View Full Version : Virus Changed My Desktop Settings
Hello,
Recently when I was browsing the net a program by the name of winantivirus pro 2007 downloaded itself on my computer without my permission. After that I started getting pop ups and commercials were playing through my laptop speakers while connected to the net. Also my display settings got changed (theme) and I was unable to change them back as well as a different dark blue background when I intially start my computer which was not there before. I went to my control panel went to add/remove programs and deleted the winantvirus pro 2007. I then uploaded my dsl service provider (At&t) antivirus software which I ran as well as anti-spyware. The results came back and there were a lot of viruses but it said it was unable to remove a couple. Since then I have downloaded many scans ie spybot, vundo, ad-aware, housecall, e trust-antivirus web scanner. They all came up with viruses and some were able to remove all and others still said unable to remove file. I have windows xp and ran them in safe mode with system restore off. My last run from e trust-anti virus web scanner and spybot came up clean. Now there are no more pop ups or advertisements playing through my speakers. HOWEVER whenever I start up my computer I get these two message boxes RUNDLL error loading c:\windows\system32\ljsfiqwf.dll and another message box qbupdate-unable to locate component This application was unable to start because MFC71.dll was not found. Then it says I might have to reinstall to fix problem. Also the blue bacground comes up right before my theme and desktop settings still can not be changed. Please Help!!
Here is my most recent Hijack log.
Logfile of HijackThis v1.99.1
Scan saved at 8:59:51 AM, on 6/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Max Crowder\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08C134D3-087C-4139-A98C-3A078358DFDE} - C:\WINDOWS\system32\gebxxxu.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {B3BE5337-BA6A-412A-80EE-9EA86BC3DAF0} - C:\WINDOWS\system32\pmkjh.dll (file missing)
O2 - BHO: (no name) - {EE74DF46-091B-42DF-8F2D-4D617EAE54B9} - C:\WINDOWS\system32\pmkjj.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [XeroxRegistation] "C:\DOCUME~1\MAXCRO~1\LOCALS~1\Temp\Xerox\EReg\opbreg.exe" /Startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\ljsfiqwf.dll",realset
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131996444921
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.94.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: pmkjh - C:\WINDOWS\system32\pmkjh.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
pskelley
2007-06-10, 15:44
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information. "BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
Looks like you still have MCAfee running, if you are going to use Yahoo Antivirus, you should uninstall McAfee or at least turn it totally off so it is NOT running. http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000031316555206
"Microsoft recommends that you have only one anti-virus program installed on your computer."
http://www.washingtonpost.com/wp-dyn/content/article/2005/12/03/AR2005120300087.html
http://www.smartcomputing.com/editorial/article.asp?article=articles/2003/s1407/38s07/38s07.asp
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
You got some of the infections but you did not get it all. I do not know if I can restore the Desktop or not, I will give you what I have before we finish.
Please follow these instructions carefully:
1) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.
2) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
3) Start > Control Panel > Add Remove programs and uninstall:
PuritySCAN By OIN, OIN, OuterInfo, Ipwindows or any other program you know does not belong there. If you have a problem with the junk, you can try this uninstaller:
UNINSTALLER
http://www.outerinfo.com/OiUninstaller.exe
TUTORIAL
http://www.outerinfo.com/howto.html
4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O2 - BHO: (no name) - {08C134D3-087C-4139-A98C-3A078358DFDE} - C:\WINDOWS\system32\gebxxxu.dll (file missing)
O2 - BHO: (no name) - {B3BE5337-BA6A-412A-80EE-9EA86BC3DAF0} - C:\WINDOWS\system32\pmkjh.dll (file missing)
O2 - BHO: (no name) - {EE74DF46-091B-42DF-8F2D-4D617EAE54B9} - C:\WINDOWS\system32\pmkjj.dll (file missing)
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\ljsfiqwf.dll",realset
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O20 - Winlogon Notify: pmkjh - C:\WINDOWS\system32\pmkjh.dll (file missing)
Close all programs but HJT and all browser windows, then click on "Fix Checked"
5) RIGHT Click on Start then click on Explore. Locate and delete these items:
C:\WINDOWS\system32\ljsfiqwf.dll <<< delete that file
C:\Program Files\Ipwindows\ <<< delete that folder
(if that file gives you trouble use this tool and instructions)
How to use the Delete on Reboot tool
http://www.bleepingcomputer.com/tutorials/tutorial42.html#delreb
Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
6) Restart the computer and post a new HJT log. Let me know how the computer is running now.
Thanks
First I would just like to say thanks for the help. I did everything you asked however encountered a few problems. I did not see any of those programs under add/remove that were listed. I tried to see which ones were from out of the ordinary but found difficult due to the fact that I never really looked before and am not sure which ones came with the pc. A regards to the hijack this file I checked all appropriate boxes however I did not come across the file O20 - Winlogon Notify: pmkjh - C:\WINDOWS\system32\pmkjh.dll (file missing). After that I went to start/explore in attempt to remove the file
C:\WINDOWS\system32\ljsfiqwf.dll and the only thing that came up was the hijack this log. Was I supposed to delete it when it came up under search? And the other file C:\Program Files\Ipwindows\ under search said that It the file refers to a location that is unavailable.Itcould be on a hard drive on this computer or on a network check to make sure the disk is properly inserted or you are connected to the internet or network then try again if it still can not be located the information might have moved to a different location. Since I was unable to find both files I proceeded with the Atf cleaner where I did as was told. I restarted my computer and the message box RUNDLL error loading c:\windows\system32\ljsfiqwf.dll did not come up. However the other one still did qbupdate-unable to locate component This application was unable to start because MFC71.dll was not found. Then it says I might have to reinstall to fix problem. And desktop display still the same.
HjThis New Log
Logfile of HijackThis v1.99.1
Scan saved at 9:37:33 AM, on 6/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Max Crowder\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [XeroxRegistation] "C:\DOCUME~1\MAXCRO~1\LOCALS~1\Temp\Xerox\EReg\opbreg.exe" /Startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131996444921
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.94.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
How do I turn off the MCAfee so it will no longer run?
pskelley
2007-06-10, 19:58
1) You still have the updater for Network Accociates running? Is there a reason for this:
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
2) O4 - HKLM\..\Run: [XeroxRegistation] "C:\DOCUME~1\MAXCRO~1\LOCALS~1\Temp\Xerox\EReg\opbreg.exe" /Startup
This looks like a Xerox product that is trying to get you to register it, if it is registered, then delete this item.
3) Let's run another good scan to make sure nothing is hiding, please read and follow the directions:
Follow the directions in this link to run AVG Anti-Spyware, make sure you delete or quarantine anything it finds and save the scan report to post.
http://forums.security-central.us/showthread.php?t=3165
Post that scan report and let me know about the first two items.
Thanks
pskelley
2007-06-10, 20:08
How do I turn off the MCAfee so it will no longer run?
1) Disable the Service
Click Start > Run and type services.msc then OK
Scroll down to McAfee Framework Service and right click on it.
Click Properties and under Service Status click Stop, then under Startup Type change it to Disabled.
2) Follow the instructions at this link: http://www.bleepingcomputer.com/tutorials/tutorial42.html#HTProcessManager
Highlite this item: C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
and click on Kill Process
3) Navigate to this folder: C:\Program Files\Network Associates\ <<< delete that folder
Thanks
The first items I have no idea what they are. The second looks familiar.
Here is my scan report
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:57:18 AM 6/10/2007
+ Scan result:
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq147.tmp -> Adware.ZenoSearch : Cleaned.
C:\WINDOWS\system32\T6\amwr.exe -> Downloader.Agent.brf : Cleaned.
C:\WINDOWS\system32\T1QaSQ\T1QaSQ1065.exe -> Downloader.VB.awj : Cleaned.
C:\Program Files\King Solomons\Install.exe -> Heuristic.Win32.Dialer : Cleaned.
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned.
:mozilla.15:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.110:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.185:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.220:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.289:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.28:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.300:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.335:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.34:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.439:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.525:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.529:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.74:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.76:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Max Crowder\Cookies\max crowder@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq44.tmp -> TrackingCookie.2o7 : Cleaned.
:mozilla.469:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.53:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.54:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.55:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.56:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C.tmp -> TrackingCookie.Adbrite : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46.tmp -> TrackingCookie.Adbrite : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq60.tmp -> TrackingCookie.Adbrite : Cleaned.
:mozilla.66:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq47.tmp -> TrackingCookie.Addynamix : Cleaned.
:mozilla.633:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.634:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.635:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq61.tmp -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Max Crowder\Cookies\max crowder@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq48.tmp -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq49.tmp -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B.tmp -> TrackingCookie.Bfast : Cleaned.
:mozilla.581:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.597:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBC.tmp -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.117:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp -> TrackingCookie.Burstnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D.tmp -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.130:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\Max Crowder\Cookies\max crowder@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B.tmp -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.61:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq51.tmp -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq52.tmp -> TrackingCookie.Findwhat : Cleaned.
:mozilla.231:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.232:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.649:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.637:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.638:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.639:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.640:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.641:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.642:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.643:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.650:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.651:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.652:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.657:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.658:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.659:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.660:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.661:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.662:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.663:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.664:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.665:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq54.tmp -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.468:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Max Crowder\Cookies\max crowder@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.361:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.368:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.785:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.67:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.68:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.69:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.70:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp -> TrackingCookie.Pointroll : Cleaned.
:mozilla.389:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.390:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.391:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.412:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.413:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.414:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.415:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.416:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.417:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq56.tmp -> TrackingCookie.Realmedia : Cleaned.
:mozilla.685:C:\Documents and Settings\Max Crowder\Application
Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.421:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.422:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.423:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.424:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.425:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.426:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.427:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.428:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.429:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.582:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq63.tmp -> TrackingCookie.Revsci : Cleaned.
:mozilla.182:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.183:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.184:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F.tmp -> TrackingCookie.Ru4 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq57.tmp -> TrackingCookie.Searchingbooth : Cleaned.
:mozilla.116:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.446:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.447:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.448:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.449:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.450:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.463:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.464:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.465:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.466:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.467:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.62:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.63:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.64:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.65:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq58.tmp -> TrackingCookie.Specificclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq59.tmp -> TrackingCookie.Statcounter : Cleaned.
:mozilla.476:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.477:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.478:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.479:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.480:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.481:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.482:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.504:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.505:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.506:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.507:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.508:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.509:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.510:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.511:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.512:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.513:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.515:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5A.tmp -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.623:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5C.tmp -> TrackingCookie.Webtrends : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.574:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.575:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.576:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.577:C:\Documents and Settings\Max Crowder\Application Data\Mozilla\Firefox\Profiles\adhmtsw5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq45.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq64.tmp -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\system32\axlhihmn.exe -> Trojan.Agent.anr : Cleaned.
C:\WINDOWS\system32\lwykbimo.exe -> Trojan.Agent.anr : Cleaned.
::Report end
pskelley
2007-06-11, 00:45
Well, for starters AVG cleaned a lot of Firefox cookies you don't have to store anyway:
http://mozilla.gunnars.net/firefox_help_firefox_cookie_tutorial.html
http://privacy.getnetwise.org/browsing/tools/firefox1/ffdisablecookies
http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html
You are also storing nasty junk in the Yahoo quarantine folder, you need to clean that folder
C:\Program Files\Yahoo!\YPSR\Quarantine\ <<< delete the contents(NOT THE FOLDER)
It removed several trojans also, how about a fresh HJT log and some feedback about how the computer is running.
You can also clean the System Restore files right about now:
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam
And I might as well give you this information also:
AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
pskelley
2007-06-11, 00:52
Restore the Desktop: Some things you can try if you still have that issue.
1. Click Start, and then click Control Panel.
2. Double-click Display, click the Desktop tab, and then click Customize Desktop.
3. Select Restore Defaults
http://www.kellys-korner-xp.com/xp_tweaks.htm
http://www.onecomputerguy.com/desktop.htm
http://www.computerhope.com/issues/ch000593.htm
http://www.msfn.org/board/lofiversion/index.php/t21581.html
Hello Again,
Can you please tell me how to delete the quarantine files without deleting the folder. When I search for that file I get a lot of items found should I delete them all?? I tried the desktop restore am I supposed to restore after that because it still looks the same. Computer for the most part has came along way however when I am starting up I still get that same box qbupdate-unable to locate component This application was unable to start because MFC71.dll was not found. Then it says I might have to reinstall to fix problem. So those are my two main problems.
Logfile of HijackThis v1.99.1
Scan saved at 5:18:48 PM, on 6/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Max Crowder\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [XeroxRegistation] "C:\DOCUME~1\MAXCRO~1\LOCALS~1\Temp\Xerox\EReg\opbreg.exe" /Startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131996444921
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.94.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
pskelley
2007-06-11, 04:43
qbupdate-unable to locate component This application was unable to start because MFC71.dll was not found.
Have a look at this information:
http://www.microsoft.com/downloads/details.aspx?FamilyId=A05CE727-C5B5-4022-B7A0-D8861CE99209&displaylang=en
It looks like Computer Asscoiates supplies the antivirus program:
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
http://www.superadblocker.com/definition/ypsr/
Description of YPSR.EXE
Yahoo! Anti-Spy Application that is included with the Yahoo! Toolbar
I give up on this one, I do not use Yahoo and never will, all I can suggest is that you try to contact Yahoo for information. According to the pathway:
C:\Program Files\Yahoo!\YPSR\Quarantine\ <<< that is supposed to be a folder where stuff is placed in quarantine.
I tried the desktop restore am I supposed to restore after that because it still looks the same.
Besides the one instructions I posted, there are four links with many possible suggestions. You can also ask for help here:
http://support.microsoft.com/
Thanks
I can not remove avg anti spyware
pskelley
2007-06-11, 14:41
Start > Control Panel > Add Remove Programs > Click on: AVG Anti-Spyware 7.5 then click on "Remove" and follow the instructions.
pskelley
2007-06-17, 22:03
As the problem appears to be resolved this topic has been closed.
If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.
Anyone else with similar problems please start a new topic.
Thanks...pskelley