 5:40:45 PM
BasePriority : Normal
FileVersion : 7,1,137,0
ProductVersion : 7,1,0,0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc.
FileDescription : McAfee Update Manager Service
InternalName : mcupdmgr
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : mcupdmgr.exe

#:17 [mcnasvc.exe]
ModuleName : c:\program files\common files\mcafee\mna\mcnasvc.exe
Command Line : "c:\program files\common files\mcafee\mna\mcnasvc.exe"
ProcessID : 1252
ThreadCreationTime : 3-24-2007 5:40:45 PM
BasePriority : Normal
FileVersion : 1,1,110,0
ProductVersion : 1,1,0,0
ProductName : McAfee Integrated Security Platform
CompanyName : McAfee, Inc.
FileDescription : McAfee Network Agent
InternalName : McNASvc
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : McNASvc.exe

#:18 [mcods.exe]
ModuleName : C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
Command Line : C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
ProcessID : 1280
ThreadCreationTime : 3-24-2007 5:40:46 PM
BasePriority : Normal
FileVersion : 11,1,124,0
ProductVersion : 11,1,0,0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan - On Demand Scan
InternalName : mcods.exe
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : mcods.exe

#:19 [mcpromgr.exe]
ModuleName : C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
Command Line : C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
ProcessID : 1308
ThreadCreationTime : 3-24-2007 5:40:46 PM
BasePriority : Normal
FileVersion : 7,1,131,0
ProductVersion : 7,1,0,0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc.
FileDescription : McAfee Integrated Security Platform
InternalName : McProMgr
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : McProMgr.exe

#:20 [mcproxy.exe]
ModuleName : c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
Command Line : c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
ProcessID : 1388
ThreadCreationTime : 3-24-2007 5:40:47 PM
BasePriority : Normal
FileVersion : 1,1,118,0
ProductVersion : 1,1,0,0
ProductName : McAfee Proxy
CompanyName : McAfee, Inc.
FileDescription : McAfee Proxy Service Module
InternalName : McProxy
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : McProxy.exe
Comments : McAfee Proxy Service

#:21 [redirsvc.exe]
ModuleName : c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
Command Line : c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
ProcessID : 1456
ThreadCreationTime : 3-24-2007 5:40:47 PM
BasePriority : Normal
FileVersion : 1,1,116,0
ProductVersion : 1,1,0,0
ProductName : McAfee Redirector
CompanyName : McAfee, Inc.
FileDescription : McAfee Redirector Service Module
InternalName : McRedirector
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : RedirSvc.exe
Comments : McAfee Redirector Service

#:22 [mcshield.exe]
ModuleName : C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
Command Line : C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
ProcessID : 1496
ThreadCreationTime : 3-24-2007 5:40:48 PM
BasePriority : High

#:23 [mcsysmon.exe]
ModuleName : C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
Command Line : C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
ProcessID : 1624
ThreadCreationTime : 3-24-2007 5:40:53 PM
BasePriority : Normal
FileVersion : 11,1,130,0
ProductVersion : 11,1,0,0
ProductName : McAfee VirusScan API
CompanyName : McAfee, Inc.
FileDescription : McAfee SystemGuards Service
InternalName : sysmon
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : sysmon.exe

#:24 [mctskshd.exe]
ModuleName : C:\PROGRA~1\McAfee\MSC\mctskshd.exe
Command Line : C:\PROGRA~1\McAfee\MSC\mctskshd.exe
ProcessID : 1672
ThreadCreationTime : 3-24-2007 5:40:54 PM
BasePriority : Normal
FileVersion : 7,1,133,0
ProductVersion : 7,1,0,0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc.
FileDescription : McAfee Tqsk Scheduler
InternalName : McTskShd
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : mctskshd.exe

#:25 [mcusrmgr.exe]
ModuleName : C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
Command Line : C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
ProcessID : 1724
ThreadCreationTime : 3-24-2007 5:40:54 PM
BasePriority : Normal
FileVersion : 7,1,131,0
ProductVersion : 7,1,0,0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc.
FileDescription : MISP User Manager
InternalName : McUsrMgr
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : McUsrMgr.exe

#:26 [mpfsrv.exe]
ModuleName : C:\Program Files\McAfee\MPF\MPFSrv.exe
Command Line : "C:\Program Files\McAfee\MPF\MPFSrv.exe"
ProcessID : 1760
ThreadCreationTime : 3-24-2007 5:40:55 PM
BasePriority : Normal
FileVersion : 8.1.123.0
ProductVersion : 8.1.123.0
ProductName : McAfee Personal Firewall
CompanyName : McAfee, Inc.
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MpfService.exe
Comments : McAfee Personal Firewall Service

#:27 [mps.exe]
ModuleName : C:\PROGRA~1\McAfee\MPS\mps.exe
Command Line : C:\PROGRA~1\McAfee\MPS\mps.exe
ProcessID : 144
ThreadCreationTime : 3-24-2007 5:40:59 PM
BasePriority : Normal
FileVersion : 9.1.137.0
ProductVersion : 9.1.137.0
ProductName : McAfee Privacy Service
CompanyName : McAfee, Inc.
FileDescription : McAfee Privacy Service 9.0
InternalName : mps9
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : mps.exe

#:28 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2204
ThreadCreationTime : 3-24-2007 5:41:31 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:29 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1036
ThreadCreationTime : 3-24-2007 6:04:40 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:30 [mcvsshld.exe]
ModuleName : c:\PROGRA~1\mcafee\VIRUSS~2\mcvsshld.exe
Command Line : c:\PROGRA~1\mcafee\VIRUSS~2\mcvsshld.exe -Embedding
ProcessID : 2640
ThreadCreationTime : 3-24-2007 6:04:51 PM
BasePriority : Normal
FileVersion : 11,1,124,0
ProductVersion : 11,1,0,0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan ActiveShield
InternalName : McVsShld
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : McVsShld.exe

#:31 [mpsevh.exe]
ModuleName : C:\Program Files\McAfee\MPS\mpsevh.exe
Command Line : "C:\Program Files\McAfee\MPS\mpsevh.exe" -Embedding
ProcessID : 2852
ThreadCreationTime : 3-24-2007 6:05:27 PM
BasePriority : Normal
FileVersion : 9.1.130.0
ProductVersion : 9.1.130.0
ProductName : McAfee Privacy Service
CompanyName : McAfee, Inc.
FileDescription : McAfee Privacy Service 9.0 Event Handler
InternalName : MpsEventHandler
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : mpsevh.exe

#:32 [devldr32.exe]
ModuleName : C:\WINDOWS\system32\devldr32.exe
Command Line : C:\WINDOWS\system32\devldr32.exe
ProcessID : 3012
ThreadCreationTime : 3-24-2007 6:06:16 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 17
ProductVersion : 1, 0, 0, 17
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright © Creative Technology Ltd. 1998-2001
OriginalFilename : DevLdr32.exe

#:33 [mcagent.exe]
ModuleName : C:\PROGRA~1\mcafee.com\agent\mcagent.exe
Command Line : C:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding
ProcessID : 3152
ThreadCreationTime : 3-24-2007 6:06:54 PM
BasePriority : Normal
FileVersion : 7,1,133,0
ProductVersion : 7,1,0,0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc.
FileDescription : McAfee Integrated Security Platform
InternalName : McAgent
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : McAgent.exe

#:34 [tfswctrl.exe]
ModuleName : C:\WINDOWS\system32\dla\tfswctrl.exe
Command Line : "C:\WINDOWS\system32\dla\tfswctrl.exe"
ProcessID : 2540
ThreadCreationTime : 3-24-2007 6:07:17 PM
BasePriority : Normal
FileVersion : 3.50.22a
CompanyName : VERITAS Software, Inc.
FileDescription : Direct Access Component
LegalCopyright : Copyright © VERITAS Software, Inc.

#:35 [dvdtray.exe]
ModuleName : C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
Command Line : "C:\Program Files\HP CD-DVD\Umbrella
ProcessID : 2496
ThreadCreationTime : 3-24-2007 6:07:18 PM
BasePriority : Normal
FileVersion : 1.2
ProductVersion : 1.1
CompanyName : Hewlett-Packard Company
FileDescription : HP CD Tray
InternalName : hpcdtray
LegalCopyright : Hewlett-Packard Company 2000-2001
OriginalFilename : hpcdtray.exe

#:36 [point32.exe]
ModuleName : C:\Program Files\Microsoft IntelliPoint\point32.exe
Command Line : "C:\Program Files\Microsoft IntelliPoint\point32.exe"
ProcessID : 3196
ThreadCreationTime : 3-24-2007 6:07:19 PM
BasePriority : Normal

#:37 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
ProcessID : 3236
ThreadCreationTime : 3-24-2007 6:07:22 PM
BasePriority : Normal

#:38 [e_s4i2d1.exe]
ModuleName : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
Command Line : "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE" /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
ProcessID : 3268
ThreadCreationTime : 3-24-2007 6:07:23 PM
BasePriority : Normal
FileVersion : 3.00
ProductVersion : 3.00
ProductName : EPSON Status Monitor 3
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S4I2D1
LegalCopyright : Copyright © SEIKO EPSON CORP. 2003
OriginalFilename : E_S4I2D1.EXE

#:39 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 3264
ThreadCreationTime : 3-24-2007 6:07:25 PM
BasePriority : Normal
FileVersion : 0.1.0.3760
ProductVersion : 0.1.0.3760
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:40 [avgas.exe]
ModuleName : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Command Line : "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
ProcessID : 3332
ThreadCreationTime : 3-24-2007 6:07:28 PM
BasePriority : Normal
FileVersion : 7, 5, 0, 50
ProductVersion : 7, 5, 0, 50
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : avgas.exe

#:41 [airplus.exe]
ModuleName : C:\Utilities\D-Link AirPlus\AirPlus.exe
Command Line : "C:\Utilities\D-Link AirPlus\AirPlus.exe"
ProcessID : 3340
ThreadCreationTime : 3-24-2007 6:07:30 PM
BasePriority : Normal
FileVersion : 3, 0, 2, 0
ProductVersion : 3, 0, 2, 0
ProductName : D-Link AirPlus
CompanyName : D-Link
FileDescription : WLAN Adapter Utility
InternalName : WLANMON
LegalCopyright : Copyright © 2002
OriginalFilename : AIRPLUS.EXE

#:42 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k HTTPFilter
ProcessID : 2168
ThreadCreationTime : 3-24-2007 6:08:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:43 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 3412
ThreadCreationTime : 3-24-2007 7:53:55 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:44 [aawsepersonal[1].exe]
ModuleName : C:\Documents and Settings\Regine\Local Settings\Temporary Internet Files\Content.IE5\P96K6ED6\aawsepersonal[1].exe
Command Line : "C:\Documents and Settings\Regine\Local Settings\Temporary Internet Files\Content.IE5\P96K6ED6\aawsepersonal[1].exe"
ProcessID : 2460
ThreadCreationTime : 3-24-2007 7:59:18 PM
BasePriority : Normal

#:45 [msiexec.exe]
ModuleName : C:\WINDOWS\system32\MSIEXEC.exe
Command Line : "C:\WINDOWS\system32\MSIEXEC.exe" /I "C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI" WISE_SETUP_EXE_PATH="C:\Documents and Settings\Regine\Local Settings\Temporary Internet Files\Content.IE5\P96K6ED6\aawse
ProcessID : 3676
ThreadCreationTime : 3-24-2007 7:59:22 PM
BasePriority : Normal

#:46 [msiexec.exe]
ModuleName : C:\WINDOWS\system32\msiexec.exe
Command Line : C:\WINDOWS\system32\msiexec.exe /V
ProcessID : 1396
ThreadCreationTime : 3-24-2007 7:59:25 PM
BasePriority : Normal

#:47 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 876
ThreadCreationTime : 3-24-2007 8:01:08 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:48 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 1996
ThreadCreationTime : 3-24-2007 8:36:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

SpyLocked Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{2c5b5226-045d-4a46-b4fc-228b0891feec}

SpyLocked Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{314120e4-5a05-492c-9bf2-22558cf0f202}

SpyLocked Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{392d4a36-6adf-4a99-a820-3014a53e62e3}

SpyLocked Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3bf6c840-4d12-4fb5-88a2-e2bc03461dc2}

SpyLocked Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{42f16135-d0a4-43a2-990c-27fcabd9c19f}

SpyLocked Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{43df1cee-70b3-4e2d-a740-4ac468786207}

SpyLocked Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4d31cca1-c42b-4796-851f-ca8ed4cd2a7e}

SpyLocked Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{5ca1a9f6-10f8-4008-b884-755b25b6848a}

SpyLocked Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{630cbf61-54cc-4ac3-97b0-d4071345807c}

SpyLocked Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{6afb5b8e-acfd-4489-91b3-daa1388a31ec}

SpyLocked Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{815b01a0-bf97-41e9-acf2-32b76f98a960}

SpyLocked Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c5bf4465-5322-462f-b41f-459f649f3996}

SpyLocked Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e4703cf2-7f82-4ad7-b317-8ec1cbc9b619}

SpyLocked Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e9817993-83ff-4343-b14e-6cdfb378b21d}

SpyLocked Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ede2a2b4-b1cb-4bf8-93d1-154e49284a71}

SpyLocked Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f5d23930-23c6-440e-ab55-d019e1171539}

SpyLocked Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{50450f27-b90b-422b-a4c9-5ec5a5b78001}

Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{84938242-5c5b-4a55-b6b9-a1507543b418}

WindUpdates Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{d28cd14c-50be-4cfa-951e-b37f25da3472}

Zango Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{dd469a88-316c-441d-b712-783d9b9a6707}

UCmore Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-854245398-1606980848-1957994488-1005\software\maxthon\plugin\toolbar\{44be0690-5429-47f0-85bb-3ffd8020233e}

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-19\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-20\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

UCmore Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Data Miner
Comment : "{44BE0690-5429-47f0-85BB-3FFD8020233E}"
Rootkey : HKEY_USERS
Object : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\internet explorer\toolbar
Value : {44BE0690-5429-47f0-85BB-3FFD8020233E}

UCmore Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Data Miner
Comment : "{44BE0690-5429-47F0-85BB-3FFD8020233E}"
Rootkey : HKEY_USERS
Object : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\internet explorer\toolbar\webbrowser
Value : {44BE0690-5429-47F0-85BB-3FFD8020233E}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 25
Objects found so far: 25

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 25

MRU List Object Recognized!
Location: : C:\Documents and Settings\Regine\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office

MRU List Object Recognized!
Location: : C:\Documents and Settings\Regine\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader

MRU List Object Recognized!
Location: : .DEFAULT\software\creative tech\creative wavestudio\settings
Description : list of recently used directories in creative wavestudio

MRU List Object Recognized!
Location: : S-1-5-18\software\creative tech\creative wavestudio\settings
Description : list of recently used directories in creative wavestudio

MRU List Object Recognized!
Location: : S-1-5-19\software\creative tech\creative wavestudio\settings
Description : list of recently used directories in creative wavestudio

MRU List Object Recognized!
Location: : S-1-5-20\software\creative tech\creative wavestudio\settings
Description : list of recently used directories in creative wavestudio

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\creative tech\creative wavestudio\settings
Description : list of recently used directories in creative wavestudio

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\mediaplayer\player\recenturllist
Description : list of recently used web addresses in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\office\10.0\clip organizer\search\last query
Description : last query in microsoft clip organizer

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\office\10.0\common\open find\microsoft powerpoint\settings\insert picture\file name mru
Description : list of recent pictured inserted in microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\office\10.0\common\open find\microsoft powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\office\10.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\office\10.0\powerpoint\recent templates
Description : list of recent templates used by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\office\10.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\office\10.0\powerpoint\recenttemplatelist
Description : list of recent templates used by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-21-854245398-1606980848-1957994488-1005\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@revsci[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:regine@revsci.net/
Expires : 3-19-2027 1:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@ads.addynamix[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:regine@ads.addynamix.com/
Expires : 3-21-2007 7:05:28 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@server.iad.liveperson[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:regine@server.iad.liveperson.net/
Expires : 3-20-2008 8:48:16 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@apmebf[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:regine@apmebf.com/
Expires : 3-20-2012 11:03:16 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@ads.pointroll[5].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:regine@ads.pointroll.com/
Expires : 12-31-2009 5:00:00 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:regine@2o7.net/
Expires : 3-22-2012 12:44:16 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@indextools[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:regine@indextools.com/
Expires : 3-21-2008 7:00:32 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@clickbank[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:regine@clickbank.net/
Expires : 9-17-2007 8:01:40 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@zedo[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:regine@zedo.com/
Expires : 3-21-2017 12:59:16 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@twci.coremetrics[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:regine@twci.coremetrics.com/
Expires : 3-19-2022 7:02:38 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@msnportal.112.2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:regine@msnportal.112.2o7.net/
Expires : 3-19-2012 7:40:10 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@insightexpressai[4].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:regine@insightexpressai.com/
Expires : 3-22-2012 10:59:50 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@live365[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@live365[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@viewpoint[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@viewpoint[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@everyone[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@everyone[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@real[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@real[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@fcstats.bcentral[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@fcstats.bcentral[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@live365[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@live365[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@about[3].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@about[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@about[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@about[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@real[3].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@real[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@serving-sys[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wgkysgcpoho.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wgkysgcpoho.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@insightexpressai[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@insightexpressai[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@cbs.112.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@cbs.112.2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@perf.overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@perf.overture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@msnportal.112.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@msnportal.112.2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wfkiclcjwcp.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wfkiclcjwcp.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wjnywoczkaq.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wjnywoczkaq.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@roiservice[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@roiservice[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@real[4].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@real[4].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@qsrch[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@qsrch[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@apmebf[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@apmebf[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wjl4ghczkgp.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wjl4ghczkgp.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@insightexpressai[3].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@insightexpressai[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@ad.yieldmanager[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@ad.yieldmanager[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@saksfifthavenue.122.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@saksfifthavenue.122.2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wjlowod5gdo.stats.esomniture[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wjlowod5gdo.stats.esomniture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wgkoamdzslo.stats.esomniture[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wgkoamdzslo.stats.esomniture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@ad.yieldmanager[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@ad.yieldmanager[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wjkygpcpckq.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wjkygpcpckq.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wjmycpc5wbp.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wjmycpc5wbp.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wglichajedo.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wglichajedo.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wjmyonazgfo.stats.esomniture[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wjmyonazgfo.stats.esomniture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wjlyapajkkp.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wjlyapajkkp.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wfkokpcjagq.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wfkokpcjagq.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wjlyskc5gap.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wjlyskc5gap.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wfkisjajmbp.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wfkisjajmbp.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wjk4qocjkko.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wjk4qocjkko.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wjkoald5ahq.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wjkoald5ahq.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wfkykkc5gcp.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wfkykkc5gcp.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wgkoqiczshq.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wgkoqiczshq.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wfmighazedo.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wfmighazedo.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wfkoqjdpodp.stats.esomniture[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wfkoqjdpodp.stats.esomniture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wflicic5aaq.stats.esomniture[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wflicic5aaq.stats.esomniture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wjmikpdjiep.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wjmikpdjiep.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wgk4kodzeaq.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wgk4kodzeaq.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wfkyqncjkdo.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wfkyqncjkdo.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wglyqjcpoco.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wglyqjcpoco.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@ads.pointroll[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@ads.pointroll[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wfkiukc5ceo.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wfkiukc5ceo.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@perf.overture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@perf.overture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wgkywgd5kfp.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wgkywgd5kfp.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wjmiancpmdo.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wjmiancpmdo.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wjmiskczwgo.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wjmiskczwgo.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wjmyehd5wkp.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wjmyehd5wkp.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@apmebf[3].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@apmebf[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wjlykpdjohq.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wjlykpdjohq.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@bizrate[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@bizrate[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@mrskin[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@mrskin[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@serving-sys[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@roiservice[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@roiservice[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@efashionsolutions.122.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@efashionsolutions.122.2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@apmebf[4].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@apmebf[4].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@real[5].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@real[5].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@kontera[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@kontera[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@about[4].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@about[4].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@media.adrevolver[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@media.adrevolver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wgmyshc5iap.stats.esomniture[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wgmyshc5iap.stats.esomniture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@shareasale[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@shareasale[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@ad.yieldmanager[3].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@ad.yieldmanager[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@adultfriendfinder[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@adultfriendfinder[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@insightexpressai[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@insightexpressai[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@ads.pointroll[3].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@ads.pointroll[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wjkyghajgdq.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wjkyghajgdq.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@ad.yieldmanager[5].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@ad.yieldmanager[5].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wjloqgcpoeo.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wjloqgcpoeo.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wjkyghajgdq.stats.esomniture[3].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wjkyghajgdq.stats.esomniture[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wfloghczccq.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wfloghczccq.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@roiservice[3].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@roiservice[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@amznshopbop.122.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@amznshopbop.122.2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@bizrate[3].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@bizrate[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wjkyggc5kep.stats.esomniture[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wjkyggc5kep.stats.esomniture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wfmieocjsho.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wfmieocjsho.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@apmebf[5].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@apmebf[5].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@about[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@about[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@serving-sys[3].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@serving-sys[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@oneeconomy.122.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@oneeconomy.122.2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@amazonbebe.122.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@amazonbebe.122.2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wjk4ojcpkbq.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wjk4ojcpkbq.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wgkighcpokq.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wgkighcpokq.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@clickshift[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@clickshift[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@mrskin[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@mrskin[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@viamtvcom.112.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@viamtvcom.112.2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@real[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@real[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@webstat[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@webstat[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wjmiqlczmdq.stats.esomniture[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wjmiqlczmdq.stats.esomniture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@kontera[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@kontera[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wjliojdpkep.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wjliojdpkep.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wjliwpdjmfp.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wjliwpdjmfp.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wfkokpajigo.stats.esomniture[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wfkokpajigo.stats.esomniture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wfk4cmdjilq.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wfk4cmdjilq.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wgmikid5kcp.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wgmikid5kcp.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wgkocldpsdo.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wgkocldpsdo.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@e-2dj6wjk4omdpgap.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@e-2dj6wjk4omdpgap.stats.esomniture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@snapfish.112.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@snapfish.112.2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@adlegend[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@adlegend[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@dillards.112.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@dillards.112.2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@fredericks[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@fredericks[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@efashionsolutions.122.2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@efashionsolutions.122.2o7[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@ulta.122.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@ulta.122.2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@metacafe.122.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@metacafe.122.2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@scholastic.122.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@scholastic.122.2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@powellsbooks.122.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@powellsbooks.122.2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@ad.yieldmanager[4].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@ad.yieldmanager[4].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@overstock[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@overstock[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@insightexpressai[5].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@insightexpressai[5].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@ads.pointroll[4].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@ads.pointroll[4].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : regine@ad.yieldmanager[7].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Regine\Cookies\regine@ad.yieldmanager[7].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 129
Objects found so far: 215

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jojo@live365[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jojo\Cookies\jojo@live365[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jojo@coxhsi.112.2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jojo\Cookies\jojo@coxhsi.112.2o7[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jojo@msnportal.112.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jojo\Cookies\jojo@msnportal.112.2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jojo@live365[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jojo\Cookies\jojo@live365[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@everyone[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\LocalService\Cookies\system@everyone[1].txt

PestCapture Object Recognized!
Type : File
Data : PestCaptureSetup[1].exe
TAC Rating : 5
Category : Malware
Comment :
Object : C:\Documents and Settings\Regine\Local Settings\Temporary Internet Files\Content.IE5\P96K6ED6\

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@ehg-comcast.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KIDS\Cookies\kids@ehg-comcast.hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\KIDS\Cookies\kids@atdmt[2].txt

SpyLocked Object Recognized!
Type : File
Data : A0297542.exe
TAC Rating : 3
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{ECD70011-AED1-4D5A-BF53-B5CD35F96706}\RP987\
FileVersion : 3.0.0.0
ProductVersion : 3.0.0.0
ProductName : SpyLocked
CompanyName : SpyLocked.com
FileDescription : Anti- spyware and adware
InternalName : SpyLocked.exe
LegalCopyright : © SpyLocked.com. All rights reserved.
OriginalFilename : SpyLocked.exe

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 224

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
699 entries scanned.
New critical objects:0
Objects found so far: 224

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojandownloader.Zlob Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\policies\explorer\run
Value : user32.dll

Win32.Trojandownloader.Zlob Object Recognized!
Type : Folder
TAC Rating : 10
Category : Malware
Comment : Win32.Trojandownloader.Zlob
Object : C:\Program Files\Video Access ActiveX Object

Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : Security Troubleshooting.url
TAC Rating : 10
Category : Malware
Comment :
Object : c:\documents and settings\all users\start menu\

Win32.Trojandownloader.Zlob Object Recognized!
Type : File
Data : Online Security Guide.url
TAC Rating : 10
Category : Malware
Comment :
Object : c:\documents and settings\all users\start menu\

WindUpdates Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\activex.dll

WindUpdates Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 230

3:04:59 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:01:28:10.77
Objects scanned:214657
Objects identified:169
Objects ignored:0
New critical objects:169

HJThis

Mar 25 2007, 12:31 AM

Hi,regindr

Please run these tools for me, and when you come back may I also see the HijackThis logfile.

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
( Do not run just YET )

---------------

Please print out or copy these instructions to Notepad as the internet will not be available to you at certain points of the removal process (whilst in Safe Mode). If there's anything that you don't understand, ask your question(s) before moving on with the fix.

--------------

Restart your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe Mode.
Login on your usual account.

If you need further assistance with Safe Mode, see Symantec

---------------

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

When back in Normal Mode, click Start>Settings>Control Panel>Display>Desktop>Customize Desktop>Web and uncheck "Security Info" if present.

Please post the newrapport.txt log along with a new HijackThis Log in your next reply.

---------------

Once you do the reboot run this tool here

Please download SUPERAntiSpyware Home Edition (free version)
Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining.
Please leave the others unchecked.
Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
To retrieve the removal information for me please do the following:
After reboot, double-click the SUPERAntispyware icon on your desktop.
Click Preferences. Click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
It will open in your default text editor (such as Notepad/Wordpad).
Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.
Please paste that information here for me with a new HijackThis log.

----------------

Then come back here with the new HijackThis logfile and all other logfiles.

Gogo

regindr

Mar 27 2007, 12:28 AM

hi, i'm sorry that it's taking a while. but i can't complete the SUPERAntiSpyware scan because after about two hours, my PC restarts itself and i have to keep repeating it and i can never complete the scan.

HJThis

Mar 27 2007, 06:07 AM

Hi,regindr

Not a problme try running it in Safe Mode

• Please download and install Superantispyware
1. During the installation process, the program will prompt you to download any updates, click Yes
2. After the update process has completed, a dialog box will state: Database definitions have been updated, click OK
3. At the SUPERAntiSpyware Main Menu, click the Preferences button,
4. Click the General and Startup tab, under Start-Up Options, uncheck these two boxes: Start SUPERAntiSpyware when Windows starts and Show SUPERAntiSpyware icon in system tray
5. Click the Hi-Jack Protection tab and, under Home Page Protection, uncheck these two boxes: Display notification when home page changed and Protect home page from being changed. Changes can be made only here.
6. Click Close at the bottom of the page.
7. Exit the program.
Do NOT run SUPERAntiSpyware yet.

----------------

Restart your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe Mode.
Login on your usual account.

If you need further assistance with Safe Mode, see Symantec

----------------

• Open the SUPERAntiSpyware program.
1. At the SUPERAntiSpyware Main Menu, under Scan for Harmful Software, click the Scan your Computer button, and the SUPERAntiSpyware Scanner menu will appear.
2. Make sure under Scan Location that your correct hard drive letter is checked. The correct hard drive letter should automatically be checked by default.
3. Under Complete Scan, click Perform Complete Scan.
4. At the bottom, click Next, to start the scan.
NOTE: This scan is very thorough. It will take a while to complete depending on the number of files and folders on the hard drive. Please be patient.
5. Click finish and you will be taken back to the main interface.
6. Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
7. Copy and paste the log into your reply.

• Reboot into Normal Mode. show me all logfiles.

Gogo

regindr

Mar 28 2007, 01:49 AM

Thanks for your help!

Here is the logfile from Smitfraud:

SmitFraudFix v2.152

Scan done at 11:05:59.06, Sun 03/25/2007
Run from C:\Documents and Settings\Regine\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 www.doubleclick.net
127.0.0.1 ad.preferances.com
127.0.0.1 ad.doubleclick.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.preferences.com
127.0.0.1 ad.washingtonpost.com
127.0.0.1 adpick.switchboard.com
127.0.0.1 ads.doubleclick.com
127.0.0.1 ads.infospace.com
127.0.0.1 ads.msn.com
127.0.0.1 ads.switchboard.com
127.0.0.1 ads.enliven.com
127.0.0.1 oz.valueclick.com
127.0.0.1 doubleclick.net
127.0.0.1 ads.doubleclick.net
127.0.0.1 ad2.doubleclick.net
127.0.0.1 ad3.doubleclick.net
127.0.0.1 ad4.doubleclick.net
127.0.0.1 ad5.doubleclick.net
127.0.0.1 ad6.doubleclick.net
127.0.0.1 ad7.doubleclick.net
127.0.0.1 ad8.doubleclick.net
127.0.0.1 ad9.doubleclick.net
127.0.0.1 ad10.doubleclick.net
127.0.0.1 ad11.doubleclick.net
127.0.0.1 ad12.doubleclick.net
127.0.0.1 ad13.doubleclick.net
127.0.0.1 ad14.doubleclick.net
127.0.0.1 ad15.doubleclick.net
127.0.0.1 ad16.doubleclick.net
127.0.0.1 ad17.doubleclick.net
127.0.0.1 ad18.doubleclick.net
127.0.0.1 ad19.doubleclick.net
127.0.0.1 ad20.doubleclick.net
127.0.0.1 ad.ch.doubleclick.net
127.0.0.1 ad.linkexchange.com
127.0.0.1 banner.linkexchange.com
127.0.0.1 ads*.focalink.com
127.0.0.1 ads.imdb.com
127.0.0.1 commonwealth.riddler.com
127.0.0.1 globaltrak.net
127.0.0.1 nrsite.com
127.0.0.1 www.nrsite.com
127.0.0.1 ad-up.com
127.0.0.1 ad.adsmart.net
127.0.0.1 ad.atlas.cz
127.0.0.1 ad.blm.net
127.0.0.1 ad.dogpile.com
127.0.0.1 ad.infoseek.com
127.0.0.1 ad.net-service.de
127.0.0.1 ad.preferences.com
127.0.0.1 ad.vol.at
127.0.0.1 adbot.com
127.0.0.1 adbureau.net
127.0.0.1 adcount.hollywood.com
127.0.0.1 add.yaho.com
127.0.0.1 adex3.flycast.com
127.0.0.1 adforce.adtech.de
127.0.0.1 adforce.imgis.com
127.0.0.1 adimage.blm.net
127.0.0.1 adlink.deh.de
127.0.0.1 ads.criticalmass.com
127.0.0.1 ads.csi.emcweb.com
127.0.0.1 ads.filez.com
127.0.0.1 ads.imagine-inc.com
127.0.0.1 ads.imdb.com
127.0.0.1 ads.infospace.com
127.0.0.1 ads.jwtt3.com
127.0.0.1 ads.mirrormedia.co.uk
127.0.0.1 ads.msn.com
127.0.0.1 ads.narrowline.com
127.0.0.1 ads.newcitynet.com
127.0.0.1 ads.realcities.com
127.0.0.1 ads.realmedia.com
127.0.0.1 ads.switchboard.com
127.0.0.1 ads.tripod.com
127.0.0.1 ads.usatoday.com
127.0.0.1 ads.washingtonpost.com
127.0.0.1 ads.web.de
127.0.0.1 ads.web21.com
127.0.0.1 adserv.newcentury.net
127.0.0.1 adservant.guj.de
127.0.0.1 adservant.mediapoint.de
127.0.0.1 adserver-espnet.sportszone.com
127.0.0.1 advert.heise.de
127.0.0.1 banners.internetextra.com
127.0.0.1 bannerswap.com
127.0.0.1 dino.mainz.ibm.de
127.0.0.1 ganges.imagine-inc.com
127.0.0.1 globaltrack.com
127.0.0.1 207-87-18-203.wsmg.digex.net
127.0.0.1 garden.ngadcenter.net
127.0.0.1 ogilvy.ngadcenter.net
127.0.0.1 responsemedia-ad.flycast.com
127.0.0.1 suissa-ad.flycast.com
127.0.0.1 ugo.eu-adcenter.net
127.0.0.1 vnu.eu-adcenter.net
127.0.0.1 ad-adex3.flycast.com
127.0.0.1 ad.adsmart.net
127.0.0.1 ad.ca.doubleclick.net
127.0.0.1 ad.de.doubleclick.net
127.0.0.1 ad.fr.doubleclick.net
127.0.0.1 ad.jp.doubleclick.net
127.0.0.1 ad.linkexchange.com
127.0.0.1 ad.linksynergy.com
127.0.0.1 ad.nl.doubleclick.net
127.0.0.1 ad.no.doubleclick.net
127.0.0.1 ad.sma.punto.net
127.0.0.1 ad.uk.doubleclick.net
127.0.0.1 ad.webprovider.com
127.0.0.1 ad08.focalink.com
127.0.0.1 adcontroller.unicast.com
127.0.0.1 adcreatives.imaginemedia.com
127.0.0.1 adforce.ads.imgis.com
127.0.0.1 adforce.imgis.com
127.0.0.1 adfu.blockstackers.com
127.0.0.1 adimages.earthweb.com
127.0.0.1 adimg.egroups.com
127.0.0.1 admedia.xoom.com
127.0.0.1 adremote.pathfinder.com
127.0.0.1 ads.admaximize.com
127.0.0.1 ads.bfast.com
127.0.0.1 ads.clickhouse.com
127.0.0.1 ads.fairfax.com.au
127.0.0.1 ads.fool.com
127.0.0.1 ads.freshmeat.net
127.0.0.1 ads.hollywood.com
127.0.0.1 ads.i33.com
127.0.0.1 ads.infi.net
127.0.0.1 ads.link4ads.com
127.0.0.1 ads.lycos.com
127.0.0.1 ads.madison.com
127.0.0.1 ads.mediaodyssey.com
127.0.0.1 ads.msn.com
127.0.0.1 ads.ninemsn.com.au
127.0.0.1 ads.seattletimes.com
127.0.0.1 ads.smartclicks.com
127.0.0.1 ads.smartclicks.net
127.0.0.1 ads.sptimes.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ads.x10.com
127.0.0.1 ads.xtra.co.nz
127.0.0.1 ads.zdnet.com
127.0.0.1 ads01.focalink.com
127.0.0.1 ads02.focalink.com
127.0.0.1 ads03.focalink.com
127.0.0.1 ads04.focalink.com
127.0.0.1 ads05.focalink.com
127.0.0.1 ads06.focalink.com
127.0.0.1 ads08.focalink.com
127.0.0.1 ads09.focalink.com
127.0.0.1 ads1.activeagent.at
127.0.0.1 ads10.focalink.com
127.0.0.1 ads11.focalink.com
127.0.0.1 ads12.focalink.com
127.0.0.1 ads14.focalink.com
127.0.0.1 ads16.focalink.com
127.0.0.1 ads17.focalink.com
127.0.0.1 ads18.focalink.com
127.0.0.1 ads19.focalink.com
127.0.0.1 ads2.zdnet.com
127.0.0.1 ads20.focalink.com
127.0.0.1 ads21.focalink.com
127.0.0.1 ads22.focalink.com
127.0.0.1 ads23.focalink.com
127.0.0.1 ads24.focalink.com
127.0.0.1 ads25.focalink.com
127.0.0.1 ads3.zdnet.com
127.0.0.1 ads5.gamecity.net
127.0.0.1 adserv.iafrica.com
127.0.0.1 adserv.quality-channel.de
127.0.0.1 adserver.dbusiness.com
127.0.0.1 adserver.garden.com
127.0.0.1 adserver.janes.com
127.0.0.1 adserver.merc.com
127.0.0.1 adserver.monster.com
127.0.0.1 adserver.track-star.com
127.0.0.1 adserver1.ogilvy-interactive.de
127.0.0.1 adtegrity.spinbox.net
127.0.0.1 antfarm-ad.flycast.com
127.0.0.1 au.ads.link4ads.com
127.0.0.1 banner.media-system.de
127.0.0.1 banner.orb.net
127.0.0.1 banner.relcom.ru
127.0.0.1 banners.easydns.com
127.0.0.1 banners.looksmart.com
127.0.0.1 banners.wunderground.com
127.0.0.1 barnesandnoble.bfast.com
127.0.0.1 beseenad.looksmart.com
127.0.0.1 bizad.nikkeibp.co.jp
127.0.0.1 bn.bfast.com
127.0.0.1 c3.xxxcounter.com
127.0.0.1 califia.imaginemedia.com
127.0.0.1 cds.mediaplex.com
127.0.0.1 click.avenuea.com
127.0.0.1 click.go2net.com
127.0.0.1 click.linksynergy.com
127.0.0.1 cookies.cmpnet.com
127.0.0.1 cornflakes.pathfinder.com
127.0.0.1 counter.hitbox.com
127.0.0.1 crux.songline.com
127.0.0.1 erie.smartage.com
127.0.0.1 etad.telegraph.co.uk
127.0.0.1 fp.valueclick.com
127.0.0.1 gadgeteer.pdamart.com
127.0.0.1 gm.preferences.com
127.0.0.1 gp.dejanews.com
127.0.0.1 hg1.hitbox.com
127.0.0.1 image.click2net.com
127.0.0.1 image.eimg.com
127.0.0.1 images2.nytimes.com
127.0.0.1 jobkeys.ngadcenter.net
127.0.0.1 kansas.valueclick.com
127.0.0.1 leader.linkexchange.com
127.0.0.1 liquidad.narrowcastmedia.com
127.0.0.1 ln.doubleclick.net
127.0.0.1 m.doubleclick.net
127.0.0.1 macaddictads.snv.futurenet.com
127.0.0.1 maximumpcads.imaginemedia.com
127.0.0.1 media.preferences.com
127.0.0.1 mercury.rmuk.co.uk
127.0.0.1 mojofarm.sjc.mediaplex.com
127.0.0.1 nbc.adbureau.net
127.0.0.1 newads.cmpnet.com
127.0.0.1 ng3.ads.warnerbros.com
127.0.0.1 ngads.smartage.com
127.0.0.1 nsads.hotwired.com
127.0.0.1 ntbanner.digitalriver.com
127.0.0.1 ph-ad05.focalink.com
127.0.0.1 ph-ad07.focalink.com
127.0.0.1 ph-ad16.focalink.com
127.0.0.1 ph-ad17.focalink.com
127.0.0.1 ph-ad18.focalink.com
127.0.0.1 realads.realmedia.com
127.0.0.1 redherring.ngadcenter.net
127.0.0.1 redirect.click2net.com
127.0.0.1 retaildirect.realmedia.com
127.0.0.1 s2.focalink.com
127.0.0.1 sh4sure-images.adbureau.net
127.0.0.1 spin.spinbox.net
127.0.0.1 static.admaximize.com
127.0.0.1 stats.superstats.com
127.0.0.1 sview.avenuea.com
127.0.0.1 thinknyc.eu-adcenter.net
127.0.0.1 tracker.clicktrade.com
127.0.0.1 tsms-ad.tsms.com
127.0.0.1 v0.extreme-dm.com
127.0.0.1 v1.extreme-dm.com
127.0.0.1 van.ads.link4ads.com
127.0.0.1 view.accendo.com
127.0.0.1 view.avenuea.com
127.0.0.1 w113.hitbox.com
127.0.0.1 w25.hitbox.com
127.0.0.1 web2.deja.com
127.0.0.1 webads.bizservers.com
127.0.0.1 www.postmasterbannernet.com
127.0.0.1 www.ad-up.com
127.0.0.1 www.admex.com
127.0.0.1 www.alladvantage.com
127.0.0.1 www.burstnet.com
127.0.0.1 www.commission-junction.com
127.0.0.1 www.eads.com
127.0.0.1 www.freestats.com
127.0.0.1 www.imaginemedia.com
127.0.0.1 www.netdirect.nl
127.0.0.1 www.oneandonlynetwork.com
127.0.0.1 www.targetshop.com
127.0.0.1 www.teknosurf2.com
127.0.0.1 www.teknosurf3.com
127.0.0.1 www.valueclick.com
127.0.0.1 www.websitefinancing.com
127.0.0.1 www2.burstnet.com
127.0.0.1 www4.trix.net
127.0.0.1 www80.valueclick.com
127.0.0.1 z.extreme-dm.com
127.0.0.1 z0.extreme-dm.com
127.0.0.1 z1.extreme-dm.com
127.0.0.1 ads.forbes.net
127.0.0.1 ads.newcity.com
127.0.0.1 ads.ign.com
127.0.0.1 adserver.ign.com
127.0.0.1 ads.scifi.com
127.0.0.1 adengine.theglobe.com
127.0.0.1 ads.tucows.com
127.0.0.1 adcontent.gamespy.com
127.0.0.1 ads4.advance.net
127.0.0.1 ads1.advance.net
127.0.0.1 eur.yimg.com
127.0.0.1 us.a1.yimg.com
127.0.0.1 ad.harmony-central.com
127.0.0.1 sg.yimg.com
127.0.0.1 adverity.adverity.com
127.0.0.1 ads.bloomberg.com
127.0.0.1 mojofarm.mediaplex.com
127.0.0.1 ads.mysimon.com
127.0.0.1 ad.img.yahoo.co.kr
127.0.0.1 adimages.go.com
127.0.0.1 kr-adimage.lycos.co.kr
127.0.0.1 ad.kimo.com.tw
127.0.0.1 ads.paxnet.co.kr
127.0.0.1 ads.paxnet.com
127.0.0.1 ads.eu.msn.com
127.0.0.1 ads.admonitor.net
127.0.0.1 wwa.hitbox.com
127.0.0.1 ads.nytimes.com
127.0.0.1 ads.erotism.com
127.0.0.1 banner.rootsweb.com
127.0.0.1 ads.ole.com
127.0.0.1 adimg1.chosun.com
127.0.0.1 ss.mtree.com
127.0.0.1 adpulse.ads.targetnet.com
127.0.0.1 adserver.ugo.com
127.0.0.1 ad.sales.olympics.com
127.0.0.1 m2.doubleclick.net
127.0.0.1 ph-ad21.focalink.com
127.0.0.1 focusin.ads.targetnet.com
127.0.0.1 www.datais.com
127.0.0.1 oas.mmd.ch
127.0.0.1 pub-g.ifrance.com
127.0.0.1 ads.bianca.com
127.0.0.1 wap.adlink.de
127.0.0.1 click.adlink.de
127.0.0.1 banner.adlink.de
127.0.0.1 hurricane.adlink.de
127.0.0.1 west.adlink.de
127.0.0.1 scand.adlink.de
127.0.0.1 regio.adlink.de
127.0.0.1 direct.adlink.de
127.0.0.1 classic.adlink.de
127.0.0.1 adlui001.adlink.de
127.0.0.1 banner1.adlink.de
127.0.0.1 click.mp3.com
127.0.0.1 adcodes.bla-bla.com
127.0.0.1 icover.realmedia.com
127.0.0.1 ca.fp.sandpiper.net
127.0.0.1 adfarm.mediaplex.com
127.0.0.1 ads.tmcs.net
127.0.0.1 amedia.techies.com
127.0.0.1 www.exchange-it.com
127.0.0.1 www.ad.tomshardware.com
127.0.0.1 ad.tomshardware.com
127.0.0.1 ads.currantbun.com
127.0.0.1 phoenix-adrunner.mycomputer.com
127.0.0.1 ads15.focalink.com
127.0.0.1 ads13.focalink.com
127.0.0.1 adserver.colleges.com
127.0.0.1 ads.nwsource.com
127.0.0.1 ads.guardianunlimited.co.uk
127.0.0.1 ads.newsint.co.uk
127.0.0.1 ads.starnews.com
127.0.0.1 www.linksynergy.com
127.0.0.1 ieee-images.adbureau.net
127.0.0.1 connect.247media.ads.link4ads.com
127.0.0.1 ads.newsdigital.net
127.0.0.1 arc5.msn.com
127.0.0.1 arc4.msn.com
127.0.0.1 arc3.msn.com
127.0.0.1 arc2.msn.com
127.0.0.1 arc1.msn.com
127.0.0.1 ads.discovery.com
127.0.0.1 im.800.com
127.0.0.1 img.cmpnet.com
127.0.0.1 ad7.internetadserver.com
127.0.0.1 ads.dai.net
127.0.0.1 ads.cbc.ca
127.0.0.1 www75.valueclick.com
127.0.0.1 ads.clearbluemedia.com
127.0.0.1 ti.click2net.com
127.0.0.1 www.onresponse.com
127.0.0.1 ads.list-universe.com
127.0.0.1 advert.bayarea.com
127.0.0.1 www3.pagecount.com
127.0.0.1 www.netsponsors.com
127.0.0.1 adthru.com
127.0.0.1 ads.newtimes.com
127.0.0.1 ads.ugo.com
127.0.0.1 ads.belointeractive.com
127.0.0.1 wwb.hitbox.com
127.0.0.1 comtrack.comclick.com
127.0.0.1 www.24pm-affiliation.com
127.0.0.1 www.click-fr.com
127.0.0.1 www.cibleclick.com
127.0.0.1 reply.mediatris.net
127.0.0.1 cgi.declicnet.com
127.0.0.1 pubs.mgn.net
127.0.0.1 ads.mcafee.com
127.0.0.1 ads1.ad-flow.com
127.0.0.1 ad.be.doubleclick.net
127.0.0.1 ad.adtraq.com
127.0.0.1 ad.sg.doubleclick.net
127.0.0.1 adpop.theglobe.com
127.0.0.1 ads-03.tor.focusin.ads.targetnet.com
127.0.0.1 ads.adflight.com
127.0.0.1 ads.detelefoongids.nl
127.0.0.1 ads.ecircles.com
127.0.0.1 ads.god.co.uk
127.0.0.1 ads.hyperbanner.net
127.0.0.1 ads.jpost.com
127.0.0.1 ads.netmechanic.com
127.0.0.1 ads.webcash.nl
127.0.0.1 adserver.netcast.nl
127.0.0.1 adserver.webads.com
127.0.0.1 adserver.webads.nl
127.0.0.1 adserver1.realtracker.com
127.0.0.1 adserver2.realtracker.com
127.0.0.1 adserver3.realtracker.com
127.0.0.1 delivery1.ads.telegraaf.nl
127.0.0.1 holland.hyperbanner.net
127.0.0.1 images.webads.nl
127.0.0.1 sc.clicksupply.com
127.0.0.1 service.bfast.com
127.0.0.1 www.ad4ex.com
127.0.0.1 www.bannercampaign.com
127.0.0.1 www.cyberbounty.com
127.0.0.1 www.netvertising.be
127.0.0.1 www.speedyclick.com
127.0.0.1 www.webads.nl
127.0.0.1 ads.snowball.com
127.0.0.1 ads.amazingmedia.com
127.0.0.1 www10.valueclick.com
127.0.0.1 js1.hitbox.com
127.0.0.1 rd1.hitbox.com
127.0.0.1 mt37.mtree.com
127.0.0.1 ads.gameanswers.com
127.0.0.1 ads7.udc.advance.net
127.0.0.1 www23.valueclick.com
127.0.0.1 ads.fortunecity.com
127.0.0.1 banners.nextcard.com
127.0.0.1 ads.iwon.com
127.0.0.1 www.qksrv.net
127.0.0.1 clickserve.cc-dt.com
127.0.0.1 ads-b.focalink.com
127.0.0.1 ad2.peel.com
127.0.0.1 ads.floridatoday.com
127.0.0.1 stats.adultrevenueservice.com
127.0.0.1 ads18.bpath.com
127.0.0.1 ph-ad06.focalink.com
127.0.0.1 global.msads.net
127.0.0.1 pluto1.iserver.net
127.0.0.1 ads1.intelliads.com
127.0.0.1 primetime.ad.asap-asp.net
127.0.0.1 ads.stileproject.com
127.0.0.1 di.image.eshop.msn.com
127.0.0.1 www.blissnet.net
127.0.0.1 www.consumerinfo.com
127.0.0.1 ads.rottentomatoes.com
127.0.0.1 k5ads.osdn.com
127.0.0.1 actionsplash.com
127.0.0.1 campaigns.f2.com.au
127.0.0.1 adserver.news.com.au
127.0.0.1 servedby.advertising.com
127.0.0.1 java.yahoo.com
127.0.0.1 ad.howstuffworks.com
127.0.0.1 ads.1for1.com
127.0.0.1 images.ads.fairfax.com.au
127.0.0.1 ads.devx.com
127.0.0.1 utils.mediageneral.com
127.0.0.1 banners.friendfinder.com
127.0.0.1 adserver.matchcraft.com
127.0.0.1 www.dnps.com
127.0.0.1 creative.whi.co.nz
127.0.0.1 rmedia.boston.com
127.0.0.1 webaffiliate.covad.com
127.0.0.1 ad.iwin.com
127.0.0.1 www.nailitonline2.com
127.0.0.1 mds.centrport.net
127.0.0.1 oas.dispatch.com
127.0.0.1 adserver.ads360.com
127.0.0.1 banners.adultfriendfinder.com
127.0.0.1 ads.as4x.tmcs.net
127.0.0.1 ads.clickagents.com
127.0.0.1 banners.chek.com
127.0.0.1 zi.r.tv.com
127.0.0.1 ph-ad19.focalink.com
127.0.0.1 ads.greensboro.com
127.0.0.1 ad2.adcept.net
127.0.0.1 ads.colo.kiva.net
127.0.0.1 adsrv.iol.co.za
127.0.0.1 mjxads.internet.com
127.0.0.1 adimage.asiaone.com.sg
127.0.0.1 ads.vnuemedia.com
127.0.0.1 affiliate.doteasy.com
127.0.0.1 m.tribalfusion.com
127.0.0.1 oas.lee.net
127.0.0.1 www.banneroverdrive.com
127.0.0.1 ad3.peel.com
127.0.0.1 ad1.peel.comwww.xbn.ru
127.0.0.1 adserver.snowball.com
127.0.0.1 media15.fastclick.net
127.0.0.1 ads5.advance.net
127.0.0.1 ads3.advance.net
127.0.0.1 ads2.advance.net
127.0.0.1 ads.advance.net
127.0.0.1 usbytecom.orbitcycle.com
127.0.0.1 adbanner.sweepsclub.com
127.0.0.1 oas.villagevoice.com
127.0.0.1 www.ad-flow.com
127.0.0.1 ads.guardian.co.uk
127.0.0.1 ads.hitcents.com
127.0.0.1 media19.fastclick.net
127.0.0.1 a.tribalfusion.com
127.0.0.1 ads.nypost.com
127.0.0.1 ads.premiumnetwork.com
127.0.0.1 ads.ad-flow.com
127.0.0.1 adserver.hispavista.com
127.0.0.1 ads.musiccity.com
127.0.0.1 banners.revenuelink.com
127.0.0.1 ads1.sptimes.com
127.0.0.1 adserver.bizland-inc.net
127.0.0.1 ads.adtegrity.net
127.0.0.1 media13.fastclick.net
127.0.0.1 adserver.ukplus.co.uk
127.0.0.1 ads.live365.com
127.0.0.1 ads.fredericksburg.com
127.0.0.1 banners.affiliatefuel.com
127.0.0.1 ar.atwola.com
127.0.0.1 ads.bigcitytools.com
127.0.0.1 netshelter.adtrix.com
127.0.0.1 y.ibsys.com
127.0.0.1 adserver.nydailynews.com
127.0.0.1 s0b.bluestreak.com
127.0.0.1 images.scripps.com
127.0.0.1 images.cybereps.com
127.0.0.1 altfarm.mediaplex.com
127.0.0.1 krd.realcities.com
127.0.0.1 www3.bannerspace.com
127.0.0.1 view.atdmt.com
127.0.0.1 ads7.advance.net
127.0.0.1 ad.abcnews.com
127.0.0.1 ads.newsquest.co.uk
127.0.0.1 secure.webconnect.net
127.0.0.1 ads.nandomedia.com
127.0.0.1 banners.babylon-x.com
127.0.0.1 media17.fastclick.net
127.0.0.1 techreview-images.adbureau.net
127.0.0.1 ads.exhedra.com
127.0.0.1 ad.trafficmp.com
127.0.0.1 realmedia-a800.d4p.net
127.0.0.1 banner.northsky.com
127.0.0.1 ftp.nacorp.com
127.0.0.1 www.digitalbettingcasinos.com
127.0.0.1 c1.zedo.com
127.0.0.1 ads4.condenet.com
127.0.0.1 www.brilliantdigital.com
127.0.0.1 desktop.kazaa.com
127.0.0.1 shop.kazaa.com
127.0.0.1 www.bonzi.com
127.0.0.1 www.b3d.com
127.0.0.1 neighborhood.standard.net
127.0.0.1 ads.telegraph.co.uk
127.0.0.1 spinbox.techtracker.com
127.0.0.1 toads.osdn.com
127.0.0.1 ads.themes.org
127.0.0.1 adserver.trb.com
127.0.0.1 media.fastclick.net
127.0.0.1 banner.easyspace.com
127.0.0.1 www.banner2u.com
127.0.0.1 ads.thestar.com
127.0.0.1 ads.digitalmedianet.com
127.0.0.1 www.fineclicks.com
127.0.0.1 ads.mdchoice.com
127.0.0.1 ad.horvitznewspapers.net
127.0.0.1 adtegrity.thruport.com
127.0.0.1 a.mktw.net
127.0.0.1 ads.pennyweb.com
127.0.0.1 www3.ad.tomshardware.com
127.0.0.1 www4.ad.tomshardware.com
127.0.0.1 www6.ad.tomshardware.com
127.0.0.1 www8.ad.tomshardware.com
127.0.0.1 www15.ad.tomshardware.com
127.0.0.1 ads.forbes.com
127.0.0.1 ads.desmoinesregister.com
127.0.0.1 adserver.tribuneinteractive.com
127.0.0.1 bannerads.anytimenews.com
127.0.0.1 ads1.condenet.com
127.0.0.1 adserver.anm.co.uk
127.0.0.1 zrap.zdnet.com.com
127.0.0.1 bidclix.net
127.0.0.1 media.popuptraffic.com
127.0.0.1 coreg.flashtrack.net
127.0.0.1 rmads.msn.com
127.0.0.1 ads.icq.com
127.0.0.1 cb.icq.com
127.0.0.1 cf.icq.com
127.0.0.1 www2.newtopsites.com
127.0.0.1 adserv.internetfuel.com
127.0.0.1 images.fastclick.net
127.0.0.1 adserver.securityfocus.com
127.0.0.1 www.avsads.com
127.0.0.1 banners.moviegoods.com
127.0.0.1 ads.bitsonthewire.com
127.0.0.1 ads.iambic.com
127.0.0.1 sfads.osdn.com
127.0.0.1 fl01.ct2.comclick.com
127.0.0.1 adserver.phillyburbs.com
127.0.0.1 marketing.nyi.net
127.0.0.1 www.netflip.com
127.0.0.1 image.imgfarm.com
127.0.0.1 ads.viaarena.com
127.0.0.1 phpads2.cnpapers.com
127.0.0.1 ads.astalavista.us
127.0.0.1 banner.coza.com
127.0.0.1 adcreative.tribuneinteractive.com
127.0.0.1 ads.democratandchronicle.com
127.0.0.1 adlog.com.com
127.0.0.1 adimg.com.com
127.0.0.1 adimage.bankrate.com
127.0.0.1 ads.mediadevil.com
127.0.0.1 imageserv.adtech.de
127.0.0.1 ad.se.doubleclick.net
127.0.0.1 ads.cashsurfers.com
127.0.0.1 ads.specificpop.com
127.0.0.1 z1.adserver.com
127.0.0.1 images.bizrate.com
127.0.0.1 q.pni.com
127.0.0.1 ad01.mediacorpsingapore.com
127.0.0.1 adimage.asia1.com.sg
127.0.0.1 images.newsx.cc
127.0.0.1 www.adireland.com
127.0.0.1 ads.iafrica.com
127.0.0.1 ads.nyi.net
127.0.0.1 geoads.osdn.com
127.0.0.1 www.crisscross.com
127.0.0.1 netcomm.spinbox.net
127.0.0.1 i.i.com.com
127.0.0.1 ads.videoaxs.com
127.0.0.1 mediamgr.ugo.com
127.0.0.1 adserver.pollstar.com
127.0.0.1 information.gopher.com
127.0.0.1 ads.adviva.net
127.0.0.1 adsrv.bankrate.com
127.0.0.1 a207.p.f.qz3.net
127.0.0.1 ehg-bestbuy.hitbox.com
127.0.0.1 ehg-intel.hitbox.com
127.0.0.1 ehg-espn.hitbox.com
127.0.0.1 ehg-macromedia.hitbox.com
127.0.0.1 ehg-dig.hitbox.com
127.0.0.1 speed.pointroll.com
127.0.0.1 amch.questionmarket.com
127.0.0.1 ads.gamespy.com
127.0.0.1 spd.atdmt.com
127.0.0.1 ads.columbian.com
127.0.0.1 clickit.go2net.com
127.0.0.1 vpdc.ru4.com
127.0.0.1 ads.developershed.com
127.0.0.1 ads.globeandmail.com
127.0.0.1 ads.nerve.com
127.0.0.1 iv.doubleclick.net
127.0.0.1 ads2.condenet.com
127.0.0.1 www.burstnet.com
127.0.0.1 ads5.canoe.ca
127.0.0.1 askmen.thruport.com
127.0.0.1 adsrv2.gainesvillesun.com
127.0.0.1 ads.theolympian.com
127.0.0.1 ads.courierpostonline.com
127.0.0.1 i.timeinc.net
127.0.0.1 oasads.whitepages.com
127.0.0.1 rad.msn.com
127.0.0.1 serve.thisbanner.com
127.0.0.1 images.trafficmp.com
127.0.0.1 www.kaplanindex.com
127.0.0.1 kaplanindex.com
127.0.0.1 1.httpdads.com
127.0.0.1 spinbox.maccentral.com
127.0.0.1 akaads-abc.starwave.com
127.0.0.1 webad.ajeeb.com
127.0.0.1 ads.granadamedia.com
127.0.0.1 oas.uniontrib.com
127.0.0.1 ads.wnd.com
127.0.0.1 a3.suntimes.com
127.0.0.1 tmsads.tribune.com
127.0.0.1 ads.peel.com
127.0.0.1 ads.mh5.com
127.0.0.1 ad.usatoday.com
127.0.0.1 adserver.digitalpartners.com
127.0.0.1 ads.mediaturf.net
127.0.0.1 ads4.clearchannel.com
127.0.0.1 ads.clearchannel.com
127.0.0.1 ads2.clearchannel.com
127.0.0.1 ads.jacksonsun.com
127.0.0.1 servads.aip.org
127.0.0.1 ad.au.doubleclick.net
127.0.0.1 adng.ascii24.com
127.0.0.1 engage.speedera.net
127.0.0.1 ads.msn-ppe.com
127.0.0.1 ad.openfind.com.tw
127.0.0.1 adi.mainichi.co.jp
127.0.0.1 ads.northjersey.com
127.0.0.1 ad.moscowtimes.ru
127.0.0.1
127.0.0.1 ad1.aaddzz.com
127.0.0.1 ds.eyeblaster.com
127.0.0.1 adserver.digitalpartners.com
127.0.0.1 oas.uniontrib.com
127.0.0.1 ads.statesmanjournal.com
127.0.0.1 ads.centralohio.com

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\fyxkaah.dll Deleted
C:\WINDOWS\system32\migicons.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

regindr

Mar 28 2007, 01:50 AM

and here is the superantispyware logfile:

SUPERAntiSpyware Scan Log
Generated 03/26/2007 at 08:46 PM

Application Version : 3.6.1000

Core Rules Database Version : 3190
Trace Rules Database Version: 1200

Scan type : Complete Scan
Total Scan Time : 01:44:05

Memory items scanned : 405
Memory threats detected : 0
Registry items scanned : 5361
Registry threats detected : 17
File items scanned : 38574
File threats detected : 185

Kontiki Download Manager Browser Helper Object
HKLM\Software\Classes\CLSID\{029CA12C-89C1-46a7-A3C7-82F2F98635CB}
HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}
HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}
HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}\InprocServer32
HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}\InprocServer32#ThreadingModel
HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}\ProgID
HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}\Programmable
HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}\TypeLib
HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}\VersionIndependentProgID
C:\PROGRAM FILES\KONTIKI\BIN\BH309190.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECD70011-AED1-4D5A-BF53-B5CD35F96706}\RP989\A0299668.DLL

Adware.SurfSideKick
HKU\S-1-5-21-854245398-1606980848-1957994488-1005\Software\Microsoft\Internet Explorer\URLSearchHooks#{02EE5B04-F144-47BB-83FB-A60BD91B74A9}
C:\Documents and Settings\Regine\Application Data\Sskcwrd.dll
C:\Documents and Settings\Regine\Application Data\Sskuknwrd.dll
C:\Documents and Settings\Regine\Application Data\Sskknwrd.dll

Adware.Tracking Cookie
C:\Documents and Settings\Regine\Cookies\regine@edge.ru4[1].txt
C:\Documents and Settings\Regine\Cookies\regine@adopt.euroclick[2].txt
C:\Documents and Settings\Regine\Cookies\regine@redorbit.us.intellitxt[1].txt
C:\Documents and Settings\Regine\Cookies\regine@ctxtad[1].txt
C:\Documents and Settings\Regine\Cookies\regine@ad.yieldmanager[8].txt
C:\Documents and Settings\Regine\Cookies\regine@dcsi583rp10000oevcqz9y4us_6l6d[2].txt
C:\Documents and Settings\Regine\Cookies\regine@revsci[2].txt
C:\Documents and Settings\Regine\Cookies\regine@cgi-bin[1].txt
C:\Documents and Settings\Regine\Cookies\regine@counter.hitslink[1].txt
C:\Documents and Settings\Regine\Cookies\regine@adrevolver[2].txt
C:\Documents and Settings\Regine\Cookies\regine@adbrite[2].txt
C:\Documents and Settings\Regine\Cookies\regine@ecnext.advertserve[1].txt
C:\Documents and Settings\Regine\Cookies\regine@ads.addynamix[1].txt
C:\Documents and Settings\Regine\Cookies\regine@cbs.112.2o7[2].txt
C:\Documents and Settings\Regine\Cookies\regine@rotator.adjuggler[1].txt
C:\Documents and Settings\Regine\Cookies\regine@doubleclick[1].txt
C:\Documents and Settings\Regine\Cookies\regine@anat.tacoda[2].txt
C:\Documents and Settings\Regine\Cookies\regine@server.iad.liveperson[1].txt
C:\Documents and Settings\Regine\Cookies\regine@adopt.specificclick[6].txt
C:\Documents and Settings\Regine\Cookies\regine@mb[9].txt
C:\Documents and Settings\Regine\Cookies\regine@anad.tacoda[1].txt
C:\Documents and Settings\Regine\Cookies\regine@1069551092[1].txt
C:\Documents and Settings\Regine\Cookies\regine@cgi-bin[2].txt
C:\Documents and Settings\Regine\Cookies\regine@apmebf[2].txt
C:\Documents and Settings\Regine\Cookies\regine@90594700[1].txt
C:\Documents and Settings\Regine\Cookies\regine@partner2profit[4].txt
C:\Documents and Settings\Regine\Cookies\regine@ads.pointroll[2].txt
C:\Documents and Settings\Regine\Cookies\regine@2o7[1].txt
C:\Documents and Settings\Regine\Cookies\regine@redorbit[1].txt
C:\Documents and Settings\Regine\Cookies\regine@indextools[2].txt
C:\Documents and Settings\Regine\Cookies\regine@clickbank[2].txt
C:\Documents and Settings\Regine\Cookies\regine@adrevolver[3].txt
C:\Documents and Settings\Regine\Cookies\regine@zedo[1].txt
C:\Documents and Settings\Regine\Cookies\regine@specificclick[1].txt
C:\Documents and Settings\Regine\Cookies\regine@247realmedia[1].txt
C:\Documents and Settings\Regine\Cookies\regine@msnportal.112.2o7[2].txt
C:\Documents and Settings\Regine\Cookies\regine@realmedia[2].txt
C:\Documents and Settings\Regine\Cookies\regine@ad[4].txt
C:\Documents and Settings\Jojo\Cookies\jojo@ad.ampednews[1].txt
C:\Documents and Settings\Jojo\Cookies\jojo@ads.ampednews[1].txt
C:\Documents and Settings\Jojo\Cookies\jojo@coolcounters[1].txt
C:\Documents and Settings\Jojo\Cookies\jojo@coxhsi.112.2o7[2].txt
C:\Documents and Settings\Jojo\Cookies\jojo@msnportal.112.2o7[1].txt
C:\Documents and Settings\Jojo\Cookies\jojo@nextag[2].txt
C:\Documents and Settings\Jojo\Cookies\jojo@nextag[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.flooble[1].txt
C:\Documents and Settings\LocalService\Cookies\system@counter.fateback[1].txt
C:\Documents and Settings\LocalService\Cookies\system@www.counters[2].txt
C:\Documents and Settings\Regine\Cookies\regine@www.coolcounters[3].txt
C:\Documents and Settings\Regine\Cookies\regine@focalex[1].txt
C:\Documents and Settings\Regine\Cookies\regine@kanoodle[1].txt
C:\Documents and Settings\Regine\Cookies\regine@kmpads[2].txt
C:\Documents and Settings\Regine\Cookies\regine@web.neuroticmedia[1].txt
C:\Documents and Settings\Regine\Cookies\regine@birta.stats[1].txt
C:\Documents and Settings\Regine\Cookies\regine@ads.teamyehey[1].txt
C:\Documents and Settings\Regine\Cookies\regine@www.coolcounters[1].txt
C:\Documents and Settings\Regine\Cookies\regine@djbanners.deadjournal[1].txt
C:\Documents and Settings\Regine\Cookies\regine@ads.flooble[1].txt
C:\Documents and Settings\Regine\Cookies\regine@ads.flooble[2].txt
C:\Documents and Settings\Regine\Cookies\regine@counter.sparklit[2].txt
C:\Documents and Settings\Regine\Cookies\regine@optimost[2].txt
C:\Documents and Settings\Regine\Cookies\regine@ads.vnuemedia[1].txt
C:\Documents and Settings\Regine\Cookies\regine@www.coolcounters[4].txt
C:\Documents and Settings\Regine\Cookies\regine@ads.op-design[1].txt
C:\Documents and Settings\Regine\Cookies\regine@soundclick[1].txt
C:\Documents and Settings\Regine\Cookies\regine@partner2profit[1].txt
C:\Documents and Settings\Regine\Cookies\regine@focalex[2].txt
C:\Documents and Settings\Regine\Cookies\regine@ads.op-design[3].txt
C:\Documents and Settings\Regine\Cookies\regine@ads.addesktop[1].txt
C:\Documents and Settings\Regine\Cookies\regine@www.counters[2].txt
C:\Documents and Settings\Regine\Cookies\regine@belnk[1].txt
C:\Documents and Settings\Regine\Cookies\regine@qnsr[1].txt
C:\Documents and Settings\Regine\Cookies\regine@sexy-babes[1].txt
C:\Documents and Settings\Regine\Cookies\regine@adknowledge[2].txt
C:\Documents and Settings\Regine\Cookies\regine@focalex[3].txt
C:\Documents and Settings\Regine\Cookies\regine@counter.fateback[1].txt
C:\Documents and Settings\Regine\Cookies\regine@soundclick[3].txt
C:\Documents and Settings\Regine\Cookies\regine@campaign.indieclick[1].txt
C:\Documents and Settings\Regine\Cookies\regine@www.coolcounters[2].txt
C:\Documents and Settings\Regine\Cookies\regine@belnk[2].txt
C:\Documents and Settings\Regine\Cookies\regine@coolcounters[2].txt
C:\Documents and Settings\Regine\Cookies\regine@stats.espinthebottle[1].txt
C:\Documents and Settings\Regine\Cookies\regine@adopt.hotbar[2].txt
C:\Documents and Settings\Regine\Cookies\regine@ads.op-design[6].txt
C:\Documents and Settings\Regine\Cookies\regine@ath.belnk[1].txt
C:\Documents and Settings\Regine\Cookies\regine@ads.op-design[2].txt
C:\Documents and Settings\Regine\Cookies\regine@adopt.specificclick[2].txt
C:\Documents and Settings\Regine\Cookies\regine@ads.op-design[5].txt
C:\Documents and Settings\Regine\Cookies\regine@adknowledge[1].txt
C:\Documents and Settings\Regine\Cookies\regine@www.macromedia[2].txt
C:\Documents and Settings\Regine\Cookies\regine@ourmedia[1].txt
C:\Documents and Settings\Regine\Cookies\regine@soundclick[2].txt
C:\Documents and Settings\Regine\Cookies\regine@dist.belnk[2].txt
C:\Documents and Settings\Regine\Cookies\regine@counter.fateback[2].txt
C:\Documents and Settings\Regine\Cookies\regine@www.counters[3].txt
C:\Documents and Settings\Regine\Cookies\regine@ads.cc214142[1].txt
C:\Documents and Settings\Regine\Cookies\regine@banner[2].txt
C:\Documents and Settings\Regine\Cookies\regine@creativeby.viewpoint[2].txt
C:\Documents and Settings\Regine\Cookies\regine@media.putfile[1].txt
C:\Documents and Settings\Regine\Cookies\regine@ad.ampednews[2].txt
C:\Documents and Settings\Regine\Cookies\regine@ads.ampednews[2].txt
C:\Documents and Settings\Regine\Cookies\regine@server.cpmstar[2].txt
C:\Documents and Settings\Regine\Cookies\regine@www.winantiviruspro[2].txt
C:\Documents and Settings\Regine\Cookies\regine@azjmp[1].txt
C:\Documents and Settings\Regine\Cookies\regine@interclick[2].txt
C:\Documents and Settings\Regine\Cookies\regine@ads.digitalpoint[2].txt
C:\Documents and Settings\Regine\Cookies\regine@adopt.specificclick[1].txt
C:\Documents and Settings\Regine\Cookies\regine@dist.belnk[3].txt
C:\Documents and Settings\Regine\Cookies\regine@adopt.hbmediapro[1].txt
C:\Documents and Settings\Regine\Cookies\regine@www.vnuemedia[1].txt
C:\Documents and Settings\Regine\Cookies\regine@hits.clickandtrack[1].txt
C:\Documents and Settings\Regine\Cookies\regine@ath.belnk[3].txt
C:\Documents and Settings\Regine\Cookies\regine@secure.dhdmedia[2].txt
C:\Documents and Settings\Regine\Cookies\regine@nikkifritzvod.xxxshopadult[1].txt
C:\Documents and Settings\Regine\Cookies\regine@nextag[1].txt
C:\Documents and Settings\Regine\Cookies\regine@m1.webstats4u[1].txt
C:\Documents and Settings\Regine\Cookies\regine@icc.intellisrv[1].txt
C:\Documents and Settings\Regine\Cookies\regine@interclick[1].txt
C:\Documents and Settings\Regine\Cookies\regine@stats2.clicktracks[2].txt
C:\Documents and Settings\Regine\Cookies\regine@data4.perf.overture[2].txt
C:\Documents and Settings\Regine\Cookies\regine@ads.cc214142[2].txt
C:\Documents and Settings\Regine\Cookies\regine@smartcpc.advertserve[1].txt
C:\Documents and Settings\Regine\Cookies\regine@amlocalhost.trymedia[1].txt
C:\Documents and Settings\Regine\Cookies\regine@adopt.specificclick[4].txt
C:\Documents and Settings\Regine\Cookies\regine@a.websponsors[1].txt
C:\Documents and Settings\Regine\Cookies\regine@data2.perf.overture[1].txt
C:\Documents and Settings\Regine\Cookies\regine@nextag[3].txt
C:\Documents and Settings\Regine\Cookies\regine@data3.perf.overture[2].txt
C:\Documents and Settings\Regine\Cookies\regine@dist.belnk[1].txt
C:\Documents and Settings\Regine\Cookies\regine@data4.perf.overture[3].txt
C:\Documents and Settings\Regine\Cookies\regine@amlocalhost.trymedia[2].txt
C:\Documents and Settings\Regine\Cookies\regine@m1.webstats4u[2].txt
C:\Documents and Settings\Regine\Cookies\regine@www.clickxchange[2].txt
C:\Documents and Settings\Regine\Cookies\regine@banner[3].txt
C:\Documents and Settings\Regine\Cookies\regine@partner2profit[2].txt
C:\Documents and Settings\Regine\Cookies\regine@webstats[1].txt
C:\Documents and Settings\Regine\Cookies\regine@dist.belnk[5].txt
C:\Documents and Settings\Regine\Cookies\regine@stats[2].txt
C:\Documents and Settings\Regine\Cookies\regine@stats.channel4[1].txt
C:\Documents and Settings\Regine\Cookies\regine@ad.abum[2].txt
C:\Documents and Settings\Regine\Cookies\regine@www.clickxchange[3].txt
C:\Documents and Settings\Regine\Cookies\regine@www.0stats[2].txt
C:\Documents and Settings\Regine\Cookies\regine@adinterax[2].txt
C:\Documents and Settings\Regine\Cookies\regine@stats.gamestop[1].txt
C:\Documents and Settings\Regine\Cookies\regine@www.gamestracker.co[1].txt
C:\Documents and Settings\Regine\Cookies\regine@a.websponsors[3].txt
C:\Documents and Settings\Regine\Cookies\regine@www.sexy-photos[1].txt
C:\Documents and Settings\Regine\Cookies\regine@data4.perf.overture[4].txt
C:\Documents and Settings\Regine\Cookies\regine@ads.awesomehouseparty[1].txt
C:\Documents and Settings\Regine\Cookies\regine@data3.perf.overture[1].txt
C:\Documents and Settings\Regine\Cookies\regine@herfirstlesbiansex[2].txt
C:\Documents and Settings\Regine\Cookies\regine@adultcams[2].txt
C:\Documents and Settings\Regine\Cookies\regine@live.adultcams[2].txt
C:\Documents and Settings\Regine\Cookies\regine@kanoodle[2].txt
C:\Documents and Settings\Regine\Cookies\regine@smileycentral[2].txt
C:\Documents and Settings\Regine\Cookies\regine@mywebsearch[1].txt
C:\Documents and Settings\Regine\Cookies\regine@xiti[1].txt
C:\Documents and Settings\Regine\Cookies\regine@myadultguide[1].txt
C:\Documents and Settings\Regine\Cookies\regine@ads.realtechnetwork[1].txt
C:\Documents and Settings\Regine\Cookies\regine@amlocalhost.trymedia[3].txt
C:\Documents and Settings\Regine\Cookies\regine@######.slashtube[1].txt
C:\Documents and Settings\Regine\Cookies\regine@present-######[2].txt
C:\Documents and Settings\Regine\Cookies\regine@adecn[1].txt
C:\Documents and Settings\Regine\Cookies\regine@adultdotcom.spicetv[1].txt
C:\Documents and Settings\Regine\Cookies\regine@nextag[2].txt
C:\Documents and Settings\Regine\Cookies\regine@members.tripod[1].txt
C:\Documents and Settings\Regine\Cookies\regine@data2.perf.overture[3].txt
C:\Documents and Settings\Regine\Cookies\regine@partner2profit[3].txt
C:\Documents and Settings\Regine\Cookies\regine@media5.sitebrand[2].txt
C:\Documents and Settings\Regine\Cookies\regine@adultadworld[1].txt
C:\Documents and Settings\Regine\Cookies\regine@yadro[2].txt
C:\Documents and Settings\Regine\Cookies\regine@adopt.specificclick[5].txt
C:\Documents and Settings\Guest\Cookies\guest@www.clickspring[1].txt
C:\Documents and Settings\Guest\Cookies\guest@advert[2].txt
C:\Documents and Settings\Guest\Cookies\guest@advert[3].txt
C:\Documents and Settings\Guest\Cookies\guest@clickspring[1].txt
C:\Documents and Settings\KIDS\Cookies\kids@www.coolcounters[1].txt
C:\Documents and Settings\KIDS\Cookies\kids@ehg-comcast.hitbox[2].txt
C:\Documents and Settings\KIDS\Cookies\kids@atdmt[2].txt

Adware.180solutions/Search Assistant
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll#{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll [ ]

Adware.Avenue Media/Internet Optimizer
HKCR\DyFuCA_BH_Bucket.Bucket
HKCR\DyFuCA_BH_Bucket.Bucket\CLSID
HKCR\DyFuCA_BH_Bucket.Bucket\CurVer

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECD70011-AED1-4D5A-BF53-B5CD35F96706}\RP989\A0299666.EXE

regindr

Mar 28 2007, 01:54 AM

and here is the hijackthis logfile, and then i think that is it:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:00:15 PM, on 3/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SUPERAntiSpyware.exe
C:\Utilities\D-Link AirPlus\AirPlus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Regine\Local Settings\Temporary Internet Files\Content.IE5\P96K6ED6\HiJackThis_v2[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/explore.html
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Utilities\Spybot\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Windows System] dkowqpkd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\utilities\QUICKTIME\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Aors] C:\Documents and Settings\Regine\Application Data\arda.exe
O4 - HKCU\..\Run: [Tsxdm] C:\WINDOWS\system32\d?dplay.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Utilities\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm140YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Utilities\aim\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.arcadetown.com/swf/deliciousdel...zylomplayer.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://webgames.d.tmsrv.com/c=e47ede15828a...sh.1.0.0.58.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E04C64E1-B686-444F-B92B-CD6812998F8E}: NameServer = 4.2.2.2,192.168.0.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

--
End of file - 10392 bytes

HJThis

Mar 28 2007, 06:28 AM

Hi,regindr

I also need for you to run SmitFraudFix in Safe Mode as well

Gogo

regindr

Mar 29 2007, 03:05 AM

here is the smitfraudfix rapport logfile run in safemode:

SmitFraudFix v2.152

Scan done at 18:48:43.51, Wed 03/28/2007
Run from C:\Documents and Settings\Regine\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 www.doubleclick.net
127.0.0.1 ad.preferances.com
127.0.0.1 ad.doubleclick.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.preferences.com
127.0.0.1 ad.washingtonpost.com
127.0.0.1 adpick.switchboard.com
127.0.0.1 ads.doubleclick.com
127.0.0.1 ads.infospace.com
127.0.0.1 ads.msn.com
127.0.0.1 ads.switchboard.com
127.0.0.1 ads.enliven.com
127.0.0.1 oz.valueclick.com
127.0.0.1 doubleclick.net
127.0.0.1 ads.doubleclick.net
127.0.0.1 ad2.doubleclick.net
127.0.0.1 ad3.doubleclick.net
127.0.0.1 ad4.doubleclick.net
127.0.0.1 ad5.doubleclick.net
127.0.0.1 ad6.doubleclick.net
127.0.0.1 ad7.doubleclick.net
127.0.0.1 ad8.doubleclick.net
127.0.0.1 ad9.doubleclick.net
127.0.0.1 ad10.doubleclick.net
127.0.0.1 ad11.doubleclick.net
127.0.0.1 ad12.doubleclick.net
127.0.0.1 ad13.doubleclick.net
127.0.0.1 ad14.doubleclick.net
127.0.0.1 ad15.doubleclick.net
127.0.0.1 ad16.doubleclick.net
127.0.0.1 ad17.doubleclick.net
127.0.0.1 ad18.doubleclick.net
127.0.0.1 ad19.doubleclick.net
127.0.0.1 ad20.doubleclick.net
127.0.0.1 ad.ch.doubleclick.net
127.0.0.1 ad.linkexchange.com
127.0.0.1 banner.linkexchange.com
127.0.0.1 ads*.focalink.com
127.0.0.1 ads.imdb.com
127.0.0.1 commonwealth.riddler.com
127.0.0.1 globaltrak.net
127.0.0.1 nrsite.com
127.0.0.1 www.nrsite.com
127.0.0.1 ad-up.com
127.0.0.1 ad.adsmart.net
127.0.0.1 ad.atlas.cz
127.0.0.1 ad.blm.net
127.0.0.1 ad.dogpile.com
127.0.0.1 ad.infoseek.com
127.0.0.1 ad.net-service.de
127.0.0.1 ad.preferences.com
127.0.0.1 ad.vol.at
127.0.0.1 adbot.com
127.0.0.1 adbureau.net
127.0.0.1 adcount.hollywood.com
127.0.0.1 add.yaho.com
127.0.0.1 adex3.flycast.com
127.0.0.1 adforce.adtech.de
127.0.0.1 adforce.imgis.com
127.0.0.1 adimage.blm.net
127.0.0.1 adlink.deh.de
127.0.0.1 ads.criticalmass.com
127.0.0.1 ads.csi.emcweb.com
127.0.0.1 ads.filez.com
127.0.0.1 ads.imagine-inc.com
127.0.0.1 ads.imdb.com
127.0.0.1 ads.infospace.com
127.0.0.1 ads.jwtt3.com
127.0.0.1 ads.mirrormedia.co.uk
127.0.0.1 ads.msn.com
127.0.0.1 ads.narrowline.com
127.0.0.1 ads.newcitynet.com
127.0.0.1 ads.realcities.com
127.0.0.1 ads.realmedia.com
127.0.0.1 ads.switchboard.com
127.0.0.1 ads.tripod.com
127.0.0.1 ads.usatoday.com
127.0.0.1 ads.washingtonpost.com
127.0.0.1 ads.web.de
127.0.0.1 ads.web21.com
127.0.0.1 adserv.newcentury.net
127.0.0.1 adservant.guj.de
127.0.0.1 adservant.mediapoint.de
127.0.0.1 adserver-espnet.sportszone.com
127.0.0.1 advert.heise.de
127.0.0.1 banners.internetextra.com
127.0.0.1 bannerswap.com
127.0.0.1 dino.mainz.ibm.de
127.0.0.1 ganges.imagine-inc.com
127.0.0.1 globaltrack.com
127.0.0.1 207-87-18-203.wsmg.digex.net
127.0.0.1 garden.ngadcenter.net
127.0.0.1 ogilvy.ngadcenter.net
127.0.0.1 responsemedia-ad.flycast.com
127.0.0.1 suissa-ad.flycast.com
127.0.0.1 ugo.eu-adcenter.net
127.0.0.1 vnu.eu-adcenter.net
127.0.0.1 ad-adex3.flycast.com
127.0.0.1 ad.adsmart.net
127.0.0.1 ad.ca.doubleclick.net
127.0.0.1 ad.de.doubleclick.net
127.0.0.1 ad.fr.doubleclick.net
127.0.0.1 ad.jp.doubleclick.net
127.0.0.1 ad.linkexchange.com
127.0.0.1 ad.linksynergy.com
127.0.0.1 ad.nl.doubleclick.net
127.0.0.1 ad.no.doubleclick.net
127.0.0.1 ad.sma.punto.net
127.0.0.1 ad.uk.doubleclick.net
127.0.0.1 ad.webprovider.com
127.0.0.1 ad08.focalink.com
127.0.0.1 adcontroller.unicast.com
127.0.0.1 adcreatives.imaginemedia.com
127.0.0.1 adforce.ads.imgis.com
127.0.0.1 adforce.imgis.com
127.0.0.1 adfu.blockstackers.com
127.0.0.1 adimages.earthweb.com
127.0.0.1 adimg.egroups.com
127.0.0.1 admedia.xoom.com
127.0.0.1 adremote.pathfinder.com
127.0.0.1 ads.admaximize.com
127.0.0.1 ads.bfast.com
127.0.0.1 ads.clickhouse.com
127.0.0.1 ads.fairfax.com.au
127.0.0.1 ads.fool.com
127.0.0.1 ads.freshmeat.net
127.0.0.1 ads.hollywood.com
127.0.0.1 ads.i33.com
127.0.0.1 ads.infi.net
127.0.0.1 ads.link4ads.com
127.0.0.1 ads.lycos.com
127.0.0.1 ads.madison.com
127.0.0.1 ads.mediaodyssey.com
127.0.0.1 ads.msn.com
127.0.0.1 ads.ninemsn.com.au
127.0.0.1 ads.seattletimes.com
127.0.0.1 ads.smartclicks.com
127.0.0.1 ads.smartclicks.net
127.0.0.1 ads.sptimes.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ads.x10.com
127.0.0.1 ads.xtra.co.nz
127.0.0.1 ads.zdnet.com
127.0.0.1 ads01.focalink.com
127.0.0.1 ads02.focalink.com
127.0.0.1 ads03.focalink.com
127.0.0.1 ads04.focalink.com
127.0.0.1 ads05.focalink.com
127.0.0.1 ads06.focalink.com
127.0.0.1 ads08.focalink.com
127.0.0.1 ads09.focalink.com
127.0.0.1 ads1.activeagent.at
127.0.0.1 ads10.focalink.com
127.0.0.1 ads11.focalink.com
127.0.0.1 ads12.focalink.com
127.0.0.1 ads14.focalink.com
127.0.0.1 ads16.focalink.com
127.0.0.1 ads17.focalink.com
127.0.0.1 ads18.focalink.com
127.0.0.1 ads19.focalink.com
127.0.0.1 ads2.zdnet.com
127.0.0.1 ads20.focalink.com
127.0.0.1 ads21.focalink.com
127.0.0.1 ads22.focalink.com
127.0.0.1 ads23.focalink.com
127.0.0.1 ads24.focalink.com
127.0.0.1 ads25.focalink.com
127.0.0.1 ads3.zdnet.com
127.0.0.1 ads5.gamecity.net
127.0.0.1 adserv.iafrica.com
127.0.0.1 adserv.quality-channel.de
127.0.0.1 adserver.dbusiness.com
127.0.0.1 adserver.garden.com
127.0.0.1 adserver.janes.com
127.0.0.1 adserver.merc.com
127.0.0.1 adserver.monster.com
127.0.0.1 adserver.track-star.com
127.0.0.1 adserver1.ogilvy-interactive.de
127.0.0.1 adtegrity.spinbox.net
127.0.0.1 antfarm-ad.flycast.com
127.0.0.1 au.ads.link4ads.com
127.0.0.1 banner.media-system.de
127.0.0.1 banner.orb.net
127.0.0.1 banner.relcom.ru
127.0.0.1 banners.easydns.com
127.0.0.1 banners.looksmart.com
127.0.0.1 banners.wunderground.com
127.0.0.1 barnesandnoble.bfast.com
127.0.0.1 beseenad.looksmart.com
127.0.0.1 bizad.nikkeibp.co.jp
127.0.0.1 bn.bfast.com
127.0.0.1 c3.xxxcounter.com
127.0.0.1 califia.imaginemedia.com
127.0.0.1 cds.mediaplex.com
127.0.0.1 click.avenuea.com
127.0.0.1 click.go2net.com
127.0.0.1 click.linksynergy.com
127.0.0.1 cookies.cmpnet.com
127.0.0.1 cornflakes.pathfinder.com
127.0.0.1 counter.hitbox.com
127.0.0.1 crux.songline.com
127.0.0.1 erie.smartage.com
127.0.0.1 etad.telegraph.co.uk
127.0.0.1 fp.valueclick.com
127.0.0.1 gadgeteer.pdamart.com
127.0.0.1 gm.preferences.com
127.0.0.1 gp.dejanews.com
127.0.0.1 hg1.hitbox.com
127.0.0.1 image.click2net.com
127.0.0.1 image.eimg.com
127.0.0.1 images2.nytimes.com
127.0.0.1 jobkeys.ngadcenter.net
127.0.0.1 kansas.valueclick.com
127.0.0.1 leader.linkexchange.com
127.0.0.1 liquidad.narrowcastmedia.com
127.0.0.1 ln.doubleclick.net
127.0.0.1 m.doubleclick.net
127.0.0.1 macaddictads.snv.futurenet.com
127.0.0.1 maximumpcads.imaginemedia.com
127.0.0.1 media.preferences.com
127.0.0.1 mercury.rmuk.co.uk
127.0.0.1 mojofarm.sjc.mediaplex.com
127.0.0.1 nbc.adbureau.net
127.0.0.1 newads.cmpnet.com
127.0.0.1 ng3.ads.warnerbros.com
127.0.0.1 ngads.smartage.com
127.0.0.1 nsads.hotwired.com
127.0.0.1 ntbanner.digitalriver.com
127.0.0.1 ph-ad05.focalink.com
127.0.0.1 ph-ad07.focalink.com
127.0.0.1 ph-ad16.focalink.com
127.0.0.1 ph-ad17.focalink.com
127.0.0.1 ph-ad18.focalink.com
127.0.0.1 realads.realmedia.com
127.0.0.1 redherring.ngadcenter.net
127.0.0.1 redirect.click2net.com
127.0.0.1 retaildirect.realmedia.com
127.0.0.1 s2.focalink.com
127.0.0.1 sh4sure-images.adbureau.net
127.0.0.1 spin.spinbox.net
127.0.0.1 static.admaximize.com
127.0.0.1 stats.superstats.com
127.0.0.1 sview.avenuea.com
127.0.0.1 thinknyc.eu-adcenter.net
127.0.0.1 tracker.clicktrade.com
127.0.0.1 tsms-ad.tsms.com
127.0.0.1 v0.extreme-dm.com
127.0.0.1 v1.extreme-dm.com
127.0.0.1 van.ads.link4ads.com
127.0.0.1 view.accendo.com
127.0.0.1 view.avenuea.com
127.0.0.1 w113.hitbox.com
127.0.0.1 w25.hitbox.com
127.0.0.1 web2.deja.com
127.0.0.1 webads.bizservers.com
127.0.0.1 www.postmasterbannernet.com
127.0.0.1 www.ad-up.com
127.0.0.1 www.admex.com
127.0.0.1 www.alladvantage.com
127.0.0.1 www.burstnet.com
127.0.0.1 www.commission-junction.com
127.0.0.1 www.eads.com
127.0.0.1 www.freestats.com
127.0.0.1 www.imaginemedia.com
127.0.0.1 www.netdirect.nl
127.0.0.1 www.oneandonlynetwork.com
127.0.0.1 www.targetshop.com
127.0.0.1 www.teknosurf2.com
127.0.0.1 www.teknosurf3.com
127.0.0.1 www.valueclick.com
127.0.0.1 www.websitefinancing.com
127.0.0.1 www2.burstnet.com
127.0.0.1 www4.trix.net
127.0.0.1 www80.valueclick.com
127.0.0.1 z.extreme-dm.com
127.0.0.1 z0.extreme-dm.com
127.0.0.1 z1.extreme-dm.com
127.0.0.1 ads.forbes.net
127.0.0.1 ads.newcity.com
127.0.0.1 ads.ign.com
127.0.0.1 adserver.ign.com
127.0.0.1 ads.scifi.com
127.0.0.1 adengine.theglobe.com
127.0.0.1 ads.tucows.com
127.0.0.1 adcontent.gamespy.com
127.0.0.1 ads4.advance.net
127.0.0.1 ads1.advance.net
127.0.0.1 eur.yimg.com
127.0.0.1 us.a1.yimg.com
127.0.0.1 ad.harmony-central.com
127.0.0.1 sg.yimg.com
127.0.0.1 adverity.adverity.com
127.0.0.1 ads.bloomberg.com
127.0.0.1 mojofarm.mediaplex.com
127.0.0.1 ads.mysimon.com
127.0.0.1 ad.img.yahoo.co.kr
127.0.0.1 adimages.go.com
127.0.0.1 kr-adimage.lycos.co.kr
127.0.0.1 ad.kimo.com.tw
127.0.0.1 ads.paxnet.co.kr
127.0.0.1 ads.paxnet.com
127.0.0.1 ads.eu.msn.com
127.0.0.1 ads.admonitor.net
127.0.0.1 wwa.hitbox.com
127.0.0.1 ads.nytimes.com
127.0.0.1 ads.erotism.com
127.0.0.1 banner.rootsweb.com
127.0.0.1 ads.ole.com
127.0.0.1 adimg1.chosun.com
127.0.0.1 ss.mtree.com
127.0.0.1 adpulse.ads.targetnet.com
127.0.0.1 adserver.ugo.com
127.0.0.1 ad.sales.olympics.com
127.0.0.1 m2.doubleclick.net
127.0.0.1 ph-ad21.focalink.com
127.0.0.1 focusin.ads.targetnet.com
127.0.0.1 www.datais.com
127.0.0.1 oas.mmd.ch
127.0.0.1 pub-g.ifrance.com
127.0.0.1 ads.bianca.com
127.0.0.1 wap.adlink.de
127.0.0.1 click.adlink.de
127.0.0.1 banner.adlink.de
127.0.0.1 hurricane.adlink.de
127.0.0.1 west.adlink.de
127.0.0.1 scand.adlink.de
127.0.0.1 regio.adlink.de
127.0.0.1 direct.adlink.de
127.0.0.1 classic.adlink.de
127.0.0.1 adlui001.adlink.de
127.0.0.1 banner1.adlink.de
127.0.0.1 click.mp3.com
127.0.0.1 adcodes.bla-bla.com
127.0.0.1 icover.realmedia.com
127.0.0.1 ca.fp.sandpiper.net
127.0.0.1 adfarm.mediaplex.com
127.0.0.1 ads.tmcs.net
127.0.0.1 amedia.techies.com
127.0.0.1 www.exchange-it.com
127.0.0.1 www.ad.tomshardware.com
127.0.0.1 ad.tomshardware.com
127.0.0.1 ads.currantbun.com
127.0.0.1 phoenix-adrunner.mycomputer.com
127.0.0.1 ads15.focalink.com
127.0.0.1 ads13.focalink.com
127.0.0.1 adserver.colleges.com
127.0.0.1 ads.nwsource.com
127.0.0.1 ads.guardianunlimited.co.uk
127.0.0.1 ads.newsint.co.uk
127.0.0.1 ads.starnews.com
127.0.0.1 www.linksynergy.com
127.0.0.1 ieee-images.adbureau.net
127.0.0.1 connect.247media.ads.link4ads.com
127.0.0.1 ads.newsdigital.net
127.0.0.1 arc5.msn.com
127.0.0.1 arc4.msn.com
127.0.0.1 arc3.msn.com
127.0.0.1 arc2.msn.com
127.0.0.1 arc1.msn.com
127.0.0.1 ads.discovery.com
127.0.0.1 im.800.com
127.0.0.1 img.cmpnet.com
127.0.0.1 ad7.internetadserver.com
127.0.0.1 ads.dai.net
127.0.0.1 ads.cbc.ca
127.0.0.1 www75.valueclick.com
127.0.0.1 ads.clearbluemedia.com
127.0.0.1 ti.click2net.com
127.0.0.1 www.onresponse.com
127.0.0.1 ads.list-universe.com
127.0.0.1 advert.bayarea.com
127.0.0.1 www3.pagecount.com
127.0.0.1 www.netsponsors.com
127.0.0.1 adthru.com
127.0.0.1 ads.newtimes.com
127.0.0.1 ads.ugo.com
127.0.0.1 ads.belointeractive.com
127.0.0.1 wwb.hitbox.com
127.0.0.1 comtrack.comclick.com
127.0.0.1 www.24pm-affiliation.com
127.0.0.1 www.click-fr.com
127.0.0.1 www.cibleclick.com
127.0.0.1 reply.mediatris.net
127.0.0.1 cgi.declicnet.com
127.0.0.1 pubs.mgn.net
127.0.0.1 ads.mcafee.com
127.0.0.1 ads1.ad-flow.com
127.0.0.1 ad.be.doubleclick.net
127.0.0.1 ad.adtraq.com
127.0.0.1 ad.sg.doubleclick.net
127.0.0.1 adpop.theglobe.com
127.0.0.1 ads-03.tor.focusin.ads.targetnet.com
127.0.0.1 ads.adflight.com
127.0.0.1 ads.detelefoongids.nl
127.0.0.1 ads.ecircles.com
127.0.0.1 ads.god.co.uk
127.0.0.1 ads.hyperbanner.net
127.0.0.1 ads.jpost.com
127.0.0.1 ads.netmechanic.com
127.0.0.1 ads.webcash.nl
127.0.0.1 adserver.netcast.nl
127.0.0.1 adserver.webads.com
127.0.0.1 adserver.webads.nl
127.0.0.1 adserver1.realtracker.com
127.0.0.1 adserver2.realtracker.com
127.0.0.1 adserver3.realtracker.com
127.0.0.1 delivery1.ads.telegraaf.nl
127.0.0.1 holland.hyperbanner.net
127.0.0.1 images.webads.nl
127.0.0.1 sc.clicksupply.com
127.0.0.1 service.bfast.com
127.0.0.1 www.ad4ex.com
127.0.0.1 www.bannercampaign.com
127.0.0.1 www.cyberbounty.com
127.0.0.1 www.netvertising.be
127.0.0.1 www.speedyclick.com
127.0.0.1 www.webads.nl
127.0.0.1 ads.snowball.com
127.0.0.1 ads.amazingmedia.com
127.0.0.1 www10.valueclick.com
127.0.0.1 js1.hitbox.com
127.0.0.1 rd1.hitbox.com
127.0.0.1 mt37.mtree.com
127.0.0.1 ads.gameanswers.com
127.0.0.1 ads7.udc.advance.net
127.0.0.1 www23.valueclick.com
127.0.0.1 ads.fortunecity.com
127.0.0.1 banners.nextcard.com
127.0.0.1 ads.iwon.com
127.0.0.1 www.qksrv.net
127.0.0.1 clickserve.cc-dt.com
127.0.0.1 ads-b.focalink.com
127.0.0.1 ad2.peel.com
127.0.0.1 ads.floridatoday.com
127.0.0.1 stats.adultrevenueservice.com
127.0.0.1 ads18.bpath.com
127.0.0.1 ph-ad06.focalink.com
127.0.0.1 global.msads.net
127.0.0.1 pluto1.iserver.net
127.0.0.1 ads1.intelliads.com
127.0.0.1 primetime.ad.asap-asp.net
127.0.0.1 ads.stileproject.com
127.0.0.1 di.image.eshop.msn.com
127.0.0.1 www.blissnet.net
127.0.0.1 www.consumerinfo.com
127.0.0.1 ads.rottentomatoes.com
127.0.0.1 k5ads.osdn.com
127.0.0.1 actionsplash.com
127.0.0.1 campaigns.f2.com.au
127.0.0.1 adserver.news.com.au
127.0.0.1 servedby.advertising.com
127.0.0.1 java.yahoo.com
127.0.0.1 ad.howstuffworks.com
127.0.0.1 ads.1for1.com
127.0.0.1 images.ads.fairfax.com.au
127.0.0.1 ads.devx.com
127.0.0.1 utils.mediageneral.com
127.0.0.1 banners.friendfinder.com
127.0.0.1 adserver.matchcraft.com
127.0.0.1 www.dnps.com
127.0.0.1 creative.whi.co.nz
127.0.0.1 rmedia.boston.com
127.0.0.1 webaffiliate.covad.com
127.0.0.1 ad.iwin.com
127.0.0.1 www.nailitonline2.com
127.0.0.1 mds.centrport.net
127.0.0.1 oas.dispatch.com
127.0.0.1 adserver.ads360.com
127.0.0.1 banners.adultfriendfinder.com
127.0.0.1 ads.as4x.tmcs.net
127.0.0.1 ads.clickagents.com
127.0.0.1 banners.chek.com
127.0.0.1 zi.r.tv.com
127.0.0.1 ph-ad19.focalink.com
127.0.0.1 ads.greensboro.com
127.0.0.1 ad2.adcept.net
127.0.0.1 ads.colo.kiva.net
127.0.0.1 adsrv.iol.co.za
127.0.0.1 mjxads.internet.com
127.0.0.1 adimage.asiaone.com.sg
127.0.0.1 ads.vnuemedia.com
127.0.0.1 affiliate.doteasy.com
127.0.0.1 m.tribalfusion.com
127.0.0.1 oas.lee.net
127.0.0.1 www.banneroverdrive.com
127.0.0.1 ad3.peel.com
127.0.0.1 ad1.peel.comwww.xbn.ru
127.0.0.1 adserver.snowball.com
127.0.0.1 media15.fastclick.net
127.0.0.1 ads5.advance.net
127.0.0.1 ads3.advance.net
127.0.0.1 ads2.advance.net
127.0.0.1 ads.advance.net
127.0.0.1 usbytecom.orbitcycle.com
127.0.0.1 adbanner.sweepsclub.com
127.0.0.1 oas.villagevoice.com
127.0.0.1 www.ad-flow.com
127.0.0.1 ads.guardian.co.uk
127.0.0.1 ads.hitcents.com
127.0.0.1 media19.fastclick.net
127.0.0.1 a.tribalfusion.com
127.0.0.1 ads.nypost.com
127.0.0.1 ads.premiumnetwork.com
127.0.0.1 ads.ad-flow.com
127.0.0.1 adserver.hispavista.com
127.0.0.1 ads.musiccity.com
127.0.0.1 banners.revenuelink.com
127.0.0.1 ads1.sptimes.com
127.0.0.1 adserver.bizland-inc.net
127.0.0.1 ads.adtegrity.net
127.0.0.1 media13.fastclick.net
127.0.0.1 adserver.ukplus.co.uk
127.0.0.1 ads.live365.com
127.0.0.1 ads.fredericksburg.com
127.0.0.1 banners.affiliatefuel.com
127.0.0.1 ar.atwola.com
127.0.0.1 ads.bigcitytools.com
127.0.0.1 netshelter.adtrix.com
127.0.0.1 y.ibsys.com
127.0.0.1 adserver.nydailynews.com
127.0.0.1 s0b.bluestreak.com
127.0.0.1 images.scripps.com
127.0.0.1 images.cybereps.com
127.0.0.1 altfarm.mediaplex.com
127.0.0.1 krd.realcities.com
127.0.0.1 www3.bannerspace.com
127.0.0.1 view.atdmt.com
127.0.0.1 ads7.advance.net
127.0.0.1 ad.abcnews.com
127.0.0.1 ads.newsquest.co.uk
127.0.0.1 secure.webconnect.net
127.0.0.1 ads.nandomedia.com
127.0.0.1 banners.babylon-x.com
127.0.0.1 media17.fastclick.net
127.0.0.1 techreview-images.adbureau.net
127.0.0.1 ads.exhedra.com
127.0.0.1 ad.trafficmp.com
127.0.0.1 realmedia-a800.d4p.net
127.0.0.1 banner.northsky.com
127.0.0.1 ftp.nacorp.com
127.0.0.1 www.digitalbettingcasinos.com
127.0.0.1 c1.zedo.com
127.0.0.1 ads4.condenet.com
127.0.0.1 www.brilliantdigital.com
127.0.0.1 desktop.kazaa.com
127.0.0.1 shop.kazaa.com
127.0.0.1 www.bonzi.com
127.0.0.1 www.b3d.com
127.0.0.1 neighborhood.standard.net
127.0.0.1 ads.telegraph.co.uk
127.0.0.1 spinbox.techtracker.com
127.0.0.1 toads.osdn.com
127.0.0.1 ads.themes.org
127.0.0.1 adserver.trb.com
127.0.0.1 media.fastclick.net
127.0.0.1 banner.easyspace.com
127.0.0.1 www.banner2u.com
127.0.0.1 ads.thestar.com
127.0.0.1 ads.digitalmedianet.com
127.0.0.1 www.fineclicks.com
127.0.0.1 ads.mdchoice.com
127.0.0.1 ad.horvitznewspapers.net
127.0.0.1 adtegrity.thruport.com
127.0.0.1 a.mktw.net
127.0.0.1 ads.pennyweb.com
127.0.0.1 www3.ad.tomshardware.com
127.0.0.1 www4.ad.tomshardware.com
127.0.0.1 www6.ad.tomshardware.com
127.0.0.1 www8.ad.tomshardware.com
127.0.0.1 www15.ad.tomshardware.com
127.0.0.1 ads.forbes.com
127.0.0.1 ads.desmoinesregister.com
127.0.0.1 adserver.tribuneinteractive.com
127.0.0.1 bannerads.anytimenews.com
127.0.0.1 ads1.condenet.com
127.0.0.1 adserver.anm.co.uk
127.0.0.1 zrap.zdnet.com.com
127.0.0.1 bidclix.net
127.0.0.1 media.popuptraffic.com
127.0.0.1 coreg.flashtrack.net
127.0.0.1 rmads.msn.com
127.0.0.1 ads.icq.com
127.0.0.1 cb.icq.com
127.0.0.1 cf.icq.com
127.0.0.1 www2.newtopsites.com
127.0.0.1 adserv.internetfuel.com
127.0.0.1 images.fastclick.net
127.0.0.1 adserver.securityfocus.com
127.0.0.1 www.avsads.com
127.0.0.1 banners.moviegoods.com
127.0.0.1 ads.bitsonthewire.com
127.0.0.1 ads.iambic.com
127.0.0.1 sfads.osdn.com
127.0.0.1 fl01.ct2.comclick.com
127.0.0.1 adserver.phillyburbs.com
127.0.0.1 marketing.nyi.net
127.0.0.1 www.netflip.com
127.0.0.1 image.imgfarm.com
127.0.0.1 ads.viaarena.com
127.0.0.1 phpads2.cnpapers.com
127.0.0.1 ads.astalavista.us
127.0.0.1 banner.coza.com
127.0.0.1 adcreative.tribuneinteractive.com
127.0.0.1 ads.democratandchronicle.com
127.0.0.1 adlog.com.com
127.0.0.1 adimg.com.com
127.0.0.1 adimage.bankrate.com
127.0.0.1 ads.mediadevil.com
127.0.0.1 imageserv.adtech.de
127.0.0.1 ad.se.doubleclick.net
127.0.0.1 ads.cashsurfers.com
127.0.0.1 ads.specificpop.com
127.0.0.1 z1.adserver.com
127.0.0.1 images.bizrate.com
127.0.0.1 q.pni.com
127.0.0.1 ad01.mediacorpsingapore.com
127.0.0.1 adimage.asia1.com.sg
127.0.0.1 images.newsx.cc
127.0.0.1 www.adireland.com
127.0.0.1 ads.iafrica.com
127.0.0.1 ads.nyi.net
127.0.0.1 geoads.osdn.com
127.0.0.1 www.crisscross.com
127.0.0.1 netcomm.spinbox.net
127.0.0.1 i.i.com.com
127.0.0.1 ads.videoaxs.com
127.0.0.1 mediamgr.ugo.com
127.0.0.1 adserver.pollstar.com
127.0.0.1 information.gopher.com
127.0.0.1 ads.adviva.net
127.0.0.1 adsrv.bankrate.com
127.0.0.1 a207.p.f.qz3.net
127.0.0.1 ehg-bestbuy.hitbox.com
127.0.0.1 ehg-intel.hitbox.com
127.0.0.1 ehg-espn.hitbox.com
127.0.0.1 ehg-macromedia.hitbox.com
127.0.0.1 ehg-dig.hitbox.com
127.0.0.1 speed.pointroll.com
127.0.0.1 amch.questionmarket.com
127.0.0.1 ads.gamespy.com
127.0.0.1 spd.atdmt.com
127.0.0.1 ads.columbian.com
127.0.0.1 clickit.go2net.com
127.0.0.1 vpdc.ru4.com
127.0.0.1 ads.developershed.com
127.0.0.1 ads.globeandmail.com
127.0.0.1 ads.nerve.com
127.0.0.1 iv.doubleclick.net
127.0.0.1 ads2.condenet.com
127.0.0.1 www.burstnet.com
127.0.0.1 ads5.canoe.ca
127.0.0.1 askmen.thruport.com
127.0.0.1 adsrv2.gainesvillesun.com
127.0.0.1 ads.theolympian.com
127.0.0.1 ads.courierpostonline.com
127.0.0.1 i.timeinc.net
127.0.0.1 oasads.whitepages.com
127.0.0.1 rad.msn.com
127.0.0.1 serve.thisbanner.com
127.0.0.1 images.trafficmp.com
127.0.0.1 www.kaplanindex.com
127.0.0.1 kaplanindex.com
127.0.0.1 1.httpdads.com
127.0.0.1 spinbox.maccentral.com
127.0.0.1 akaads-abc.starwave.com
127.0.0.1 webad.ajeeb.com
127.0.0.1 ads.granadamedia.com
127.0.0.1 oas.uniontrib.com
127.0.0.1 ads.wnd.com
127.0.0.1 a3.suntimes.com
127.0.0.1 tmsads.tribune.com
127.0.0.1 ads.peel.com
127.0.0.1 ads.mh5.com
127.0.0.1 ad.usatoday.com
127.0.0.1 adserver.digitalpartners.com
127.0.0.1 ads.mediaturf.net
127.0.0.1 ads4.clearchannel.com
127.0.0.1 ads.clearchannel.com
127.0.0.1 ads2.clearchannel.com
127.0.0.1 ads.jacksonsun.com
127.0.0.1 servads.aip.org
127.0.0.1 ad.au.doubleclick.net
127.0.0.1 adng.ascii24.com
127.0.0.1 engage.speedera.net
127.0.0.1 ads.msn-ppe.com
127.0.0.1 ad.openfind.com.tw
127.0.0.1 adi.mainichi.co.jp
127.0.0.1 ads.northjersey.com
127.0.0.1 ad.moscowtimes.ru
127.0.0.1
127.0.0.1 ad1.aaddzz.com
127.0.0.1 ds.eyeblaster.com
127.0.0.1 adserver.digitalpartners.com
127.0.0.1 oas.uniontrib.com
127.0.0.1 ads.statesmanjournal.com
127.0.0.1 ads.centralohio.com

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

regindr

Mar 29 2007, 05:07 AM

and i think that is it. (: