Iexplore.exe virus removal

WaleedB · #1 22nd Dec 2008, 14:19

Hey there,

My computer has been running extremely slowly recently and on start up an iexplore.exe is running even when an explorer isn't open. I was getting CiD pop-ups but those seem to have gone after I read some forum threads and used SD-LoP removal (something along the lines of that). However, im uncertain that everything has been removed and have a feeling there are still some residual malicious files left. Would be extremely grateful if anyone could have a look :) Here are my logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 12/22/2008 at 08:40 PM
Application Version : 4.23.1006
Core Rules Database Version : 3681
Trace Rules Database Version: 1659
Scan type : Complete Scan
Total Scan Time : 00:18:18
Memory items scanned : 315
Memory threats detected : 0
Registry items scanned : 3842
Registry threats detected : 0
File items scanned : 21744
File threats detected : 481
Adware.Tracking Cookie
C:\Documents and Settings\user\Cookies\user@statcounter[2].txt
C:\Documents and Settings\user\Cookies\user@zanox.parship.co[1].txt
C:\Documents and Settings\user\Cookies\user@banner.prestigecasino[2].txt
C:\Documents and Settings\user\Cookies\user@indextools[2].txt
C:\Documents and Settings\user\Cookies\user@ads.addynamix[2].txt
C:\Documents and Settings\user\Cookies\user@server.iad.liveperson[1].txt
C:\Documents and Settings\user\Cookies\user@serving-sys[1].txt
C:\Documents and Settings\user\Cookies\user@banner.skykingscasino[2].txt
C:\Documents and Settings\user\Cookies\user@fastclick[1].txt
C:\Documents and Settings\user\Cookies\user@xiti[1].txt
C:\Documents and Settings\user\Cookies\user@ad.zanox[2].txt
C:\Documents and Settings\user\Cookies\user@www.3pintracking[1].txt
C:\Documents and Settings\user\Cookies\user@www.burstnet[1].txt
C:\Documents and Settings\user\Cookies\user@adviva[2].txt
C:\Documents and Settings\user\Cookies\user@ringtonestracker[1].txt
C:\Documents and Settings\user\Cookies\user@ads.bleepingcomputer[2].txt
C:\Documents and Settings\user\Cookies\user@adtech[1].txt
C:\Documents and Settings\user\Cookies\user@pro-market[1].txt
C:\Documents and Settings\user\Cookies\user@carphonewarehouse.112.2 o7[1].txt
C:\Documents and Settings\user\Cookies\user@electronicarts.112.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@mansion.122.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@apmebf[2].txt
C:\Documents and Settings\user\Cookies\user@revenuehit[1].txt
C:\Documents and Settings\user\Cookies\user@adsdot.adbureau[1].txt
C:\Documents and Settings\user\Cookies\user@eas.apm.emediate[1].txt
C:\Documents and Settings\user\Cookies\user@tribalfusion[2].txt
C:\Documents and Settings\user\Cookies\user@revsci[2].txt
C:\Documents and Settings\user\Cookies\user@adopt.specificclick[2].txt
C:\Documents and Settings\user\Cookies\user@smartadserver[1].txt
C:\Documents and Settings\user\Cookies\user@kontera[2].txt
C:\Documents and Settings\user\Cookies\user@burstnet[1].txt
C:\Documents and Settings\user\Cookies\user@media6degrees[2].txt
C:\Documents and Settings\user\Cookies\user@adserver.adtechus[1].txt
C:\Documents and Settings\user\Cookies\user@ads.bootcampmedia[2].txt
C:\Documents and Settings\user\Cookies\user@atdmt[2].txt
C:\Documents and Settings\user\Cookies\user@realmedia[1].txt
C:\Documents and Settings\user\Cookies\user@cerosmedia[1].txt
C:\Documents and Settings\user\Cookies\user@trusted-liveclicks[1].txt
C:\Documents and Settings\user\Cookies\user@overture[1].txt
C:\Documents and Settings\user\Cookies\user@media.adrevolver[1].txt
C:\Documents and Settings\user\Cookies\user@www.googleadservices[2].txt
C:\Documents and Settings\user\Cookies\user@talksport.cerosmedia[1].txt
C:\Documents and Settings\user\Cookies\user@ads.pointroll[2].txt
C:\Documents and Settings\user\Cookies\user@tradedoubler[1].txt
C:\Documents and Settings\user\Cookies\user@tracking.dc-storm[2].txt
C:\Documents and Settings\user\Cookies\user@bs.serving-sys[1].txt
C:\Documents and Settings\user\Cookies\user@ads.right-ads[2].txt
C:\Documents and Settings\user\Cookies\user@zedo[2].txt
C:\Documents and Settings\user\Cookies\user@reduxads.valuead[1].txt
C:\Documents and Settings\user\Cookies\user@doubleclick[2].txt
C:\Documents and Settings\user\Cookies\user@microsoftwindows.112.2o 7[1].txt
C:\Documents and Settings\user\Cookies\user@mediaplex[1].txt
C:\Documents and Settings\user\Cookies\user@banner.eurogrand[2].txt
C:\Documents and Settings\user\Cookies\user@propertyfinder[2].txt
C:\Documents and Settings\user\Cookies\user@track.adform[2].txt
C:\Documents and Settings\user\Cookies\user@adopt.euroclick[1].txt
C:\Documents and Settings\user\Cookies\user@rotator.adjuggler[2].txt
C:\Documents and Settings\user\Cookies\user@msnportal.112.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@server.iad.liveperson[2].txt
C:\Documents and Settings\user\Cookies\user@statse.webtrendslive[2].txt
C:\Documents and Settings\user\Cookies\user@advertising[1].txt
C:\Documents and Settings\user\Cookies\user@www.googleadservices[1].txt
C:\Documents and Settings\Afshan\Cookies\afshan@ads.bootcampmedia[2].txt
C:\Documents and Settings\Afshan\Cookies\afshan@kontera[2].txt
C:\Documents and Settings\Afshan\Cookies\afshan@track.adform[2].txt
C:\Documents and Settings\Afshan\Cookies\afshan@adsdot.adbureau[2].txt
C:\Documents and Settings\Afshan\Cookies\afshan@adserver.adtechus[1].txt
C:\Documents and Settings\Afshan\Cookies\afshan@apmebf[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Afshan\Cookies\afsh an@adserveuk[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Afshan\Cookies\afsh an@www.googleadservices[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Afshan\Cookies\afsh an@www.googleadservices[5].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Afshan\Cookies\afsh an@www.googleadservices[3].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Afshan\Cookies\afsh an@www.googleadservices[4].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Afshan\Cookies\afsh an@insightexpressai[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Afshan\Cookies\afsh an@discountfurnituredirect.co[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Afshan\Cookies\afsh an@optimost[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Afshan\Cookies\afsh an@fastfinders.co[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Afshan\Cookies\afsh an@track.adform[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Afshan\Cookies\afsh an@partner2profit[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Afshan\Cookies\afsh an@bannersng.yell[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Afshan\Cookies\afsh an@122.2o7[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Afshan\Cookies\afsh an@ad1.emediate[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @track.adform[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @files.youporn[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @www.insight[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @dmtracker[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @e-2dj6whkiwkczwdo.stats.esomniture[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @ads.sun[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @adserveuk[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @www.timesexamresults.co[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @mediaonenetwork[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @advertstream[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @ads.telegraph.co[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @anad.tacoda[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @anat.tacoda[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @insight[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @ad1.emediate[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @advertiser.qsnetwork[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @media6degrees[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @ads.digital-digest[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @saletrack.co[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @ads.widgetbucks[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @ads.lunamedia.com[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @stats.adbrite[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @incentaclick[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @youporn[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @ads.mail[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @insightexpressai[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @socialmedia[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @roiservice[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @iacas.adbureau[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @nextag.co[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @discountbicycles.co[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @e-2dj6wfk4epazefp.stats.esomniture[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @tracking.foxnews[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @www.googleadservices[3].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @www.googleadservices[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @ads.aol.co[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @ads.apn.co[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @ads.pointroll[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @optimost[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @interclick[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @www.incentaclick[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @indoormedia.co[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @e-2dj6wjl4qjazkbo.stats.esomniture[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @adinterax[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @e-2dj6wfk4aodzkcp.stats.esomniture[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @www.etracker[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @www.newmediamedicine[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @track.webtrekk[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @ad.associatedcontent[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @e-2dj6wgl4gjdjsfp.stats.esomniture[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @e-2dj6whkigodjodo.stats.esomniture[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @adfarm1.adition[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @sitestats.co[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @tripod[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @newmediamedicine[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @ads.adbrite[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @e-2dj6wdlycgdjwlo.stats.esomniture[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @ad.islamonline[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @chitika[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @e-2dj6wbk4ojazido.stats.esomniture[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @findmysoft[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @richmedia.yahoo[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @ads-dev.youporn[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @revsci[3].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @trackingit101[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @servedby.onlinemediadiva[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @partypoker[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @precisionclick[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @stats.matraxis[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @indexstats[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @tracking.summitmedia.co[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @uk.insight[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @e-2dj6wgk4qgdzgho.stats.esomniture[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @eas.apm.emediate[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @viacom.adbureau[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @apmebf[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Owner\Cookies\owner @videoegg.adbureau[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @www.clickmanage[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @ads.sun[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @adserveuk[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @track.adform[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @battleon.directtrack[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @dmtracker[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @ads.clicksor[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @advert.runescape[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @www.googleadservices[11].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @anad.tacoda[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @porn613[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @ad1.emediate[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @youporn[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @e-2dj6wjmyglazsbq.stats.esomniture[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @ad1.clickhype[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @media6degrees[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @kontera[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @stat.youku[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @ads.marketingsur[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @ads.widgetbucks[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @w16.media-convert[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @carfinderservice[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @tracks-travel[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @cgm.adbureau[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @mediafire[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @www.googleadservices[4].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @www.googleadservices[3].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @www.googleadservices[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @www.googleadservices[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @www.googleadservices[7].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @ads.adap[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @iacas.adbureau[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @socialmedia[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @roiservice[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @propertyfinder[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @eqtracking[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @www.googleadservices[9].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @optimost[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @w00tpublishers.wootmedia[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @a7.adserver01[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @tracking.summitmedia.co[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @interclick[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @tracker.mediatracker.co[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @ads.lucidmedia[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @www.findaproperty[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @track.ucas[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @toplist[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @adcentriconline[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @videoegg.adbureau[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @adserver.aol[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @media-convert[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @eas.apm.emediate[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @indoormedia.co[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @smileycentral[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @account.live[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @e-2dj6wfloomd5ggp.stats.esomniture[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @servedby.onlinemediadiva[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @ads.us.e-planning[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @adserver.adtechus[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @myroitracking[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @servedby.adxpower[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @media.mtvnservices[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @ad.sticksports[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @ecnext.advertserve[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @specificclick[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @ads.telegraph.co[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @e-2dj6wjlicpazglo.stats.esomniture[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @findaproperty[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @tracker.roitesting[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @chitika[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @server.cpmstar[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @uac.advertising[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @specificmedia[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @ad.uk.tangozebra[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @ads.adbrite[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @umstreet.adbureau[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @trvlnet.adbureau[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @tdpg.adbureau[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @insightexpressai[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @e-2dj6wjkycgdjeko.stats.esomniture[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @go.globaladsales[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @richmedia.yahoo[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @ads-dev.youporn[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @www.ppctracking[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @partypoker[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @apmebf[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @ads.heias[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @viacom.adbureau[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @leadback.advertising[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @counter.plugin[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @e-2dj6wdmiwkajkko.stats.esomniture[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @ads.ogdenpubs[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\Cookies\wasim @www.tracks-travel[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@track.adform[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@lynxtrack[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@mediaonenetwork[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@baadserve.baplc[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@anat.tacoda[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@anad.tacoda[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@pr.valueclick[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@ad1.emediate[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@media6degrees[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@kontera[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@questionpro[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@www.googleadservices[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@www.googleadservices[6].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@www.googleadservices[5].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@www.googleadservices[4].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@www.googleadservices[3].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@www.googleadservices[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@www.googleadservices[7].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@socialmedia[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@roiservice[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@propertyfinder[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@www.googleadservices[9].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@www.googleadservices[8].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@optimost[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@w00tpublishers.wootm edia[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@tracking.summitmedia .co[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@interclick[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@m1.webstats.motigo[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@nextag.co[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@prospect.adbureau[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@adinsert.buddymedia[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@videoegg.adbureau[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@findarticles[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@adinterax[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@smileycentral[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@eas.apm.emediate[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@account.live[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@e-2dj6wjmiaod5wcq.stats.esomniture[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@e-2dj6wbliegdjkko.stats.esomniture[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@rocku.adbureau[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@ad.sticksports[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@postclicktracking[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@media.mtvnservices[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@tripod[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@ads.planetactive[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@countercentral[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@server.cpmstar[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@ad.uk.tangozebra[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@banners2.battleon[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@ads.revsci[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@sitestat.mayoclinic[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@banners.battleon[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@richmedia.yahoo[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@audit.median[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@azfinder.co[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@tracking.veille-referencement[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@advertising[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@apmebf[2].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@ad.lookery[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@a.findarticles[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@webtracking.touchcla rity[1].txt
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Cookies\wasim@e-2dj6wjl4cpajsfp.stats.esomniture[1].txt
C:\Documents and Settings\Mustafa\Cookies\mustafa@eas.apm.emediate[2].txt
C:\Documents and Settings\Mustafa\Cookies\mustafa@peer2peeren.media-toolbar[1].txt
C:\Documents and Settings\Mustafa\Cookies\mustafa@mediatraffic[1].txt
C:\Documents and Settings\Mustafa\Cookies\mustafa@iacas.adbureau[2].txt
C:\Documents and Settings\Mustafa\Cookies\mustafa@media-toolbar[1].txt
C:\Documents and Settings\Mustafa\Cookies\mustafa@apmebf[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Afshan\Cookies\afshan@adserveuk[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Afshan\Cookies\afshan@www.googleads ervices[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Afshan\Cookies\afshan@www.googleads ervices[5].txt
C:\Documents and Settings\user\My Documents\BUTT\Afshan\Cookies\afshan@www.googleads ervices[3].txt
C:\Documents and Settings\user\My Documents\BUTT\Afshan\Cookies\afshan@www.googleads ervices[4].txt
C:\Documents and Settings\user\My Documents\BUTT\Afshan\Cookies\afshan@insightexpres sai[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Afshan\Cookies\afshan@discountfurni turedirect.co[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Afshan\Cookies\afshan@optimost[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Afshan\Cookies\afshan@fastfinders.c o[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Afshan\Cookies\afshan@track.adform[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Afshan\Cookies\afshan@partner2profi t[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Afshan\Cookies\afshan@bannersng.yel l[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Afshan\Cookies\afshan@122.2o7[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Afshan\Cookies\afshan@ad1.emediate[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@track.adform[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@files.youporn[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@www.insight[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@dmtracker[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@e-2dj6whkiwkczwdo.stats.esomniture[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@ads.sun[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@adserveuk[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@www.timesexamre sults.co[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@mediaonenetwork[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@advertstream[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@ads.telegraph.c o[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@anad.tacoda[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@anat.tacoda[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@insight[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@ad1.emediate[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@advertiser.qsne twork[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@media6degrees[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@ads.digital-digest[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@saletrack.co[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@ads.widgetbucks[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@ads.lunamedia.c om[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@stats.adbrite[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@incentaclick[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@youporn[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@ads.mail[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@insightexpressa i[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@socialmedia[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@roiservice[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@iacas.adbureau[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@nextag.co[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@discountbicycle s.co[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@e-2dj6wfk4epazefp.stats.esomniture[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@tracking.foxnew s[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@www.googleadser vices[3].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@www.googleadser vices[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@ads.aol.co[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@ads.apn.co[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@ads.pointroll[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@optimost[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@interclick[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@www.incentaclic k[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@indoormedia.co[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@e-2dj6wjl4qjazkbo.stats.esomniture[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@adinterax[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@e-2dj6wfk4aodzkcp.stats.esomniture[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@www.etracker[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@www.newmediamed icine[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@track.webtrekk[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@ad.associatedco ntent[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@e-2dj6wgl4gjdjsfp.stats.esomniture[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@e-2dj6whkigodjodo.stats.esomniture[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@adfarm1.adition[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@sitestats.co[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@tripod[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@newmediamedicin e[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@ads.adbrite[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@e-2dj6wdlycgdjwlo.stats.esomniture[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@ad.islamonline[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@chitika[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@e-2dj6wbk4ojazido.stats.esomniture[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@findmysoft[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@richmedia.yahoo[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@ads-dev.youporn[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@revsci[3].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@trackingit101[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@servedby.online mediadiva[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@partypoker[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@precisionclick[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@stats.matraxis[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@indexstats[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@tracking.summit media.co[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@uk.insight[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@e-2dj6wgk4qgdzgho.stats.esomniture[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@eas.apm.emediat e[1].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@viacom.adbureau[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@apmebf[2].txt
C:\Documents and Settings\user\My Documents\BUTT\Owner\Cookies\owner@videoegg.adbure au[2].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@track.adform[2].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@lynxtrack[2].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@mediaonenetwork[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@baadserve.baplc[2].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@anat.tacoda[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@anad.tacoda[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@pr.valueclick[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@ad1.emediate[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@media6degrees[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@kontera[2].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@questionpro[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@www.googleadservices[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@www.googleadservices[6].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@www.googleadservices[5].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@www.googleadservices[4].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@www.googleadservices[3].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@www.googleadservices[2].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@www.googleadservices[7].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@socialmedia[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@roiservice[2].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@propertyfinder[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@www.googleadservices[9].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@www.googleadservices[8].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@optimost[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@w00tpublishers.wootm edia[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@tracking.summitmedia .co[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@interclick[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@m1.webstats.motigo[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@nextag.co[2].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@prospect.adbureau[2].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@adinsert.buddymedia[2].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@videoegg.adbureau[2].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@findarticles[2].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@adinterax[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@smileycentral[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@eas.apm.emediate[2].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@account.live[2].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@e-2dj6wjmiaod5wcq.stats.esomniture[2].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@e-2dj6wbliegdjkko.stats.esomniture[2].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@rocku.adbureau[2].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@ad.sticksports[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@postclicktracking[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@media.mtvnservices[2].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@tripod[2].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@ads.planetactive[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@countercentral[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@server.cpmstar[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@ad.uk.tangozebra[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@banners2.battleon[2].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@ads.revsci[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@sitestat.mayoclinic[2].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@banners.battleon[2].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@richmedia.yahoo[2].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@audit.median[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@azfinder.co[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@tracking.veille-referencement[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@advertising[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@apmebf[2].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@ad.lookery[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@a.findarticles[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@webtracking.touchcla rity[1].txt
C:\Documents and Settings\user\My Documents\Wasim\Cookies\wasim@e-2dj6wjl4cpajsfp.stats.esomniture[1].txt
C:\Documents and Settings\Waleed\Cookies\waleed@ads.bleepingcompute r[2].txt
C:\Documents and Settings\Waleed\Cookies\waleed@www.googleadservice s[1].txt
C:\Documents and Settings\Waleed\Cookies\waleed@ads.widgetbucks[1].txt
C:\Documents and Settings\Waleed\Cookies\waleed@ads.aol.co[1].txt
C:\Documents and Settings\Waleed\Cookies\waleed@apmebf[1].txt
C:\Documents and Settings\Waleed\Cookies\waleed@advertising[1].txt
C:\Lop SD\Backup-Lop\DOCUME~1\user\Cookies\user@adopt.euroclick[1].txt

Malwarebytes' Anti-Malware 1.31
Database version: 1533
Windows 5.1.2600 Service Pack 3
22/12/2008 21:14:16
mbam-log-2008-12-22 (21-14-16).txt
Scan type: Full Scan (C:\|)
Objects scanned: 154461
Time elapsed: 29 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Application Data\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Application Data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Afshan\Desktop\Backup\Wasim\My Documents\Wasim\Application Data\VideoEgg\Updater\VideoEggBroker.exe.old (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\My Documents\Wasim\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\My Documents\Wasim\Application Data\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\My Documents\Wasim\Application Data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\My Documents\Wasim\Application Data\VideoEgg\Updater\VideoEggBroker.exe.old (Adware.VideoEgg) -> Quarantined and deleted successfully.

WaleedB · #2 22nd Dec 2008, 14:29

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14:55, on 22/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [loadupload] C:\DOCUME~1\user\APPLIC~1\DEADJU~1\OptionFunkCopy. exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 4985 bytes

WaleedB · #3 22nd Dec 2008, 14:30

ComboFix 08-12-21.04 - user 2008-12-22 21:23:36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1472 [GMT 0:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-11-22 to 2008-12-22 )))))))))))))))))))))))))))))))
.
2008-12-22 20:44 . 2008-12-22 20:44 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-22 20:44 . 2008-12-22 20:44 <DIR> d-------- c:\documents and settings\user\Application Data\Malwarebytes
2008-12-22 20:44 . 2008-12-22 20:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-22 20:44 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-22 20:44 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-22 20:21 . 2008-12-22 20:21 268 --ah----- C:\sqmdata03.sqm
2008-12-22 20:21 . 2008-12-22 20:21 244 --ah----- C:\sqmnoopt03.sqm
2008-12-22 20:03 . 2008-12-22 20:03 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-22 20:03 . 2008-12-22 20:03 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-22 20:03 . 2008-12-22 20:03 <DIR> d-------- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2008-12-22 20:03 . 2008-12-22 20:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-22 19:59 . 2008-12-22 19:59 268 --ah----- C:\sqmdata02.sqm
2008-12-22 19:59 . 2008-12-22 19:59 244 --ah----- C:\sqmnoopt02.sqm
2008-12-22 19:43 . 2008-12-22 19:43 <DIR> d-------- C:\rsit
2008-12-22 19:43 . 2008-12-22 21:14 <DIR> d-------- c:\program files\trend micro
2008-12-22 19:09 . 2008-12-22 19:11 <DIR> d-------- c:\program files\Winamp
2008-12-22 18:51 . 2008-12-22 19:37 <DIR> d-------- C:\Lop SD
2008-12-22 18:26 . 2008-12-22 18:26 268 --ah----- C:\sqmdata01.sqm
2008-12-22 18:26 . 2008-12-22 18:26 244 --ah----- C:\sqmnoopt01.sqm
2008-12-22 17:39 . 2008-09-17 09:55 201,050 --a------ c:\windows\system32\nvapps.nvb
2008-12-22 17:38 . 2008-12-22 17:38 <DIR> d-------- C:\NVIDIA
2008-12-22 17:32 . 2008-12-22 17:32 <DIR> d-------- c:\program files\Analog Devices
2008-12-22 17:32 . 2001-09-11 15:20 1,285,632 --------- c:\windows\system32\SMMedia.dll
2008-12-22 17:32 . 2001-09-19 13:47 765,952 -ra------ c:\windows\system\crlds3d.dll
2008-12-22 17:32 . 2006-03-17 18:18 392,960 -ra------ c:\windows\system32\drivers\senfilt.sys
2008-12-22 17:32 . 2007-10-09 14:41 313,856 -ra------ c:\windows\system32\drivers\ADIHdAud.sys
2008-12-22 17:32 . 2007-06-19 13:07 103,424 -ra------ c:\windows\system32\drivers\aeaudio.sys
2008-12-22 17:32 . 2005-05-04 09:20 53,248 --------- c:\windows\system32\wdmioctl.dll
2008-12-22 17:32 . 2006-07-10 15:42 49,152 --------- c:\windows\system32\DSndUp.exe
2008-12-22 17:32 . 2002-04-17 15:05 45,056 --------- c:\windows\system32\CleanUp.exe
2008-12-22 17:32 . 2007-03-27 10:36 28,160 -ra------ c:\windows\system32\PostProc.dll
2008-12-22 17:22 . 2008-12-22 17:22 <DIR> d-------- c:\program files\PC Drivers HeadQuarters
2008-12-22 17:22 . 2008-12-22 17:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2008-12-22 15:31 . 2008-12-22 15:31 106 --a------ C:\delete.bat
2008-12-22 15:30 . 2008-12-22 15:30 1,066,176 --a------ c:\windows\system32\mscomctl.ocx
2008-12-22 15:09 . 2008-12-22 15:09 <DIR> d-------- C:\deljob
2008-12-22 14:47 . 2008-05-09 10:53 512,000 -----c--- c:\windows\system32\dllcache\jscript.dll
2008-12-22 14:47 . 2008-05-09 10:53 430,080 -----c--- c:\windows\system32\dllcache\vbscript.dll
2008-12-22 14:47 . 2008-05-09 10:53 180,224 -----c--- c:\windows\system32\dllcache\scrobj.dll
2008-12-22 14:47 . 2008-05-09 10:53 172,032 -----c--- c:\windows\system32\dllcache\scrrun.dll
2008-12-22 14:47 . 2008-05-08 11:24 155,648 -----c--- c:\windows\system32\dllcache\wscript.exe
2008-12-22 14:47 . 2008-05-09 08:45 135,168 -----c--- c:\windows\system32\dllcache\cscript.exe
2008-12-22 14:47 . 2008-05-09 10:53 90,112 -----c--- c:\windows\system32\dllcache\wshext.dll
2008-12-12 14:10 . 2008-12-12 14:10 <DIR> d-------- c:\program files\Realtek
2008-12-12 12:10 . 2008-12-12 12:10 <DIR> d-------- C:\swsetup
2008-12-12 11:40 . 2008-12-12 11:40 <DIR> d-------- c:\documents and settings\Waleed\Application Data\DivX
2008-12-12 11:00 . 2008-12-12 11:00 <DIR> d-------- c:\documents and settings\Waleed\Application Data\ACD Systems
2008-12-12 08:56 . 2008-12-12 13:31 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-12 01:06 . 2008-12-22 15:18 <DIR> d-------- c:\program files\Spyware Doctor
2008-12-12 01:06 . 2008-12-12 01:06 <DIR> d-------- c:\documents and settings\Waleed\Application Data\PC Tools
2008-12-12 01:06 . 2008-12-22 20:21 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-12 01:06 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-12-12 01:06 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-12-12 01:06 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-12-12 01:06 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-12 01:00 . 2008-12-12 01:00 <DIR> d-------- c:\program files\Common Files\ACD Systems
2008-12-12 01:00 . 2008-12-12 01:00 <DIR> d-------- c:\program files\ACD Systems
2008-12-12 01:00 . 2008-12-12 01:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2008-12-12 00:59 . 2008-12-12 00:59 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-12 00:37 . 2008-12-12 00:37 <DIR> d-------- c:\program files\DivX
2008-12-12 00:35 . 2008-12-22 14:43 <DIR> d-------- c:\program files\BandwidthMeter
2008-12-12 00:31 . 2008-12-22 19:18 <DIR> d-------- c:\documents and settings\Waleed\Application Data\BitTorrent
2008-12-12 00:00 . 2008-12-12 00:00 <DIR> d-------- c:\program files\BitTorrent
2008-12-11 23:49 . 2008-12-12 00:38 <DIR> d-------- c:\documents and settings\Waleed\Application Data\Winamp
2008-12-11 23:37 . 2008-12-11 23:37 <DIR> d-------- c:\windows\system32\scripting
2008-12-11 23:37 . 2008-12-11 23:37 <DIR> d-------- c:\windows\system32\en
2008-12-11 23:37 . 2008-12-11 23:37 <DIR> d-------- c:\windows\system32\bits
2008-12-11 23:31 . 2008-12-11 23:37 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-11 23:22 . 2008-12-11 23:22 <DIR> d-------- c:\documents and settings\Waleed\Contacts
2008-12-11 23:19 . 2008-12-11 23:19 <DIR> d-------- c:\documents and settings\Waleed\Application Data\dead jump hold
2008-12-11 23:18 . 2008-12-11 23:18 <DIR> d-------- c:\windows\EHome
2008-12-11 23:13 . 2008-12-22 19:18 <DIR> d-------- c:\documents and settings\Waleed
2008-12-11 20:55 . 2008-10-23 12:36 286,720 -----c--- c:\windows\system32\dllcache\gdi32.dll
2008-12-01 11:02 . 2008-12-01 11:02 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-12-01 11:01 . 2008-12-12 10:43 <DIR> d-------- c:\program files\Common Files\Adobe
2008-12-01 09:43 . 2008-12-01 09:43 <DIR> d-------- c:\documents and settings\Afshan\Contacts
2008-12-01 09:39 . 2008-12-01 09:39 <DIR> d-------- c:\documents and settings\Afshan\Application Data\dead jump hold
2008-12-01 09:33 . 2008-12-01 09:43 <DIR> d-------- c:\documents and settings\Afshan
2008-11-30 21:48 . 2008-11-30 21:48 <DIR> d-------- c:\program files\MSXML 6.0
2008-11-30 21:47 . 2008-11-30 21:47 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-30 21:47 . 2007-08-10 20:46 26,488 --a------ c:\windows\system32\spupdsvc.exe
2008-11-30 21:46 . 2008-12-22 14:48 <DIR> d--h----- c:\windows\$hf_mig$
2008-11-30 21:33 . 2008-11-30 21:33 <DIR> d-------- c:\program files\MSECache
2008-11-30 21:12 . 2008-11-30 21:12 <DIR> d-------- c:\documents and settings\Mustafa\Application Data\dead jump hold
2008-11-30 21:01 . 2008-12-22 14:46 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-30 21:01 . 2008-11-30 21:01 <DIR> d-------- c:\program files\AVG
2008-11-30 21:01 . 2008-12-22 18:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-30 21:01 . 2008-11-30 21:01 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-30 21:01 . 2008-11-30 21:01 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-30 21:01 . 2008-11-30 21:01 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-30 20:55 . 2008-11-30 20:55 <DIR> d-------- c:\documents and settings\Mustafa\Contacts
2008-11-30 20:54 . 2008-11-30 21:02 <DIR> d-------- c:\documents and settings\Mustafa
2008-11-30 20:42 . 2008-10-16 20:24 6,068,224 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-30 20:42 . 2008-05-07 05:12 1,288,192 -----c--- c:\windows\system32\dllcache\quartz.dll
2008-11-30 20:42 . 2008-06-13 11:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-11-30 20:42 . 2008-06-13 11:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-30 20:42 . 2008-07-07 20:26 253,952 -----c--- c:\windows\system32\dllcache\es.dll
2008-11-30 20:41 . 2008-09-15 12:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-30 20:41 . 2008-09-08 10:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-30 20:41 . 2008-08-14 10:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-11-30 20:40 . 2008-08-14 10:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-30 20:40 . 2008-08-14 10:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-30 20:40 . 2008-08-14 09:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-30 20:40 . 2008-08-14 09:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-30 20:40 . 2008-04-11 19:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-30 20:40 . 2008-10-24 11:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-30 20:40 . 2008-05-08 14:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-11-30 20:39 . 2008-10-15 16:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-29 17:48 . 2008-12-11 20:53 <DIR> d-------- c:\documents and settings\user\Contacts
2008-11-29 17:46 . 2008-11-29 17:46 268 --ah----- C:\sqmdata00.sqm
2008-11-29 17:46 . 2008-11-29 17:46 244 --ah----- C:\sqmnoopt00.sqm
2008-11-29 17:45 . 2008-11-29 17:45 <DIR> d-------- c:\program files\Real
2008-11-29 17:44 . 2008-11-29 17:44 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-11-29 17:44 . 2008-12-12 00:28 <DIR> d-------- c:\program files\MSN Messenger
2008-11-29 17:42 . 2008-11-29 17:42 <DIR> d-------- c:\program files\dead jump hold
2008-11-29 17:42 . 2008-11-29 17:42 <DIR> d-------- c:\documents and settings\user\Application Data\dead jump hold
2008-11-29 17:38 . 2008-11-29 17:38 <DIR> d-------- c:\program files\Windows Live
2008-11-29 17:38 . 2008-11-29 17:38 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-11-29 17:38 . 2008-11-29 17:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-29 16:36 . 2008-04-13 18:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-11-29 16:36 . 2008-04-14 00:11 21,504 --a------ c:\windows\system32\hidserv.dll
2008-11-29 16:36 . 2008-04-13 18:39 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-11-29 16:36 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-11-29 16:36 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2008-11-29 16:36 . 2008-04-13 18:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-12-22 17:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-22 17:10 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-12 14:10 319,488 ----a-w c:\windows\HideWin.exe
2008-11-29 15:57 --------- d-----w c:\program files\Marvell
2008-11-29 15:45 --------- d-----w c:\program files\microsoft frontpage
2008-11-29 15:42 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:24 827,904 ----a-w c:\windows\system32\wininet.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"loadupload"="c:\docume~1\user\APPLIC~1\DEADJU~1\O ptionFunkCopy.exe" [2008-11-29 568832]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-01 1261336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-10-09 1036288]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-09-17 86016]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2007-07-30 c:\windows\system32\HDAShCut.exe]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
c:\documents and settings\Waleed\Start Menu\Programs\Startup\
Bandwidth Meter.lnk - c:\program files\BandwidthMeter\BandwidthMeter.exe [2004-04-16 218112]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-30 97928]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-30 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-30 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-30 76040]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-12 356920]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bt.yahoo.com/
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 21:24:51
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\avgrsstx.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2008-12-22 21:25:43
ComboFix-quarantined-files.txt 2008-12-22 21:25:27
ComboFix2.txt 2008-12-22 18:40:38
Pre-Run: 87,901,802,496 bytes free
Post-Run: 87,923,576,832 bytes free
241 --- E O F --- 2008-12-22 14:48:10

**evilfantasy** · #4 22nd Dec 2008, 16:23

I need the log from Lop S&D. You can find it in C:\lopR.txt

WaleedB · #5 22nd Dec 2008, 17:12

My computer is actually running a lot better now - ever since I uninstalled spyware doctor. I have superanitspyware running instead now.. it might have been them both running at the same time that was causing it to slow down... but here is my log anyway.

--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : user ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:149 Go (Free:81 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 22/12/2008|21:56 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing folders in APPLIC~1
[01/12/2008|09:39] C:\DOCUME~1\Afshan\APPLIC~1\dead jump hold
[01/12/2008|09:33] C:\DOCUME~1\Afshan\APPLIC~1\Identities
[01/12/2008|09:39] C:\DOCUME~1\Afshan\APPLIC~1\Macromedia
[08/12/2008|11:09] C:\DOCUME~1\Afshan\APPLIC~1\Microsoft
[12/12/2008|01:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
[01/12/2008|11:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[22/12/2008|18:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[22/12/2008|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[29/11/2008|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[22/12/2008|17:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Drivers HeadQuarters
[22/12/2008|20:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[22/12/2008|21:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[29/11/2008|17:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[29/11/2008|15:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[29/11/2008|15:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[30/11/2008|21:12] C:\DOCUME~1\Mustafa\APPLIC~1\dead jump hold
[30/11/2008|20:54] C:\DOCUME~1\Mustafa\APPLIC~1\Identities
[30/11/2008|20:55] C:\DOCUME~1\Mustafa\APPLIC~1\Macromedia
[30/11/2008|20:55] C:\DOCUME~1\Mustafa\APPLIC~1\Microsoft
[29/11/2008|15:47] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[01/12/2008|11:03] C:\DOCUME~1\user\APPLIC~1\Adobe
[29/11/2008|17:42] C:\DOCUME~1\user\APPLIC~1\dead jump hold
[29/11/2008|15:48] C:\DOCUME~1\user\APPLIC~1\Identities
[29/11/2008|17:39] C:\DOCUME~1\user\APPLIC~1\Macromedia
[22/12/2008|20:44] C:\DOCUME~1\user\APPLIC~1\Malwarebytes
[30/11/2008|22:37] C:\DOCUME~1\user\APPLIC~1\Microsoft
[22/12/2008|20:03] C:\DOCUME~1\user\APPLIC~1\SUPERAntiSpyware.com
[12/12/2008|11:00] C:\DOCUME~1\Waleed\APPLIC~1\ACD Systems
[12/12/2008|00:31] C:\DOCUME~1\Waleed\APPLIC~1\Adobe
[22/12/2008|19:18] C:\DOCUME~1\Waleed\APPLIC~1\BitTorrent
[11/12/2008|23:19] C:\DOCUME~1\Waleed\APPLIC~1\dead jump hold
[12/12/2008|11:40] C:\DOCUME~1\Waleed\APPLIC~1\DivX
[11/12/2008|23:13] C:\DOCUME~1\Waleed\APPLIC~1\Identities
[11/12/2008|23:23] C:\DOCUME~1\Waleed\APPLIC~1\Macromedia
[22/12/2008|17:26] C:\DOCUME~1\Waleed\APPLIC~1\Microsoft
[12/12/2008|01:06] C:\DOCUME~1\Waleed\APPLIC~1\PC Tools
[12/12/2008|00:38] C:\DOCUME~1\Waleed\APPLIC~1\Winamp

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
[22/12/2008 21:55][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04/08/2004 12:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing Folders in C:\Program Files
[12/12/2008|01:00] C:\Program Files\ACD Systems
[01/12/2008|11:02] C:\Program Files\Adobe
[22/12/2008|17:32] C:\Program Files\Analog Devices
[30/11/2008|21:01] C:\Program Files\AVG
[22/12/2008|14:43] C:\Program Files\BandwidthMeter
[12/12/2008|00:00] C:\Program Files\BitTorrent
[22/12/2008|21:24] C:\Program Files\Common Files
[29/11/2008|15:43] C:\Program Files\ComPlus Applications
[29/11/2008|17:42] C:\Program Files\dead jump hold
[12/12/2008|00:37] C:\Program Files\DivX
[22/12/2008|17:24] C:\Program Files\InstallShield Installation Information
[22/12/2008|17:20] C:\Program Files\Internet Explorer
[22/12/2008|20:44] C:\Program Files\Malwarebytes' Anti-Malware
[29/11/2008|15:57] C:\Program Files\Marvell
[11/12/2008|23:41] C:\Program Files\Messenger
[29/11/2008|15:45] C:\Program Files\microsoft frontpage
[30/11/2008|21:33] C:\Program Files\Microsoft Office
[11/12/2008|23:37] C:\Program Files\Movie Maker
[12/12/2008|00:00] C:\Program Files\Mozilla Firefox
[30/11/2008|21:33] C:\Program Files\MSECache
[29/11/2008|15:41] C:\Program Files\MSN
[29/11/2008|15:42] C:\Program Files\MSN Gaming Zone
[12/12/2008|00:28] C:\Program Files\MSN Messenger
[30/11/2008|21:47] C:\Program Files\MSXML 4.0
[30/11/2008|21:48] C:\Program Files\MSXML 6.0
[11/12/2008|23:31] C:\Program Files\NetMeeting
[29/11/2008|15:42] C:\Program Files\Online Services
[11/12/2008|23:31] C:\Program Files\Outlook Express
[22/12/2008|17:22] C:\Program Files\PC Drivers HeadQuarters
[29/11/2008|17:45] C:\Program Files\Real
[12/12/2008|14:10] C:\Program Files\Realtek
[12/12/2008|11:35] C:\Program Files\Registry Mechanic
[22/12/2008|15:18] C:\Program Files\Spyware Doctor
[22/12/2008|20:03] C:\Program Files\SUPERAntiSpyware
[22/12/2008|21:14] C:\Program Files\trend micro
[29/11/2008|15:48] C:\Program Files\Uninstall Information
[22/12/2008|19:11] C:\Program Files\Winamp
[29/11/2008|17:38] C:\Program Files\Windows Live
[29/11/2008|15:42] C:\Program Files\Windows Media Connect 2
[11/12/2008|23:31] C:\Program Files\Windows Media Player
[11/12/2008|23:31] C:\Program Files\Windows NT
[29/11/2008|15:44] C:\Program Files\WindowsUpdate
[29/11/2008|15:45] C:\Program Files\xerox
--------------------\\ Listing Folders in C:\Program Files\Common Files
[12/12/2008|01:00] C:\Program Files\Common Files\ACD Systems
[12/12/2008|10:43] C:\Program Files\Common Files\Adobe
[01/12/2008|11:02] C:\Program Files\Common Files\Adobe AIR
[22/12/2008|17:10] C:\Program Files\Common Files\InstallShield
[30/11/2008|21:33] C:\Program Files\Common Files\Microsoft Shared
[29/11/2008|15:43] C:\Program Files\Common Files\MSSoap
[29/11/2008|15:36] C:\Program Files\Common Files\ODBC
[29/11/2008|15:43] C:\Program Files\Common Files\Services
[29/11/2008|15:36] C:\Program Files\Common Files\SpeechEngines
[11/12/2008|23:30] C:\Program Files\Common Files\System
[29/11/2008|17:38] C:\Program Files\Common Files\WindowsLiveInstaller
[22/12/2008|20:03] C:\Program Files\Common Files\Wise Installation Wizard
--------------------\\ Process
( 35 Processes )
... OK !
--------------------\\ Searching with S_Lop
No Lop folder found !

--------------------\\ Searching for Lop Files - Folders
No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !
--------------------\\ Checking the Hosts file
Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 22:00:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\user\My Documents\Wasim\Application Data\yoclient\rsrc\bundles\tiles\outdoors\structur es\bundle\jettyedge_crack.raw

[F:2][D:1]-> C:\DOCUME~1\user\LOCALS~1\Temp
[F:133][D:0]-> C:\DOCUME~1\user\Cookies
[F:414][D:4]-> C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 22/12/2008|18:54 - Option : [2]
2 - "C:\Lop SD\LopR_2.txt" - 22/12/2008|19:37 - Option : [2]
3 - "C:\Lop SD\LopR_3.txt" - 22/12/2008|21:27 - Option : [2]
4 - "C:\Lop SD\LopR_4.txt" - 22/12/2008|22:01 - Option : [2]
--------------------\\ Scan completed at 22:01:58

**evilfantasy** · #6 22nd Dec 2008, 17:46

Spyware Doctor is a known resource hog. It's good but uses too many resources.

Quote:

--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\user\My Documents\Wasim\Application Data\yoclient\rsrc\bundles\tiles\outdoors\structur es\bundle\jettyedge_crack.raw

You are going to have to remove this before we continue. We don't support the use of cracks and it is likely the source ore one of the sources of the problems.

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:

KillAll::

Folder::
C:\DOCUME~1\Afshan\APPLIC~1\dead jump hold
C:\DOCUME~1\Mustafa\APPLIC~1\dead jump hold
C:\DOCUME~1\user\APPLIC~1\dead jump hold
C:\DOCUME~1\Waleed\APPLIC~1\dead jump hold
C:\Program Files\dead jump hold
C:\deljob

File::
C:\DOCUME~1\user\My Documents\Wasim\Application Data\yoclient\rsrc\bundles\tiles\outdoors\structur es\bundle\jettyedge_crack.raw
C:\sqmdata03.sqm
C:\sqmnoopt03.sqm
C:\sqmdata02.sqm
C:\sqmnoopt02.sqm
C:\sqmdata01.sqm
C:\sqmnoopt01.sqm
c:\windows\system32\DSndUp.exe
C:\delete.bat
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"loadupload"=-

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

WaleedB · #7 22nd Dec 2008, 18:02

ComboFix 08-12-21.04 - Waleed 2008-12-23 0:54:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1481 [GMT 0:00]
Running from: c:\documents and settings\Waleed\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Waleed\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\delete.bat
c:\docume~1\user\My Documents\Wasim\Application Data\yoclient\rsrc\bundles\tiles\outdoors\structur es\bundle\jettyedge_crack.raw
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
c:\windows\system32\DSndUp.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\delete.bat
C:\deljob
c:\deljob\ACC05FE091BFD228.job
c:\docume~1\Afshan\APPLIC~1\dead jump hold
c:\docume~1\Mustafa\APPLIC~1\dead jump hold
c:\docume~1\user\APPLIC~1\dead jump hold
c:\docume~1\user\APPLIC~1\dead jump hold\0
c:\docume~1\user\APPLIC~1\dead jump hold\gcdcjgnl.exe
c:\docume~1\user\APPLIC~1\dead jump hold\insidedrvbleh.exe
c:\docume~1\user\APPLIC~1\dead jump hold\OptionFunkCopy.exe
c:\docume~1\user\APPLIC~1\dead jump hold\Remote flap extra wipe.exe
c:\docume~1\Waleed\APPLIC~1\dead jump hold
c:\program files\dead jump hold
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
c:\windows\system32\DSndUp.exe
.
((((((((((((((((((((((((( Files Created from 2008-11-23 to 2008-12-23 )))))))))))))))))))))))))))))))
.
2008-12-23 00:22 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-12-23 00:21 . 2008-12-23 00:21 <DIR> d-------- c:\program files\Microsoft Works
2008-12-23 00:20 . 2008-12-23 00:20 <DIR> d-------- c:\program files\Microsoft.NET
2008-12-23 00:18 . 2008-12-23 00:21 <DIR> d-------- c:\windows\SHELLNEW
2008-12-23 00:18 . 2008-12-23 00:18 <DIR> dr-h----- C:\MSOCache
2008-12-23 00:18 . 2008-12-23 00:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-23 00:15 . 2008-12-23 00:15 <DIR> d-------- c:\documents and settings\Waleed\Application Data\SUPERAntiSpyware.com
2008-12-23 00:14 . 2008-12-23 00:14 <DIR> d-------- c:\documents and settings\Waleed\Application Data\Malwarebytes
2008-12-22 23:21 . 2008-12-22 23:21 244 --ah----- C:\sqmnoopt05.sqm
2008-12-22 23:21 . 2008-12-22 23:21 232 --ah----- C:\sqmdata05.sqm
2008-12-22 23:19 . 2008-12-22 23:19 244 --ah----- C:\sqmnoopt04.sqm
2008-12-22 23:19 . 2008-12-22 23:19 232 --ah----- C:\sqmdata04.sqm
2008-12-22 23:09 . 2008-12-22 23:09 <DIR> d-------- c:\documents and settings\user\Application Data\ACD Systems
2008-12-22 22:50 . 2008-12-23 00:48 <DIR> d-------- c:\documents and settings\user\Application Data\BitTorrent
2008-12-22 22:49 . 2008-12-22 22:49 <DIR> d-------- c:\program files\DNA
2008-12-22 22:49 . 2008-12-22 22:49 <DIR> d-------- c:\program files\BitTorrent
2008-12-22 22:49 . 2008-12-23 00:49 <DIR> d-------- c:\documents and settings\user\Application Data\DNA
2008-12-22 22:28 . 2008-12-22 22:35 <DIR> d-------- c:\documents and settings\user\Application Data\Winamp
2008-12-22 20:44 . 2008-12-22 20:44 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-22 20:44 . 2008-12-22 20:44 <DIR> d-------- c:\documents and settings\user\Application Data\Malwarebytes
2008-12-22 20:44 . 2008-12-22 20:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-22 20:44 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-22 20:44 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-22 20:03 . 2008-12-22 20:03 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-22 20:03 . 2008-12-22 20:03 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-22 20:03 . 2008-12-22 20:03 <DIR> d-------- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2008-12-22 20:03 . 2008-12-22 20:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-22 19:43 . 2008-12-22 19:43 <DIR> d-------- C:\rsit
2008-12-22 19:43 . 2008-12-22 21:14 <DIR> d-------- c:\program files\trend micro
2008-12-22 19:09 . 2008-12-22 19:11 <DIR> d-------- c:\program files\Winamp
2008-12-22 18:51 . 2008-12-22 22:01 <DIR> d-------- C:\Lop SD
2008-12-22 17:39 . 2008-09-17 09:55 201,050 --a------ c:\windows\system32\nvapps.nvb
2008-12-22 17:38 . 2008-12-22 17:38 <DIR> d-------- C:\NVIDIA
2008-12-22 17:32 . 2008-12-22 17:32 <DIR> d-------- c:\program files\Analog Devices
2008-12-22 17:32 . 2001-09-11 15:20 1,285,632 --------- c:\windows\system32\SMMedia.dll
2008-12-22 17:32 . 2001-09-19 13:47 765,952 -ra------ c:\windows\system\crlds3d.dll
2008-12-22 17:32 . 2006-03-17 18:18 392,960 -ra------ c:\windows\system32\drivers\senfilt.sys
2008-12-22 17:32 . 2007-10-09 14:41 313,856 -ra------ c:\windows\system32\drivers\ADIHdAud.sys
2008-12-22 17:32 . 2007-06-19 13:07 103,424 -ra------ c:\windows\system32\drivers\aeaudio.sys
2008-12-22 17:32 . 2005-05-04 09:20 53,248 --------- c:\windows\system32\wdmioctl.dll
2008-12-22 17:32 . 2002-04-17 15:05 45,056 --------- c:\windows\system32\CleanUp.exe
2008-12-22 17:32 . 2007-03-27 10:36 28,160 -ra------ c:\windows\system32\PostProc.dll
2008-12-22 17:22 . 2008-12-22 17:22 <DIR> d-------- c:\program files\PC Drivers HeadQuarters
2008-12-22 17:22 . 2008-12-22 17:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2008-12-22 14:47 . 2008-05-09 10:53 512,000 -----c--- c:\windows\system32\dllcache\jscript.dll
2008-12-22 14:47 . 2008-05-09 10:53 430,080 -----c--- c:\windows\system32\dllcache\vbscript.dll
2008-12-22 14:47 . 2008-05-09 10:53 180,224 -----c--- c:\windows\system32\dllcache\scrobj.dll
2008-12-22 14:47 . 2008-05-09 10:53 172,032 -----c--- c:\windows\system32\dllcache\scrrun.dll
2008-12-22 14:47 . 2008-05-08 11:24 155,648 -----c--- c:\windows\system32\dllcache\wscript.exe
2008-12-22 14:47 . 2008-05-09 08:45 135,168 -----c--- c:\windows\system32\dllcache\cscript.exe
2008-12-22 14:47 . 2008-05-09 10:53 90,112 -----c--- c:\windows\system32\dllcache\wshext.dll
2008-12-12 14:10 . 2008-12-12 14:10 <DIR> d-------- c:\program files\Realtek
2008-12-12 12:10 . 2008-12-12 12:10 <DIR> d-------- C:\swsetup
2008-12-12 11:40 . 2008-12-12 11:40 <DIR> d-------- c:\documents and settings\Waleed\Application Data\DivX
2008-12-12 11:00 . 2008-12-12 11:00 <DIR> d-------- c:\documents and settings\Waleed\Application Data\ACD Systems
2008-12-12 08:56 . 2008-12-12 13:31 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-12 01:06 . 2008-12-22 22:29 <DIR> d-------- c:\program files\Spyware Doctor
2008-12-12 01:06 . 2008-12-22 22:29 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-12 01:00 . 2008-12-12 01:00 <DIR> d-------- c:\program files\Common Files\ACD Systems
2008-12-12 01:00 . 2008-12-12 01:00 <DIR> d-------- c:\program files\ACD Systems
2008-12-12 01:00 . 2008-12-12 01:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2008-12-12 00:59 . 2008-12-12 00:59 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-12 00:37 . 2008-12-12 00:37 <DIR> d-------- c:\program files\DivX
2008-12-12 00:35 . 2008-12-22 14:43 <DIR> d-------- c:\program files\BandwidthMeter
2008-12-12 00:31 . 2008-12-22 19:18 <DIR> d-------- c:\documents and settings\Waleed\Application Data\BitTorrent
2008-12-11 23:49 . 2008-12-12 00:38 <DIR> d-------- c:\documents and settings\Waleed\Application Data\Winamp
2008-12-11 23:37 . 2008-12-11 23:37 <DIR> d-------- c:\windows\system32\scripting
2008-12-11 23:37 . 2008-12-11 23:37 <DIR> d-------- c:\windows\system32\en
2008-12-11 23:37 . 2008-12-11 23:37 <DIR> d-------- c:\windows\system32\bits
2008-12-11 23:31 . 2008-12-11 23:37 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-11 23:22 . 2008-12-11 23:22 <DIR> d-------- c:\documents and settings\Waleed\Contacts
2008-12-11 23:18 . 2008-12-11 23:18 <DIR> d-------- c:\windows\EHome
2008-12-11 23:13 . 2008-12-22 19:18 <DIR> d-------- c:\documents and settings\Waleed
2008-12-11 20:55 . 2008-10-23 12:36 286,720 -----c--- c:\windows\system32\dllcache\gdi32.dll
2008-12-01 11:02 . 2008-12-01 11:02 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-12-01 11:01 . 2008-12-12 10:43 <DIR> d-------- c:\program files\Common Files\Adobe
2008-12-01 09:43 . 2008-12-01 09:43 <DIR> d-------- c:\documents and settings\Afshan\Contacts
2008-12-01 09:33 . 2008-12-01 09:43 <DIR> d-------- c:\documents and settings\Afshan
2008-11-30 21:48 . 2008-11-30 21:48 <DIR> d-------- c:\program files\MSXML 6.0
2008-11-30 21:47 . 2008-11-30 21:47 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-30 21:47 . 2007-08-10 20:46 26,488 --a------ c:\windows\system32\spupdsvc.exe
2008-11-30 21:46 . 2008-12-22 14:48 <DIR> d--h----- c:\windows\$hf_mig$
2008-11-30 21:33 . 2008-11-30 21:33 <DIR> d-------- c:\program files\MSECache
2008-11-30 21:01 . 2008-12-22 14:46 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-30 21:01 . 2008-11-30 21:01 <DIR> d-------- c:\program files\AVG
2008-11-30 21:01 . 2008-12-22 18:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-30 21:01 . 2008-11-30 21:01 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-30 21:01 . 2008-11-30 21:01 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-30 21:01 . 2008-11-30 21:01 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-30 20:55 . 2008-11-30 20:55 <DIR> d-------- c:\documents and settings\Mustafa\Contacts
2008-11-30 20:54 . 2008-11-30 21:02 <DIR> d-------- c:\documents and settings\Mustafa
2008-11-30 20:42 . 2008-10-16 20:24 6,068,224 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-30 20:42 . 2008-05-07 05:12 1,288,192 -----c--- c:\windows\system32\dllcache\quartz.dll
2008-11-30 20:42 . 2008-06-13 11:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-11-30 20:42 . 2008-06-13 11:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-30 20:42 . 2008-07-07 20:26 253,952 -----c--- c:\windows\system32\dllcache\es.dll
2008-11-30 20:41 . 2008-09-15 12:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-30 20:41 . 2008-09-08 10:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-30 20:41 . 2008-08-14 10:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-11-30 20:40 . 2008-08-14 10:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-30 20:40 . 2008-08-14 10:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-30 20:40 . 2008-08-14 09:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-30 20:40 . 2008-08-14 09:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-30 20:40 . 2008-04-11 19:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-30 20:40 . 2008-10-24 11:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-30 20:40 . 2008-05-08 14:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-11-30 20:39 . 2008-10-15 16:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-29 17:48 . 2008-12-11 20:53 <DIR> d-------- c:\documents and settings\user\Contacts
2008-11-29 17:45 . 2008-11-29 17:45 <DIR> d-------- c:\program files\Real
2008-11-29 17:44 . 2008-11-29 17:44 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-11-29 17:44 . 2008-12-12 00:28 <DIR> d-------- c:\program files\MSN Messenger
2008-11-29 17:38 . 2008-11-29 17:38 <DIR> d-------- c:\program files\Windows Live
2008-11-29 17:38 . 2008-11-29 17:38 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-11-29 17:38 . 2008-11-29 17:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-29 16:36 . 2008-04-13 18:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-11-29 16:36 . 2008-04-14 00:11 21,504 --a------ c:\windows\system32\hidserv.dll
2008-11-29 16:36 . 2008-04-13 18:39 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-11-29 16:36 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-11-29 16:36 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2008-11-29 16:36 . 2008-04-13 18:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-12-22 17:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-22 17:10 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-12 14:10 319,488 ----a-w c:\windows\HideWin.exe
2008-11-29 15:57 --------- d-----w c:\program files\Marvell
2008-11-29 15:45 --------- d-----w c:\program files\microsoft frontpage
2008-11-29 15:42 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-01 1261336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-10-09 1036288]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-09-17 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2007-07-30 c:\windows\system32\HDAShCut.exe]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
c:\documents and settings\Waleed\Start Menu\Programs\Startup\
Bandwidth Meter.lnk - c:\program files\BandwidthMeter\BandwidthMeter.exe [2004-04-16 218112]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-30 97928]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-30 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-30 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-30 76040]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://bt.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-23 00:58:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(636)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\rundll32.exe
.
************************************************** ************************
.
Completion time: 2008-12-23 1:00:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-23 01:00:08
ComboFix2.txt 2008-12-22 21:25:44
Pre-Run: 90,180,067,328 bytes free
Post-Run: 90,219,089,920 bytes free
264 --- E O F --- 2008-12-22 14:48:10

**evilfantasy** · #8 22nd Dec 2008, 18:16

Delete temporary files

Go to:

Start
Run
type: CLEANMGR.EXE
Press Enter.

When prompted select the C: drive and click OK.
Check the boxes for:

Temporary Internet Files
Downloaded Program Files
Recycle Bin
Temporary Files

Click OK or Enter

----------

Run this online scan.

This scanner requires Internet Explorer

Use the ESET Nod32 Online Scanner

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.

Also let me know how the computer is running now.

WaleedB · #9 22nd Dec 2008, 18:59

I don't have limewire installed on this computer - however recently my hard drive did fail so everything from my old hard drive had to be transferred across onto this new one so I think it deleted one of those files.. not sure... Computer is running better in general, thanks for all your help!

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3712 (20081222)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=76ef5f9668411049bde212375e5d18ad
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-12-23 01:54:38
# local_time=2008-12-23 01:54:38 (+0000, GMT Standard Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 3
# scanned=222829
# found=1
# scan_time=1466
C:\Documents and Settings\user\My Documents\LimeWire\Saved\disaster movie date song.mp3 WMA/TrojanDownloader.GetCodec.C trojan (unable to clean - deleted) 00000000000000000000000000000000

**evilfantasy** · #10 22nd Dec 2008, 19:05

I'm pretty confident we got it all.

Let me know if you have any questions.

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

The above procedure will:

Delete:
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:\Deckard folder, if present
- The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

----------

Use the Secunia Software Inspector to check for out of date software.
Out of date software has security vulnerabilities that malware can exploit.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

----------

Go to Microsoft Windows Update and get all critical updates.

----------

Make sure all of your security programs are up to date and run scans with them regularly.

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

Concerned about Browser Security? Consider using Mozilla Firefox.

To prevent unknown applications from being installed on your computer install WinPatrol
* Using Winpatrol to protect your computer from malicious software

I would suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself safe On The Web for tips and free tools to keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.