1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Ms04-011_lsass_exploit

Discussion in 'Virus & Other Malware Removal' started by yoomin, Feb 3, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. yoomin

    yoomin Thread Starter

    Joined:
    Feb 3, 2007
    Messages:
    47
    Hi guys,

    Firstly, I'd like thank whoever helps me out. Really thankful for your help.

    Okay here we go. Currently I am running on Microsoft XP Professional Version 2002 Service Pack 2. It's an Intel(R)Pentium(R) M processor 1.73GHz, 512 MB of RAM. It's a benq joybook laptop.

    So the problem I'm having is that my anti-virus program (Trend Micro PC-cillian Internet Security) Keeps detecting some sort of virus/malware "apparently." It pops up every 20 minutes or so and it's really bothersome. I know how to turn the pop off and such off but i'm really scared that it has infected the laptop. The thing that pops-up is "MS04-011_LSASS_EXPLOIT." I found some info on it but i'm still not completely sure on what to do go here to visit about it http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=MS04-011_LSASS_EXPLOIT

    And because of this, my laptop has become really slow. Not sure what is wrong. Please help me =(
    This is my Hi-Jack Log

    Logfile of HijackThis v1.99.1
    Scan saved at 6:57:58 PM, on 3/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\SVCHOST.EXE
    C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2006\PCCGUIDE.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRAM FILES\TELSTRA\CABLE LOGIN\BPCABLE.EXE
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
    C:\PROGRAM FILES\WINAMP\WINAMP.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
    D:\setup\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O4 - HKLM\..\Run: [AuditMode] C:\sysprep\factory.exe -logon
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Download all links using BitComet - res://C:\PROGRAM FILES\BITCOMET\BITCOMET.EXE/AddAllLink.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\PROGRAM FILES\BITCOMET\BITCOMET.EXE/AddLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://WWW.BenQ.COM/
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
     
  2. TerryNet

    TerryNet Moderator

    Joined:
    Mar 23, 2005
    Messages:
    77,930
    First Name:
    Terry
    Click on the red triangle in the upper right and ask a moderator to rename this thread to something like "MS04-011_LSASS_EXPLOIT" and move it to the Security forum. That's where most of the anti-malware experts hang out, and a more descriptive title will get you more eyeballs.
     
  3. yoomin

    yoomin Thread Starter

    Joined:
    Feb 3, 2007
    Messages:
    47
    Thank you terrynet! And thank you to the moderator who moved this thread.

    Ah so anybody in this security forum help me out =(
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,270
    Hi and welcome to TSG,


    It is possible that you have an infection that hides itself from HijackThis.exe so if we rename HijackThis, the entries should become visible.

    You are also running it from your D Drive. You should move it to your C drive under program files.

    Then right click on the HijackThis.exe file and select "Rename". Rename it puppy.exe.

    Then run HijackThis again and post a new log please.
     
  5. yoomin

    yoomin Thread Starter

    Joined:
    Feb 3, 2007
    Messages:
    47
    I did what you said and renamed Hijackthis to puppy.exe
    This is the new log

    Logfile of HijackThis v1.99.1
    Scan saved at 10:13:20 AM, on 4/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\SVCHOST.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRAM FILES\TELSTRA\CABLE LOGIN\BPCABLE.EXE
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
    C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\PROGRAM FILES\WINAMP\WINAMP.EXE
    C:\Program Files\puppy.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [AuditMode] C:\sysprep\factory.exe -logon
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Download all links using BitComet - res://C:\PROGRAM FILES\BITCOMET\BITCOMET.EXE/AddAllLink.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\PROGRAM FILES\BITCOMET\BITCOMET.EXE/AddLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://WWW.BenQ.COM/
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,270
    Download AVG Anti-Spyware from HERE and save that file to your desktop.

    When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.


    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
    4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
    1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

      IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
    2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    4. AVG will now begin the scanning process. Please be patient as this may take a little time.
      Once the scan is complete, do the following:
    5. If you have any infections you will be prompted. Then select "Apply all actions."
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
    8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.


    Please go HERE to run Panda's ActiveScan
    • You need to use IE to run this scan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


    Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.
     
  7. yoomin

    yoomin Thread Starter

    Joined:
    Feb 3, 2007
    Messages:
    47
    AVG Anti-Spyware - Scan Report


    + Created at: 2:12:25 PM 4/02/2007

    + Scan result:

    :mozilla.269:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.270:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.271:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.272:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.273:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.274:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.275:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.276:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.277:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.278:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.318:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.332:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.335:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.618:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.782:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.950:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Anne\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Anne\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Anne\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.639:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.898:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.90:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.91:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.92:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.93:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\Anne\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.824:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
    :mozilla.825:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
    :mozilla.826:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
    C:\Documents and Settings\Anne\Cookies\[email protected][1].txt -> TrackingCookie.Admarketplace : Cleaned.
    :mozilla.462:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.463:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.703:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.704:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.310:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.311:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.313:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.314:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.315:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.71:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Anne\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.775:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
    :mozilla.838:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
    :mozilla.129:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.131:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.132:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.439:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
    :mozilla.145:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.146:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.147:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.148:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.149:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.150:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.151:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.667:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
    :mozilla.242:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\Anne\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
    :mozilla.862:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
    :mozilla.51:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.240:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.241:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.649:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.700:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.719:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.727:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.728:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.729:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.730:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.731:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.784:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.785:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.786:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.787:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.788:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.789:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.790:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.791:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.792:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.883:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.904:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Anne\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    :mozilla.441:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.442:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.443:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    C:\Documents and Settings\Anne\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.84:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.85:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.86:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.87:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.88:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.89:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.466:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.488:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.350:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.351:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.352:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.399:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.910:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.915:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.958:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.966:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
    :mozilla.646:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
    :mozilla.931:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned.
    :mozilla.428:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Information : Cleaned.
    C:\Documents and Settings\Anne\Cookies\[email protected][2].txt -> TrackingCookie.Information : Cleaned.
    :mozilla.859:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.860:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.861:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
    :mozilla.682:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
    :mozilla.162:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.143:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.144:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
    :mozilla.525:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.75:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.76:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.77:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.541:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.542:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.545:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.548:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.457:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.458:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.459:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.498:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.499:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.500:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.427:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
    :mozilla.820:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.821:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.822:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.823:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.217:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.218:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.219:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.220:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.221:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.222:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Anne\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\Anne\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.974:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
    :mozilla.975:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
    :mozilla.647:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
    :mozilla.193:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.194:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.195:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.196:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.197:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.198:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.199:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.200:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.201:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.202:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.203:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.204:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.205:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.206:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.207:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.208:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.209:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.210:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.211:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.212:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.213:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.214:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.215:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.216:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.120:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.121:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.122:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.130:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.841:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.128:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
    :mozilla.436:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.135:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
    :mozilla.136:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
    :mozilla.137:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
    :mozilla.138:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
    :mozilla.139:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
    :mozilla.140:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
    :mozilla.152:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
    C:\Documents and Settings\Anne\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned.
    :mozilla.308:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
    :mozilla.309:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
    :mozilla.124:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.125:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.126:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.127:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Anne\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.432:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.433:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
    :mozilla.435:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


    ::Report end
     
  8. yoomin

    yoomin Thread Starter

    Joined:
    Feb 3, 2007
    Messages:
    47
    Panda Scan

    Incident Status Location

    Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt[.bravenet.com/]
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt[.xiti.com/]
    Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt[.888.com/]
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt[.drivecleaner.com/]
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt[www.drivecleaner.com/]
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt[.drivecleaner.com/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt[.go.com/]
    Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt[.toplist.cz/]
    Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt[landing.domainsponsor.com/]
    Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\my2h9n1j.default\cookies.txt[adserver.filefront.com/]
    Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Anne\Cookies\[email protected][2].txt


    Oh and whilst i was scanning my computer, Trend micro Pc-cillian alerted me that a virus/trojan or something was trying to get in but it blocked i think.. Here it is below.

    Incident name: C:\Documents and Settings\Anne\Local Settings\Temp\Temporary Directory 1 for ag-2253k.zip\Keymaker.exe
    Detection name: CRCK_OFFICE.B

    Here is the HiJackthis log

    Logfile of HijackThis v1.99.1
    Scan saved at 3:27:20 PM, on 4/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\SVCHOST.EXE
    C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRAM FILES\TELSTRA\CABLE LOGIN\BPCABLE.EXE
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
    C:\PROGRAM FILES\WINAMP\WINAMP.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\puppy.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [AuditMode] C:\sysprep\factory.exe -logon
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Download all links using BitComet - res://C:\PROGRAM FILES\BITCOMET\BITCOMET.EXE/AddAllLink.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\PROGRAM FILES\BITCOMET\BITCOMET.EXE/AddLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://WWW.BenQ.COM/
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
     
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,270
    If that happended during the Panda scan it's possible that it's a conflict between the two scanners.

    The HijackThis log looks good but I would like to run another scan please.


    Download WinPFind.exe to your desktop and double click on it open it and then select “extract” to extract the files. This will create a folder named WinPFind on your desktop.

    Start in Safe Mode Using the F8 method:

    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
    • Use the arrow keys to select the Safe Mode menu item.
    • Press the Enter key.

    Double click on the WinPFind folder on your desktop to open it and then double click on the WinPFind.exe file to start the program.

    • Click “Configure scan options”
    • Under “Run AdOns” select the following:
      • Policies.def
      • Security.def
    • Click “apply”
    • Click "Start Scan"
    • It will scan the entire System, so please be patient and let it complete.


    When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder) back here along with a new HijackThis log.
     
  10. yoomin

    yoomin Thread Starter

    Joined:
    Feb 3, 2007
    Messages:
    47
    If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

    »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Logfile created on: 5/02/2007 8:49:33 AM
    WinPFind v1.5.0 Folder = C:\Documents and Settings\Anne\Desktop\WinPFind\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 7.0.5730.11)

    »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

    Checking %SystemDrive% folder...

    Checking %ProgramFilesDir% folder...
    UPX! 16/02/2005 12:06:16 PM 218112 C:\Program Files\puppy.exe (Soeperman Enterprises Ltd.)

    Checking %WinDir% folder...

    Checking %System% folder...
    PEC2 5/08/2004 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
    PEC2 2/10/2006 9:04:40 PM 635486 C:\WINDOWS\SYSTEM32\divx.dll (DivX, Inc.)
    PECompact2 2/10/2006 9:04:40 PM 635486 C:\WINDOWS\SYSTEM32\divx.dll (DivX, Inc.)
    PECompact2 2/01/2007 3:19:46 PM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
    aspack 2/01/2007 3:19:46 PM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
    WSUD 5/08/2004 7:00:00 AM 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
    aspack 5/08/2004 7:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
    WSUD 5/08/2004 7:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
    Umonitor 5/08/2004 7:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
    winsync 5/08/2004 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
    PEC2 18/10/2006 10:47:20 PM 8231936 C:\WINDOWS\SYSTEM32\wmploc.dll (Microsoft Corporation)
    WSUD 18/10/2006 10:47:20 PM 8231936 C:\WINDOWS\SYSTEM32\wmploc.dll (Microsoft Corporation)

    Checking %System%\Drivers folder and sub-folders...
    UPX! 6/09/2006 8:09:34 PM 1051456 C:\WINDOWS\SYSTEM32\drivers\VsapiNT.sys (Trend Micro Inc.)
    aspack 6/09/2006 8:09:34 PM 1051456 C:\WINDOWS\SYSTEM32\drivers\VsapiNT.sys (Trend Micro Inc.)

    Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


    Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
    5/02/2007 8:48:22 AM S 2048 C:\WINDOWS\bootstat.dat ()
    4/02/2007 9:55:50 PM H 54156 C:\WINDOWS\QTFont.qfn ()
    22/12/2006 11:53:02 AM S 7894 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB929969.cat ()
    5/02/2007 8:48:06 AM H 8192 C:\WINDOWS\system32\config\default.LOG ()
    5/02/2007 8:48:38 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
    5/02/2007 8:48:24 AM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG ()
    5/02/2007 8:48:46 AM H 69632 C:\WINDOWS\system32\config\software.LOG ()
    5/02/2007 8:48:34 AM H 917504 C:\WINDOWS\system32\config\system.LOG ()
    28/01/2007 12:13:42 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
    5/01/2007 8:25:24 PM S 341 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 ()
    5/01/2007 8:25:24 PM S 413 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 ()
    5/01/2007 8:25:24 PM S 574 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 ()
    5/01/2007 8:25:24 PM S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 ()
    5/01/2007 8:25:24 PM S 98 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 ()
    5/01/2007 8:25:24 PM S 136 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 ()
    5/02/2007 8:45:22 AM H 6 C:\WINDOWS\Tasks\SA.DAT ()

    Checking for CPL files...
    5/08/2004 7:00:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
    17/10/2006 12:05:48 PM 1817088 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
    13/04/2005 3:48:52 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
    5/08/2004 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
    26/05/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
    17/10/2006 12:05:48 PM 1817088 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)
    5/08/2004 7:00:00 AM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl (Microsoft Corporation)
    26/05/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)

    Checking for Downloaded Program Files...
    {166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    {8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
    {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

    »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

    Checking files in %ALLUSERSPROFILE%\Startup folder...
    10/11/2006 7:00:50 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
    19/11/2006 10:43:36 AM 1808 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ()

    Checking files in %ALLUSERSPROFILE%\Application Data folder...
    9/11/2006 10:52:00 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
    19/11/2006 10:45:10 AM 813 C:\Documents and Settings\All Users\Application Data\hpzinstall.log ()

    Checking files in %USERPROFILE%\Startup folder...
    10/11/2006 7:00:50 AM HS 84 C:\Documents and Settings\Anne\Start Menu\Programs\Startup\desktop.ini ()

    Checking files in %USERPROFILE%\Application Data folder...
    9/11/2006 10:52:00 PM HS 62 C:\Documents and Settings\Anne\Application Data\desktop.ini ()

    »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

    >>> Internet Explorer Settings <<<


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
    \\Start Page - http://go.microsoft.com/fwlink/?LinkId=69157
    \\Search Page - http://go.microsoft.com/fwlink/?LinkId=54896
    \\Default_Page_URL - http://go.microsoft.com/fwlink/?LinkId=69157
    \\Default_Search_URL - http://go.microsoft.com/fwlink/?LinkId=54896
    \\Local Page - %SystemRoot%\system32\blank.htm

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
    \\Start Page - http://www.msn.com
    \\Search Page -
    \\Local Page - C:\WINDOWS\system32\blank.htm

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
    \\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    \\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    \\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

    >>> BHO's <<<
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    \{7E853D72-626A-48EC-A868-BA8D5E23E045} - = ()

    >>> Internet Explorer Bars, Toolbars and Extensions <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
    \{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
    \ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
    \WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
    \WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
    \\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8192 = Windows Messenger
    \\NEXTID - 8195
    \\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8193 =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
    \{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research =
    \{e2e2dd38-d088-4134-82b7-f2ba38496583} - MenuText: @xpsp3res.dll,-20001 = ()
    \{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

    >>> Approved Shell Extensions (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    \\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
    \\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
    \\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
    \\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.)
    \\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
    \\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
    \\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
    \\{48F45200-91E6-11CE-8A4F-0080C81A28D4} - TMD Shell Extension = C:\Program Files\Trend Micro\Internet Security 2006\Tmdshell.dll (Trend Micro Incorporated.)
    \\{771A9DA0-731A-11CE-993C-00AA004ADB6C} - VBPropSheet = C:\Program Files\Trend Micro\Internet Security 2006\VBProp.dll (Trend Micro Incorporated.)
    \\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    >>> Context Menu Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
    \AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
    \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
    \{48F45200-91E6-11CE-8A4F-0080C81A28D4} - = C:\Program Files\Trend Micro\Internet Security 2006\Tmdshell.dll (Trend Micro Incorporated.)

    [HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

    [HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
    \AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
    \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

    [HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]

    [HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
    \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
    \{48F45200-91E6-11CE-8A4F-0080C81A28D4} - = C:\Program Files\Trend Micro\Internet Security 2006\Tmdshell.dll (Trend Micro Incorporated.)

    >>> Column Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

    >>> Registry Run Keys <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    AuditMode - C:\sysprep\factory.exe ()
    pccguide.exe - C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe (Trend Micro Incorporated.)
    SoundMAXPnP - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
    SoundMAX - C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
    ATIPTA - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
    NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    WinampAgent - C:\Program Files\Winamp\winampa.exe ()
    BigPondCable - C:\Program Files\Telstra\Cable Login\bpcable.exe (Telstra)
    SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
    IMJPMIG8.1 - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    IMEKRMIG6.1 - C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation)
    MSPY2002 - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe ()
    PHIME2002ASync - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    PHIME2002A - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    HP Software Update - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
    !AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    IMAIL Installed = 1
    MAPI Installed = 1
    MSFS Installed = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
    ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
     
  11. yoomin

    yoomin Thread Starter

    Joined:
    Feb 3, 2007
    Messages:
    47
    >>> Startup Links <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
    C:\Documents and Settings\Anne\Start Menu\Programs\Startup\desktop.ini ()

    >>> MSConfig Disabled Items <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

    [All Users Startup Folder Disabled Items]

    [Current User Startup Folder Disabled Items]

    >>> User Agent Post Platform <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

    >>> AppInit Dll's <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

    >>> Image File Execution Options <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
    \Your Image File Name Here without a path - Debugger = ntsd -d

    >>> Shell Service Object Delay Load <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    \\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
    \\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
    \\WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

    >>> Shell Execute Hooks <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    \\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
    \\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

    >>> Shared Task Scheduler <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    \\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
    \\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

    >>> Winlogon <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    \\UserInit = C:\WINDOWS\system32\userinit.exe,
    \\Shell = Explorer.exe
    \\System =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
    \AtiExtEvent - Ati2evxx.dll = (ATI Technologies Inc.)
    \crypt32chain - crypt32.dll = (Microsoft Corporation)
    \cryptnet - cryptnet.dll = (Microsoft Corporation)
    \cscdll - cscdll.dll = (Microsoft Corporation)
    \ScCertProp - wlnotify.dll = (Microsoft Corporation)
    \Schedule - wlnotify.dll = (Microsoft Corporation)
    \sclgntfy - sclgntfy.dll = (Microsoft Corporation)
    \SensLogn - WlNotify.dll = (Microsoft Corporation)
    \termsrv - wlnotify.dll = (Microsoft Corporation)
    \wlballoon - wlnotify.dll = (Microsoft Corporation)

    >>> DNS Name Servers <<<
    {26AD0384-B123-4435-B1E4-F2E886FE1105} - (Realtek RTL8169/8110 Family Gigabit Ethernet NIC)
    {B18F78F8-65D2-463C-99BC-86BB8F0D9524} - ()
    {B4DC766B-57E2-477E-B297-17B4A27A0998} - (1394 Net Adapter)

    >>> All Winsock2 Catalogs <<<
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
    \000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
    \000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
    \000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
    \000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000004\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
    \000000000006\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
    \000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

    >>> Protocol Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
    \ipp - ()
    \msdaipp - ()

    >>> Protocol Filters (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

    >>> Selected AddOn's <<<

    >>>>Output for AddOn file Policies.def<<<<
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
    policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
    policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
    policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
    policies\system\\dontdisplaylastusername - 0
    policies\system\\legalnoticecaption -
    policies\system\\legalnoticetext -
    policies\system\\shutdownwithoutlogon - 1
    policies\system\\undockwithoutlogon - 1

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
    policies\Explorer\\NoDriveTypeAutoRun - 145
    policies\System\\DisableRegistryTools - 0

    >>>>Output for AddOn file Security.def<<<<
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    Security Center\\FirstRunDisabled - 1
    Security Center\\AntiVirusDisableNotify - 0
    Security Center\\FirewallDisableNotify - 0
    Security Center\\UpdatesDisableNotify - 0
    Security Center\\AntiVirusOverride - 0
    Security Center\\FirewallOverride - 0
    Security Center\Monitoring\TrendAntiVirus\\DisableMonitoring - 1
    Security Center\Monitoring\TrendFirewall\\DisableMonitoring - 1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
    BITS\\Type - 32
    BITS\\Start - 3
    BITS\\ErrorControl - 1
    BITS\\ImagePath - %SystemRoot%\system32\svchost.exe -k netsvcs
    BITS\\DisplayName - Background Intelligent Transfer Service
    BITS\\DependOnService - RpcSs;
    BITS\\DependOnGroup -
    BITS\\ObjectName - LocalSystem
    BITS\\Description - Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
    BITS\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00
    BITS\Parameters\\ServiceDll - C:\WINDOWS\system32\qmgr.dll
    BITS\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
    BITS\Enum\\0 - Root\LEGACY_BITS\0000
    BITS\Enum\\Count - 1
    BITS\Enum\\NextInstance - 1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
    SharedAccess\\DependOnGroup -
    SharedAccess\\DependOnService - Netman;WinMgmt;
    SharedAccess\\Description - Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
    SharedAccess\\DisplayName - Windows Firewall/Internet Connection Sharing (ICS)
    SharedAccess\\ErrorControl - 1
    SharedAccess\\ImagePath - %SystemRoot%\system32\svchost.exe -k netsvcs
    SharedAccess\\ObjectName - LocalSystem
    SharedAccess\\Start - 2
    SharedAccess\\Type - 32
    SharedAccess\Epoch\\Epoch - 3162
    SharedAccess\Parameters\\ServiceDll - %SystemRoot%\System32\ipnathlp.dll
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe - C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe - %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe - C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe - C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall - 0
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications - 0
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe - C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe - C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe - C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe - %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe - C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe - C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\20944:TCP - 20944:TCP:*:Enabled:BitComet 20944 TCP
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\20944:UDP - 20944:UDP:*:Enabled:BitComet 20944 UDP
    SharedAccess\Setup\\ServiceUpgrade - 1
    SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All - 1
    SharedAccess\Enum\\0 - Root\LEGACY_SHAREDACCESS\0000
    SharedAccess\Enum\\Count - 1
    SharedAccess\Enum\\NextInstance - 1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
    wuauserv\\Type - 32
    wuauserv\\Start - 2
    wuauserv\\ErrorControl - 1
    wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
    wuauserv\\DisplayName - Automatic Updates
    wuauserv\\ObjectName - LocalSystem
    wuauserv\\Description - Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
    wuauserv\Parameters\\ServiceDll - C:\WINDOWS\system32\wuauserv.dll
    wuauserv\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
    wuauserv\Enum\\0 - Root\LEGACY_WUAUSERV\0000
    wuauserv\Enum\\Count - 1
    wuauserv\Enum\\NextInstance - 1


    »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»




    Also, that Ms04-011_lsass_exploit is still popping up. It's popping up more than usual now >.< Everytime the message is about to pop up, the laptop really slows down and the music skips, loading up a website slows down. What is wrong >.<
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,270
    Open HijackThis and click on the "Open the Misc Tools Section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" botton. Copy and paste that list here please.
     
  13. yoomin

    yoomin Thread Starter

    Joined:
    Feb 3, 2007
    Messages:
    47
    hi cookiegal. here are the results


    Adobe Flash Player 9 ActiveX
    Adobe Shockwave Player
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    Avanquest update
    AVG Anti-Spyware 7.5
    BigPond Broadband Cable Login
    BitComet 0.76
    BSPlayer
    Clubbox ÆÄÀÏÀü¼Û°ü¸®ÀÚ
    Cool Edit Pro 2.1
    Foxit Reader
    Free WMA to MP3 Converter 1.08
    HijackThis 1.99.1
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB929120)
    HP Image Zone 4.7
    HP Image Zone Express
    HP PSC & OfficeJet 4.7
    HP Software Update
    J2SE Runtime Environment 5.0 Update 3
    K-Lite Mega Codec Pack 1.60
    LimeWire 4.12.6
    Microsoft AppLocale
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Windows Application Compatibility Database
    Motorola Phone Tools
    Mozilla Firefox (2.0.0.1)
    Nero OEM
    Panda ActiveScan
    REALTEK Gigabit and Fast Ethernet NIC Driver
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901190)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB926255)
    SoundMAX
    Texas Instruments PCIxx21/x515 drivers.
    Trend Micro PC-cillin Internet Security 2006
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Winamp (remove only)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Live Messenger
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    WinRAR archiver
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,270
  15. yoomin

    yoomin Thread Starter

    Joined:
    Feb 3, 2007
    Messages:
    47
    So, I tried to install this one Microsoft Windows XP and Microsoft Windows XP Service Pack 1 but it says "Setup has detected that the Service Pack version of this system is newer than the update your are applying, There is no need to install this update."

    I'm not sure which one to install since the windows xp i'm running is a 2002 one.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/540702

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice