Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need To Remove Tr/vundo.gen


  • Please log in to reply
10 replies to this topic

#1 iylegacy

iylegacy

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 17 December 2007 - 03:31 PM

I tried to remove it but i cant seem to get rid of it.....i looked around and it seems other people cant also.....here is my log....help me please.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:56, on 17/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\wdhimllg.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\DOCUME~1\EBRAHI~1.EBR\LOCALS~1\Temp\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=2057
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {f72b9dd4-a8ea-e928-76a4-ea0672d1d154} - {451d1d27-60ae-4a67-829e-ae8a4dd9b27f} - C:\WINDOWS\system32\bpgsmjhm.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7DF9E4BC-B470-4D07-96E6-79C44C8B9A76} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - C:\WINDOWS\system32\khffdca.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\vndxlepz.dll (file missing)
O2 - BHO: (no name) - {B66A9FD9-25D6-4C59-9EBF-5EA292B2990C} - C:\WINDOWS\system32\jkhff.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\vndxlepz.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [juperqro] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\juperqro.dll"
O4 - HKLM\..\Run: [avp] "C:\DOCUME~1\ebrahim\LOCALS~1\Temp\avp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\BestsellerAntivirus\bm.exe" dm=http://bestsellerantivirus.com; ad=http://bestsellerantivirus.com
O4 - HKLM\..\Run: [rtasks] C:\Program Files\BestsellerAntivirus\rtasks.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [1040b14f] rundll32.exe "C:\WINDOWS\system32\ecxguaxe.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1193375162656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193375216390
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: khffdca - C:\WINDOWS\
O20 - Winlogon Notify: vndxlepz - C:\WINDOWS\
O20 - Winlogon Notify: winpsa32 - winpsa32.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\wdhimllg.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 8007 bytes

BC AdBot (Login to Remove)

 


m

#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:10 PM

Posted 17 December 2007 - 03:58 PM

Hello iylegacy,

Welcome to Bleeping Computer :blink:

Yikes....you have a LOT of it on your system. :thumbsup: We'll get it though. :wacko:

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 iylegacy

iylegacy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 17 December 2007 - 04:20 PM

i cant install it....it says some installation files are corrupt download a fresh one....

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:10 PM

Posted 17 December 2007 - 04:43 PM

Hello,

Okay, let's go about it differently then. :thumbsup:

Please print these instructions or copy them to Notepad (or another word processor), and save it for easier reference. This is because we will be in Safe Mode during the fix and you won’t be able to access the Internet to view these instructions.

Please download AVG Anti-Spyware Free Edition and save that file to your desktop.

This is a 30-day trial of the program -- This means that after 30 days the "background guard" protection will be de-activated. However, this version can continue to be manually updated and used as an on-demand scanner forever.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the setup program.
  • Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
  • On the top of the main screen select the "Update" icon, then under the "Manual update" section click the "Start update" button.
  • The update will start and a progress bar will show the updates being installed.
  • Once the update has completed (the progress bar will display "Update successful!") select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the "Settings" screen:
    • Click on "Recommended actions" -> select "Quarantine".
    • Under "Reports:" -> select "Do not automatically generate reports".
  • Close AVG Anti-Spyware. Please do NOT run a scan yet!
Next, please reboot your computer into Safe Mode by doing the following:
  • Reboot your computer.
  • After hearing your computer beep once during startup, but just before the Windows icon appears, begin tapping the F8 key on your keyboard. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, reboot the computer and try again.
  • Instead of Windows loading as normal, a menu should appear.
  • Using the arrow keys on the keyboard, scroll to and select the "Safe Mode" menu item, and then press "Enter".
Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: {f72b9dd4-a8ea-e928-76a4-ea0672d1d154} - {451d1d27-60ae-4a67-829e-ae8a4dd9b27f} - C:\WINDOWS\system32\bpgsmjhm.dll
O2 - BHO: (no name) - {7DF9E4BC-B470-4D07-96E6-79C44C8B9A76} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - C:\WINDOWS\system32\khffdca.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\vndxlepz.dll (file missing)
O2 - BHO: (no name) - {B66A9FD9-25D6-4C59-9EBF-5EA292B2990C} - C:\WINDOWS\system32\jkhff.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\vndxlepz.dll (file missing)
O4 - HKLM\..\Run: [juperqro] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\juperqro.dll"
O4 - HKLM\..\Run: [avp] "C:\DOCUME~1\ebrahim\LOCALS~1\Temp\avp.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\BestsellerAntivirus\bm.exe" dm=http://bestsellerantivirus.com; ad=http://bestsellerantivirus.com
O4 - HKLM\..\Run: [rtasks] C:\Program Files\BestsellerAntivirus\rtasks.exe
O4 - HKLM\..\Run: [1040b14f] rundll32.exe "C:\WINDOWS\system32\ecxguaxe.dll",b
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O20 - Winlogon Notify: khffdca - C:\WINDOWS\
O20 - Winlogon Notify: vndxlepz - C:\WINDOWS\
O20 - Winlogon Notify: winpsa32 - winpsa32.dll (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\wdhimllg.exe


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Then please run a scan with AVG Anti-Spyware:

IMPORTANT: Do NOT open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning process.
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab. Click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
  • Once the scan is complete do the following:
    • If you have any infections you will prompted, then select the "Apply all actions" button, AVG Anti-Spyware will then display "All actions have been applied" on the right hand side.
    • Next select the "Save Report" button at the bottom.
    • Then select the "Save report as" button in the lower left hand corner of the screen and save it as a text file on your system (make sure to remember where you saved that file, this is important!).
  • Close AVG Anti-Spyware and reboot your system normally into Windows. Please post the contents of the AVG Anti-Spyware report in your next reply, along with a new HijackThis log.
Now try to download and run ComboFix again.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 iylegacy

iylegacy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 17 December 2007 - 07:03 PM

ok this is my hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:02:21, on 18/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\EBRAHI~1.EBR\LOCALS~1\Temp\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=2057
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {696CAB41-76F0-44A4-B884-6B239E4CB7D5} - C:\WINDOWS\system32\jkhff.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [1040b14f] rundll32.exe "C:\WINDOWS\system32\ecxguaxe.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1193375162656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193375216390
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 6704 bytes

and this is my avg log

---------------------------------------------------------
_brand_ _product_ - Scan Report
---------------------------------------------------------

+ Created at: 23:50:33 17/12/2007

+ Scan result:



C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned.
C:\WINDOWS\system32\skjlrsjp\skjlrsjp3.exe -> Not-A-Virus.Downloader.Win32.UltimateFix.d : Cleaned.
:mozilla.132:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.455:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.114:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.238:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.364:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.45:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.45:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.468:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.486:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.505:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.596:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.606:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.722:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.739:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.850:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@sonymediasoftware.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\ebrahim\Cookies\ebrahim@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\ebrahim\Cookies\ebrahim@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
:mozilla.135:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.145:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.146:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.147:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.148:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.149:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.152:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.153:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.248:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.249:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.250:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.251:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@3.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.154:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.155:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.156:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.157:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.158:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.159:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.160:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.161:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.162:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.184:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.185:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.186:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.187:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.188:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.189:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.190:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.191:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\ebrahim\Cookies\ebrahim@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\ebrahim\Cookies\ebrahim@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\ebrahim\Cookies\ebrahim@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\ebrahim\Cookies\ebrahim@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.131:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.134:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.135:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.121:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.125:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.131:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.132:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\ebrahim\Cookies\ebrahim@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.138:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@adviva[1].txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.37:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\ebrahim\Cookies\ebrahim@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\ebrahim\Cookies\ebrahim@atdmt[3].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.133:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.715:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.314:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.315:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.316:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.299:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.300:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.302:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.53:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.54:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.55:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.56:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.57:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.58:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.59:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.60:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.66:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.878:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.289:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.474:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.126:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.127:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.128:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.129:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.130:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.134:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.181:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.456:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.728:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.75:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.76:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.77:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.78:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.79:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@connextra[3].txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.192:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.65:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\ebrahim\Cookies\ebrahim@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\ebrahim\Cookies\ebrahim@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.163:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.164:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.165:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.166:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.167:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.168:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.231:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.232:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.233:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.234:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.235:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.236:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.61:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.62:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.63:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.64:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.68:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.69:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.70:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.571:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.574:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.586:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.591:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.629:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.632:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.657:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.7:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.879:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.282:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.284:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.285:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.525:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.599:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.600:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.601:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.602:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.603:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.698:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.699:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.207:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.208:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.293:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.294:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.691:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.457:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.458:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.487:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.488:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.183:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.184:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\ebrahim\Cookies\ebrahim@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\ebrahim\Cookies\ebrahim@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.439:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.440:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.441:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.306:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.307:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.308:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.309:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.310:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.311:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.312:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.613:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.614:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.615:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.616:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.617:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.618:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.619:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\ebrahim\Cookies\ebrahim@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.182:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.183:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.340:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.341:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.342:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\ebrahim\Cookies\ebrahim@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.207:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.208:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.209:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.211:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.212:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.213:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.214:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.215:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.216:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.217:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.316:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.317:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.318:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.319:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.320:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.321:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.322:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.463:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.849:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.144:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.83:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.84:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.85:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.86:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.87:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.88:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.89:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.91:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.93:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.94:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.95:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.96:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.97:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.98:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\ebrahim\Cookies\ebrahim@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\ebrahim\Cookies\ebrahim@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.339:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.518:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.285:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.286:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.287:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.288:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.444:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.445:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.446:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.447:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.448:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.449:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.450:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.451:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.452:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.113:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.114:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.115:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.116:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.117:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.118:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.119:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.148:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.149:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.150:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.151:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.152:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.153:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.180:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.151:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.154:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.555:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.556:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\ebrahim\Cookies\ebrahim@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\ebrahim\Cookies\ebrahim@tradedoubler[3].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.813:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.814:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.815:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.816:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.817:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.185:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.186:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.187:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.188:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.237:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\ebrahim\Cookies\ebrahim@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.326:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.90:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.273:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\ebrahim\Cookies\ebrahim@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.792:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.793:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.263:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.264:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.265:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.266:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.267:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.399:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.400:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.401:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.402:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.403:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.471:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.472:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.472:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.473:C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Mozilla\Firefox\Profiles\7aoj39hh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.473:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.474:C:\Documents and Settings\ebrahim\Application Data\Mozilla\Firefox\Profiles\1gow44kc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Cookies\ebrahim@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\ebrahim\Cookies\ebrahim@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Please help me.....the detection warning from avira is popping up more then before.....HELLPP...

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:10 PM

Posted 17 December 2007 - 07:28 PM

Hello,

Just take it easy. :thumbsup: This is nasty stuff you have, and it's not going to go away in one post. I take it you couldn't get ComboFix to run?

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 iylegacy

iylegacy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 17 December 2007 - 07:58 PM

This is my VundoFix.txt


VundoFix V6.6.2

Checking Java version...

Sun Java not detected
Scan started at 04:34:37 30/11/2007

Listing files found while scanning....

C:\windows\system32\drvpigr.dll

Beginning removal...

Attempting to delete C:\windows\system32\drvpigr.dll
C:\windows\system32\drvpigr.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Sun Java not detected
Scan started at 00:35:01 18/12/2007

Listing files found while scanning....

C:\windows\system32\ffhkj.ini
C:\windows\system32\ffhkj.ini2
C:\windows\system32\jkhff.dll
C:\WINDOWS\system32\vndxlepz.dll
C:\windows\system32\vndxlepz.dllbox

Beginning removal...

Attempting to delete C:\windows\system32\ffhkj.ini
C:\windows\system32\ffhkj.ini Has been deleted!

Attempting to delete C:\windows\system32\ffhkj.ini2
C:\windows\system32\ffhkj.ini2 Has been deleted!

Attempting to delete C:\windows\system32\jkhff.dll
C:\windows\system32\jkhff.dll Has been deleted!

Attempting to delete C:\windows\system32\vndxlepz.dllbox
C:\windows\system32\vndxlepz.dllbox Has been deleted!

Performing Repairs to the registry.
Done!

and my hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:57:57, on 18/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\DOCUME~1\EBRAHI~1.EBR\LOCALS~1\Temp\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=2057
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {696CAB41-76F0-44A4-B884-6B239E4CB7D5} - C:\WINDOWS\system32\jkhff.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [1040b14f] rundll32.exe "C:\WINDOWS\system32\ecxguaxe.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1193375162656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193375216390
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 6478 bytes


Thanks....for all your help and support.......how much more to go....

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:10 PM

Posted 17 December 2007 - 08:39 PM

Did you try ComboFix again? I really need for you to answer my questions. I know you're frustrated, but I can't help you unless you help me just a bit. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 iylegacy

iylegacy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 17 December 2007 - 08:48 PM

yup it dont work....is there any other version of it or from somewhere else....this one might be faulty

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:10 PM

Posted 17 December 2007 - 09:07 PM

Try this one : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 iylegacy

iylegacy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 17 December 2007 - 09:18 PM

heres the combofix log...thanks this new one worked.....

ComboFix 07-12-17.1 - ebrahim 2007-12-18 2:09:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1439 [GMT 0:00]
Running from: C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Desktop\ComboFix(2).exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\SecCenter
C:\Program Files\Ultimate Defender
C:\UGA6P
C:\WINDOWS\system32\ppatch~1
C:\WINDOWS\system32\ppatch~1\??pPatch\
C:\WINDOWS\system32\skjlrsjp
C:\WINDOWS\system32\skjlrsjp\bg1.gif
C:\WINDOWS\system32\skjlrsjp\bgtop.gif
C:\WINDOWS\system32\skjlrsjp\bottom1.gif
C:\WINDOWS\system32\skjlrsjp\essentials.gif
C:\WINDOWS\system32\skjlrsjp\icon1.ico
C:\WINDOWS\system32\skjlrsjp\install1.gif
C:\WINDOWS\system32\skjlrsjp\left1.gif
C:\WINDOWS\system32\skjlrsjp\li.gif
C:\WINDOWS\system32\skjlrsjp\logo.gif
C:\WINDOWS\system32\skjlrsjp\main.htm
C:\WINDOWS\system32\skjlrsjp\mainframe.htm
C:\WINDOWS\system32\skjlrsjp\reinstall1.gif
C:\WINDOWS\system32\skjlrsjp\right1.gif
C:\WINDOWS\system32\skjlrsjp\s1.htm
C:\WINDOWS\system32\skjlrsjp\s2.htm
C:\WINDOWS\system32\skjlrsjp\s3.htm
C:\WINDOWS\system32\skjlrsjp\skjlrsjp1.exe
C:\WINDOWS\system32\skjlrsjp\skjlrsjp2.exe
C:\WINDOWS\system32\skjlrsjp\SMTop1.gif
C:\WINDOWS\system32\skjlrsjp\SMTop2.gif
C:\WINDOWS\system32\skjlrsjp\SMTop3.gif
C:\WINDOWS\system32\skjlrsjp\SMTop4.gif
C:\WINDOWS\system32\skjlrsjp\soft1_off.gif
C:\WINDOWS\system32\skjlrsjp\soft1_off_ext.gif
C:\WINDOWS\system32\skjlrsjp\soft1_on.gif
C:\WINDOWS\system32\skjlrsjp\soft1_on_ext.gif
C:\WINDOWS\system32\skjlrsjp\soft2_off.gif
C:\WINDOWS\system32\skjlrsjp\soft2_off_ext.gif
C:\WINDOWS\system32\skjlrsjp\soft2_on.gif
C:\WINDOWS\system32\skjlrsjp\soft2_on_ext.gif
C:\WINDOWS\system32\skjlrsjp\soft3_off.gif
C:\WINDOWS\system32\skjlrsjp\soft3_off_ext.gif
C:\WINDOWS\system32\skjlrsjp\soft3_on.gif
C:\WINDOWS\system32\skjlrsjp\soft3_on_ext.gif
C:\WINDOWS\system32\skjlrsjp\softbottom_off.gif
C:\WINDOWS\system32\skjlrsjp\softbottom_on.gif
C:\WINDOWS\system32\skjlrsjp\softleft_off.gif
C:\WINDOWS\system32\skjlrsjp\softleft_on.gif
C:\WINDOWS\system32\skjlrsjp\top1.gif
C:\WINDOWS\system32\skjlrsjp\top2.gif
C:\WINDOWS\system32\skjlrsjp\turnoff1.gif
C:\WINDOWS\system32\skjlrsjp\turnon1.gif

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-11-18 to 2007-12-18 )))))))))))))))))))))))))))))))
.

2007-12-18 02:14 . 2007-12-18 02:14 0 --a------ C:\WINDOWS\system32\jkhff.dll
2007-12-17 21:49 . 2007-12-17 21:49 <DIR> d-------- C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Grisoft
2007-12-17 21:49 . 2007-12-17 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-17 21:49 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-17 14:35 . 2007-12-18 02:08 971,009 ---hs---- C:\WINDOWS\system32\exaugxce.ini
2007-12-17 14:34 . 2007-12-17 14:34 85,568 --------- C:\WINDOWS\system32\ecxguaxe.dll
2007-12-17 02:59 . 2007-12-17 02:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-16 12:36 . 2007-12-17 01:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-16 12:36 . 2007-12-16 12:36 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-15 18:19 . 2007-12-15 18:19 <DIR> d-------- C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\dwhelper
2007-12-15 18:18 . 2007-12-17 19:18 <DIR> d-------- C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\U3
2007-12-13 18:02 . 2007-12-13 18:02 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-13 18:02 . 2007-12-13 18:02 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-12-07 16:45 . 2007-12-18 00:01 333,312 --a------ C:\WINDOWS\system32\jkhff.exe
2007-12-06 18:04 . 2007-12-06 18:04 <DIR> d-------- C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Media Player Classic
2007-12-06 17:53 . 2007-12-06 17:53 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter
2007-12-06 16:42 . 2007-12-06 16:42 <DIR> d-------- C:\Program Files\Sony
2007-12-06 02:37 . 2007-12-15 12:41 <DIR> d-------- C:\Program Files\New Folder
2007-12-05 18:37 . 2007-12-05 18:37 <DIR> d-------- C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\CyberLink
2007-12-04 19:13 . 2007-12-04 19:13 <DIR> d-------- C:\Program Files\Kristanix
2007-12-04 19:13 . 2007-12-04 19:13 <DIR> d-------- C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Password Generator Professional
2007-12-04 17:39 . 2007-12-16 02:17 <DIR> d-------- C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Contacts
2007-12-04 14:33 . 2007-12-17 19:13 <DIR> d-------- C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\Newsbin
2007-12-04 14:24 . 2007-12-04 14:24 <DIR> d-------- C:\Program Files\Avira
2007-12-04 14:24 . 2007-12-04 14:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-04 14:21 . 2007-12-04 14:21 <DIR> d-------- C:\Documents and Settings\ebrahim.EBRAHIM-3AF1200\Application Data\ATI
2007-12-03 17:09 . 2007-12-04 13:51 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-03 15:40 . 2007-12-03 15:40 333,312 --a------ C:\WINDOWS\system32\RCX1C.tmp
2007-12-03 15:19 . 2007-12-03 15:19 333,312 --a------ C:\WINDOWS\system32\RCX1B.tmp
2007-12-03 14:06 . 2007-12-03 15:40 792,462 --ahs---- C:\WINDOWS\system32\hhnpqhsh.ini
2007-12-03 14:06 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-12-03 14:06 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-12-02 17:51 . 2007-12-02 17:51 333,312 --a------ C:\WINDOWS\system32\RCX1A.tmp
2007-12-02 13:59 . 2007-12-02 13:59 333,312 --a------ C:\WINDOWS\system32\RCX19.tmp
2007-12-02 01:49 . 2007-12-07 16:45 <DIR> d-------- C:\Program Files\Windows Defender
2007-12-01 22:01 . 2007-12-02 02:10 <DIR> d-------- C:\temp
2007-12-01 22:01 . 2007-12-01 22:01 <DIR> d-------- C:\Program Files\Avex
2007-12-01 21:54 . 2007-12-01 21:59 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-12-01 21:52 . 2007-12-01 21:53 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-12-01 18:11 . 2007-12-07 23:28 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-30 22:02 . 2007-11-30 22:02 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-11-30 22:02 . 2007-12-03 16:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-30 22:02 . 2007-12-18 02:13 9,651,744 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-30 22:02 . 2007-12-18 02:13 556,064 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-30 22:02 . 2007-12-18 02:12 135,536 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-30 22:02 . 2007-11-30 22:09 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-11-30 22:02 . 2007-11-30 22:09 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-11-30 22:02 . 2007-12-18 02:12 56,312 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-30 21:52 . 2007-11-30 21:52 <DIR> d-------- C:\kav
2007-11-30 20:20 . 2007-11-30 20:20 333,312 --a------ C:\WINDOWS\system32\RCX1F.tmp
2007-11-30 20:07 . 2007-11-30 22:05 793,904 --ahs---- C:\WINDOWS\system32\umhxaknv.ini
2007-11-30 17:17 . 2007-11-30 17:17 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-30 04:34 . 2007-12-18 00:34 <DIR> d-------- C:\VundoFix Backups
2007-11-30 02:57 . 2007-11-30 02:57 0 --a------ C:\WINDOWS\vpc32.INI
2007-11-30 02:55 . 2007-11-30 22:02 <DIR> d-------- C:\Program Files\Symantec
2007-11-30 02:54 . 2007-11-30 22:02 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-30 02:54 . 2007-11-30 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-30 01:13 . 2007-11-30 01:13 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-11-30 00:58 . 2007-11-30 03:18 <DIR> d-------- C:\Program Files\Registry Clean Expert
2007-11-29 21:50 . 2007-11-30 00:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-29 21:14 . 2007-11-30 22:20 <DIR> d-------- C:\Program Files\xsxsxwhs
2007-11-29 21:14 . 2007-11-29 21:17 <DIR> d-------- C:\Program Files\Nqwmogfx
2007-11-29 21:14 . 2007-11-30 01:06 <DIR> d-------- C:\Program Files\MalwareAlarm
2007-11-29 21:14 . 2007-11-29 21:14 1,148,902 --a------ C:\Install
2007-11-29 19:36 . 2007-11-30 17:22 3,082 --a------ C:\WINDOWS\system32\affv300053706p4now.sys
2007-11-28 22:46 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-11-28 22:46 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-11-28 22:46 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-11-28 22:46 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-11-28 22:46 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-11-28 22:46 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-11-28 22:46 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-11-28 22:46 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-11-28 17:25 . 2007-11-28 18:33 <DIR> d-------- C:\Program Files\Apollo PSP Video Converter
2007-11-28 17:11 . 2007-11-28 17:11 <DIR> d-------- C:\Program Files\PQDVD
2007-11-27 18:15 . 2003-05-22 00:50 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2007-11-27 18:15 . 2003-05-22 00:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2007-11-27 18:15 . 2000-03-14 21:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2007-11-26 00:28 . 2007-11-26 00:28 <DIR> d-------- C:\Program Files\DivX
2007-11-24 17:55 . 2007-12-02 01:57 <DIR> d-------- C:\Program Files\Webshots
2007-11-24 12:47 . 2007-11-24 14:22 <DIR> d-------- C:\Program Files\TVAnts
2007-11-24 11:48 . 2007-11-24 11:55 <DIR> d-------- C:\Program Files\SopCast
2007-11-20 18:38 . 2007-11-20 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NewsBin
2007-11-20 18:37 . 2007-11-30 04:47 <DIR> d-------- C:\Program Files\NewsBin
2007-11-18 21:41 . 2007-11-18 21:41 <DIR> d-------- C:\Program Files\ImgBurn

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-17 23:50 --------- d-----w C:\Program Files\DIGStream
2007-12-13 18:04 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-13 04:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-09 16:38 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-01 18:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-28 18:42 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-28 18:42 --------- d-----w C:\Program Files\Windows Live
2007-11-16 01:41 --------- d-----w C:\Program Files\Electronic Arts
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 23:31 --------- d-----w C:\Program Files\Alcohol Soft
2007-11-09 23:26 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-09 22:52 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-09 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-09 22:04 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-11-09 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-11-09 21:38 --------- d-----w C:\Program Files\CyberLink
2007-11-09 21:12 --------- d-----w C:\Program Files\Microsoft Works
2007-11-09 21:11 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-09 21:09 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2007-10-26 07:16 --------- d-----w C:\Program Files\MSXML 6.0
2007-10-26 07:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2007-10-26 07:11 --------- d-----w C:\Program Files\Windows Desktop Search
2007-10-26 07:07 --------- d-----w C:\Program Files\ATI Technologies
2007-10-26 05:02 --------- d-----w C:\Program Files\SigmaTel
2007-10-26 04:51 --------- d-----w C:\Program Files\Alwil Software
2007-10-25 22:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-10-25 22:40 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-25 22:35 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-10-25 22:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-25 22:11 --------- d-----w C:\Program Files\QuickPar
2007-10-25 21:59 --------- d-----w C:\Program Files\MSBuild
2007-10-25 21:55 --------- d-----w C:\Program Files\Reference Assemblies
2007-10-25 21:54 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-25 21:50 --------- d-----w C:\Program Files\CONEXANT
2007-10-22 05:54 --------- d-----w C:\Program Files\RGB
2007-10-22 05:52 --------- d-----w C:\Program Files\GemMaster
2007-10-22 05:52 --------- d-----w C:\Program Files\ESPNMotion
2007-10-22 05:52 --------- d-----w C:\Program Files\EnglishOtto
2007-10-22 05:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\DIGStream
2007-10-22 05:42 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-22 05:37 --------- d-----w C:\Program Files\Windows Plus
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{696CAB41-76F0-44A4-B884-6B239E4CB7D5}]
2007-12-18 02:14 329824 --a------ C:\WINDOWS\system32\jkhff.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 11:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:56]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 C:\WINDOWS\stsystra.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" []
"BigDog303"="C:\WINDOWS\VM303_STI.exe" []
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" []
"1040b14f"="C:\WINDOWS\system32\ecxguaxe.dll" [2007-12-17 14:34]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-12-18 00:01]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 11:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe /automount

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-11-30 00:15 367104 --a------ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-11-30 00:15 390144 --a------ C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-11-30 00:15 406528 --a------ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xsxsxwhs]
rundll32.exe C:\Program Files\xsxsxwhs\bopktats.dll,Init

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-03 00:51]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 ZSMC303;VIMICRO USB PC Camera (ZC0301PLH);C:\WINDOWS\system32\Drivers\usbVM303.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C800000-ECBD-15CF-3B95-00AA005B3383}]
C:\Program Files\Internet Explorer\PLUGINS\cxsrrs.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-18 02:15:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-18 02:14:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-18 2:15:38 - machine was rebooted
.
2007-12-13 20:02:16 --- E O F ---



Here is the hijack logfile


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:17:16, on 18/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\DOCUME~1\EBRAHI~1.EBR\LOCALS~1\Temp\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=2057
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {696CAB41-76F0-44A4-B884-6B239E4CB7D5} - C:\WINDOWS\system32\jkhff.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [1040b14f] rundll32.exe "C:\WINDOWS\system32\ecxguaxe.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1193375162656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193375216390
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 6324 bytes

Thanks......

Edited by iylegacy, 18 December 2007 - 08:10 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users