944,028 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > help with IE v6
Ad:
Permalink
Jun 27th, 2005
0

help with IE v6

Expand Post »
I have a fast dsl connection, but for some reason (presumably spyware) it's recently gone slow. Whenever I try to access a website, it usually says "connecting to host" or "waiting for host" in the status bar, and stays like that for a great while until the website starts to show. I downloaded Firefox, but it still takes long to bring up the website. Here's a logfile from HijackThis, hope someone out there can help.


Logfile of HijackThis v1.99.1
Scan saved at 2:46:38 PM, on 6/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\S3apphk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\surfmonkey\smproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = javascript:window.close()
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {4FA1766B-07EE-5651-C8D7-FCBCE42A8EE5} - C:\WINDOWS\apiva.dll (file missing)
O3 - Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: http://www.neededware.com
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/p...im/install.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_6.CAB
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_04) - http://online.ccsd.k12.co.us:8011/we...-1_4_1-win.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zum...ploader_v5.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.net/Installer/113/rssoft.cab
O20 - Winlogon Notify: Gunbotv7 - Gunbotv7.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Reputation Points: 10
Solved Threads: 0
Newbie Poster
bultoki is offline Offline
4 posts
since Jun 2005
Permalink
Jun 28th, 2005
0

Re: help with IE v6

Hi bultoki, welcome to DaniWeb

Scan with hijackthis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = javascript:window.close()
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: (no name) - {4FA1766B-07EE-5651-C8D7-FCBCE42A8EE5} - C:\WINDOWS\apiva.dll (file missing)
O3 - Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
Have hijackthis fix any of these O15 entries that you did not put in your Trusted Zone yourself --
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: http://www.neededware.com
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/...lim/install.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.c...sharingctrl.cab
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_6.CAB
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_04) - http://online.ccsd.k12.co.us:8011/w...e-1_4_1-win.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...StatsClient.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...pDownloader.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zu...aploader_v5.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar...ireShowdown.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.net/Installer/113/rssoft.cab
O20 - Winlogon Notify: Gunbotv7 - Gunbotv7.dll (file missing)

Close any open windows, other then hijackthis, before hitting Fix checked.

Go to C:\WINDOWS and delete apiva.dll

Do a search for neededware and delete any entries found.

Empty your Recycle Bin and reboot.

Close any open browser windows, scan with hijackthis, and post a new log please.
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004
Permalink
Jun 28th, 2005
0

Re: help with IE v6

Thanks. I deleted the selected entries, but I could not find "apiva.dll" or any "neededware" entries. Here is a fresh log:
*Note: I deleted the "O15 - Trusted Zone: *.frame.crazywinnings.com" entry, but for some reason it keeps coming back.


Logfile of HijackThis v1.99.1
Scan saved at 11:28:44 AM, on 6/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\S3apphk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\surfmonkey\smproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Reputation Points: 10
Solved Threads: 0
Newbie Poster
bultoki is offline Offline
4 posts
since Jun 2005
Permalink
Jun 29th, 2005
0

Re: help with IE v6

Download Ewido Security Suite from here:
http://fileforum.betanews.com/detail...e/1098736486/1

Install and update it, and then close the program (don't scan yet).

Disconnect from the net and reboot into Safe Mode.

Then run a full system scan with Ewido (note: you will be posting the log from this scan when back in normal mode).

Still in Safe Mode, scan with hijackthis and have it fix the following entries:

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: *.frame.crazywinnings.com

Empty your Recycle Bin and reboot normally.

Close any open browser windows, scan with hijackthis, and post a new log along with the Ewido log.
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004
Permalink
Jul 6th, 2005
0

Re: help with IE v6

Sorry it took me a while to reply. I have the ewido and HijackThis logs here. I forgot to delete the O9 entry on HJT, but I will do that soon.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:54:39 PM, 7/6/2005
+ Report-Checksum: C22D007D

+ Scan result:

:mozilla.8:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.9:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.10:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.12:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.13:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.14:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.15:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Mediaplex : Ignored
:mozilla.21:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.22:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.23:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.24:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.25:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.33:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.38:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Atdmt : Ignored
:mozilla.42:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.43:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.44:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.45:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.46:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.47:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.49:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.50:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.51:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
C:\Program Files\hijackthis\backups\backup-20050628-104005-386.dll -> Not-A-Virus.RiskWare.Downloader.PopCap.a : Ignored
C:\WINDOWS\_MSRSTRT.EXE -> Not-A-Virus.Tool.Reboot : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{38EA95B6-06DF-844E-6763-813A152D6F74} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4BB35A55-A91A-11CF-BA7C-00A0D1001A5A} -> Spyware.BonziBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{86E5D74F-02EB-11D3-A464-0080C858F182} -> Spyware.BonziBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{86E5D751-02EB-11D3-A464-0080C858F182} -> Spyware.BonziBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{6B1BE80A-567F-11D1-B652-0060976C699F} -> Spyware.BonziBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{AAB7FAED-91F8-4591-8E4C-9291D2B7F381} -> Spyware.BonziBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCAR -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-1270689400-4103935507-3403473811-1006\Software\Support Software -> Spyware.NetworkEssentials : Cleaned with backup
C:\Documents and Settings\Bong\Cookies\bong@ehg-nestleusainc.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Bong\Cookies\bong@hotbabes.com.19522.fb.dbbsrv[2].txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup
C:\Documents and Settings\Bong\Cookies\bong@programs.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Hahnbi\.jpi_cache\file\1.0\BlackBox.class-6b226ce5-2de5a93b.class -> Trojan.ClassLoader.c : Cleaned with backup
C:\Documents and Settings\Hahnbi\.jpi_cache\file\1.0\Dummy.class-7bd741bf-358478cc.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
C:\Documents and Settings\Hahnbi\.jpi_cache\file\1.0\VerifierBug.class-4115fd15-2f137b82.class -> Trojan.Byteverify : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.335:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
:mozilla.368:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.369:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.370:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.371:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.372:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.404:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.406:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.419:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.426:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.427:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.428:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.429:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.465:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Hahnbi\Cookies\hahnbi@ysbweb[1].txt -> Spyware.Cookie.Ysbweb : Cleaned with backup
C:\WINDOWS\AolCInUn.exe:wanjxn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\MPTBox.INI:yqihlf -> Backdoor.Small.dc : Cleaned with backup
C:\WINDOWS\MSVCP60.DLL:vebaeh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\opuc.dll:xmzdsz -> Spyware.OneMoreSearch : Cleaned with backup
C:\WINDOWS\tmpcpyis.bat -> Backdoor.AcidShiver : Cleaned with backup
C:\WINDOWS\twain.dll:tcmnim -> Spyware.OneMoreSearch : Cleaned with backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup


::Report End



Logfile of HijackThis v1.99.1
Scan saved at 1:56:39 PM, on 7/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Reputation Points: 10
Solved Threads: 0
Newbie Poster
bultoki is offline Offline
4 posts
since Jun 2005
Permalink
Jul 6th, 2005
0

Re: help with IE v6

Hi bultoki,

1. The HijackThis log you posted is from a scan done in Safe Mode. The ewido scan should have been Safe Mode, but we need a log from a HijackThis scan that's been done when booted into Windows normally.


2. Getting rid of the "crazywinnings" entry takes a little manual work; it will just keep returning if you try to fix it with HijackThis:

This procedure involves editing your Registry, so I would highly suggest making a backup of the Registry before performing any edits. Information on making a Registry/System State backup can be found here:
http://support.microsoft.com/default...b;en-us;322756

- First, remove the site from your Trusted Zone:
Start Internet Explorer, click Internet Options on the Tools menu, and then click the Security tab. Click Trusted Sites, and then click Sites. Click the "crazywinnings" site, and then click Remove.

- Click on the "Run..." option under your Start menu, type "regedit" (omit the quotes) in the resulting "Open:" window, and hit OK. This will open the Registry Editor program.

- In the editor, press F3 to bring up the Find window, type crazywinnings in the find box, and hit enter. There may be more than one "crazywinnings" entry, so you need to keep repeating the find until you get the message "finished searching through the registry". Delete all instances of "crazywinnings" entries you find.

Do not delete or modify anything else in the registry!!!
DMR
Team Colleague
Reputation Points: 221
Solved Threads: 369
Wombat At Large
DMR is offline Offline
6,439 posts
since Dec 2003
Permalink
Jul 7th, 2005
0

Re: help with IE v6

I deleted the "crazywinnings" entries from the registry, and it no longer appears in my trusted zone or in the HJT scan, but my internet browser still takes too much time "waiting for [host]..." or "connecting to [host]..." I've been able to slightly speed up my speed by setting Firefox as my default browser and under "about:config", I've set the "network.dns.disableIPv6" value to "true". However, other programs sometimes still take a while to connect to the host. I've attached a new HijackThis log, this time after rebooting windows normally.

Logfile of HijackThis v1.99.1
Scan saved at 11:38:15 AM, on 7/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\S3apphk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\surfmonkey\smproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Reputation Points: 10
Solved Threads: 0
Newbie Poster
bultoki is offline Offline
4 posts
since Jun 2005
Permalink
Jul 7th, 2005
0

Re: help with IE v6

Your log is essentially clean, but I'd suggest removing the SurfMonkey garbage using your Add/Remove Programs control panel. It's a *barf* *gack* "kid safe" content filtering program that Earthlink now bundles with their connection software.

You don't need it to connect/surf, and since it acts as a "traffic cop" between your computer and the Internet, analyzing your Internet communications, it may have at least something to do with the conneciton lags.
DMR
Team Colleague
Reputation Points: 221
Solved Threads: 369
Wombat At Large
DMR is offline Offline
6,439 posts
since Dec 2003

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: hijacked by Aurora (ABI) party poker and more
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: yazifind.com





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC