Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Badly Infected, Need Help


  • This topic is locked This topic is locked
31 replies to this topic

#1 journey_sf

journey_sf

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:01:58 AM

Posted 18 June 2008 - 08:01 PM

Hello Everybody,

A friend of mine asked me to help him fix his issues with his laptop. I have his laptop until this problem is resolved. At first, the laptop needed to perform a consistency test before even starting with Windows. If you did not do that, the computer would restart as soon as the desktop starts showing. So, I had the scan running and once the computer showed the desktop without restarting right away, I deleted the annoying program "AntiSpyCheck" and installed Antivir Personal Edition. I restarted the computer and then let Antivir run. Btw, even though I deleted AntiSpycheck, it was still on! Still, I ran Antivir. After finishing about 52% of the scan and finding nothing, the computer restarts. There is this blue screen popping up, saying there is a serious error going on and then restarting everything. The same thing happens if I try to access the internet with the infected laptop. Also, when the laptop is on it makes this weird noise, kind of like a paper crunching. It is hard to describe. Eventually I ran the Hijackthis program and here are the results. I hope someone can help me! Thank you!

S.B.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:23 PM, on 6/18/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\Atievxx.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: WarningBHO Class - {56FA7933-DC3E-403b-8D47-BB5E3F345A21} - C:\Program Files\AntiSpyCheck\IEWarning.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: 162123 helper - {95667A7A-03B3-4EE0-91AE-A4DE74D25729} - C:\WINDOWS\System32\162123\162123.dll
O2 - BHO: (no name) - {99BA268B-4021-4739-9945-3C774217FE75} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AntiSpyCheck 2.1.0] "C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [AntiSpyCheck] C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Win32 Classes -
O17 - HKLM\System\CCS\Services\Tcpip\..\{707B4C96-425F-49D2-B9A3-724C0A7B9E95}: NameServer = 192.168.1.254
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: chaplin - {257f6f44-2c64-46bb-acb4-55f9b9e0ae08} - C:\WINDOWS\System32\psqnuvo.dll
O23 - Service: Avira AntiVir Personal Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

--
End of file - 7865 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:58 AM

Posted 19 June 2008 - 09:21 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 journey_sf

journey_sf
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:01:58 AM

Posted 19 June 2008 - 11:49 AM

Hello Sam,

Thank you! I really appreciate your help!

Here are the two log files:

Main:
Deckard's System Scanner v20071014.68
Run by Samer assaad on 2008-06-19 11:02:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
14: 2008-06-19 16:02:55 UTC - RP284 - Deckard's System Scanner Restore Point
13: 2008-06-18 22:40:03 UTC - RP283 - Avira AntiVir Personal - 6/18/2008 17:39
12: 2008-06-15 17:13:56 UTC - RP282 - System Checkpoint
11: 2008-06-14 13:48:13 UTC - RP281 - System Checkpoint
10: 2008-04-13 15:06:42 UTC - RP280 - System Checkpoint


-- First Restore Point --
1: 2008-03-21 14:55:15 UTC - RP271 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as Samer assaad.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:58 AM, on 6/19/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\Atievxx.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Documents and Settings\Samer assaad\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Samer assaad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: WarningBHO Class - {56FA7933-DC3E-403b-8D47-BB5E3F345A21} - C:\Program Files\AntiSpyCheck\IEWarning.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: 162123 helper - {95667A7A-03B3-4EE0-91AE-A4DE74D25729} - C:\WINDOWS\System32\162123\162123.dll
O2 - BHO: (no name) - {99BA268B-4021-4739-9945-3C774217FE75} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AntiSpyCheck 2.1.0] "C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [AntiSpyCheck] C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Win32 Classes -
O17 - HKLM\System\CCS\Services\Tcpip\..\{707B4C96-425F-49D2-B9A3-724C0A7B9E95}: NameServer = 192.168.1.254
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: chaplin - {257f6f44-2c64-46bb-acb4-55f9b9e0ae08} - C:\WINDOWS\System32\psqnuvo.dll
O23 - Service: Avira AntiVir Personal Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

--
End of file - 7794 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,-153
.com - comfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,2
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,23
.ini - inifile - DefaultIcon - shell32.dll,-151
.js - JSFile - DefaultIcon - C:\WINDOWS\System32\migicons.exe,7
.reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1
.txt - txtfile - DefaultIcon - shell32.dll,-152
.vbs - VBSFile - DefaultIcon - C:\WINDOWS\System32\migicons.exe,6


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 tdidrv32.sys - c:\windows\system32\tdidrv32.sys
R2 LxrJD31d - c:\windows\system32\drivers\lxrjd31d.sys

S3 IPN2220 (Wireless-G Notebook Adapter ver.4.0 Driver) - c:\windows\system32\drivers\i2220ntx.sys <Not Verified; Inprocomm, Inc.; INPROCOMM IPN2220 Wireless LAN Adapter Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (Avira AntiVir Personal Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 LxrJD31s (Lexar JD31) - lxrjd31s.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-19 11:14:04 370 --a------ C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job
2008-04-05 23:00:02 502 --a------ C:\WINDOWS\Tasks\Tune-up Application Start.job


-- Files created between 2008-05-19 and 2008-06-19 -----------------------------

2008-06-18 19:38:51 0 d-------- C:\Program Files\Trend Micro
2008-06-18 17:40:27 0 d-------- C:\Program Files\Avira
2008-06-18 17:40:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-18 17:22:05 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-18 17:18:12 0 d--hs---- C:\FOUND.010
2008-06-17 11:38:36 0 d--hs---- C:\FOUND.009
2008-06-17 11:31:32 0 d--hs---- C:\FOUND.008
2008-06-16 00:01:54 0 d--hs---- C:\FOUND.007
2008-06-15 14:14:58 0 d--hs---- C:\FOUND.006
2008-06-15 13:40:08 0 d--hs---- C:\FOUND.005
2008-06-15 13:31:34 0 d--hs---- C:\FOUND.004
2008-06-15 13:21:06 0 d--hs---- C:\FOUND.003
2008-06-15 12:59:02 0 d--hs---- C:\FOUND.002
2008-06-15 12:51:07 0 d-------- C:\Program Files\AntiSpyCheck
2008-06-15 12:50:59 8704 --a------ C:\WINDOWS\System32\tdidrv32.sys
2008-06-15 12:50:58 0 d-------- C:\WINDOWS\System32\162123
2008-06-15 12:50:38 0 d-------- C:\Program Files\NetProject
2008-06-15 12:45:00 0 d-------- C:\Documents and Settings\Samer assaad\Application Data\Adobe


-- Find3M Report ---------------------------------------------------------------

2008-06-18 20:15:42 5741380 --ah----- C:\Documents and Settings\Samer assaad\Application Data\IconCache.db
2008-04-05 22:55:40 71168 --a------ C:\WINDOWS\System32\LxrJD31s.exe
2008-04-05 22:55:40 146432 --a------ C:\WINDOWS\System32\LxrJD31p.exe <Not Verified; Microsoft Corporation; Microsoft Corporation Diskpart Application>
2008-04-05 22:55:40 163840 --a------ C:\WINDOWS\System32\LxrJD31c.exe
2008-04-05 22:55:40 249856 --a------ C:\WINDOWS\System32\LxrJD31.dll
2008-04-05 22:55:40 61440 --a------ C:\WINDOWS\System32\LxrJD20Sat.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56FA7933-DC3E-403b-8D47-BB5E3F345A21}]
C:\Program Files\AntiSpyCheck\IEWarning.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95667A7A-03B3-4EE0-91AE-A4DE74D25729}]
06/15/2008 12:51 PM 15360 --a------ C:\WINDOWS\System32\162123\162123.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99BA268B-4021-4739-9945-3C774217FE75}]
06/19/2008 10:58 AM 7680 --a------ C:\Program Files\NetProject\sbmdl.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{51D81DD5-55B7-497F-95DB-D356429BB54E}"= C:\Program Files\NetProject\wamdl.dll [06/15/2008 12:50 PM 84480]

[-HKEY_CLASSES_ROOT\CLSID\{51D81DD5-55B7-497F-95DB-D356429BB54E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/14/2007 05:46 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 10:22 AM]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [03/17/2005 02:25 PM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [03/17/2005 02:45 PM]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [06/28/2006 07:46 AM]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [01/26/2005 06:02 PM]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [06/29/2006 12:18 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/25/2007 03:24 PM]
"AntiSpyCheck 2.1.0"="C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe" [06/12/2008 08:51 AM]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/20/2002 03:08 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [10/24/2006 04:10 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/13/2007 08:10 AM]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [12/20/2007 08:10 AM]
"AntiSpyCheck"="C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe" [06/12/2008 08:51 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 2:16:08 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"some"=C:\Program Files\NetProject\scit.exe
"start"=C:\Program Files\NetProject\sbmntr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{257f6f44-2c64-46bb-acb4-55f9b9e0ae08}"= C:\WINDOWS\System32\psqnuvo.dll [04/23/2005 04:48 PM 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidrv32.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"AtiPTA"=Atiptaxx.exe
"Promon.exe"=Promon.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme




-- End of Deckard's System Scanner: finished at 2008-06-19 11:16:49 ------------


And the Extra:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III processor
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 255.46 MiB / 145.72 MiB
Pagefile Memory (total/avail): 618.75 MiB / 353.09 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1952.34 MiB

C: is Fixed (FAT32) - 18.62 GiB total, 2.7 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)
F: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - HITACHI_DK23CA-20 - 18.63 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 18.63 GiB - C:

\\.\PHYSICALDRIVE1 - Kingston DataTraveler 2.0 USB Device - 3.73 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 3.73 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is not configured.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Samer assaad\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DELL
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Samer assaad
LOGONSERVER=\\DELL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\COMMAND;C:\WINDOWS\system32\WBEM;C:\PROGRA~1\COMMON~1\SONICS~1\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=080a
ProgramFiles=C:\Program Files
PROMPT=$p$g
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\SAMERA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\SAMERA~1\LOCALS~1\Temp
USERDOMAIN=DELL
USERNAME=Samer assaad
USERPROFILE=C:\Documents and Settings\Samer assaad
winbootdir=C:\WINDOWS
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Samer assaad (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:WIN9X /UNINSTALL /PROMPT
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\Easy CD Creator 4\UNINST.ISU"
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC067AB0-2594-4A7E-A1DE-ADEB7D15EB4B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F445476A-42DE-11D4-80D0-00C04F2750A6}\Setup.exe" -u -uninst -fUninst.isu -c"C:\Program Files\Epocrates\Suite\Win32\Win32_Dll\AupdUnInstall.dll"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1299C800-5C3B-4300-8686-9BA46748FB8F}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CA432A0-DBC7-4C5D-A6B6-5DF0E2E44BB0}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67FAB34C-7D8D-46A4-9CE4-E94B808ABD6A}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9225EABF-4457-403B-A82B-91614C9DDDF7}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADEF1025-6D3B-485C-9AC9-1A2D81665B7F}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9EFF51A-C925-4F1A-9DEB-DB5F970DE983}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E8581ECC-8BEA-4E91-AB5E-587654EBB2A7}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E9CCEA28-3608-4078-8A07-997646E1A357}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD7FF74D-0AB5-48D6-929C-7E93A5162521}\setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader for Palm OS, 3.05 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adobe\Adobe Reader for Palm OS\AcroDesk.isu" -c"C:\Program Files\Adobe\Adobe Reader for Palm OS\unpdf.dll"
Adventures in Typing with Timon and Pumbaa --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC1D8269-A50C-4C1E-88D6-1B6E1320FEE8}\setup.exe" -l0x9 Adventures in Typing with Timon and Pumbaa
ArcSoft Multimedia Email --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD54CF66-090B-43E7-97C1-110EF526474D}\SETUP.EXE" -l0x9 -uninst
ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC888095-A35E-4993-A9E0-366BF6F0CCE0}\SETUP.EXE" -l0x9
Arthur's Pet Chase --> C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Arthur\Arthur's Pet Chase\Uninstall.xml"
Avira AntiVir Personal Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\setup.exe /REMOVE
Blue's Reading Time Activities --> C:\WINDOWS\IsUninst.exe -f"C:\HEGames\Blue's Reading Time Activities\Uninst.isu"
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}\Setup.exe" -l0x9 Brunin03.dll -removeonly
Clifford Phonics --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75B6C1BF-B98C-4B99-BD0D-CC9BF16C490D}\Setup.exe" -l0x9
Creative WebCam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9 /remove
Creative WebCam Instant Driver (1.01.02.0729) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script PD0620.uns -unsext NT -plugin P0620Pin.dll -pluginres P0620Pin.crl
Creative WebCam Instant User's Guide (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Instant\Creative WebCam Instant User's Guide\English\CTManual.isu"
Documents To Go --> MsiExec.exe /X{7723A0B8-23A2-454B-8831-99965558AECD}
Dragon Tales --> C:\PROGRA~1\SCHOLA~1\DRAGON~1\UNWISE.EXE /U C:\PROGRA~1\SCHOLA~1\DRAGON~1\INSTALL.LOG
Epocrates Essentials --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F445476A-42DE-11D4-80D0-00C04F2750A6}\Setup.exe" -u
Get Yahoo! Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC067AB0-2594-4A7E-A1DE-ADEB7D15EB4B}\setup.exe" -l0x9 /remove
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
GPS Image Tracker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE35B247-F872-4FFD-BCD1-1970C7E86C84}\setup.exe" -l0x9 /removeonly uninstall -removeonly
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Internet Service --> "C:\Program Files\NetProject\waun.exe"
InterVideo WinDVD --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\InterVideo\WinDVD\Uninst.isu"
JD Secure 3.1 --> C:\WINDOWS\System32\JDSecure31.exe /u
Microsoft Office 97, Professional Edition --> C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
NetZero For Riverdeep --> MsiExec.exe /X{86C1A488-24AD-42F0-BCEF-FDB11FC2BEFA}
PageBreeze Free HTML Editor --> C:\PROGRA~1\PAGEBR~1\UNWISE.EXE C:\PROGRA~1\PAGEBR~1\INSTALL.LOG
palmOne --> MsiExec.exe /X{E434580A-2D4A-4433-A81E-4BCAE86AD148}
PaperPort --> MsiExec.exe /I{71C97545-E547-4A8B-B0C8-61FF853270AC}
Reader Rabbit Math Ages 4-6 --> C:\Program Files\The Learning Company\Reader Rabbit Math Ages 4-6\uninstal.exe
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Scholastic's I SPY Junior --> C:\PROGRA~1\SCHOLA~1\ISPYJU~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\ISPYJU~1\INSTALL.LOG
Secure Browsing --> "C:\Program Files\NetProject\sbun.exe"
Shockwave --> C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\Install.log
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
The Print Shop 20 --> MsiExec.exe /I{F9001C89-8036-4673-9577-E7CD8564807C}
The Weather Channel Desktop --> C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
Weather Services --> C:\WINDOWS\System32\control.exe C:\PROGRA~1\THEWEA~1\Framework\wxfw.cpl,4
Web Application --> "C:\Program Files\NetProject\scu.exe"
Windows Safety Alert --> C:\Documents and Settings\Samer assaad\Local Settings\Temp\zfe1.exe /del
Windows XP Uninstall --> %SYSTEMROOT%\system32\osuninst.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Browser Services --> C:\PROGRA~1\YAHOO!\COMMON\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\YAHOO!\COMMON\YMMAPI~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\YAHOO!\COMMON\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type5179 / Error
Event Submitted/Written: 06/19/2008 11:01:43 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application DesktopWeather.exe, version 5.2.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type5178 / Error
Event Submitted/Written: 06/19/2008 11:01:33 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application DesktopWeather.exe, version 5.2.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type5177 / Error
Event Submitted/Written: 06/19/2008 11:01:32 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application DesktopWeather.exe, version 5.2.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type5080 / Error
Event Submitted/Written: 06/11/2008 09:19:37 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type129303 / Error
Event Submitted/Written: 06/19/2008 11:13:33 AM / 06/19/2008 11:13:34 AM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type129302 / Error
Event Submitted/Written: 06/19/2008 11:00:12 AM
Event ID/Source: 1003 / System Error
Event Description:
Error code 000000f7, parameter1 0000006f, parameter2 0000ccdf, parameter3 ffff3320, parameter4 00000000.

Event Record #/Type129263 / Error
Event Submitted/Written: 06/18/2008 07:24:59 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 000000f7, parameter1 0000006f, parameter2 0000ccdf, parameter3 ffff3320, parameter4 00000000.

Event Record #/Type129257 / Error
Event Submitted/Written: 06/18/2008 05:48:41 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 000000f7, parameter1 ef200400, parameter2 0000cda0, parameter3 ffff325f, parameter4 00000000.

Event Record #/Type129243 / Error
Event Submitted/Written: 06/18/2008 05:46:22 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 000000f7, parameter1 00d000d0, parameter2 0000cda5, parameter3 ffff325a, parameter4 00000000.



-- End of Deckard's System Scanner: finished at 2008-06-19 11:16:49 ------------

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:58 AM

Posted 19 June 2008 - 12:56 PM

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 journey_sf

journey_sf
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:01:58 AM

Posted 19 June 2008 - 02:52 PM

Here you go:

SmitFraudFix v2.328

Scan done at 14:46:42.40, Thu 06/19/2008
Run from C:\Documents and Settings\Samer assaad\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\Atievxx.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\palmOne\Hotsync.exe
C:\WINDOWS\System32\cmd.exe

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32

C:\WINDOWS\system32\migicons.exe FOUND !
C:\WINDOWS\system32\tdidrv32.sys FOUND !

C:\Documents and Settings\Samer assaad


C:\Documents and Settings\Samer assaad\Application Data


Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

C:\DOCUME~1\SAMERA~1\FAVORI~1

C:\DOCUME~1\SAMERA~1\FAVORI~1\Online Security Test.url FOUND !

Desktop

C:\DOCUME~1\ALLUSE~1\DESKTOP\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\DESKTOP\Security Troubleshooting.url FOUND !

C:\Program Files

C:\Program Files\AntiSpyCheck\ FOUND !
C:\Program Files\NetProject\ FOUND !

Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: 162123.dll
BHO: 162123 Class - {95667A7A-03B3-4EE0-91AE-A4DE74D25729}
BHO CLSID TypeLib: {E63648F7-3933-440E-AAAA-A8584DD7B7EB}
Corrected TypeLib: {E63648F7-3933-440E-B4F6-A8584DD7B7EB}
Interface: {F7D09218-46D7-4D3D-9B7F-315204CD0836}


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{257f6f44-2c64-46bb-acb4-55f9b9e0ae08}"="chaplin"

[HKEY_CLASSES_ROOT\CLSID\{257f6f44-2c64-46bb-acb4-55f9b9e0ae08}\InProcServer32]
@="C:\WINDOWS\System32\psqnuvo.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{257f6f44-2c64-46bb-acb4-55f9b9e0ae08}\InProcServer32]
@="C:\WINDOWS\System32\psqnuvo.dll"



AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


Rustock



DNS

Description: Intel 8255x-based PCI Ethernet Adapter (10/100)
DNS Server Search Order: 192.168.1.254

Description: Intel 8255x-based PCI Ethernet Adapter (10/100)
DNS Server Search Order: 192.168.1.254
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3012D05F-6691-4C0D-8F53-6910709068BF}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{707B4C96-425F-49D2-B9A3-724C0A7B9E95}: NameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3012D05F-6691-4C0D-8F53-6910709068BF}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{707B4C96-425F-49D2-B9A3-724C0A7B9E95}: NameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3012D05F-6691-4C0D-8F53-6910709068BF}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{707B4C96-425F-49D2-B9A3-724C0A7B9E95}: NameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 192.168.1.254


Scanning for wininet.dll infection


End

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:58 AM

Posted 19 June 2008 - 09:00 PM

1. Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
2. Run Smitfraud
  • Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
  • Select option #2 - Clean by typing 2 and press Enter.
  • Wait for the tool to complete and disk cleanup to finish.
  • You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
  • The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log in your next reply.

Also post a new log from DSS.

Edited by Buckeye_Sam, 19 June 2008 - 09:00 PM.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 journey_sf

journey_sf
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:01:58 AM

Posted 20 June 2008 - 02:00 PM

Hello Sam,

It did not work. At first, when I turned on the laptop, it had to check the hard drive for consistency again, which took about 2 hours to finish. Then, I went to safe mode and ran SmitfraudFix, it started, went as far as doing regular clean up, like deleting the recycle bin and the temporary files, then the screen went black. Now, all I have is the screen with safe mode on it. There is nothing happening and I do not get the start button back and I also cannot see any desktop files.

I did try it three more times and it crashed every time at the same moment. It wrote: Scanning IEDFix, followed by Scanning DNS, followed by Deleting Temp Files, then, Disk clean-up. It started the clean up, then you saw the regular blue screen of the program, then only the black safe mode desktop and nothing else.

Thanks again for your help!

S.B.

Edited by journey_sf, 20 June 2008 - 06:37 PM.


#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:58 AM

Posted 21 June 2008 - 07:31 AM

Reboot into normal mode again. You should find a log from Smitfraudfix at C:\rapport.txt
Please post that log in your next reply.

Also post a new log from DSS.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 journey_sf

journey_sf
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:01:58 AM

Posted 21 June 2008 - 09:19 AM

Ok, but there was only a main report from DSS, no extra one.

Deckard's System Scanner v20071014.68
Run by Samer assaad on 2008-06-21 08:46:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 256 MiB (512 MiB recommended).
System Drive C: has 2.66 GiB (less than 15%) free.


-- HijackThis (run as Samer assaad.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:47:17, on 6/21/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\Atievxx.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Documents and Settings\Samer assaad\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\SAMERA~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: WarningBHO Class - {56FA7933-DC3E-403b-8D47-BB5E3F345A21} - C:\Program Files\AntiSpyCheck\IEWarning.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: 162123 helper - {95667A7A-03B3-4EE0-91AE-A4DE74D25729} - C:\WINDOWS\System32\162123\162123.dll (file missing)
O2 - BHO: (no name) - {99BA268B-4021-4739-9945-3C774217FE75} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll (file missing)
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AntiSpyCheck 2.1.0] "C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [AntiSpyCheck] C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Win32 Classes -
O17 - HKLM\System\CCS\Services\Tcpip\..\{707B4C96-425F-49D2-B9A3-724C0A7B9E95}: NameServer = 192.168.1.254
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: chaplin - {257f6f44-2c64-46bb-acb4-55f9b9e0ae08} - C:\WINDOWS\System32\psqnuvo.dll (file missing)
O23 - Service: Avira AntiVir Personal Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

--
End of file - 7646 bytes

-- Files created between 2008-05-21 and 2008-06-21 -----------------------------

2008-06-19 14:46:47 1930 --a------ C:\WINDOWS\System32\tmp.reg
2008-06-19 14:46:16 25600 --a------ C:\WINDOWS\System32\WS2Fix.exe
2008-06-19 14:46:16 289144 --a------ C:\WINDOWS\System32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-19 14:46:16 86528 --a------ C:\WINDOWS\System32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-19 14:46:16 82944 --a------ C:\WINDOWS\System32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-19 14:46:16 81920 --a------ C:\WINDOWS\System32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-19 14:46:15 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-19 14:46:15 51200 --a------ C:\WINDOWS\System32\dumphive.exe
2008-06-19 14:46:14 53248 --a------ C:\WINDOWS\System32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-18 19:38:51 0 d-------- C:\Program Files\Trend Micro
2008-06-18 17:40:27 0 d-------- C:\Program Files\Avira
2008-06-18 17:40:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-18 17:22:05 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-18 17:18:12 0 d--hs---- C:\FOUND.010
2008-06-17 11:38:36 0 d--hs---- C:\FOUND.009
2008-06-17 11:31:32 0 d--hs---- C:\FOUND.008
2008-06-16 00:01:54 0 d--hs---- C:\FOUND.007
2008-06-15 14:14:58 0 d--hs---- C:\FOUND.006
2008-06-15 13:40:08 0 d--hs---- C:\FOUND.005
2008-06-15 13:31:34 0 d--hs---- C:\FOUND.004
2008-06-15 13:21:06 0 d--hs---- C:\FOUND.003
2008-06-15 12:59:02 0 d--hs---- C:\FOUND.002
2008-06-15 12:50:59 8704 --a------ C:\WINDOWS\System32\tdidrv32.sys
2008-06-15 12:45:00 0 d-------- C:\Documents and Settings\Samer assaad\Application Data\Adobe


-- Find3M Report ---------------------------------------------------------------

2008-06-20 13:34:26 5742282 --ah----- C:\Documents and Settings\Samer assaad\Application Data\IconCache.db
2008-04-05 22:55:40 71168 --a------ C:\WINDOWS\System32\LxrJD31s.exe
2008-04-05 22:55:40 146432 --a------ C:\WINDOWS\System32\LxrJD31p.exe <Not Verified; Microsoft Corporation; Microsoft Corporation Diskpart Application>
2008-04-05 22:55:40 163840 --a------ C:\WINDOWS\System32\LxrJD31c.exe
2008-04-05 22:55:40 249856 --a------ C:\WINDOWS\System32\LxrJD31.dll
2008-04-05 22:55:40 61440 --a------ C:\WINDOWS\System32\LxrJD20Sat.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56FA7933-DC3E-403b-8D47-BB5E3F345A21}]
C:\Program Files\AntiSpyCheck\IEWarning.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95667A7A-03B3-4EE0-91AE-A4DE74D25729}]
C:\WINDOWS\System32\162123\162123.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99BA268B-4021-4739-9945-3C774217FE75}]
C:\Program Files\NetProject\sbmdl.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{51D81DD5-55B7-497F-95DB-D356429BB54E}"= C:\Program Files\NetProject\wamdl.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{51D81DD5-55B7-497F-95DB-D356429BB54E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/14/2007 17:46]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 10:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [03/17/2005 14:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [03/17/2005 14:45]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [06/28/2006 07:46]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [01/26/2005 18:02]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [06/29/2006 12:18]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/25/2007 15:24]
"AntiSpyCheck 2.1.0"="C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe" []
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/20/2002 15:08]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [10/24/2006 16:10]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/13/2007 08:10]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [12/20/2007 08:10]
"AntiSpyCheck"="C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 2:16:08 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"some"=C:\Program Files\NetProject\scit.exe
"start"=C:\Program Files\NetProject\sbmntr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{257f6f44-2c64-46bb-acb4-55f9b9e0ae08}"= C:\WINDOWS\System32\psqnuvo.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidrv32.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"AtiPTA"=Atiptaxx.exe
"Promon.exe"=Promon.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme



-- End of Deckard's System Scanner: finished at 2008-06-21 08:48:27 ------------




SmitFraudFix v2.328

Scan done at 17:51:51.03, Fri 06/20/2008
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{257f6f44-2c64-46bb-acb4-55f9b9e0ae08}"="chaplin"

[HKEY_CLASSES_ROOT\CLSID\{257f6f44-2c64-46bb-acb4-55f9b9e0ae08}\InProcServer32]
@="C:\WINDOWS\System32\psqnuvo.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{257f6f44-2c64-46bb-acb4-55f9b9e0ae08}\InProcServer32]
@="C:\WINDOWS\System32\psqnuvo.dll"


Killing process


hosts


127.0.0.1 localhost

VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files


IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3012D05F-6691-4C0D-8F53-6910709068BF}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{707B4C96-425F-49D2-B9A3-724C0A7B9E95}: NameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3012D05F-6691-4C0D-8F53-6910709068BF}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{707B4C96-425F-49D2-B9A3-724C0A7B9E95}: NameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3012D05F-6691-4C0D-8F53-6910709068BF}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{707B4C96-425F-49D2-B9A3-724C0A7B9E95}: NameServer=192.168.1.254


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:58 AM

Posted 21 June 2008 - 11:58 AM

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: WarningBHO Class - {56FA7933-DC3E-403b-8D47-BB5E3F345A21} - C:\Program Files\AntiSpyCheck\IEWarning.dll (file missing)
O2 - BHO: 162123 helper - {95667A7A-03B3-4EE0-91AE-A4DE74D25729} - C:\WINDOWS\System32\162123\162123.dll (file missing)
O2 - BHO: (no name) - {99BA268B-4021-4739-9945-3C774217FE75} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll (file missing)
O4 - HKLM\..\Run: [AntiSpyCheck 2.1.0] "C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe"
O4 - HKCU\..\Run: [AntiSpyCheck] C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: Win32 Classes -
O22 - SharedTaskScheduler: chaplin - {257f6f44-2c64-46bb-acb4-55f9b9e0ae08} - C:\WINDOWS\System32\psqnuvo.dll (file missing)



Reboot and post a new log from DSS. It's fine that you only get the main.txt going forward from here.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 journey_sf

journey_sf
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:01:58 AM

Posted 21 June 2008 - 01:46 PM

Thank you. I did what you said. I then also tried to access the internet and when I opened the browser, a blue screen appeared, claiming there to be a serious error, then pc restarted. After this, I had to let the system check for consistency again before it would enter the Windows profile.

Here the most recent log:

Deckard's System Scanner v20071014.68
Run by Samer assaad on 2008-06-21 13:39:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 256 MiB (512 MiB recommended).
System Drive C: has 2.66 GiB (less than 15%) free.


-- HijackThis (run as Samer assaad.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:39:35, on 6/21/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\Atievxx.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Documents and Settings\Samer assaad\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\SAMERA~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{707B4C96-425F-49D2-B9A3-724C0A7B9E95}: NameServer = 192.168.1.254
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Avira AntiVir Personal Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

--
End of file - 5651 bytes

-- Files created between 2008-05-21 and 2008-06-21 -----------------------------

2008-06-19 14:46:47 1930 --a------ C:\WINDOWS\System32\tmp.reg
2008-06-19 14:46:16 25600 --a------ C:\WINDOWS\System32\WS2Fix.exe
2008-06-19 14:46:16 289144 --a------ C:\WINDOWS\System32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-19 14:46:16 86528 --a------ C:\WINDOWS\System32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-19 14:46:16 82944 --a------ C:\WINDOWS\System32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-19 14:46:16 81920 --a------ C:\WINDOWS\System32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-19 14:46:15 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-19 14:46:15 51200 --a------ C:\WINDOWS\System32\dumphive.exe
2008-06-19 14:46:14 53248 --a------ C:\WINDOWS\System32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-18 19:38:51 0 d-------- C:\Program Files\Trend Micro
2008-06-18 17:40:27 0 d-------- C:\Program Files\Avira
2008-06-18 17:40:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-18 17:22:05 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-18 17:18:12 0 d--hs---- C:\FOUND.010
2008-06-17 11:38:36 0 d--hs---- C:\FOUND.009
2008-06-17 11:31:32 0 d--hs---- C:\FOUND.008
2008-06-16 00:01:54 0 d--hs---- C:\FOUND.007
2008-06-15 14:14:58 0 d--hs---- C:\FOUND.006
2008-06-15 13:40:08 0 d--hs---- C:\FOUND.005
2008-06-15 13:31:34 0 d--hs---- C:\FOUND.004
2008-06-15 13:21:06 0 d--hs---- C:\FOUND.003
2008-06-15 12:59:02 0 d--hs---- C:\FOUND.002
2008-06-15 12:50:59 8704 --a------ C:\WINDOWS\System32\tdidrv32.sys
2008-06-15 12:45:00 0 d-------- C:\Documents and Settings\Samer assaad\Application Data\Adobe


-- Find3M Report ---------------------------------------------------------------

2008-06-20 13:34:26 5742282 --ah----- C:\Documents and Settings\Samer assaad\Application Data\IconCache.db
2008-04-05 22:55:40 71168 --a------ C:\WINDOWS\System32\LxrJD31s.exe
2008-04-05 22:55:40 146432 --a------ C:\WINDOWS\System32\LxrJD31p.exe <Not Verified; Microsoft Corporation; Microsoft Corporation Diskpart Application>
2008-04-05 22:55:40 163840 --a------ C:\WINDOWS\System32\LxrJD31c.exe
2008-04-05 22:55:40 249856 --a------ C:\WINDOWS\System32\LxrJD31.dll
2008-04-05 22:55:40 61440 --a------ C:\WINDOWS\System32\LxrJD20Sat.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{51D81DD5-55B7-497F-95DB-D356429BB54E}"= C:\Program Files\NetProject\wamdl.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{51D81DD5-55B7-497F-95DB-D356429BB54E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/14/2007 17:46]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 10:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [03/17/2005 14:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [03/17/2005 14:45]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [06/28/2006 07:46]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [01/26/2005 18:02]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [06/29/2006 12:18]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/25/2007 15:24]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/20/2002 15:08]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [10/24/2006 16:10]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/13/2007 08:10]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [12/20/2007 08:10]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 2:16:08 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidrv32.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"AtiPTA"=Atiptaxx.exe
"Promon.exe"=Promon.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme




-- End of Deckard's System Scanner: finished at 2008-06-21 13:40:41 ------------

Edited by journey_sf, 21 June 2008 - 01:47 PM.


#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:58 AM

Posted 21 June 2008 - 03:10 PM

Open Notepad, and copy everything in the code box below and paste it into a new notepad file. Change the "Save As Type" to "All Files". Save it as fixme.reg on your Desktop. Make sure there is NO blank line above "REGEDIT4"!

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{51D81DD5-55B7-497F-95DB-D356429BB54E}"=-
[-HKEY_CLASSES_ROOT\CLSID\{51D81DD5-55B7-497F-95DB-D356429BB54E}]
Locate fixme.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES.


==============



Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Also post a new log from DSS.
Let me know how your computer seems to be acting now.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 journey_sf

journey_sf
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:01:58 AM

Posted 21 June 2008 - 06:12 PM

I did the first part, and I think it worked. I did leave the word CODE out, was that correct?

I ran the SuperAntiSpyware and it ran for almost 1.5 hours and had found over 900 threats, when the laptop crashed again. I checked, there is no log for the time it ran. I am trying it again right now.

Thanks.

Ok, I did the scan again and stopped it once it found a lot of stuff and deleted all of this. Now, I started it again and will see if it crashes again. Here are the log result from the interrupted scan. I will post the log of a full scan should that laptop let me finish one...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/21/2008 at 06:36 PM

Application Version : 4.15.1000

Core Rules Database Version : 3469
Trace Rules Database Version: 1460

Scan type : Complete Scan
Total Scan Time : 00:27:10

Memory items scanned : 394
Memory threats detected : 0
Registry items scanned : 4222
Registry threats detected : 48
File items scanned : 6338
File threats detected : 878

Adware.Tracking Cookie
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@valueclick[3].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflognczelp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@homeclick[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@as-us.falkag[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@tacoda[5].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ad.us-ec.adtechus[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4wgdjgdp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkocgc5wfp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@data1.perf.overture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-suite101.hitbox[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4skdjgfo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@burstnet[4].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkyendpwlo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@stat.dealtime[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmigicpglq.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1jajah.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@data4.perf.overture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyohdpggq.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkocgczeao.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@adopt.euroclick[4].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@adlegend[3].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlykkazkkp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@icc.intellisrv[3].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ad.yieldmanager[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnywjdjmep.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@bizrate[5].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@server.iad.liveperson[5].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-inforspaceinc.hitbox[3].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@scholastic.122.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@atdmt[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@iipd.furniturefind[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wglisgdpwfq.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@casalemedia[5].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.furniturefind[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfligmazscp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@web-stat[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlysmazgap.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmygmdpoko.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkield5map.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkougazmbp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlyegdzwfo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfliahczigo.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@maxserving[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@hc2.humanclick[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkyugcjclp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@toseeka[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@admarketplace[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyqhcjeco.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@roiservice[4].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmiqjczmdq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@phg.hitbox[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@z1.adserver[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1kcpwc.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@perf.overture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkokidjgkp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkouod5obp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@jcrew.112.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@revsci[4].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyqhdzoap.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmywgdzieq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyoocpckq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@tracker.espsoftware[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@edge.ru4[5].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlisldzcgp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfloqpazcap.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@hg1.hitbox[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wglicmczogo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@twci.coremetrics[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfl4kmd5eap.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmyqmajobp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@nextag[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@LPneimanmarcus[4].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@realmedia[5].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@test.coremetrics[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoumazslq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@saksfifthavenue.122.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@adserver[4].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@paulfredrick.122.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@polo.112.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg.hitbox[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlysjczsap.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkyqiazobq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@serving-sys[4].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkoqod5afp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@furniturefind[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.clickmanage[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkookd5iao.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4khdpklo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ads.addynamix[4].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-stampsdotcom.hitbox[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmyqid5mhp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflikmcjeko.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkykiczoao.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyohcpakp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@insightexpressai[5].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@tradedoubler[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@buildabear.122.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@clickability[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@stats1.clicktracks[3].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@fastclick[5].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@2o7[5].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@questionmarket[4].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@apmebf[5].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@6229559[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@keywordmax[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmygjczaho.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnycmdjgfo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnysidzwgo.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wak4gmdzido.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@citi.bridgetrack[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@statse.webtrendslive[5].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@hitbox[5].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@atwola[3].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@counter.surfcounters[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@americanexpress.122.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyamdziho.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@giftscom.122.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@advertising[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-graphikdimensions.hitbox[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmyamcpwhq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@partner2profit[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkiknczmko.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4oldjalp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@data2.perf.overture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@statcounter[4].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfliwnczifp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4socpebp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@clickshift[4].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmiamcjelo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ads.pointroll[5].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4gncjcbp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@data.coremetrics[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@mediaplex[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whkocgdjgep.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4ckdjilo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@trafficmp[4].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkysgdzidq.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1pcjwa.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@chefscatalog.122.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@xiti[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@zedo[5].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4qldzchp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@doubleclick[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyumc5eko.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloelczkeo.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyojajedo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkoajazaao.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmiendjwbp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@adviva[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@kimberleyandco.122.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyaocjwaq.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkiwnazaaq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmikidjsfq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4whcjslp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmycodpolq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4knczkhp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4woazoko.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@adopt.specificclick[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4khdzokp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmyaid5gap.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmyukdjaeq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-mattress.hitbox[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoghcpclq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyehczkep.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkiokazwfp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkyujdpwdp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflosgcpcbp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@montblanc.122.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@web4.realtracker[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkicod5acp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkoajc5obp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmyqpdjcgo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@bravenet[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlycoazsco.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-allergybuyersclub.hitbox[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@sales.liveperson[5].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@roi2.clicklab[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyejczwfp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyoncjclq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkykgcpclo.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4ehdpohp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfl4ehcpebp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@tennisexpress[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@discountmugs[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wglyqldzsgo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflokicpeap.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnygjcjefo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whliqod5sep.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@247realmedia[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkoopczgdo.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whliolazaao.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@free.wegcash[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyepd5gko.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyklc5sko.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@stat.onestat[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnywhcpacq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@as1.falkag[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyokazsdo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyqodpkbo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1kd5og.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkowiazglo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@commission-junction[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkisjazccq.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlospcpolp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@data3.perf.overture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfliqkcpalq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-randomhouse.hitbox[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoggcjiko.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkocidjscp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyeldjkeq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@stats2.clicktracks[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjliahd5kep.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@feed.validclick[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmionc5wcp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmygldjmbp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlicodjolo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnygndzobo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@msnportal.112.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4cmcpafo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloeld5klq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-christiandior.hitbox[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@cratebarrel.112.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyskc5gbq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@webstat[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoegd5oco.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@pt.crossmediaservices[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkycgdzekp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@tracking.homeportfolio[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@indexstats[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnywgczikq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@counter.hitslink[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@anad.tacoda[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmiqgczwdo.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlyclazmhp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whkyclcjmgp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgk4kiazwlo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjliencjcdp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyojdzgho.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlygkd5khp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@marketlive.122.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@bfast[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@3.adbrite[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkowlazobp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@tracker.roitesting[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4oldpseq.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyqpcjcho.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmykgdpcco.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyehdpalo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4ujazsgp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmykoc5gkq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.tennisexpress[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoogdzslo.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfloamajgdq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@broadspancommerce.122.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.burstbeacon[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfl4sgajsbq.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlokkcjkdo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflosoajelo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfl4gkd5kep.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkycmcjicp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloqndjaep.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfloqjcpabo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@clickauditor[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@mattressusa.122.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whkoqldjafo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-designwithinreach.hitbox[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkowhc5iep.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmishc5mep.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloojazghq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyggcpwfo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@adrevolver[6].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnycndzaep.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@media3.sitebrand[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoqjdpebo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@123count[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmygldpweq.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgl4clajeko.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wglykmcjwbp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflislczafo.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4kndpobo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@dcswkx5d9i3xh3bv2hhfxm2xl_4l1q[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnycgc5ggp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkooidjifp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkyogczwbp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlyojdjshp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4kgdpihq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whkikoczkcq.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-growingtree.hitbox[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmyeocjiep.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmiqic5akq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloqnc5klq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@overst2.sitetracker[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkyuoczkgo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkospcpilp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlosgazcao.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyugd5iep.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@client.roiadtracker[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4cgazebo.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4cocjsep.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wglyghczwfo.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnygpdjaap.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-hollywoodmedia.hitbox[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1sdzid.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkicodjieq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmywmcpihp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@bluestreak[3].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloumdjego.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkieicjmeo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyomdzmeq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.homeclick[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkiundjkgp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkywhc5alp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjliaoajiap.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfliqpazoep.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wbkyamajoeo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@app.insightgrit[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkycnczsko.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkykkdjceo.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlicldzwaq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoeodpkgo.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkikodpkbo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlokmdpcho.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkokidjegp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whlooocpsfq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoendjklo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4kkcpeko.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgliwoc5ckq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyuoaziao.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkogmczwfo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4cocjkcq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-mgmmirageoperations.hitbox[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkysjazmhp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkoqncpgfp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyojazcbp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkiokcjghp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4eoazaep.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflogmc5ceo.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjliggajkgo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1ncjwc.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmyekdpmeq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyojcjsho.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@capitalone.122.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyaodjebp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnycodjcep.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkighdjcbp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmikmczobp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyogcjgco.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnygjczwcp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyapc5gdo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyqjcjsko.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkyonczmdo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkyukazoep.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflikoc5gko.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlosoazsep.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkiakdzocq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.discountwatchstore[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjligjcjoep.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlyaicjigp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyqpczslp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkywkcpsfp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkoopd5gao.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4umd5iap.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyaidpsdo.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4eoc5mep.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-e2solutions.hitbox[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfliemdpcko.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whkignczscp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@stats.manticoretechnology[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmiqiajklp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyekc5mkp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whkoehczoeo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyogd5slp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlospc5glo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyamd5okp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmyuhcpwgp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@sec1.liveperson[3].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmyupczogo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyckcjcbo.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4ckdpkeo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@blindscom.122.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgk4ekdzoao.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@sextracker[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1oazcf.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfl4emcjkbq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyaldjobq.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whk4ohazweo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1gazka.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnycgcpkdp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkyapazkap.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkyupd5whp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkogjdpego.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@pathfinder[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@media7.sitebrand[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkislcpohp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmigmdpofp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmiakcjiep.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ads.emirates.net[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4wkcjklo.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@stats01.pointshop[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4oldzslo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlocod5eko.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whkisgdzghp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-aviatechllc.hitbox[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4eidjkdq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmisodjmfq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgk4cmcjgbo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmiqkdzodp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmicjd5wgq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmiqmcpakq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnygjdpibp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4gmcpebo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4sndzsbq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1odjsd.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgk4slc5kap.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfloapcjwlp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyondjikp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlyskcpseo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyokc5oco.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloomdjwfp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4kocjslo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@revenue[5].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmygic5chp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyood5kdo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@stats.clicktracks[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkospcpkap.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-nbif.hitbox[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyclc5elo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfloqlazseq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgk4qhdpaco.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkycncpmkp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkykkcpmao.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfl4agajkkq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnygldjeco.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.acitydiscount[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkishd5acq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkoqndpacp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@brightbuilders.122.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.shop-vermontcountrystore[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4wldpkbp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whk4unazocq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4sndpofp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@hertz.122.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjliagajsao.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkykldpwlo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloogcpcfo.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4ugdpscq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnycicpsbp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjliaiazeep.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whlyolajwho.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whlieidpebo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmyemazwdp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyopdpadp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmyapc5sgp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@35109650[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@clicksmart.headsprout[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.directnetadvertising[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-lattelove.hitbox[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@taylorgifts.122.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkysidjscq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnywjdjikp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.americandiscountchina[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whkogpazwfp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyklajcco.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfl4ajdjofp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyskczicp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-nestleusainc.hitbox[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnycnazeep.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyokdjcdp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmyslc5kcq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyspazwap.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkygiczcdq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@superstats[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkyujcjobq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1mdzeh.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@adrevolver[8].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmyqoc5kep.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4qjd5obq.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.vermontcountrystore[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkiold5kaq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-shoes.hitbox[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjliuoazmkp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflognc5afo.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyshd5afo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyshc5afo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4qiazsco.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4cnd5oeo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjliuod5scp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@vhost.oddcast[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoegdzmdp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whkykid5waq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkycoc5wgq.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkiupcjseo.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflocpazkao.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlysidzefo.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfloqicjgeo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@regalinteractive[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@realnetworks.112.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyspazeko.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfl4andjkbp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@roi.clicklab[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkowld5oco.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4gjcpgfp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkiqicpodq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@adinterax[4].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmygmdzibp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@tribalfusion[5].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-ifilm.hitbox[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4kjdpwep.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-stacksandstacks.hitbox[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@montgomeryadvertiser[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkounczibp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@tremor.adbureau[3].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflyundpkaq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@smoothcorp.112.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfl4kpcjoco.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@adbrite[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ads.addesktop[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlocndjido.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyoid5wco.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkiqmd5who.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkokgczslq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnywid5cbo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnycldjkhp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmyghdpmep.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloand5cbp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4ghajihp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfl4ekdpidq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmieidjkbp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkowndjmco.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnywjc5aep.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@dillards.112.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloggajglp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@cgi-bin[3].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfliehcjgdp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyoodpwko.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@counter2.hitslink[3].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyeicpsdo.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmigicjefo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlyukaziaq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@mb[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkookazigo.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgl4opajcaq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfliepajcgo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfl4cldjmao.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4onc5gcq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.fullreleases[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4ancpcdo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmywjdpkgo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whkyaoczwko.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjliwgc5mcq.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4ukc5wlo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@babyuniverse.112.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnycgcpeco.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4ojdjiho.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmyehajmco.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkosnazodp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@charmingshoppes.112.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloapdpobq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoqgajaap.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wclyeoc5eko.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyohd5saq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkokmcpsep.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmygpajohp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyskdjklp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4opczweo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@bs.serving-sys[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@html[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkyaodjmfo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyoldzoao.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@indextools[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyapdpolp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4wlazcco.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmienajcfp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloknczgkp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1jajcb.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfloendpkhq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlyqlc5mao.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkywnc5ilo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@linksynergy[4].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@webtrends.moxymedia[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.clicknkids[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflyelcjigo.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@geosign.112.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1jczwh.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmiajajaeo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgl4klcjmeo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkiulajmho.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@amazonbebe.122.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4koajelq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkouod5acp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlouncjcao.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkiqlcjghq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ads.movieweb[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkywhdzglo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloajd5acp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmiomc5sbp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfliaiazwhp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@richmedia.yahoo[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whmigmajcko.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnygkd5wko.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloupazecq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-nokiafin.hitbox[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@te.kontera[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyepajiep.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.media-arts-schools[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ameriprise.112.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whkicncjsap.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@northwestairlines.112.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkogkajeao.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyoldpmbo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-leapfrog.hitbox[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4wgcpkgo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ge.112.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloajcjwao.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wblygoczwlp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@jewelrytelevision.112.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkionazwdo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4wiczsdo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfloupd5whp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyaiazcgq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@paypal.112.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlyqpajwdp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-revlon.hitbox[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4smajsdo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkiold5kbp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkoopdzgeo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whlikpdzkhq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmikncpihq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkialczceo.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4apdjcfo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnywndjkep.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4old5eap.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkocod5igo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@tase[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@direct[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyqicpofp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6walyeocpwko.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkiaidjabp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4skdpkfo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ad2.m5-systems[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlyepczefq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@nextstat[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@specificclick[4].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloemdpabp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4uodjcdp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlokodzgdq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-youtube.hitbox[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgliuldzcdp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlocgczwfq.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4qpdjweo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1iazel.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4qnajslo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkysid5wco.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmislajgaq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@60960915[3].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@amznshopbop.122.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlyggcpafq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@1070932382[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkoulcpegp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@akira[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkioldpiao.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ads.worldgolf[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.teenbreaks[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@hit.stat[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@counter5.sextracker[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wck4upcjsdp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmyeod5sgo.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflococpogq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@eas.apm.emediate[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4aid5oeq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@marinermarketing.112.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkykgcjibp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wblykncpwdo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@pro-market[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@clicks.emarketmakers[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@waterfrontmedia.112.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@kontera[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1icjek.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@estat[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmywkdjikp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ad1.emediate[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-healthyback.hitbox[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-lowermybills.hitbox[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfl4eicziap.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlyaoczofp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@1072605278[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@etoys.112.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@56764446[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@53912102[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@pornaccess[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@thefind[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whloahdpmhp.stats.esomniture[3].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlishczeko.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlyogd5aeo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnywod5kkq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wbk4wpcjekq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@overture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1sd5mg.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlighajkap.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnycidzedp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4ulc5sfo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6walysid5aap.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloshajifp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkocldziap.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkospdjikp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfloagcjeep.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflocmcjkfq.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-buyseasons.hitbox[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkosodjagp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnygkczghq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4uiczegp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@media6degrees[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1lajkh.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6waloklcjodp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlikndzgco.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmygidpweo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@usmle[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4ghdpaho.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkicncpeep.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmiegczsfp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflougajwgo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@122.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wakokodzcep.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whl4wjcziap.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlygkdzaho.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@guthyrenker.112.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmyulc5shq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgmyoldjmgp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ads.ak.facebook[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@shopping.112.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wakiomazahq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@link.mercent[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@brightcove.112.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmikldpkho.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflichajcko.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkysicjmlo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4aodzkko.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyqjdjcbq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlishd5sgo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wcmiumc5clo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoajajogp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmygodzefo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkicpajchq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.findarticles[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@dealtime[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.ads-click[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-jag.hitbox[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoggajalp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@valueclick[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-zoomerang.hitbox[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whmicpazekp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-thanedirect.hitbox[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmywlczogo.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkicgc5ogp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmysod5olo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@qksrv[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wcloukdjaco.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@findarticles[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wclygocpcep.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnywhcpedo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@LPBofA1[3].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmicpcjcdo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@reduxads.valuead[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnycjc5cbp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@sexworld.co[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlownazoco.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflieidzwfp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyqgdpacq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@arab-sex[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@media.adrevolver[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkyugdzghq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ads.ozonemedia.co[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@1072560260[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@adultsextoys[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjmygndpgcp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlocpczgkp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@1072437210[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfmigjc5ikp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjloaiajohq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@1065593030[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkochdpacq.stats.esomniture[3].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@celebrateexpress.122.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@1066181895[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkouhdpclp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfloalcpgfp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyapcjwep.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@porngurus[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkiwic5mdq.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkiokcpadp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@clickthrough.wegcash[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1icpma.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@eyewonder[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whkyukd5sko.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@dcsn3k5o910000086aqymxzgy_6w7r[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@tracking.foundry42[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnysgdpido.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wak4kodzcao.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@adserver.mediarun[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjny-1jajgc.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ad[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@bbos.112.2o7[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@1067725497[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfk4ajcpaaq.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ads.vlaze[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyghajebp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@74613876[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@dynamic.media.adrevolver[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoupcpmkp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@teenbreaks[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnycndpkhp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4kpczagp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wgkyeld5oep.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyanazeeo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyoidpido.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wamiupajmao.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4egdpsho.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfloujcjihp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoqldjmap.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@interclick[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ad1.m5-systems[3].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlielc5aeo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfloskcpmbp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@sixapart.adbureau[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ads.salmiya[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfl4ujczsgo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wdkysjdpgdo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjliohdpshp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjk4kldpaao.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.adultsextoys[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whk4kkajidp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkowhcpcbo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@auth.sexworld.co[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@click.porngurus[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ad.m5prod[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@doubleclick.hertz[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@45687557[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@track.joepro[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@55170107[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@internationaldriveorlando.advertserve[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkykgdjcap.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@cgi-bin[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@1063368710[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@iad.liveperson[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@1069649549[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wbmyahdzedp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@1172432[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wfkigmdpsbq.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wflogkc5mdo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@clickbank[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjlocmc5oao.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@servedby.adxpower[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnyojczkao.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@LPneimanmarcus[5].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@1072089229[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@dcsn3k5o910000086aqymxzgy_6w7r[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjl4cidzsfp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@1698736[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkykkd5odp.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjkoogdjggo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjliwgazoho.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wbkygjdzkko.stats.esomniture[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ads.bridgetrack[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@tracking.hearthstoneonline[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@content.clickbank[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@clickbank[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wblygoajmbo.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@clubgirlsxxx[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@www.peoplefinders[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@1072242590[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wjnywkd5klp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@ehg-yvesrocher.hitbox[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6whlosnajcep.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@e-2dj6wglikgcjabp.stats.esomniture[2].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@media.mtvnservices[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@31303003[1].txt
C:\Documents and Settings\Samer assaad\Cookies\samer assaad@collective-media[2].txt

Trojan.VideoCach/Gen
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\0
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\0\win32
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\FLAGS
HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\HELPDIR
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid32
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib#Version
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid32
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib#Version

Malware.SpyLocked
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#UninstallString

Trojan.Media-Codec/V4
HKCR\multimediaControls.chl
HKCR\multimediaControls.chl\CLSID

Adware.E404 Helper/Hij
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version

Trojan.Media-Codec/V5
HKU\S-1-5-21-507921405-746137067-1343024091-1004\Software\NetProject
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing#UninstallString

Rogue.AntiSpyCheck
HKCR\CLSID\{D2608046-DD09-A225-01BF-70C1EDD8B2E8}
HKCR\CLSID\{D2608046-DD09-A225-01BF-70C1EDD8B2E8}\cqUaOwlpfy
HKCR\CLSID\{D2608046-DD09-A225-01BF-70C1EDD8B2E8}\fSwfvhpeIeis
HKCR\CLSID\{D2608046-DD09-A225-01BF-70C1EDD8B2E8}\fuCukqwk
HKCR\CLSID\{D2608046-DD09-A225-01BF-70C1EDD8B2E8}\InprocServer32
HKCR\CLSID\{D2608046-DD09-A225-01BF-70C1EDD8B2E8}\InprocServer32#ThreadingModel
HKCR\CLSID\{D2608046-DD09-A225-01BF-70C1EDD8B2E8}\jJuo
HKCR\CLSID\{D2608046-DD09-A225-01BF-70C1EDD8B2E8}\mlsvi
HKCR\CLSID\{D2608046-DD09-A225-01BF-70C1EDD8B2E8}\tMguPVkuet

Edited by journey_sf, 21 June 2008 - 07:07 PM.


#14 journey_sf

journey_sf
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alabama
  • Local time:01:58 AM

Posted 21 June 2008 - 11:35 PM

Ok, the second try did not work either. Same thing happened, the laptop crashed. I did the DSS scan again though. Here it is:

Deckard's System Scanner v20071014.68
Run by Samer assaad on 2008-06-21 22:11:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as Samer assaad.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:11:44, on 6/21/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\Atievxx.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Documents and Settings\Samer assaad\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\SAMERA~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{707B4C96-425F-49D2-B9A3-724C0A7B9E95}: NameServer = 192.168.1.254
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

--
End of file - 5886 bytes

-- Files created between 2008-05-21 and 2008-06-21 -----------------------------

2008-06-21 16:35:53 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-21 16:35:18 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-21 16:35:17 0 d-------- C:\Documents and Settings\Samer assaad\Application Data\SUPERAntiSpyware.com
2008-06-21 16:34:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-19 14:46:47 1930 --a------ C:\WINDOWS\System32\tmp.reg
2008-06-19 14:46:16 25600 --a------ C:\WINDOWS\System32\WS2Fix.exe
2008-06-19 14:46:16 289144 --a------ C:\WINDOWS\System32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-19 14:46:16 86528 --a------ C:\WINDOWS\System32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-19 14:46:16 82944 --a------ C:\WINDOWS\System32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-19 14:46:16 81920 --a------ C:\WINDOWS\System32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-19 14:46:15 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-19 14:46:15 51200 --a------ C:\WINDOWS\System32\dumphive.exe
2008-06-19 14:46:14 53248 --a------ C:\WINDOWS\System32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-18 19:38:51 0 d-------- C:\Program Files\Trend Micro
2008-06-18 17:40:27 0 d-------- C:\Program Files\Avira
2008-06-18 17:40:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-18 17:22:05 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-18 17:18:12 0 d--hs---- C:\FOUND.010
2008-06-17 11:38:36 0 d--hs---- C:\FOUND.009
2008-06-17 11:31:32 0 d--hs---- C:\FOUND.008
2008-06-16 00:01:54 0 d--hs---- C:\FOUND.007
2008-06-15 14:14:58 0 d--hs---- C:\FOUND.006
2008-06-15 13:40:08 0 d--hs---- C:\FOUND.005
2008-06-15 13:31:34 0 d--hs---- C:\FOUND.004
2008-06-15 13:21:06 0 d--hs---- C:\FOUND.003
2008-06-15 12:59:02 0 d--hs---- C:\FOUND.002
2008-06-15 12:50:59 8704 --a------ C:\WINDOWS\System32\tdidrv32.sys
2008-06-15 12:45:00 0 d-------- C:\Documents and Settings\Samer assaad\Application Data\Adobe


-- Find3M Report ---------------------------------------------------------------

2008-06-20 13:34:26 5742282 --ah----- C:\Documents and Settings\Samer assaad\Application Data\IconCache.db
2008-04-05 22:55:40 71168 --a------ C:\WINDOWS\System32\LxrJD31s.exe
2008-04-05 22:55:40 146432 --a------ C:\WINDOWS\System32\LxrJD31p.exe <Not Verified; Microsoft Corporation; Microsoft Corporation Diskpart Application>
2008-04-05 22:55:40 163840 --a------ C:\WINDOWS\System32\LxrJD31c.exe
2008-04-05 22:55:40 249856 --a------ C:\WINDOWS\System32\LxrJD31.dll
2008-04-05 22:55:40 61440 --a------ C:\WINDOWS\System32\LxrJD20Sat.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/14/2007 17:46]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 10:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [03/17/2005 14:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [03/17/2005 14:45]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [06/28/2006 07:46]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [01/26/2005 18:02]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [06/29/2006 12:18]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/25/2007 15:24]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/20/2002 15:08]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [10/24/2006 16:10]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/13/2007 08:10]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [12/20/2007 08:10]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 2:16:08 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidrv32.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"AtiPTA"=Atiptaxx.exe
"Promon.exe"=Promon.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme




-- End of Deckard's System Scanner: finished at 2008-06-21 22:13:02 ------------

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:58 AM

Posted 22 June 2008 - 07:03 AM

Those laptops get hot when you run something heavy on the cpu for a while. Then it shuts down to protect itself. Try scanning select area to shorten the scan time. Then reboot your computer and give it time to cool off before going again.

Your log looks pretty good. How are things on your end?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users