The original version of this page can be found at : http://forum.bullguard.com/forum/8/C-Drive_63293.html
Posted By : ytam - 7-7-2008 10:11
Hello there I have a problem that when ever i started windows a window for drive C:\ open automatically, i don't know whethere its a virus or how to stop that.

Posted By : Touch - 7-7-2008 11:49
Hello smile
 
 
Let´s check and see if it a virus -
 
 

1. Get this version of Hijackthis from http://danborg.org/spy/hjt/alternativ.exe
 
2 Save it in a permanent folder of your choice, such as C:\HJT\. To create this specific folder on your hard drive: Double click the 'My Computer' icon on your desktop, then under the category hard disk drives: double click Local Disk:, then select file->New -> Folder and name it HJT
3 Run hijackthis.  (alternativ exe).

Choose the "Do a system scan and save a log file" option to perform your scan.
HijackThis will analyze your system, and automatically open a notepad textfile containing the HijackThis log when the scan is finished.
Open the text files containing the logs with a text editor and click Edit -> Select All, followed by Edit -> Copy.
From within the browser window and with the message body text box selected, click Edit -> Paste.
Post hijackthis log here

Do NOT post your problem in someone elses thread.
Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted


Posted By : ytam - 7-7-2008 1:43
Thanks lot Touch, here is the Logfile:
Logfile of HijackThis v1.99.1
Scan saved at 4:40:28 AM, on 7/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\WINDOWS\System\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Documents and Settings\XPPRESP3\My Documents\Hijack\alternativ.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System\svchost.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System\dumprep.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{798EB7B4-BCB6-44A2-8D84-475CD7A7D993}: NameServer = 196.29.180.29 196.29.164.29
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Tomcat5\apache-tomcat-5.5.26\apache-tomcat-5.5.26\bin\tomcat5.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)



Posted By : Touch - 7-7-2008 1:55
It seems to be Trojan/Backdoor related ;-)
 
 
Please download Combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
 
 
And save to the desktop.

Close all other browser windows.
 
 
 
 
Important-> Temporarily disable your anti-virus, real-time protection before performing a scan.
They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".
 
 
Go to Start->Run and copy/paste: ComboFix /snapshot and hit OK. It should run Combofix.
 
Please note, that once you start combofix you should not click anywhere on the combofix window
as it can cause the program to stall.
In fact, when combofix is running, do not touch your computer at all
and just take a break as it may take a while for it to complete.

 When finished, it will produce a logfile located at C:\combofix.txt.
 

Post the contents of that log in your next reply with a new hijackthis log.
 
Please copy and paste your log files. DO NOT add it as an attachment



NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer..
We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.

Do NOT post your problem in someone elses thread.
Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted


Posted By : ytam - 7-7-2008 5:55
Thank you lot Touch for your kindlly reply and cooperation. Now I have done ComboFix and hijackthis and here is the log file and the hijackithis respectivelly:
hop
ComboFix 08-07-05.1 - XPPRESP3 2008-07-07  8:42:59.1 - NTFSx86
Running from: C:\Documents and Settings\XPPRESP3\Desktop\ComboFix.exe
 * Resident AV is active

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\internet explorer\msimg32.dll
C:\WINDOWS\system\svchost.exe
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\pskill.exe
.
(((((((((((((((((((((((((   Files Created from 2008-06-07 to 2008-07-07  )))))))))))))))))))))))))))))))
.
2008-07-06 13:08 . 2008-07-06 13:08 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-07-06 13:04 . 2008-07-07 08:38 <DIR> d-------- C:\Program Files\ESET
2008-07-06 13:00 . 2008-07-06 13:06 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-07-04 07:06 . 2008-07-04 07:06 <DIR> d-------- C:\Program Files\MyABCD
2008-06-25 11:14 . 2008-06-25 11:14 <DIR> d-------- C:\Program Files\ArabicSP Software
2008-06-24 11:44 . 2008-06-24 11:44 <DIR> d-------- C:\Program Files\Klango
2008-06-23 11:00 . 2008-06-23 11:00 <DIR> d-------- C:\WINDOWS\Sun
2008-06-16 04:03 . 2008-06-16 04:03 244 --ah----- C:\sqmnoopt17.sqm
2008-06-12 06:39 . 2008-06-12 06:39 <DIR> d-------- C:\Program Files\MicroTools4U
2008-06-11 12:40 . 2008-06-11 12:40 <DIR> d-------- C:\Program Files\AskSBar
2008-06-11 12:36 . 2008-07-06 23:09 <DIR> d-------- C:\Program Files\SpeedBit Video Accelerator
2008-06-11 12:36 . 2008-06-11 12:45 <DIR> d-------- C:\Program Files\DAP
2008-06-11 12:36 . 2008-06-11 12:36 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-06-11 12:36 . 2008-06-11 12:36 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-06-11 12:36 . 2008-06-11 12:36 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-06-11 12:24 . 2008-06-11 12:24 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-06-09 10:39 . 2007-10-02 09:10 <DIR> d-------- C:\aha
2008-06-09 10:39 . 2008-05-28 11:56 11,515,042 --a------ C:\aha-3.0-p4.zip
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 20:08 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-07-06 19:35 --------- d-----w C:\Program Files\SPSS
2008-07-06 08:11 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-06-07 03:52 --------- d-----w C:\Program Files\Apache Software Foundation
2008-06-06 06:02 56 ----a-w C:\Tomcat.bat
2008-06-05 03:52 --------- d-----w C:\Program Files\Java
2008-06-05 01:55 --------- d-----w C:\Program Files\Common Files\Java
2008-06-02 03:58 --------- d-----w C:\Program Files\Star E-Media
2008-05-28 23:00 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Live Toolbar
2008-05-28 22:54 --------- d-----w C:\Program Files\MSN Messenger
2008-05-22 03:38 --------- d-----w C:\Documents and Settings\XPPRESP3\Application Data\Talkback
.
------- Sigcheck -------
2006-06-17 23:43  663552  d94cffdb53e7ac867438e2dfd50e7cbc C:\WINDOWS\system32\wininet.dll
2005-07-13 04:07  360448  0601f83f6784c220ee302f03f702316e C:\WINDOWS\system32\drivers\tcpip.sys
2006-07-06 14:50  2058368  d20855e9a650415e4f65e0ce249839bd C:\WINDOWS\system32\ntkrnlpa.exe
2006-06-17 23:43  2181248  da58ba325f6148ec49abfc93c656a1df C:\WINDOWS\system32\ntoskrnl.exe
2005-10-15 14:07  949760  17e3c975c6fe3e94cf760f10d91c2af3 C:\WINDOWS\explorer.exe
2005-10-15 14:07  1032192  45757077a47c68a603a79b03a1a836ab C:\WINDOWS\XPize\Backup\explorer.exe
2004-08-04 19:00  30208  de8fa9cf18f95341079c7e6a215c226a C:\WINDOWS\system32\ctfmon.exe
2004-08-04 19:00  15360  24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\XPize\Backup\ctfmon.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-06-11 12:40 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 19:00 30208]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 14:54 5674352]
"Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-05-27 21:58 4269296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 18:00 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-06-05 06:52 77824]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2008-06-11 12:36 3053056]
"SpeedBitVideoAccelerator"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2008-06-11 12:36 2705008]
"SiSPower"="SiSPower.dll" [2006-03-09 04:04 49152 C:\WINDOWS\system32\SiSPower.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 19:00 30208]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2008-04-26 03:30:27 262144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_SZ          hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86713af0-1372-11dd-af7d-806d6172696f}]
\Shell\AutoRun\command - J:\haircut2.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-07 04:50:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-PHIME2002A - C:\WINDOWS\System\svchost.exe
HKLM-Run-PHIME2002ASync - C:\WINDOWS\System\dumprep.exe

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 08:45:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"
.
Completion time: 2008-07-07  8:46:45
ComboFix-quarantined-files.txt  2008-07-07 05:46:43
Pre-Run: 1,266,659,328 bytes free
Post-Run: 1,404,567,552 bytes free
144
******************************hijakthis**********************************************


Logfile of HijackThis v1.99.1
Scan saved at 08:47, on 7/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\CF24181.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\notepad.exe
C:\ComboFix\NirCmd.cfexe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\XPPRESP3\My Documents\Hijack\alternativ.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System\svchost.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System\dumprep.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Tomcat5\apache-tomcat-5.5.26\apache-tomcat-5.5.26\bin\tomcat5.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)
hop

Posted By : Touch - 7-7-2008 6:43
Seems to We have improvement smile
 
 
Please download Free  Version of Superantispyware
http://www.superantispyware.com/superantispywarefreevspro.html
 
Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it.
close the program
 
 
Please download ATF Cleaner:
 http://www.atribune.org/ccount/click.php?id=1 by Atribune.
This program is for XP and Windows 2000 only
 
 
 
Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT.
Click fix checked.
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System\svchost.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System\dumprep.exe
 
 
 
 
 
Please print out or copy this page to Notepad as you will be in Safe Mode and unable to refer to this page.
 
 
 
Reboot to Safe mode
 
 
Delete the following files or folders (delete item in bold). Please do not be concerned if
any of the items are not found as they may have been automatically removed by actions I had
you take earlier in the cleaning process.
 
 
Open Folder Options in Controlpanel >view and check your settings:
Select
Show hidden files and folders
Display the contents of system folders
Uncheck: Hide protected operating system files
Delete:
Files:
C:\WINDOWS\System\svchost.exe
C:\WINDOWS\System\dumprep.exe
<<<ß These infection should not be confused with the
legitimate C:\Windows\System32\dumprep.exe and
C:\Windows\System32\ svchost.exe
 
 
 
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch (Windows XP) only.
Java Cache
Recycle Bin
NB. It's normal after running ATF cleaner that the PC will be slower to boot the first time.
 
 
 
 
Start Superantispyware.
Hit - Scan Your Computer - button
Click on the drive(s) you want to scan. Put a check in - Perform Complete Scan, then next,
it will scan now. When scan have finished, put a checkmark with  all items it found. Next, after cleaning, allow it to Reboot
 
 
 
Start Superantispyware again –
Click Preferences and then click the statistics/logs tab.
Click the dated log and press view log and a text file will appear.
 
 
 
Post this log along with fresh hijackthis log,  and tell how things are running  ?
 
 
 
 
 
 
 
 
 
 
 

Do NOT post your problem in someone elses thread.
Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted


Posted By : ytam - 7-7-2008 8:58
Thanks lot TOUCH I think it works cause I didn't see the automatic opening of the C:\ when I rebote, but here is to logs SUPERAntiSpyware and hijackthis respectivelly:
yeah hop
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/07/2008 at 11:29 AM
Application Version : 4.15.1000
Core Rules Database Version : 3469
Trace Rules Database Version: 1460
Scan type       : Complete Scan
Total Scan Time : 00:30:21
Memory items scanned      : 340
Memory threats detected   : 0
Registry items scanned    : 3912
Registry threats detected : 0
File items scanned        : 33151
File threats detected     : 347
Trojan.Dropper/SVCHost-Fake
 C:\DOCUMENTS AND SETTINGS\DEFAULT USER\LOCAL SETTINGS\HISTORY\SVCHOST.EXE
Adware.Tracking Cookie
 .adbrite.com [ C:\Documents and Settings\XPPRESP3\Application Data\Mozilla\Firefox\Profiles\rkdqvo0e.default\cookies.txt ]
 .adbrite.com [ C:\Documents and Settings\XPPRESP3\Application Data\Mozilla\Firefox\Profiles\rkdqvo0e.default\cookies.txt ]
 .adbrite.com [ C:\Documents and Settings\XPPRESP3\Application Data\Mozilla\Firefox\Profiles\rkdqvo0e.default\cookies.txt ]
 .tdstats.com [ C:\Documents and Settings\XPPRESP3\Application Data\Mozilla\Firefox\Profiles\rkdqvo0e.default\cookies.txt ]
 .tdstats.com [ C:\Documents and Settings\XPPRESP3\Application Data\Mozilla\Firefox\Profiles\rkdqvo0e.default\cookies.txt ]
 C:\Documents and Settings\XPPRESP3\Cookies\xppresp3@tradedoubler[2].txt
 C:\Documents and Settings\XPPRESP3\Cookies\xppresp3@ad.yieldmanager[2].txt
 sitestats.ets.org [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .fastclick.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .fastclick.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 ad.yieldmanager.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 ad.yieldmanager.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 ad.yieldmanager.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 ad.yieldmanager.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 ad.yieldmanager.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .ad.yieldmanager.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .ad.yieldmanager.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .ad.yieldmanager.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .statcounter.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .statcounter.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .statcounter.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .statcounter.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .statcounter.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .statcounter.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .statcounter.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .statcounter.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .statcounter.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .statcounter.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .statcounter.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .statcounter.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .statcounter.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .statcounter.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .statcounter.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .statcounter.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .statcounter.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .atdmt.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .doubleclick.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .mediaplex.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .mediaplex.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .advertising.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .advertising.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .advertising.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .advertising.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .advertising.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .apmebf.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .apmebf.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .tribalfusion.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .eb.adbureau.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .2o7.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .2o7.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .2o7.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .2o7.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .2o7.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .2o7.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .2o7.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .2o7.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .2o7.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .2o7.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .2o7.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .2o7.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .2o7.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .2o7.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .2o7.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .2o7.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .2o7.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .2o7.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .2o7.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .2o7.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .burstnet.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .tacoda.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .tacoda.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .tacoda.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .casalemedia.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .casalemedia.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .casalemedia.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .casalemedia.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .casalemedia.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .burstnet.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .questionmarket.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .questionmarket.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .specificclick.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .specificclick.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .specificclick.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .specificclick.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .specificclick.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .msnportal.112.2o7.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .tradedoubler.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 uk.sitestat.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 uk.sitestat.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 eas.apm.emediate.eu [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 eas.apm.emediate.eu [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .revsci.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .revsci.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .revsci.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .revsci.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .revsci.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .revsci.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .revsci.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .hotlog.ru [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .statse.webtrendslive.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 statse.webtrendslive.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .adbrite.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .adbrite.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .adbrite.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 uk.sitestat.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .zedo.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .zedo.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 ads.bridgetrack.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 ads.bridgetrack.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .realmedia.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .realmedia.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .kontera.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .kontera.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .kontera.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .adinterax.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .adinterax.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .adinterax.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 statse.webtrendslive.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .ieee.adbureau.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .mywebsearch.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .mywebsearch.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .mywebsearch.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .mywebsearch.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .mywebsearch.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .mywebsearch.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .mywebsearch.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .mywebsearch.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .mywebsearch.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .ads.pointroll.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .ads.pointroll.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .ads.pointroll.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .ads.pointroll.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .yadro.ru [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .sitestat.mayoclinic.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .try.starware.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .valueclick.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .serving-sys.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .webstat.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .webstat.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .webstat.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .serving-sys.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .serving-sys.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .serving-sys.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .serving-sys.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .stat.dealtime.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .statse.webtrendslive.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .statse.webtrendslive.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .wpni.112.2o7.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .targetnet.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .insightexpressai.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .insightexpressai.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .insightexpressai.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .insightexpressai.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .insightexpressai.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .insightexpressai.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .insightexpressai.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .insightexpressai.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .nl.sitestat.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .nl.sitestat.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .nl.sitestat.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .roiservice.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .nextstat.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .nextstat.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .nextstat.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .nextstat.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .nextstat.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .maxserving.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .maxserving.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .rotator.adjuggler.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .rotator.adjuggler.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .fortunecity.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .goclick.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .goclick.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .uk.sitestat.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .uk.sitestat.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .findarticles.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .findarticles.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .highbeam.122.2o7.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .overture.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .overture.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .overture.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .revenue.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .www.addfreestats.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .bs.serving-sys.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .adtech.de [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .adtech.de [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .bfast.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .data.coremetrics.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .www2.addfreestats.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .atwola.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .cnetasiapacific.122.2o7.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .imrworldwide.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .imrworldwide.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .adserver.matchcraft.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .www1.addfreestats.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .adjuggler.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .adopt.euroclick.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 .sonygs.112.2o7.net [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 findarticles.com [ C:\Documents and Settings\yaser\Application Data\Mozilla\Firefox\Profiles\edo2ntuk.default\cookies.txt ]
 C:\Documents and Settings\yaser\Cookies\yaser@maxserving[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@media.adrevolver[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@wpni.112.2o7[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@advertising[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@counter.hitslink[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@zedo[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@questionmarket[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@spylog[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@3.adbrite[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@adtech[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@valueclick[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@ehg-leapfrog.hitbox[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@try.starware[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@burstnet[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@ads.guardian.co[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@highbeam.122.2o7[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@indexstats[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@tribalfusion[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@upspiral[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@ad.yieldmanager[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@112.2o7[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@ehg-france24.hitbox[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@trafficmp[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@adserver[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@ad1.emediate[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@casalemedia[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@ehg-tfl.hitbox[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@goclick[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@bfast[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@cnetasiapacific.122.2o7[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@serving-sys[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@tripod[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@anad.tacoda[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@ads.addynamix[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@adbrite[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@tacoda[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@m1.webstats.motigo[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@popularscreensavers[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@ehg-medpagetoday.hitbox[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@overture[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@statse.webtrendslive[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@revsci[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@sales.liveperson[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@ads.pointroll[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@ads.touregypt[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@roiservice[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@realmedia[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@eas.apm.emediate[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@rotator.adjuggler[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@doubleclick[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@bluestreak[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@fastclick[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@adv.webmd[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@ehg-traderelectronicmedia.hitbox[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@fortunecity[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@msnaccountservices.112.2o7[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@atwola[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@adjuggler[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@ads.remal.com[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@account.live[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@apmebf[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@revenue[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@data.coremetrics[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@2o7[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@findarticles[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@mediaplex[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@h.starware[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@ads.collegeconfidential[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@kanoodle[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@weborama[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@hg1.hitbox[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@ecnext.advertserve[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@ads.telegraph.co[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@sitestats.tiscali.co[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@ehg-oreilly.hitbox[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@eb.adbureau[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@statcounter[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@salah555.tripod[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@yadro[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@accounts[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@media[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@ehg-aha.hitbox[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@stat.dealtime[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@atdmt[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@ad.islamonline[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@www.burstnet[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@azjmp[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@adopt.euroclick[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@adinterax[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@stats[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@specificclick[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@www.ezytrack[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@hotlog[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@adlegend[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@sitestat.mayoclinic[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@mywebsearch[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@insightexpressai[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@bs.serving-sys[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@kontera[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@ehg-fluorcorp.hitbox[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@adrevolver[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@adrevolver[3].txt
 C:\Documents and Settings\yaser\Cookies\yaser@ehg-techtarget.hitbox[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@server.iad.liveperson[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@hitbox[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@allstardirectories.112.2o7[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@bilbo.counted[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@targetnet[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@a.findarticles[1].txt
 C:\Documents and Settings\yaser\Cookies\yaser@tradedoubler[2].txt
 C:\Documents and Settings\yaser\Cookies\yaser@msnportal.112.2o7[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@2o7[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@wpni.112.2o7[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@maxserving[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@media.adrevolver[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@advertising[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@counter.hitslink[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@zedo[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@questionmarket[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@3.adbrite[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@adtech[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@valueclick[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@ehg-leapfrog.hitbox[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@try.starware[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@burstnet[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@spylog[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@ads.guardian.co[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@highbeam.122.2o7[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@indexstats[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@tribalfusion[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@upspiral[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@ad.yieldmanager[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@ad.yieldmanager[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@112.2o7[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@ehg-france24.hitbox[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@trafficmp[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@ad1.emediate[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@adserver[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@casalemedia[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@ehg-tfl.hitbox[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@goclick[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@bfast[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@cnetasiapacific.122.2o7[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@serving-sys[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@tripod[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@anad.tacoda[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@ads.addynamix[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@adbrite[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@tacoda[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@m1.webstats.motigo[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@popularscreensavers[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@ehg-medpagetoday.hitbox[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@overture[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@ads.touregypt[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@statse.webtrendslive[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@revsci[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@sales.liveperson[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@ads.pointroll[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@realmedia[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@eas.apm.emediate[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@rotator.adjuggler[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@roiservice[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@bluestreak[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@fastclick[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@adv.webmd[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@doubleclick[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@ehg-traderelectronicmedia.hitbox[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@atwola[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@msnaccountservices.112.2o7[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@adjuggler[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@ads.remal.com[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@account.live[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@apmebf[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@fortunecity[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@revenue[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@data.coremetrics[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@findarticles[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@mediaplex[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@2o7[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@h.starware[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@ads.collegeconfidential[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@kanoodle[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@weborama[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@hg1.hitbox[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@ecnext.advertserve[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@ads.telegraph.co[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@sitestats.tiscali.co[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@ehg-oreilly.hitbox[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@eb.adbureau[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@statcounter[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@salah555.tripod[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@yadro[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@accounts[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@media[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@msnportal.112.2o7[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@ehg-aha.hitbox[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@stat.dealtime[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@atdmt[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@ad.islamonline[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@www.burstnet[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@azjmp[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@adopt.euroclick[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@adinterax[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@stats[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@specificclick[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@www.ezytrack[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@hotlog[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@mywebsearch[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@adlegend[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@sitestat.mayoclinic[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@mywebsearch[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@insightexpressai[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@bs.serving-sys[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@kontera[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@adrevolver[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@adrevolver[3].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@ehg-techtarget.hitbox[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@ehg-fluorcorp.hitbox[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@allstardirectories.112.2o7[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@server.iad.liveperson[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@hitbox[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@bilbo.counted[2].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@tradedoubler[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@targetnet[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@a.findarticles[1].txt
 E:\?C??\ Root\Documents and Settings\yaser\Cookies\yaser@tradedoubler[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@2o7[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@wpni.112.2o7[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@maxserving[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@media.adrevolver[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@advertising[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@counter.hitslink[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@zedo[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@questionmarket[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@3.adbrite[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@adtech[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@valueclick[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@ehg-leapfrog.hitbox[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@try.starware[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@burstnet[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@spylog[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@ads.guardian.co[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@highbeam.122.2o7[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@indexstats[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@tribalfusion[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@upspiral[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@ad.yieldmanager[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@ad.yieldmanager[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@112.2o7[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@ehg-france24.hitbox[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@trafficmp[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@ad1.emediate[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@adserver[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@casalemedia[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@ehg-tfl.hitbox[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@goclick[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@bfast[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@cnetasiapacific.122.2o7[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@serving-sys[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@tripod[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@anad.tacoda[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@ads.addynamix[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@adbrite[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@tacoda[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@m1.webstats.motigo[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@popularscreensavers[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@ehg-medpagetoday.hitbox[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@overture[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@ads.touregypt[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@statse.webtrendslive[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@revsci[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@sales.liveperson[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@ads.pointroll[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@realmedia[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@eas.apm.emediate[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@rotator.adjuggler[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@roiservice[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@bluestreak[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@fastclick[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@adv.webmd[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@doubleclick[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@ehg-traderelectronicmedia.hitbox[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@atwola[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@msnaccountservices.112.2o7[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@adjuggler[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@ads.remal.com[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@account.live[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@apmebf[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@fortunecity[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@revenue[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@data.coremetrics[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@findarticles[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@mediaplex[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@2o7[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@h.starware[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@ads.collegeconfidential[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@kanoodle[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@weborama[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@hg1.hitbox[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@ecnext.advertserve[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@ads.telegraph.co[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@sitestats.tiscali.co[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@ehg-oreilly.hitbox[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@eb.adbureau[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@statcounter[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@salah555.tripod[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@yadro[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@accounts[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@media[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@msnportal.112.2o7[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@ehg-aha.hitbox[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@stat.dealtime[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@atdmt[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@ad.islamonline[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@www.burstnet[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@azjmp[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@adopt.euroclick[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@adinterax[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@stats[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@specificclick[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@www.ezytrack[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@hotlog[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@mywebsearch[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@adlegend[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@sitestat.mayoclinic[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@mywebsearch[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@insightexpressai[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@bs.serving-sys[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@kontera[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@adrevolver[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@adrevolver[3].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@ehg-techtarget.hitbox[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@ehg-fluorcorp.hitbox[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@allstardirectories.112.2o7[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@server.iad.liveperson[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@hitbox[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@bilbo.counted[2].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@tradedoubler[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@targetnet[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@a.findarticles[1].txt
 E:\?C??\Documents and Settings\yaser\Cookies\yaser@tradedoubler[2].txt
Trojan.Downloader-Gen/Win
 C:\DOCUMENTS AND SETTINGS\XPPRESP3\MY DOCUMENTS\MY COMPLETED DOWNLOADS\ANTI-COPY.EXE\ANTI COPY.EXE.EXE
Adware.Starware
 C:\DOCUMENTS AND SETTINGS\YASER\MY DOCUMENTS\REFERENCE.EXE
Adware.MyWebSearch
 C:\PROGRAM FILES\TRUE SWORD 4\BACKUPED\6\MWSOEMON.EXE
 
***************************************************************************************************************************************************
Logfile of HijackThis v1.99.1
Scan saved at 11:47, on 7/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Documents and Settings\XPPRESP3\My Documents\Hijack\alternativ.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Tomcat5\apache-tomcat-5.5.26\apache-tomcat-5.5.26\bin\tomcat5.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)
 
 

Posted By : Touch - 7-9-2008 6:24
That´s good news smilewinkgrin
 
 
I´ll suggest you block for tracking cookies -
 
"Open Internet Options | Privacy, click on the Advanced button.
Place a check in "Override automatic cookie handling".
Set "First Party Cookies" to allow, set "Third Party Cookies" to Block."


To completely and immediately remove any infected file or files in the data store, turn off and then turn on System Restore.
To do so, follow these steps:
System Restore
 
 
Please  read Tony Klein's excellent article  about how to prevent against  spyware/hijackers in the future
http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html   
 

Do NOT post your problem in someone elses thread.
Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted



Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard