Ms04-011_lsass_exploit

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

yoomin

Thread Starter
Joined
Feb 3, 2007
Messages
47
Hi guys,

Firstly, I'd like thank whoever helps me out. Really thankful for your help.

Okay here we go. Currently I am running on Microsoft XP Professional Version 2002 Service Pack 2. It's an Intel(R)Pentium(R) M processor 1.73GHz, 512 MB of RAM. It's a benq joybook laptop.

So the problem I'm having is that my anti-virus program (Trend Micro PC-cillian Internet Security) Keeps detecting some sort of virus/malware "apparently." It pops up every 20 minutes or so and it's really bothersome. I know how to turn the pop off and such off but i'm really scared that it has infected the laptop. The thing that pops-up is "MS04-011_LSASS_EXPLOIT." I found some info on it but i'm still not completely sure on what to do go here to visit about it http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=MS04-011_LSASS_EXPLOIT

And because of this, my laptop has become really slow. Not sure what is wrong. Please help me =(
This is my Hi-Jack Log

Logfile of HijackThis v1.99.1
Scan saved at 6:57:58 PM, on 3/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2006\PCCGUIDE.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRAM FILES\TELSTRA\CABLE LOGIN\BPCABLE.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\PROGRAM FILES\WINAMP\WINAMP.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
D:\setup\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [AuditMode] C:\sysprep\factory.exe -logon
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\PROGRAM FILES\BITCOMET\BITCOMET.EXE/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\PROGRAM FILES\BITCOMET\BITCOMET.EXE/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://WWW.BenQ.COM/
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
 

TerryNet

Terry
Moderator
Joined
Mar 23, 2005
Messages
80,779
Click on the red triangle in the upper right and ask a moderator to rename this thread to something like "MS04-011_LSASS_EXPLOIT" and move it to the Security forum. That's where most of the anti-malware experts hang out, and a more descriptive title will get you more eyeballs.
 

yoomin

Thread Starter
Joined
Feb 3, 2007
Messages
47
Thank you terrynet! And thank you to the moderator who moved this thread.

Ah so anybody in this security forum help me out =(
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,945
Hi and welcome to TSG,


It is possible that you have an infection that hides itself from HijackThis.exe so if we rename HijackThis, the entries should become visible.

You are also running it from your D Drive. You should move it to your C drive under program files.

Then right click on the HijackThis.exe file and select "Rename". Rename it puppy.exe.

Then run HijackThis again and post a new log please.
 

yoomin

Thread Starter
Joined
Feb 3, 2007
Messages
47
I did what you said and renamed Hijackthis to puppy.exe
This is the new log

Logfile of HijackThis v1.99.1
Scan saved at 10:13:20 AM, on 4/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRAM FILES\TELSTRA\CABLE LOGIN\BPCABLE.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRAM FILES\WINAMP\WINAMP.EXE
C:\Program Files\puppy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [AuditMode] C:\sysprep\factory.exe -logon
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\PROGRAM FILES\BITCOMET\BITCOMET.EXE/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\PROGRAM FILES\BITCOMET\BITCOMET.EXE/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://WWW.BenQ.COM/
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,945
Download AVG Anti-Spyware from HERE and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.


  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
  4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  6. Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
  1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
  2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  4. AVG will now begin the scanning process. Please be patient as this may take a little time.
    Once the scan is complete, do the following:
  5. If you have any infections you will be prompted. Then select "Apply all actions."
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
  8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.


Please go HERE to run Panda's ActiveScan
  • You need to use IE to run this scan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.
 

yoomin

Thread Starter
Joined
Feb 3, 2007
Messages
47
AVG Anti-Spyware - Scan Report


+ Created at: 2:12:25 PM 4/02/2007

+ Scan result:

:mozilla.269:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.270:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.271:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.272:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.273:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.274:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.275:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.276:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.277:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.278:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.318:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.332:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.335:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.618:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.782:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.950:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Anne\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Anne\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Anne\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.639:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.898:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.90:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.91:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.92:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.93:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Anne\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.824:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.825:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.826:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
C:\Documents and Settings\Anne\Cookies\[email protected][1].txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.462:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.463:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.703:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.704:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.310:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.311:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.313:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.314:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.315:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.71:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Anne\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.775:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.838:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.129:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.131:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.132:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.439:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.145:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.146:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.147:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.148:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.149:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.150:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.151:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.667:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.242:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Anne\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.862:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.51:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.240:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.241:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.649:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.700:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.719:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.727:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.728:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.729:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.730:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.731:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.784:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.785:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.786:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.787:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.788:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.789:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.790:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.791:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.792:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.883:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.904:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Anne\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.441:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.442:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.443:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Anne\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.84:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.85:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.86:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.87:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.88:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.89:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.466:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.488:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.350:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.351:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.352:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.399:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.910:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.915:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.958:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.966:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.646:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.931:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned.
:mozilla.428:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Anne\Cookies\[email protected][2].txt -> TrackingCookie.Information : Cleaned.
:mozilla.859:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.860:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.861:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.682:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.162:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.143:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.144:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.525:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.75:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.76:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.77:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.541:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.542:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.545:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.548:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.457:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.458:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.459:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.498:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.499:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.500:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.427:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.820:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.821:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.822:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.823:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.217:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.218:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.219:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.220:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.221:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.222:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Anne\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Anne\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.974:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.975:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.647:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.193:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.194:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.195:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.196:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.197:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.198:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.199:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.200:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.201:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.202:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.203:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.204:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.205:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.206:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.207:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.208:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.209:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.210:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.211:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.212:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.213:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.214:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.215:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.216:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.120:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.121:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.122:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.130:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.841:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.128:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.436:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.135:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.136:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.137:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.138:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.139:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.140:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.152:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Anne\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.308:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.309:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.124:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.125:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.126:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.127:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Anne\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.432:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.433:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.435:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end
 

yoomin

Thread Starter
Joined
Feb 3, 2007
Messages
47
Panda Scan

Incident Status Location

Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt[.xiti.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt[.888.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt[www.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt[.go.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt[adserver.filefront.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Anne\Cookies\[email protected][2].txt


Oh and whilst i was scanning my computer, Trend micro Pc-cillian alerted me that a virus/trojan or something was trying to get in but it blocked i think.. Here it is below.

Incident name: C:\Documents and Settings\Anne\Local Settings\Temp\Temporary Directory 1 for ag-2253k.zip\Keymaker.exe
Detection name: CRCK_OFFICE.B

Here is the HiJackthis log

Logfile of HijackThis v1.99.1
Scan saved at 3:27:20 PM, on 4/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRAM FILES\TELSTRA\CABLE LOGIN\BPCABLE.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\WINAMP\WINAMP.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\puppy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [AuditMode] C:\sysprep\factory.exe -logon
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\PROGRAM FILES\BITCOMET\BITCOMET.EXE/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\PROGRAM FILES\BITCOMET\BITCOMET.EXE/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://WWW.BenQ.COM/
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,945
If that happended during the Panda scan it's possible that it's a conflict between the two scanners.

The HijackThis log looks good but I would like to run another scan please.


Download WinPFind.exe to your desktop and double click on it open it and then select “extract” to extract the files. This will create a folder named WinPFind on your desktop.

Start in Safe Mode Using the F8 method:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.

Double click on the WinPFind folder on your desktop to open it and then double click on the WinPFind.exe file to start the program.

  • Click “Configure scan options”
  • Under “Run AdOns” select the following:
    • Policies.def
    • Security.def
  • Click “apply”
  • Click "Start Scan"
  • It will scan the entire System, so please be patient and let it complete.


When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder) back here along with a new HijackThis log.
 

yoomin

Thread Starter
Joined
Feb 3, 2007
Messages
47
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 5/02/2007 8:49:33 AM
WinPFind v1.5.0 Folder = C:\Documents and Settings\Anne\Desktop\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...
UPX! 16/02/2005 12:06:16 PM 218112 C:\Program Files\puppy.exe (Soeperman Enterprises Ltd.)

Checking %WinDir% folder...

Checking %System% folder...
PEC2 5/08/2004 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PEC2 2/10/2006 9:04:40 PM 635486 C:\WINDOWS\SYSTEM32\divx.dll (DivX, Inc.)
PECompact2 2/10/2006 9:04:40 PM 635486 C:\WINDOWS\SYSTEM32\divx.dll (DivX, Inc.)
PECompact2 2/01/2007 3:19:46 PM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 2/01/2007 3:19:46 PM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 5/08/2004 7:00:00 AM 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 5/08/2004 7:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 5/08/2004 7:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 5/08/2004 7:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 5/08/2004 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PEC2 18/10/2006 10:47:20 PM 8231936 C:\WINDOWS\SYSTEM32\wmploc.dll (Microsoft Corporation)
WSUD 18/10/2006 10:47:20 PM 8231936 C:\WINDOWS\SYSTEM32\wmploc.dll (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...
UPX! 6/09/2006 8:09:34 PM 1051456 C:\WINDOWS\SYSTEM32\drivers\VsapiNT.sys (Trend Micro Inc.)
aspack 6/09/2006 8:09:34 PM 1051456 C:\WINDOWS\SYSTEM32\drivers\VsapiNT.sys (Trend Micro Inc.)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
5/02/2007 8:48:22 AM S 2048 C:\WINDOWS\bootstat.dat ()
4/02/2007 9:55:50 PM H 54156 C:\WINDOWS\QTFont.qfn ()
22/12/2006 11:53:02 AM S 7894 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB929969.cat ()
5/02/2007 8:48:06 AM H 8192 C:\WINDOWS\system32\config\default.LOG ()
5/02/2007 8:48:38 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
5/02/2007 8:48:24 AM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG ()
5/02/2007 8:48:46 AM H 69632 C:\WINDOWS\system32\config\software.LOG ()
5/02/2007 8:48:34 AM H 917504 C:\WINDOWS\system32\config\system.LOG ()
28/01/2007 12:13:42 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
5/01/2007 8:25:24 PM S 341 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 ()
5/01/2007 8:25:24 PM S 413 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 ()
5/01/2007 8:25:24 PM S 574 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 ()
5/01/2007 8:25:24 PM S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 ()
5/01/2007 8:25:24 PM S 98 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 ()
5/01/2007 8:25:24 PM S 136 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 ()
5/02/2007 8:45:22 AM H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
5/08/2004 7:00:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
17/10/2006 12:05:48 PM 1817088 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
13/04/2005 3:48:52 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
5/08/2004 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
26/05/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
17/10/2006 12:05:48 PM 1817088 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)
5/08/2004 7:00:00 AM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl (Microsoft Corporation)
26/05/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
10/11/2006 7:00:50 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
19/11/2006 10:43:36 AM 1808 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/11/2006 10:52:00 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
19/11/2006 10:45:10 AM 813 C:\Documents and Settings\All Users\Application Data\hpzinstall.log ()

Checking files in %USERPROFILE%\Startup folder...
10/11/2006 7:00:50 AM HS 84 C:\Documents and Settings\Anne\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
9/11/2006 10:52:00 PM HS 62 C:\Documents and Settings\Anne\Application Data\desktop.ini ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://go.microsoft.com/fwlink/?LinkId=69157
\\Search Page - http://go.microsoft.com/fwlink/?LinkId=54896
\\Default_Page_URL - http://go.microsoft.com/fwlink/?LinkId=69157
\\Default_Search_URL - http://go.microsoft.com/fwlink/?LinkId=54896
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.msn.com
\\Search Page -
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{7E853D72-626A-48EC-A868-BA8D5E23E045} - = ()

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8192 = Windows Messenger
\\NEXTID - 8195
\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8193 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research =
\{e2e2dd38-d088-4134-82b7-f2ba38496583} - MenuText: @xpsp3res.dll,-20001 = ()
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{48F45200-91E6-11CE-8A4F-0080C81A28D4} - TMD Shell Extension = C:\Program Files\Trend Micro\Internet Security 2006\Tmdshell.dll (Trend Micro Incorporated.)
\\{771A9DA0-731A-11CE-993C-00AA004ADB6C} - VBPropSheet = C:\Program Files\Trend Micro\Internet Security 2006\VBProp.dll (Trend Micro Incorporated.)
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\{48F45200-91E6-11CE-8A4F-0080C81A28D4} - = C:\Program Files\Trend Micro\Internet Security 2006\Tmdshell.dll (Trend Micro Incorporated.)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\{48F45200-91E6-11CE-8A4F-0080C81A28D4} - = C:\Program Files\Trend Micro\Internet Security 2006\Tmdshell.dll (Trend Micro Incorporated.)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AuditMode - C:\sysprep\factory.exe ()
pccguide.exe - C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe (Trend Micro Incorporated.)
SoundMAXPnP - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
SoundMAX - C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
ATIPTA - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
WinampAgent - C:\Program Files\Winamp\winampa.exe ()
BigPondCable - C:\Program Files\Telstra\Cable Login\bpcable.exe (Telstra)
SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
IMJPMIG8.1 - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
IMEKRMIG6.1 - C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation)
MSPY2002 - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe ()
PHIME2002ASync - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
PHIME2002A - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
HP Software Update - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
 

yoomin

Thread Starter
Joined
Feb 3, 2007
Messages
47
>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Anne\Start Menu\Programs\Startup\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
\\WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\AtiExtEvent - Ati2evxx.dll = (ATI Technologies Inc.)
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{26AD0384-B123-4435-B1E4-F2E886FE1105} - (Realtek RTL8169/8110 Family Gigabit Ethernet NIC)
{B18F78F8-65D2-463C-99BC-86BB8F0D9524} - ()
{B4DC766B-57E2-477E-B297-17B4A27A0998} - (1394 Net Adapter)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

>>>>Output for AddOn file Policies.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption -
policies\system\\legalnoticetext -
policies\system\\shutdownwithoutlogon - 1
policies\system\\undockwithoutlogon - 1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
policies\Explorer\\NoDriveTypeAutoRun - 145
policies\System\\DisableRegistryTools - 0

>>>>Output for AddOn file Security.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
Security Center\\FirstRunDisabled - 1
Security Center\\AntiVirusDisableNotify - 0
Security Center\\FirewallDisableNotify - 0
Security Center\\UpdatesDisableNotify - 0
Security Center\\AntiVirusOverride - 0
Security Center\\FirewallOverride - 0
Security Center\Monitoring\TrendAntiVirus\\DisableMonitoring - 1
Security Center\Monitoring\TrendFirewall\\DisableMonitoring - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
BITS\\Type - 32
BITS\\Start - 3
BITS\\ErrorControl - 1
BITS\\ImagePath - %SystemRoot%\system32\svchost.exe -k netsvcs
BITS\\DisplayName - Background Intelligent Transfer Service
BITS\\DependOnService - RpcSs;
BITS\\DependOnGroup -
BITS\\ObjectName - LocalSystem
BITS\\Description - Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
BITS\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00
BITS\Parameters\\ServiceDll - C:\WINDOWS\system32\qmgr.dll
BITS\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
BITS\Enum\\0 - Root\LEGACY_BITS\0000
BITS\Enum\\Count - 1
BITS\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
SharedAccess\\DependOnGroup -
SharedAccess\\DependOnService - Netman;WinMgmt;
SharedAccess\\Description - Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
SharedAccess\\DisplayName - Windows Firewall/Internet Connection Sharing (ICS)
SharedAccess\\ErrorControl - 1
SharedAccess\\ImagePath - %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess\\ObjectName - LocalSystem
SharedAccess\\Start - 2
SharedAccess\\Type - 32
SharedAccess\Epoch\\Epoch - 3162
SharedAccess\Parameters\\ServiceDll - %SystemRoot%\System32\ipnathlp.dll
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe - C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe - %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe - C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe - C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall - 0
SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications - 0
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe - C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe - C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe - C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe - %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe - C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe - C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\20944:TCP - 20944:TCP:*:Enabled:BitComet 20944 TCP
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\20944:UDP - 20944:UDP:*:Enabled:BitComet 20944 UDP
SharedAccess\Setup\\ServiceUpgrade - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All - 1
SharedAccess\Enum\\0 - Root\LEGACY_SHAREDACCESS\0000
SharedAccess\Enum\\Count - 1
SharedAccess\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
wuauserv\\Type - 32
wuauserv\\Start - 2
wuauserv\\ErrorControl - 1
wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
wuauserv\\DisplayName - Automatic Updates
wuauserv\\ObjectName - LocalSystem
wuauserv\\Description - Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
wuauserv\Parameters\\ServiceDll - C:\WINDOWS\system32\wuauserv.dll
wuauserv\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
wuauserv\Enum\\0 - Root\LEGACY_WUAUSERV\0000
wuauserv\Enum\\Count - 1
wuauserv\Enum\\NextInstance - 1


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»




Also, that Ms04-011_lsass_exploit is still popping up. It's popping up more than usual now >.< Everytime the message is about to pop up, the laptop really slows down and the music skips, loading up a website slows down. What is wrong >.<
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,945
Open HijackThis and click on the "Open the Misc Tools Section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" botton. Copy and paste that list here please.
 

yoomin

Thread Starter
Joined
Feb 3, 2007
Messages
47
hi cookiegal. here are the results


Adobe Flash Player 9 ActiveX
Adobe Shockwave Player
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Avanquest update
AVG Anti-Spyware 7.5
BigPond Broadband Cable Login
BitComet 0.76
BSPlayer
Clubbox ÆÄÀÏÀü¼Û°ü¸®ÀÚ
Cool Edit Pro 2.1
Foxit Reader
Free WMA to MP3 Converter 1.08
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB929120)
HP Image Zone 4.7
HP Image Zone Express
HP PSC & OfficeJet 4.7
HP Software Update
J2SE Runtime Environment 5.0 Update 3
K-Lite Mega Codec Pack 1.60
LimeWire 4.12.6
Microsoft AppLocale
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Application Compatibility Database
Motorola Phone Tools
Mozilla Firefox (2.0.0.1)
Nero OEM
Panda ActiveScan
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
SoundMAX
Texas Instruments PCIxx21/x515 drivers.
Trend Micro PC-cillin Internet Security 2006
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
 

yoomin

Thread Starter
Joined
Feb 3, 2007
Messages
47
So, I tried to install this one Microsoft Windows XP and Microsoft Windows XP Service Pack 1 but it says "Setup has detected that the Service Pack version of this system is newer than the update your are applying, There is no need to install this update."

I'm not sure which one to install since the windows xp i'm running is a 2002 one.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top