help with IE v6

Reply

Join Date: Jun 2005
Posts: 4
Reputation: bultoki is an unknown quantity at this point 
Solved Threads: 0
bultoki bultoki is offline Offline
Newbie Poster

help with IE v6

 
0
  #1
Jun 27th, 2005
I have a fast dsl connection, but for some reason (presumably spyware) it's recently gone slow. Whenever I try to access a website, it usually says "connecting to host" or "waiting for host" in the status bar, and stays like that for a great while until the website starts to show. I downloaded Firefox, but it still takes long to bring up the website. Here's a logfile from HijackThis, hope someone out there can help.


Logfile of HijackThis v1.99.1
Scan saved at 2:46:38 PM, on 6/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\S3apphk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\surfmonkey\smproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = javascript:window.close()
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {4FA1766B-07EE-5651-C8D7-FCBCE42A8EE5} - C:\WINDOWS\apiva.dll (file missing)
O3 - Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: http://www.neededware.com
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/p...im/install.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_6.CAB
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_04) - http://online.ccsd.k12.co.us:8011/we...-1_4_1-win.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zum...ploader_v5.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.net/Installer/113/rssoft.cab
O20 - Winlogon Notify: Gunbotv7 - Gunbotv7.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Reply With Quote Quick reply to this message  
Join Date: Jul 2004
Posts: 2,964
Reputation: dlh6213 is on a distinguished road 
Solved Threads: 210
Team Colleague
dlh6213 dlh6213 is offline Offline
Posting Maven

Re: help with IE v6

 
0
  #2
Jun 28th, 2005
Hi bultoki, welcome to DaniWeb

Scan with hijackthis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = javascript:window.close()
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: (no name) - {4FA1766B-07EE-5651-C8D7-FCBCE42A8EE5} - C:\WINDOWS\apiva.dll (file missing)
O3 - Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
Have hijackthis fix any of these O15 entries that you did not put in your Trusted Zone yourself --
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: http://www.neededware.com
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/...lim/install.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.c...sharingctrl.cab
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_6.CAB
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_04) - http://online.ccsd.k12.co.us:8011/w...e-1_4_1-win.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...StatsClient.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...pDownloader.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zu...aploader_v5.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar...ireShowdown.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.net/Installer/113/rssoft.cab
O20 - Winlogon Notify: Gunbotv7 - Gunbotv7.dll (file missing)

Close any open windows, other then hijackthis, before hitting Fix checked.

Go to C:\WINDOWS and delete apiva.dll

Do a search for neededware and delete any entries found.

Empty your Recycle Bin and reboot.

Close any open browser windows, scan with hijackthis, and post a new log please.
Links to help you help yourself :

Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html

Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html

Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Reply With Quote Quick reply to this message  
Join Date: Jun 2005
Posts: 4
Reputation: bultoki is an unknown quantity at this point 
Solved Threads: 0
bultoki bultoki is offline Offline
Newbie Poster

Re: help with IE v6

 
0
  #3
Jun 28th, 2005
Thanks. I deleted the selected entries, but I could not find "apiva.dll" or any "neededware" entries. Here is a fresh log:
*Note: I deleted the "O15 - Trusted Zone: *.frame.crazywinnings.com" entry, but for some reason it keeps coming back.


Logfile of HijackThis v1.99.1
Scan saved at 11:28:44 AM, on 6/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\S3apphk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\surfmonkey\smproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Reply With Quote Quick reply to this message  
Join Date: Jul 2004
Posts: 2,964
Reputation: dlh6213 is on a distinguished road 
Solved Threads: 210
Team Colleague
dlh6213 dlh6213 is offline Offline
Posting Maven

Re: help with IE v6

 
0
  #4
Jun 29th, 2005
Download Ewido Security Suite from here:
http://fileforum.betanews.com/detail...e/1098736486/1

Install and update it, and then close the program (don't scan yet).

Disconnect from the net and reboot into Safe Mode.

Then run a full system scan with Ewido (note: you will be posting the log from this scan when back in normal mode).

Still in Safe Mode, scan with hijackthis and have it fix the following entries:

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: *.frame.crazywinnings.com

Empty your Recycle Bin and reboot normally.

Close any open browser windows, scan with hijackthis, and post a new log along with the Ewido log.
Reply With Quote Quick reply to this message  
Join Date: Jun 2005
Posts: 4
Reputation: bultoki is an unknown quantity at this point 
Solved Threads: 0
bultoki bultoki is offline Offline
Newbie Poster

Re: help with IE v6

 
0
  #5
Jul 6th, 2005
Sorry it took me a while to reply. I have the ewido and HijackThis logs here. I forgot to delete the O9 entry on HJT, but I will do that soon.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:54:39 PM, 7/6/2005
+ Report-Checksum: C22D007D

+ Scan result:

:mozilla.8:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.9:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.10:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.12:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.13:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.14:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.15:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Mediaplex : Ignored
:mozilla.21:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.22:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.23:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.24:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.25:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.33:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.38:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Atdmt : Ignored
:mozilla.42:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.43:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.44:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.45:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.46:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.47:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.49:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.50:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.51:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
C:\Program Files\hijackthis\backups\backup-20050628-104005-386.dll -> Not-A-Virus.RiskWare.Downloader.PopCap.a : Ignored
C:\WINDOWS\_MSRSTRT.EXE -> Not-A-Virus.Tool.Reboot : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{38EA95B6-06DF-844E-6763-813A152D6F74} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4BB35A55-A91A-11CF-BA7C-00A0D1001A5A} -> Spyware.BonziBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{86E5D74F-02EB-11D3-A464-0080C858F182} -> Spyware.BonziBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{86E5D751-02EB-11D3-A464-0080C858F182} -> Spyware.BonziBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{6B1BE80A-567F-11D1-B652-0060976C699F} -> Spyware.BonziBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{AAB7FAED-91F8-4591-8E4C-9291D2B7F381} -> Spyware.BonziBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCAR -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-1270689400-4103935507-3403473811-1006\Software\Support Software -> Spyware.NetworkEssentials : Cleaned with backup
C:\Documents and Settings\Bong\Cookies\bong@ehg-nestleusainc.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Bong\Cookies\bong@hotbabes.com.19522.fb.dbbsrv[2].txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup
C:\Documents and Settings\Bong\Cookies\bong@programs.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Hahnbi\.jpi_cache\file\1.0\BlackBox.class-6b226ce5-2de5a93b.class -> Trojan.ClassLoader.c : Cleaned with backup
C:\Documents and Settings\Hahnbi\.jpi_cache\file\1.0\Dummy.class-7bd741bf-358478cc.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
C:\Documents and Settings\Hahnbi\.jpi_cache\file\1.0\VerifierBug.class-4115fd15-2f137b82.class -> Trojan.Byteverify : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.335:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
:mozilla.368:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.369:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.370:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.371:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.372:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.404:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.406:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.419:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.426:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.427:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.428:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.429:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.465:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Hahnbi\Cookies\hahnbi@ysbweb[1].txt -> Spyware.Cookie.Ysbweb : Cleaned with backup
C:\WINDOWS\AolCInUn.exe:wanjxn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\MPTBox.INI:yqihlf -> Backdoor.Small.dc : Cleaned with backup
C:\WINDOWS\MSVCP60.DLL:vebaeh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\opuc.dll:xmzdsz -> Spyware.OneMoreSearch : Cleaned with backup
C:\WINDOWS\tmpcpyis.bat -> Backdoor.AcidShiver : Cleaned with backup
C:\WINDOWS\twain.dll:tcmnim -> Spyware.OneMoreSearch : Cleaned with backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup


::Report End



Logfile of HijackThis v1.99.1
Scan saved at 1:56:39 PM, on 7/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Reply With Quote Quick reply to this message  
Join Date: Dec 2003
Posts: 6,439
Reputation: DMR will become famous soon enough DMR will become famous soon enough 
Solved Threads: 362
Team Colleague
DMR's Avatar
DMR DMR is offline Offline
Wombat At Large

Re: help with IE v6

 
0
  #6
Jul 6th, 2005
Hi bultoki,

1. The HijackThis log you posted is from a scan done in Safe Mode. The ewido scan should have been Safe Mode, but we need a log from a HijackThis scan that's been done when booted into Windows normally.


2. Getting rid of the "crazywinnings" entry takes a little manual work; it will just keep returning if you try to fix it with HijackThis:

This procedure involves editing your Registry, so I would highly suggest making a backup of the Registry before performing any edits. Information on making a Registry/System State backup can be found here:
http://support.microsoft.com/default...b;en-us;322756

- First, remove the site from your Trusted Zone:
Start Internet Explorer, click Internet Options on the Tools menu, and then click the Security tab. Click Trusted Sites, and then click Sites. Click the "crazywinnings" site, and then click Remove.

- Click on the "Run..." option under your Start menu, type "regedit" (omit the quotes) in the resulting "Open:" window, and hit OK. This will open the Registry Editor program.

- In the editor, press F3 to bring up the Find window, type crazywinnings in the find box, and hit enter. There may be more than one "crazywinnings" entry, so you need to keep repeating the find until you get the message "finished searching through the registry". Delete all instances of "crazywinnings" entries you find.

Do not delete or modify anything else in the registry!!!
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing

Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.

However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Reply With Quote Quick reply to this message  
Join Date: Jun 2005
Posts: 4
Reputation: bultoki is an unknown quantity at this point 
Solved Threads: 0
bultoki bultoki is offline Offline
Newbie Poster

Re: help with IE v6

 
0
  #7
Jul 7th, 2005
I deleted the "crazywinnings" entries from the registry, and it no longer appears in my trusted zone or in the HJT scan, but my internet browser still takes too much time "waiting for [host]..." or "connecting to [host]..." I've been able to slightly speed up my speed by setting Firefox as my default browser and under "about:config", I've set the "network.dns.disableIPv6" value to "true". However, other programs sometimes still take a while to connect to the host. I've attached a new HijackThis log, this time after rebooting windows normally.

Logfile of HijackThis v1.99.1
Scan saved at 11:38:15 AM, on 7/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\S3apphk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\surfmonkey\smproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Reply With Quote Quick reply to this message  
Join Date: Dec 2003
Posts: 6,439
Reputation: DMR will become famous soon enough DMR will become famous soon enough 
Solved Threads: 362
Team Colleague
DMR's Avatar
DMR DMR is offline Offline
Wombat At Large

Re: help with IE v6

 
0
  #8
Jul 7th, 2005
Your log is essentially clean, but I'd suggest removing the SurfMonkey garbage using your Add/Remove Programs control panel. It's a *barf* *gack* "kid safe" content filtering program that Earthlink now bundles with their connection software.

You don't need it to connect/surf, and since it acts as a "traffic cop" between your computer and the Internet, analyzing your Internet communications, it may have at least something to do with the conneciton lags.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing

Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.

However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Other Threads in the Viruses, Spyware and other Nasties Forum


Views: 1531 | Replies: 7
Thread Tools Search this Thread



Tag cloud for Viruses, Spyware and other Nasties
acrobat adobe adware anti-virussitesaccessissue antivirus apple audio avg botnet censorship combofix commercials conficker connect crosssitescripting cyber cyberwarfare ddos domains e-mafia education email europe explorer facebook gaming google gtaiv gumblar halloween herss.exe hosting ie8 internet iphone kaspersky legal links logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news norton obama onlinethreats paedophile panel patch pdf phishing police privacy pro problem redirect redirecting reliability report research risk samhain sans scareware school search security sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen threat translate trojan unabletoaccessanti-virussites unwanted usa virus viruses vista volume vulnerability war warning web windows worm yahoo zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC