Badly Infected, Need Help

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

3 Pages

1 2 3 >

Badly Infected, Need Help, DO not know what got me

Options

journey_sf View Member Profile	Jun 18 2008, 08:01 PM Post #1
Member Group: Members Posts: 20 Joined: 18-June 08 From: Alabama Member No.: 217,123	Hello Everybody, A friend of mine asked me to help him fix his issues with his laptop. I have his laptop until this problem is resolved. At first, the laptop needed to perform a consistency test before even starting with Windows. If you did not do that, the computer would restart as soon as the desktop starts showing. So, I had the scan running and once the computer showed the desktop without restarting right away, I deleted the annoying program "AntiSpyCheck" and installed Antivir Personal Edition. I restarted the computer and then let Antivir run. Btw, even though I deleted AntiSpycheck, it was still on! Still, I ran Antivir. After finishing about 52% of the scan and finding nothing, the computer restarts. There is this blue screen popping up, saying there is a serious error going on and then restarting everything. The same thing happens if I try to access the internet with the infected laptop. Also, when the laptop is on it makes this weird noise, kind of like a paper crunching. It is hard to describe. Eventually I ran the Hijackthis program and here are the results. I hope someone can help me! Thank you! S.B. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:39:23 PM, on 6/18/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\Atievxx.exe C:\WINDOWS\system32\LxrJD31s.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NetProject\scit.exe C:\Program Files\NetProject\sbmntr.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\NetProject\scm.exe C:\Program Files\NetProject\sbsm.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: WarningBHO Class - {56FA7933-DC3E-403b-8D47-BB5E3F345A21} - C:\Program Files\AntiSpyCheck\IEWarning.dll (file missing) O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: 162123 helper - {95667A7A-03B3-4EE0-91AE-A4DE74D25729} - C:\WINDOWS\System32\162123\162123.dll O2 - BHO: (no name) - {99BA268B-4021-4739-9945-3C774217FE75} - C:\Program Files\NetProject\sbmdl.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AntiSpyCheck 2.1.0] "C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [AntiSpyCheck] C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: Win32 Classes - O17 - HKLM\System\CCS\Services\Tcpip\..\{707B4C96-425F-49D2-B9A3-724C0A7B9E95}: NameServer = 192.168.1.254 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O22 - SharedTaskScheduler: chaplin - {257f6f44-2c64-46bb-acb4-55f9b9e0ae08} - C:\WINDOWS\System32\psqnuvo.dll O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe -- End of file - 7865 bytes

Buckeye_Sam View Member Profile	Jun 19 2008, 09:21 AM Post #2
Malware Expert Group: HJT Team Posts: 15,624 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download Deckard's System Scanner (DSS) and save to your Desktop. alternate download site DSS will do the following: Create a new System Restore point in Windows XP and Vista. Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives. Check some important areas of your system and produce a report for an analyst to review. Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes. You must be logged onto an account with administrator privileges when using. Close all applications and windows. Double-click on dss.exe to run it and follow the prompts. If your anti-virus or firewall complains, please allow this script to run as it is not malicious. When the scan is complete, two text files will open in Notepad: main.txt <- this one will be maximized extra.txt <- this one will be minimized If not, they both can be found in the C:\Deckard\System Scanner folder. Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply. -- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so. -- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

Buckeye_Sam View Member Profile	Jun 19 2008, 12:56 PM Post #4
Malware Expert Group: HJT Team Posts: 15,624 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Please download SmitfraudFix (by S!Ri) to your Desktop. Double-click SmitfraudFix.exe Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.** Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

journey_sf View Member Profile	Jun 19 2008, 02:52 PM Post #5
Member Group: Members Posts: 20 Joined: 18-June 08 From: Alabama Member No.: 217,123	Here you go: SmitFraudFix v2.328 Scan done at 14:46:42.40, Thu 06/19/2008 Run from C:\Documents and Settings\Samer assaad\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is FAT32 Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\Atievxx.exe C:\WINDOWS\system32\LxrJD31s.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NetProject\scit.exe C:\Program Files\NetProject\sbmntr.exe C:\Program Files\NetProject\scm.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\NetProject\sbsm.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\palmOne\Hotsync.exe C:\WINDOWS\System32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\migicons.exe FOUND ! C:\WINDOWS\system32\tdidrv32.sys FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Samer assaad »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Samer assaad\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND ! C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SAMERA~1\FAVORI~1 C:\DOCUME~1\SAMERA~1\FAVORI~1\Online Security Test.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Desktop C:\DOCUME~1\ALLUSE~1\DESKTOP\Online Security Guide.url FOUND ! C:\DOCUME~1\ALLUSE~1\DESKTOP\Security Troubleshooting.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\AntiSpyCheck\ FOUND ! C:\Program Files\NetProject\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri +--------------------------------------------------+ [!] Suspicious: 162123.dll BHO: 162123 Class - {95667A7A-03B3-4EE0-91AE-A4DE74D25729} BHO CLSID TypeLib: {E63648F7-3933-440E-AAAA-A8584DD7B7EB} Corrected TypeLib: {E63648F7-3933-440E-B4F6-A8584DD7B7EB} Interface: {F7D09218-46D7-4D3D-9B7F-315204CD0836} »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{257f6f44-2c64-46bb-acb4-55f9b9e0ae08}"="chaplin" [HKEY_CLASSES_ROOT\CLSID\{257f6f44-2c64-46bb-acb4-55f9b9e0ae08}\InProcServer32] @="C:\WINDOWS\System32\psqnuvo.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{257f6f44-2c64-46bb-acb4-55f9b9e0ae08}\InProcServer32] @="C:\WINDOWS\System32\psqnuvo.dll" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL" "LoadAppInit_DLLs"=dword:00000001 »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Intel 8255x-based PCI Ethernet Adapter (10/100) DNS Server Search Order: 192.168.1.254 Description: Intel 8255x-based PCI Ethernet Adapter (10/100) DNS Server Search Order: 192.168.1.254 DNS Server Search Order: 192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\..\{3012D05F-6691-4C0D-8F53-6910709068BF}: DhcpNameServer=192.168.1.254 192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\..\{707B4C96-425F-49D2-B9A3-724C0A7B9E95}: NameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\..\{3012D05F-6691-4C0D-8F53-6910709068BF}: DhcpNameServer=192.168.1.254 192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\..\{707B4C96-425F-49D2-B9A3-724C0A7B9E95}: NameServer=192.168.1.254 HKLM\SYSTEM\CS2\Services\Tcpip\..\{3012D05F-6691-4C0D-8F53-6910709068BF}: DhcpNameServer=192.168.1.254 192.168.1.254 HKLM\SYSTEM\CS2\Services\Tcpip\..\{707B4C96-425F-49D2-B9A3-724C0A7B9E95}: NameServer=192.168.1.254 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 192.168.1.254 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

Buckeye_Sam View Member Profile	Jun 19 2008, 09:00 PM Post #6
Malware Expert Group: HJT Team Posts: 15,624 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	1. Reboot your computer in Safe Mode. If the computer is running, shut down Windows, and then turn off the power. Wait 30 seconds, and then turn the computer on. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again. Ensure that the Safe Mode option is selected. Press Enter. The computer then begins to start in Safe mode. Login on your usual account. 2. Run Smitfraud Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool. Select option #2 - Clean by typing 2 and press Enter. Wait for the tool to complete and disk cleanup to finish. You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter. The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter. The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log in your next reply. Also post a new log from DSS. This post has been edited by Buckeye_Sam: Jun 19 2008, 09:00 PM -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

journey_sf View Member Profile	Jun 20 2008, 02:00 PM Post #7
Member Group: Members Posts: 20 Joined: 18-June 08 From: Alabama Member No.: 217,123	Hello Sam, It did not work. At first, when I turned on the laptop, it had to check the hard drive for consistency again, which took about 2 hours to finish. Then, I went to safe mode and ran SmitfraudFix, it started, went as far as doing regular clean up, like deleting the recycle bin and the temporary files, then the screen went black. Now, all I have is the screen with safe mode on it. There is nothing happening and I do not get the start button back and I also cannot see any desktop files. I did try it three more times and it crashed every time at the same moment. It wrote: Scanning IEDFix, followed by Scanning DNS, followed by Deleting Temp Files, then, Disk clean-up. It started the clean up, then you saw the regular blue screen of the program, then only the black safe mode desktop and nothing else. Thanks again for your help! S.B. This post has been edited by journey_sf: Jun 20 2008, 06:37 PM

Buckeye_Sam View Member Profile	Jun 21 2008, 07:31 AM Post #8
Malware Expert Group: HJT Team Posts: 15,624 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Reboot into normal mode again. You should find a log from Smitfraudfix at C:\rapport.txt Please post that log in your next reply. Also post a new log from DSS. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

journey_sf View Member Profile	Jun 21 2008, 09:19 AM Post #9
Member Group: Members Posts: 20 Joined: 18-June 08 From: Alabama Member No.: 217,123	Ok, but there was only a main report from DSS, no extra one. Deckard's System Scanner v20071014.68 Run by Samer assaad on 2008-06-21 08:46:37 Computer is in Normal Mode. -------------------------------------------------------------------------------- Total Physical Memory: 256 MiB (512 MiB recommended). System Drive C: has 2.66 GiB (less than 15%) free. -- HijackThis (run as Samer assaad.exe) ---------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:47:17, on 6/21/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\Atievxx.exe C:\WINDOWS\system32\LxrJD31s.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\palmOne\Hotsync.exe C:\Documents and Settings\Samer assaad\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\SAMERA~1.EXE R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: WarningBHO Class - {56FA7933-DC3E-403b-8D47-BB5E3F345A21} - C:\Program Files\AntiSpyCheck\IEWarning.dll (file missing) O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: 162123 helper - {95667A7A-03B3-4EE0-91AE-A4DE74D25729} - C:\WINDOWS\System32\162123\162123.dll (file missing) O2 - BHO: (no name) - {99BA268B-4021-4739-9945-3C774217FE75} - C:\Program Files\NetProject\sbmdl.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll (file missing) O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AntiSpyCheck 2.1.0] "C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [AntiSpyCheck] C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: Win32 Classes - O17 - HKLM\System\CCS\Services\Tcpip\..\{707B4C96-425F-49D2-B9A3-724C0A7B9E95}: NameServer = 192.168.1.254 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O22 - SharedTaskScheduler: chaplin - {257f6f44-2c64-46bb-acb4-55f9b9e0ae08} - C:\WINDOWS\System32\psqnuvo.dll (file missing) O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe -- End of file - 7646 bytes -- Files created between 2008-05-21 and 2008-06-21 ----------------------------- 2008-06-19 14:46:47 1930 --a------ C:\WINDOWS\System32\tmp.reg 2008-06-19 14:46:16 25600 --a------ C:\WINDOWS\System32\WS2Fix.exe 2008-06-19 14:46:16 289144 --a------ C:\WINDOWS\System32\VCCLSID.exe <Not Verified; S!Ri; > 2008-06-19 14:46:16 86528 --a------ C:\WINDOWS\System32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-06-19 14:46:16 82944 --a------ C:\WINDOWS\System32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-06-19 14:46:16 81920 --a------ C:\WINDOWS\System32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix> 2008-06-19 14:46:15 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-06-19 14:46:15 51200 --a------ C:\WINDOWS\System32\dumphive.exe 2008-06-19 14:46:14 53248 --a------ C:\WINDOWS\System32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-06-18 19:38:51 0 d-------- C:\Program Files\Trend Micro 2008-06-18 17:40:27 0 d-------- C:\Program Files\Avira 2008-06-18 17:40:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-06-18 17:22:05 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-18 17:18:12 0 d--hs---- C:\FOUND.010 2008-06-17 11:38:36 0 d--hs---- C:\FOUND.009 2008-06-17 11:31:32 0 d--hs---- C:\FOUND.008 2008-06-16 00:01:54 0 d--hs---- C:\FOUND.007 2008-06-15 14:14:58 0 d--hs---- C:\FOUND.006 2008-06-15 13:40:08 0 d--hs---- C:\FOUND.005 2008-06-15 13:31:34 0 d--hs---- C:\FOUND.004 2008-06-15 13:21:06 0 d--hs---- C:\FOUND.003 2008-06-15 12:59:02 0 d--hs---- C:\FOUND.002 2008-06-15 12:50:59 8704 --a------ C:\WINDOWS\System32\tdidrv32.sys 2008-06-15 12:45:00 0 d-------- C:\Documents and Settings\Samer assaad\Application Data\Adobe -- Find3M Report --------------------------------------------------------------- 2008-06-20 13:34:26 5742282 --ah----- C:\Documents and Settings\Samer assaad\Application Data\IconCache.db 2008-04-05 22:55:40 71168 --a------ C:\WINDOWS\System32\LxrJD31s.exe 2008-04-05 22:55:40 146432 --a------ C:\WINDOWS\System32\LxrJD31p.exe <Not Verified; Microsoft Corporation; Microsoft Corporation Diskpart Application> 2008-04-05 22:55:40 163840 --a------ C:\WINDOWS\System32\LxrJD31c.exe 2008-04-05 22:55:40 249856 --a------ C:\WINDOWS\System32\LxrJD31.dll 2008-04-05 22:55:40 61440 --a------ C:\WINDOWS\System32\LxrJD20Sat.dll -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56FA7933-DC3E-403b-8D47-BB5E3F345A21}] C:\Program Files\AntiSpyCheck\IEWarning.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95667A7A-03B3-4EE0-91AE-A4DE74D25729}] C:\WINDOWS\System32\162123\162123.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99BA268B-4021-4739-9945-3C774217FE75}] C:\Program Files\NetProject\sbmdl.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{51D81DD5-55B7-497F-95DB-D356429BB54E}"= C:\Program Files\NetProject\wamdl.dll [ ] [-HKEY_CLASSES_ROOT\CLSID\{51D81DD5-55B7-497F-95DB-D356429BB54E}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/14/2007 17:46] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 10:22] "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [03/17/2005 14:25] "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [03/17/2005 14:45] "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [06/28/2006 07:46] "SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [01/26/2005 18:02] "ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [06/29/2006 12:18] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/25/2007 15:24] "AntiSpyCheck 2.1.0"="C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe" [] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/20/2002 15:08] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [10/24/2006 16:10] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/13/2007 08:10] "DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [12/20/2007 08:10] "AntiSpyCheck"="C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe" [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 2:16:08 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "some"=C:\Program Files\NetProject\scit.exe "start"=C:\Program Files\NetProject\sbmntr.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{257f6f44-2c64-46bb-acb4-55f9b9e0ae08}"= C:\WINDOWS\System32\psqnuvo.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidrv32.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "AtiPTA"=Atiptaxx.exe "Promon.exe"=Promon.exe "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme -- End of Deckard's System Scanner: finished at 2008-06-21 08:48:27 ------------ SmitFraudFix v2.328 Scan done at 17:51:51.03, Fri 06/20/2008 Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is FAT32 Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{257f6f44-2c64-46bb-acb4-55f9b9e0ae08}"="chaplin" [HKEY_CLASSES_ROOT\CLSID\{257f6f44-2c64-46bb-acb4-55f9b9e0ae08}\InProcServer32] @="C:\WINDOWS\System32\psqnuvo.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{257f6f44-2c64-46bb-acb4-55f9b9e0ae08}\InProcServer32] @="C:\WINDOWS\System32\psqnuvo.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{3012D05F-6691-4C0D-8F53-6910709068BF}: DhcpNameServer=192.168.1.254 192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\..\{707B4C96-425F-49D2-B9A3-724C0A7B9E95}: NameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\..\{3012D05F-6691-4C0D-8F53-6910709068BF}: DhcpNameServer=192.168.1.254 192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\..\{707B4C96-425F-49D2-B9A3-724C0A7B9E95}: NameServer=192.168.1.254 HKLM\SYSTEM\CS2\Services\Tcpip\..\{3012D05F-6691-4C0D-8F53-6910709068BF}: DhcpNameServer=192.168.1.254 192.168.1.254 HKLM\SYSTEM\CS2\Services\Tcpip\..\{707B4C96-425F-49D2-B9A3-724C0A7B9E95}: NameServer=192.168.1.254 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"=""

Buckeye_Sam View Member Profile	Jun 21 2008, 11:58 AM Post #10
Malware Expert Group: HJT Team Posts: 15,624 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button. R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm O2 - BHO: WarningBHO Class - {56FA7933-DC3E-403b-8D47-BB5E3F345A21} - C:\Program Files\AntiSpyCheck\IEWarning.dll (file missing) O2 - BHO: 162123 helper - {95667A7A-03B3-4EE0-91AE-A4DE74D25729} - C:\WINDOWS\System32\162123\162123.dll (file missing) O2 - BHO: (no name) - {99BA268B-4021-4739-9945-3C774217FE75} - C:\Program Files\NetProject\sbmdl.dll (file missing) O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll (file missing) O4 - HKLM\..\Run: [AntiSpyCheck 2.1.0] "C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe" O4 - HKCU\..\Run: [AntiSpyCheck] C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: Win32 Classes - O22 - SharedTaskScheduler: chaplin - {257f6f44-2c64-46bb-acb4-55f9b9e0ae08} - C:\WINDOWS\System32\psqnuvo.dll (file missing) Reboot and post a new log from DSS. It's fine that you only get the main.txt going forward from here. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

journey_sf View Member Profile	Jun 21 2008, 01:46 PM Post #11
Member Group: Members Posts: 20 Joined: 18-June 08 From: Alabama Member No.: 217,123	Thank you. I did what you said. I then also tried to access the internet and when I opened the browser, a blue screen appeared, claiming there to be a serious error, then pc restarted. After this, I had to let the system check for consistency again before it would enter the Windows profile. Here the most recent log: Deckard's System Scanner v20071014.68 Run by Samer assaad on 2008-06-21 13:39:16 Computer is in Normal Mode. -------------------------------------------------------------------------------- Total Physical Memory: 256 MiB (512 MiB recommended). System Drive C: has 2.66 GiB (less than 15%) free. -- HijackThis (run as Samer assaad.exe) ---------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:39:35, on 6/21/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\Atievxx.exe C:\WINDOWS\system32\LxrJD31s.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\palmOne\Hotsync.exe C:\Documents and Settings\Samer assaad\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\SAMERA~1.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{707B4C96-425F-49D2-B9A3-724C0A7B9E95}: NameServer = 192.168.1.254 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe -- End of file - 5651 bytes -- Files created between 2008-05-21 and 2008-06-21 ----------------------------- 2008-06-19 14:46:47 1930 --a------ C:\WINDOWS\System32\tmp.reg 2008-06-19 14:46:16 25600 --a------ C:\WINDOWS\System32\WS2Fix.exe 2008-06-19 14:46:16 289144 --a------ C:\WINDOWS\System32\VCCLSID.exe <Not Verified; S!Ri; > 2008-06-19 14:46:16 86528 --a------ C:\WINDOWS\System32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-06-19 14:46:16 82944 --a------ C:\WINDOWS\System32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-06-19 14:46:16 81920 --a------ C:\WINDOWS\System32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix> 2008-06-19 14:46:15 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-06-19 14:46:15 51200 --a------ C:\WINDOWS\System32\dumphive.exe 2008-06-19 14:46:14 53248 --a------ C:\WINDOWS\System32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-06-18 19:38:51 0 d-------- C:\Program Files\Trend Micro 2008-06-18 17:40:27 0 d-------- C:\Program Files\Avira 2008-06-18 17:40:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-06-18 17:22:05 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-18 17:18:12 0 d--hs---- C:\FOUND.010 2008-06-17 11:38:36 0 d--hs---- C:\FOUND.009 2008-06-17 11:31:32 0 d--hs---- C:\FOUND.008 2008-06-16 00:01:54 0 d--hs---- C:\FOUND.007 2008-06-15 14:14:58 0 d--hs---- C:\FOUND.006 2008-06-15 13:40:08 0 d--hs---- C:\FOUND.005 2008-06-15 13:31:34 0 d--hs---- C:\FOUND.004 2008-06-15 13:21:06 0 d--hs---- C:\FOUND.003 2008-06-15 12:59:02 0 d--hs---- C:\FOUND.002 2008-06-15 12:50:59 8704 --a------ C:\WINDOWS\System32\tdidrv32.sys 2008-06-15 12:45:00 0 d-------- C:\Documents and Settings\Samer assaad\Application Data\Adobe -- Find3M Report --------------------------------------------------------------- 2008-06-20 13:34:26 5742282 --ah----- C:\Documents and Settings\Samer assaad\Application Data\IconCache.db 2008-04-05 22:55:40 71168 --a------ C:\WINDOWS\System32\LxrJD31s.exe 2008-04-05 22:55:40 146432 --a------ C:\WINDOWS\System32\LxrJD31p.exe <Not Verified; Microsoft Corporation; Microsoft Corporation Diskpart Application> 2008-04-05 22:55:40 163840 --a------ C:\WINDOWS\System32\LxrJD31c.exe 2008-04-05 22:55:40 249856 --a------ C:\WINDOWS\System32\LxrJD31.dll 2008-04-05 22:55:40 61440 --a------ C:\WINDOWS\System32\LxrJD20Sat.dll -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{51D81DD5-55B7-497F-95DB-D356429BB54E}"= C:\Program Files\NetProject\wamdl.dll [ ] [-HKEY_CLASSES_ROOT\CLSID\{51D81DD5-55B7-497F-95DB-D356429BB54E}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/14/2007 17:46] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 10:22] "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [03/17/2005 14:25] "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [03/17/2005 14:45] "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [06/28/2006 07:46] "SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [01/26/2005 18:02] "ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [06/29/2006 12:18] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/25/2007 15:24] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/20/2002 15:08] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [10/24/2006 16:10] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/13/2007 08:10] "DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [12/20/2007 08:10] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 2:16:08 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidrv32.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "AtiPTA"=Atiptaxx.exe "Promon.exe"=Promon.exe "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme -- End of Deckard's System Scanner: finished at 2008-06-21 13:40:41 ------------ This post has been edited by journey_sf: Jun 21 2008, 01:47 PM

Buckeye_Sam View Member Profile	Jun 21 2008, 03:10 PM Post #12
Malware Expert Group: HJT Team Posts: 15,624 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Open Notepad, and copy everything in the code box below and paste it into a new notepad file. Change the "Save As Type" to "All Files". Save it as fixme.reg on your Desktop. Make sure there is NO blank line above "REGEDIT4"! CODE REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{51D81DD5-55B7-497F-95DB-D356429BB54E}"=- [-HKEY_CLASSES_ROOT\CLSID\{51D81DD5-55B7-497F-95DB-D356429BB54E}] Locate fixme.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES. ============== Download and scan with SUPERAntiSpyware Free for Home Users Double-click SUPERAntiSpyware.exe and use the default settings for installation. An icon will be created on your desktop. Double-click that icon to launch the program. If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.) Under "*Configuration and Preferences", click the Preferences* button. Click the Scanning Control tab. Under Scanner Options make sure the following are checked (leave all others unchecked): Close browsers before scanning. Scan for tracking cookies. Terminate memory threats before quarantining. Click the "Close" button to leave the control center screen. Back on the main screen, under "*Scan for Harmful Software" click Scan your computer. On the left, make sure you check C:\Fixed Drive. On the right, under "Complete Scan", choose Perform Complete Scan. Click "Next" to start the scan. Please be patient while it scans your computer. After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". Make sure everything has a checkmark next to it and click "Next". A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. If asked if you want to reboot, click "Yes". To retrieve the removal information after reboot, launch SUPERAntispyware again. Click Preferences, then click the Statistics/Logs tab.* Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. Please copy and paste the Scan Log results in your next reply. Click Close to exit the program. Also post a new log from DSS. Let me know how your computer seems to be acting now. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

journey_sf View Member Profile	Jun 21 2008, 06:12 PM Post #13
Member Group: Members Posts: 20 Joined: 18-June 08 From: Alabama Member No.: 217,123	I did the first part, and I think it worked. I did leave the word CODE out, was that correct? I ran the SuperAntiSpyware and it ran for almost 1.5 hours and had found over 900 threats, when the laptop crashed again. I checked, there is no log for the time it ran. I am trying it again right now. Thanks. Ok, I did the scan again and stopped it once it found a lot of stuff and deleted all of this. Now, I started it again and will see if it crashes again. Here are the log result from the interrupted scan. I will post the log of a full scan should that laptop let me finish one... SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 06/21/2008 at 06:36 PM Application Version : 4.15.1000 Core Rules Database Version : 3469 Trace Rules Database Version: 1460 Scan type : Complete Scan Total Scan Time : 00:27:10 Memory items scanned : 394 Memory threats detected : 0 Registry items scanned : 4222 Registry threats detected : 48 File items scanned : 6338 File threats detected : 878 Adware.Tracking Cookie C:\Documents and Settings\Samer assaad\Cookies\samer assaad@valueclick[3].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflognczelp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@homeclick[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@as-us.falkag[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@tacoda[5].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ad.us-ec.adtechus[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4wgdjgdp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkocgc5wfp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@data1.perf.overture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-suite101.hitbox[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4skdjgfo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@burstnet[4].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkyendpwlo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@stat.dealtime[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmigicpglq.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1jajah.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@data4.perf.overture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyohdpggq.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkocgczeao.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@adopt.euroclick[4].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@adlegend[3].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlykkazkkp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@icc.intellisrv[3].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ad.yieldmanager[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnywjdjmep.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@bizrate[5].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@server.iad.liveperson[5].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-inforspaceinc.hitbox[3].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@scholastic.122.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@atdmt[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@iipd.furniturefind[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wglisgdpwfq.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@casalemedia[5].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.furniturefind[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfligmazscp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@web-stat[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlysmazgap.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmygmdpoko.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkield5map.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkougazmbp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlyegdzwfo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfliahczigo.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@maxserving[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@hc2.humanclick[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkyugcjclp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@toseeka[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@admarketplace[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyqhcjeco.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@roiservice[4].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmiqjczmdq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@phg.hitbox[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@z1.adserver[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1kcpwc.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@perf.overture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkokidjgkp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkouod5obp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@jcrew.112.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@revsci[4].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyqhdzoap.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmywgdzieq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyoocpckq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@tracker.espsoftware[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@edge.ru4[5].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlisldzcgp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfloqpazcap.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@hg1.hitbox[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wglicmczogo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@twci.coremetrics[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfl4kmd5eap.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmyqmajobp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@nextag[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@LPneimanmarcus[4].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@realmedia[5].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@test.coremetrics[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoumazslq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@saksfifthavenue.122.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@adserver[4].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@paulfredrick.122.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@polo.112.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg.hitbox[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlysjczsap.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkyqiazobq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@serving-sys[4].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkoqod5afp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@furniturefind[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.clickmanage[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkookd5iao.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4khdpklo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ads.addynamix[4].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-stampsdotcom.hitbox[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmyqid5mhp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflikmcjeko.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkykiczoao.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyohcpakp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@insightexpressai[5].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@tradedoubler[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@buildabear.122.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@clickability[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@stats1.clicktracks[3].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@fastclick[5].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@2o7[5].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@questionmarket[4].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@apmebf[5].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@6229559[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@keywordmax[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmygjczaho.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnycmdjgfo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnysidzwgo.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wak4gmdzido.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@citi.bridgetrack[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@statse.webtrendslive[5].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@hitbox[5].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@atwola[3].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@counter.surfcounters[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@americanexpress.122.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyamdziho.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@giftscom.122.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@advertising[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-graphikdimensions.hitbox[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmyamcpwhq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@partner2profit[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkiknczmko.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4oldjalp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@data2.perf.overture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@statcounter[4].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfliwnczifp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4socpebp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@clickshift[4].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmiamcjelo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ads.pointroll[5].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4gncjcbp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@data.coremetrics[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@mediaplex[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whkocgdjgep.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4ckdjilo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@trafficmp[4].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkysgdzidq.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1pcjwa.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@chefscatalog.122.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@xiti[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-dig.hitbox[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@zedo[5].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4qldzchp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@doubleclick[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyumc5eko.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloelczkeo.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyojajedo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkoajazaao.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmiendjwbp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@adviva[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@kimberleyandco.122.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyaocjwaq.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkiwnazaaq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmikidjsfq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4whcjslp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmycodpolq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4knczkhp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4woazoko.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@adopt.specificclick[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4khdzokp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmyaid5gap.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmyukdjaeq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-mattress.hitbox[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoghcpclq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyehczkep.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkiokazwfp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkyujdpwdp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflosgcpcbp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@montblanc.122.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@web4.realtracker[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkicod5acp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkoajc5obp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmyqpdjcgo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@bravenet[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlycoazsco.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-allergybuyersclub.hitbox[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@sales.liveperson[5].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@roi2.clicklab[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyejczwfp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyoncjclq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkykgcpclo.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4ehdpohp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfl4ehcpebp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@tennisexpress[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@discountmugs[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wglyqldzsgo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflokicpeap.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnygjcjefo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whliqod5sep.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@247realmedia[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkoopczgdo.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whliolazaao.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@free.wegcash[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyepd5gko.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyklc5sko.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@stat.onestat[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnywhcpacq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@as1.falkag[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyokazsdo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyqodpkbo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1kd5og.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkowiazglo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@commission-junction[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkisjazccq.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlospcpolp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@data3.perf.overture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfliqkcpalq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-randomhouse.hitbox[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoggcjiko.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkocidjscp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyeldjkeq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@stats2.clicktracks[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjliahd5kep.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@feed.validclick[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmionc5wcp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmygldjmbp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlicodjolo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnygndzobo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@msnportal.112.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4cmcpafo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloeld5klq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-christiandior.hitbox[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@cratebarrel.112.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyskc5gbq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@webstat[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoegd5oco.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@pt.crossmediaservices[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkycgdzekp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@tracking.homeportfolio[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@indexstats[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnywgczikq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@counter.hitslink[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@anad.tacoda[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmiqgczwdo.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlyclazmhp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whkyclcjmgp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgk4kiazwlo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjliencjcdp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyojdzgho.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlygkd5khp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@marketlive.122.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@bfast[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@3.adbrite[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkowlazobp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@tracker.roitesting[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4oldpseq.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyqpcjcho.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmykgdpcco.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyehdpalo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4ujazsgp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmykoc5gkq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.tennisexpress[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoogdzslo.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfloamajgdq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@broadspancommerce.122.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.burstbeacon[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfl4sgajsbq.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlokkcjkdo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflosoajelo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfl4gkd5kep.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkycmcjicp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloqndjaep.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfloqjcpabo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@clickauditor[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@mattressusa.122.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whkoqldjafo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-designwithinreach.hitbox[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkowhc5iep.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmishc5mep.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloojazghq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyggcpwfo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@adrevolver[6].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnycndzaep.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@media3.sitebrand[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoqjdpebo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@123count[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmygldpweq.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgl4clajeko.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wglykmcjwbp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflislczafo.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4kndpobo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@dcswkx5d9i3xh3bv2hhfxm2xl_4l1q[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnycgc5ggp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkooidjifp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkyogczwbp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlyojdjshp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4kgdpihq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whkikoczkcq.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-growingtree.hitbox[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmyeocjiep.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmiqic5akq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloqnc5klq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@overst2.sitetracker[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkyuoczkgo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ads.as4x.tmcs[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkospcpilp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlosgazcao.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyugd5iep.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@client.roiadtracker[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4cgazebo.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4cocjsep.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wglyghczwfo.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnygpdjaap.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-hollywoodmedia.hitbox[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1sdzid.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkicodjieq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmywmcpihp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@bluestreak[3].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloumdjego.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkieicjmeo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyomdzmeq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.homeclick[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkiundjkgp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkywhc5alp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjliaoajiap.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfliqpazoep.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wbkyamajoeo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@app.insightgrit[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkycnczsko.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkykkdjceo.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlicldzwaq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoeodpkgo.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkikodpkbo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlokmdpcho.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkokidjegp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whlooocpsfq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoendjklo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4kkcpeko.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgliwoc5ckq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyuoaziao.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkogmczwfo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4cocjkcq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-mgmmirageoperations.hitbox[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkysjazmhp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkoqncpgfp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyojazcbp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkiokcjghp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4eoazaep.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflogmc5ceo.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjliggajkgo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1ncjwc.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmyekdpmeq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyojcjsho.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@capitalone.122.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyaodjebp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnycodjcep.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkighdjcbp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmikmczobp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyogcjgco.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnygjczwcp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyapc5gdo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyqjcjsko.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkyonczmdo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkyukazoep.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflikoc5gko.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlosoazsep.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkiakdzocq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.discountwatchstore[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjligjcjoep.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlyaicjigp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyqpczslp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkywkcpsfp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkoopd5gao.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4umd5iap.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyaidpsdo.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4eoc5mep.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-e2solutions.hitbox[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfliemdpcko.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whkignczscp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@stats.manticoretechnology[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmiqiajklp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyekc5mkp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whkoehczoeo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyogd5slp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlospc5glo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyamd5okp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmyuhcpwgp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@sec1.liveperson[3].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmyupczogo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyckcjcbo.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4ckdpkeo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@blindscom.122.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgk4ekdzoao.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@sextracker[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1oazcf.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfl4emcjkbq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyaldjobq.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whk4ohazweo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1gazka.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnycgcpkdp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkyapazkap.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkyupd5whp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkogjdpego.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@pathfinder[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@media7.sitebrand[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkislcpohp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmigmdpofp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmiakcjiep.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ads.emirates.net[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4wkcjklo.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@stats01.pointshop[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4oldzslo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlocod5eko.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whkisgdzghp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-aviatechllc.hitbox[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4eidjkdq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmisodjmfq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgk4cmcjgbo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmiqkdzodp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmicjd5wgq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmiqmcpakq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnygjdpibp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4gmcpebo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4sndzsbq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1odjsd.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgk4slc5kap.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfloapcjwlp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyondjikp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlyskcpseo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyokc5oco.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloomdjwfp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4kocjslo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@revenue[5].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmygic5chp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyood5kdo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@stats.clicktracks[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkospcpkap.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-nbif.hitbox[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyclc5elo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfloqlazseq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgk4qhdpaco.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkycncpmkp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkykkcpmao.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfl4agajkkq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnygldjeco.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.acitydiscount[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkishd5acq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkoqndpacp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@brightbuilders.122.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.shop-vermontcountrystore[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4wldpkbp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whk4unazocq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4sndpofp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@hertz.122.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjliagajsao.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkykldpwlo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloogcpcfo.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4ugdpscq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnycicpsbp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjliaiazeep.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whlyolajwho.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whlieidpebo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmyemazwdp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyopdpadp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmyapc5sgp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@35109650[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@clicksmart.headsprout[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.directnetadvertising[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-lattelove.hitbox[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@taylorgifts.122.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkysidjscq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnywjdjikp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.americandiscountchina[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whkogpazwfp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyklajcco.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfl4ajdjofp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyskczicp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-nestleusainc.hitbox[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnycnazeep.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyokdjcdp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmyslc5kcq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyspazwap.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkygiczcdq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@superstats[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkyujcjobq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1mdzeh.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@adrevolver[8].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmyqoc5kep.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4qjd5obq.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.vermontcountrystore[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkiold5kaq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-shoes.hitbox[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjliuoazmkp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflognc5afo.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyshd5afo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyshc5afo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4qiazsco.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4cnd5oeo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjliuod5scp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@vhost.oddcast[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoegdzmdp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whkykid5waq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkycoc5wgq.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkiupcjseo.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflocpazkao.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlysidzefo.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfloqicjgeo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@regalinteractive[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@realnetworks.112.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyspazeko.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfl4andjkbp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@roi.clicklab[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkowld5oco.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4gjcpgfp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkiqicpodq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@adinterax[4].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmygmdzibp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@tribalfusion[5].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-ifilm.hitbox[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4kjdpwep.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-stacksandstacks.hitbox[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@montgomeryadvertiser[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkounczibp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@tremor.adbureau[3].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflyundpkaq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@smoothcorp.112.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfl4kpcjoco.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@adbrite[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ads.addesktop[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlocndjido.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyoid5wco.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkiqmd5who.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkokgczslq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnywid5cbo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnycldjkhp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmyghdpmep.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloand5cbp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4ghajihp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfl4ekdpidq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmieidjkbp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkowndjmco.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnywjc5aep.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@dillards.112.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloggajglp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@cgi-bin[3].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfliehcjgdp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyoodpwko.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@counter2.hitslink[3].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyeicpsdo.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmigicjefo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlyukaziaq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@mb[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkookazigo.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgl4opajcaq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfliepajcgo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfl4cldjmao.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4onc5gcq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.fullreleases[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4ancpcdo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmywjdpkgo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whkyaoczwko.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjliwgc5mcq.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4ukc5wlo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@babyuniverse.112.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnycgcpeco.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4ojdjiho.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmyehajmco.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkosnazodp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@charmingshoppes.112.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloapdpobq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoqgajaap.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wclyeoc5eko.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyohd5saq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkokmcpsep.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmygpajohp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyskdjklp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4opczweo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@bs.serving-sys[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@html[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkyaodjmfo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyoldzoao.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@indextools[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyapdpolp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4wlazcco.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmienajcfp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloknczgkp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1jajcb.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfloendpkhq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlyqlc5mao.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkywnc5ilo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@linksynergy[4].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@webtrends.moxymedia[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.clicknkids[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflyelcjigo.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@geosign.112.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1jczwh.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmiajajaeo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgl4klcjmeo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkiulajmho.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@amazonbebe.122.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4koajelq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkouod5acp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlouncjcao.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkiqlcjghq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ads.movieweb[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkywhdzglo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloajd5acp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmiomc5sbp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfliaiazwhp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@richmedia.yahoo[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whmigmajcko.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnygkd5wko.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloupazecq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-nokiafin.hitbox[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@te.kontera[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyepajiep.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.media-arts-schools[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ameriprise.112.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whkicncjsap.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@northwestairlines.112.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkogkajeao.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyoldpmbo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-leapfrog.hitbox[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4wgcpkgo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ge.112.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloajcjwao.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wblygoczwlp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@jewelrytelevision.112.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkionazwdo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4wiczsdo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfloupd5whp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyaiazcgq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@paypal.112.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlyqpajwdp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-revlon.hitbox[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4smajsdo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkiold5kbp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkoopdzgeo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whlikpdzkhq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmikncpihq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkialczceo.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4apdjcfo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnywndjkep.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4old5eap.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkocod5igo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@tase[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@direct[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyqicpofp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6walyeocpwko.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkiaidjabp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4skdpkfo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ad2.m5-systems[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlyepczefq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@nextstat[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@specificclick[4].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloemdpabp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4uodjcdp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlokodzgdq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-youtube.hitbox[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgliuldzcdp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlocgczwfq.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4qpdjweo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1iazel.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4qnajslo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkysid5wco.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmislajgaq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@60960915[3].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@amznshopbop.122.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlyggcpafq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@1070932382[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkoulcpegp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@akira[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkioldpiao.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ads.worldgolf[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.teenbreaks[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@hit.stat[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@counter5.sextracker[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wck4upcjsdp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmyeod5sgo.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflococpogq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@eas.apm.emediate[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4aid5oeq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@marinermarketing.112.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkykgcjibp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wblykncpwdo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@pro-market[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@clicks.emarketmakers[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@waterfrontmedia.112.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@kontera[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1icjek.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@estat[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmywkdjikp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ad1.emediate[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-healthyback.hitbox[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-lowermybills.hitbox[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfl4eicziap.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlyaoczofp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@1072605278[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@etoys.112.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@56764446[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@53912102[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@pornaccess[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@thefind[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whloahdpmhp.stats.esomniture[3].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlishczeko.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlyogd5aeo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnywod5kkq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wbk4wpcjekq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@overture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1sd5mg.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlighajkap.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnycidzedp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4ulc5sfo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6walysid5aap.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloshajifp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkocldziap.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkospdjikp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfloagcjeep.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflocmcjkfq.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-buyseasons.hitbox[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkosodjagp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnygkczghq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4uiczegp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@media6degrees[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1lajkh.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6waloklcjodp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlikndzgco.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmygidpweo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@usmle[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4ghdpaho.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkicncpeep.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmiegczsfp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflougajwgo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@122.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wakokodzcep.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whl4wjcziap.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlygkdzaho.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@guthyrenker.112.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmyulc5shq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmyoldjmgp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ads.ak.facebook[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@shopping.112.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wakiomazahq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@link.mercent[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@brightcove.112.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmikldpkho.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflichajcko.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkysicjmlo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4aodzkko.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyqjdjcbq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlishd5sgo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wcmiumc5clo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoajajogp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmygodzefo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkicpajchq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.findarticles[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@dealtime[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.ads-click[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-jag.hitbox[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoggajalp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@valueclick[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-zoomerang.hitbox[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whmicpazekp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-thanedirect.hitbox[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmywlczogo.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkicgc5ogp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmysod5olo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@qksrv[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wcloukdjaco.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@findarticles[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wclygocpcep.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnywhcpedo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@LPBofA1[3].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmicpcjcdo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@reduxads.valuead[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnycjc5cbp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@sexworld.co[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlownazoco.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflieidzwfp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyqgdpacq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@arab-sex[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@media.adrevolver[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyugdzghq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ads.ozonemedia.co[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@1072560260[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@adultsextoys[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmygndpgcp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlocpczgkp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@1072437210[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmigjc5ikp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloaiajohq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@1065593030[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkochdpacq.stats.esomniture[3].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@celebrateexpress.122.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@1066181895[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkouhdpclp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfloalcpgfp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyapcjwep.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@porngurus[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkiwic5mdq.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkiokcpadp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@clickthrough.wegcash[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1icpma.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@eyewonder[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whkyukd5sko.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@dcsn3k5o910000086aqymxzgy_6w7r[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@tracking.foundry42[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnysgdpido.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wak4kodzcao.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@adserver.mediarun[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1jajgc.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ad[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@bbos.112.2o7[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@1067725497[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4ajcpaaq.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ads.vlaze[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyghajebp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@74613876[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@dynamic.media.adrevolver[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoupcpmkp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@teenbreaks[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnycndpkhp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4kpczagp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkyeld5oep.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyanazeeo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyoidpido.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wamiupajmao.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4egdpsho.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfloujcjihp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoqldjmap.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@interclick[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ad1.m5-systems[3].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlielc5aeo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfloskcpmbp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@sixapart.adbureau[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ads.salmiya[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfl4ujczsgo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wdkysjdpgdo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjliohdpshp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4kldpaao.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.adultsextoys[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whk4kkajidp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkowhcpcbo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@auth.sexworld.co[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@click.porngurus[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ad.m5prod[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@doubleclick.hertz[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@45687557[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@track.joepro[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@55170107[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@internationaldriveorlando.advertserve[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkykgdjcap.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@cgi-bin[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@1063368710[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@iad.liveperson[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@1069649549[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wbmyahdzedp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@1172432[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkigmdpsbq.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflogkc5mdo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@clickbank[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlocmc5oao.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@servedby.adxpower[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyojczkao.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@LPneimanmarcus[5].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@1072089229[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@dcsn3k5o910000086aqymxzgy_6w7r[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4cidzsfp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@1698736[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkykkd5odp.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoogdjggo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjliwgazoho.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wbkygjdzkko.stats.esomniture[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ads.bridgetrack[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@tracking.hearthstoneonline[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@content.clickbank[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@clickbank[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wblygoajmbo.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@clubgirlsxxx[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.peoplefinders[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@1072242590[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnywkd5klp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-yvesrocher.hitbox[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whlosnajcep.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wglikgcjabp.stats.esomniture[2].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@media.mtvnservices[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@31303003[1].txt C:\Documents and Settings\Samer assaad\Cookies\samer assaad@collective-media[2].txt Trojan.VideoCach/Gen HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226} HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0 HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\0 HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\0\win32 HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\FLAGS HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\HELPDIR HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91} HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid32 HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib#Version HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5} HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid32 HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib#Version Malware.SpyLocked HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#UninstallString Trojan.Media-Codec/V4 HKCR\multimediaControls.chl HKCR\multimediaControls.chl\CLSID Adware.E404 Helper/Hij HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB} HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836} HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32 HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version Trojan.Media-Codec/V5 HKU\S-1-5-21-507921405-746137067-1343024091-1004\Software\NetProject HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing#UninstallString Rogue.AntiSpyCheck HKCR\CLSID\{D2608046-DD09-A225-01BF-70C1EDD8B2E8} HKCR\CLSID\{D2608046-DD09-A225-01BF-70C1EDD8B2E8}\cqUaOwlpfy HKCR\CLSID\{D2608046-DD09-A225-01BF-70C1EDD8B2E8}\fSwfvhpeIeis HKCR\CLSID\{D2608046-DD09-A225-01BF-70C1EDD8B2E8}\fuCukqwk HKCR\CLSID\{D2608046-DD09-A225-01BF-70C1EDD8B2E8}\InprocServer32 HKCR\CLSID\{D2608046-DD09-A225-01BF-70C1EDD8B2E8}\InprocServer32#ThreadingModel HKCR\CLSID\{D2608046-DD09-A225-01BF-70C1EDD8B2E8}\jJuo HKCR\CLSID\{D2608046-DD09-A225-01BF-70C1EDD8B2E8}\mlsvi HKCR\CLSID\{D2608046-DD09-A225-01BF-70C1EDD8B2E8}\tMguPVkuet This post has been edited by journey_sf: Jun 21 2008, 07:07 PM

journey_sf View Member Profile	Jun 21 2008, 11:35 PM Post #14
Member Group: Members Posts: 20 Joined: 18-June 08 From: Alabama Member No.: 217,123	Ok, the second try did not work either. Same thing happened, the laptop crashed. I did the DSS scan again though. Here it is: Deckard's System Scanner v20071014.68 Run by Samer assaad on 2008-06-21 22:11:25 Computer is in Normal Mode. -------------------------------------------------------------------------------- Total Physical Memory: 256 MiB (512 MiB recommended). -- HijackThis (run as Samer assaad.exe) ---------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:11:44, on 6/21/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\Atievxx.exe C:\WINDOWS\system32\LxrJD31s.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\palmOne\Hotsync.exe C:\Documents and Settings\Samer assaad\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\SAMERA~1.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{707B4C96-425F-49D2-B9A3-724C0A7B9E95}: NameServer = 192.168.1.254 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe -- End of file - 5886 bytes -- Files created between 2008-05-21 and 2008-06-21 ----------------------------- 2008-06-21 16:35:53 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-06-21 16:35:18 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-06-21 16:35:17 0 d-------- C:\Documents and Settings\Samer assaad\Application Data\SUPERAntiSpyware.com 2008-06-21 16:34:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-19 14:46:47 1930 --a------ C:\WINDOWS\System32\tmp.reg 2008-06-19 14:46:16 25600 --a------ C:\WINDOWS\System32\WS2Fix.exe 2008-06-19 14:46:16 289144 --a------ C:\WINDOWS\System32\VCCLSID.exe <Not Verified; S!Ri; > 2008-06-19 14:46:16 86528 --a------ C:\WINDOWS\System32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-06-19 14:46:16 82944 --a------ C:\WINDOWS\System32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-06-19 14:46:16 81920 --a------ C:\WINDOWS\System32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix> 2008-06-19 14:46:15 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-06-19 14:46:15 51200 --a------ C:\WINDOWS\System32\dumphive.exe 2008-06-19 14:46:14 53248 --a------ C:\WINDOWS\System32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-06-18 19:38:51 0 d-------- C:\Program Files\Trend Micro 2008-06-18 17:40:27 0 d-------- C:\Program Files\Avira 2008-06-18 17:40:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-06-18 17:22:05 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-18 17:18:12 0 d--hs---- C:\FOUND.010 2008-06-17 11:38:36 0 d--hs---- C:\FOUND.009 2008-06-17 11:31:32 0 d--hs---- C:\FOUND.008 2008-06-16 00:01:54 0 d--hs---- C:\FOUND.007 2008-06-15 14:14:58 0 d--hs---- C:\FOUND.006 2008-06-15 13:40:08 0 d--hs---- C:\FOUND.005 2008-06-15 13:31:34 0 d--hs---- C:\FOUND.004 2008-06-15 13:21:06 0 d--hs---- C:\FOUND.003 2008-06-15 12:59:02 0 d--hs---- C:\FOUND.002 2008-06-15 12:50:59 8704 --a------ C:\WINDOWS\System32\tdidrv32.sys 2008-06-15 12:45:00 0 d-------- C:\Documents and Settings\Samer assaad\Application Data\Adobe -- Find3M Report --------------------------------------------------------------- 2008-06-20 13:34:26 5742282 --ah----- C:\Documents and Settings\Samer assaad\Application Data\IconCache.db 2008-04-05 22:55:40 71168 --a------ C:\WINDOWS\System32\LxrJD31s.exe 2008-04-05 22:55:40 146432 --a------ C:\WINDOWS\System32\LxrJD31p.exe <Not Verified; Microsoft Corporation; Microsoft Corporation Diskpart Application> 2008-04-05 22:55:40 163840 --a------ C:\WINDOWS\System32\LxrJD31c.exe 2008-04-05 22:55:40 249856 --a------ C:\WINDOWS\System32\LxrJD31.dll 2008-04-05 22:55:40 61440 --a------ C:\WINDOWS\System32\LxrJD20Sat.dll -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/14/2007 17:46] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 10:22] "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [03/17/2005 14:25] "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [03/17/2005 14:45] "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [06/28/2006 07:46] "SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [01/26/2005 18:02] "ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [06/29/2006 12:18] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/25/2007 15:24] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/20/2002 15:08] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [10/24/2006 16:10] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/13/2007 08:10] "DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [12/20/2007 08:10] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 2:16:08 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidrv32.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "AtiPTA"=Atiptaxx.exe "Promon.exe"=Promon.exe "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme -- End of Deckard's System Scanner: finished at 2008-06-21 22:13:02 ------------

Buckeye_Sam View Member Profile	Jun 22 2008, 07:03 AM Post #15
Malware Expert Group: HJT Team Posts: 15,624 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762	Those laptops get hot when you run something heavy on the cpu for a while. Then it shuts down to protect itself. Try scanning select area to shorten the scan time. Then reboot your computer and give it time to cool off before going again. Your log looks pretty good. How are things on your end? -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ========================================================

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

3 Pages

1 2 3 >

2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 22nd November 2009 - 12:04 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides