Member Avatar for bultoki

I have a fast dsl connection, but for some reason (presumably spyware) it's recently gone slow. Whenever I try to access a website, it usually says "connecting to host" or "waiting for host" in the status bar, and stays like that for a great while until the website starts to show. I downloaded Firefox, but it still takes long to bring up the website. Here's a logfile from HijackThis, hope someone out there can help.


Logfile of HijackThis v1.99.1
Scan saved at 2:46:38 PM, on 6/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\S3apphk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\surfmonkey\smproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = javascript:window.close()
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {4FA1766B-07EE-5651-C8D7-FCBCE42A8EE5} - C:\WINDOWS\apiva.dll (file missing)
O3 - Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: http://www.neededware.com
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/partners/aolim/install.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_6.CAB
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_04) - http://online.ccsd.k12.co.us:8011/webapps/client-lib/j2re-1_4_1-win.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.net/Installer/113/rssoft.cab
O20 - Winlogon Notify: Gunbotv7 - Gunbotv7.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

  • 3 Contributors
  • 7 Replies
  • 161 Views
  • 1 Week Discussion Span
  • Latest Post Latest Post by DMR

Recommended Answers

All 7 Replies

Member Avatar for dlh6213

Hi bultoki, welcome to DaniWeb :D

Scan with hijackthis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = javascript:window.close()
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: (no name) - {4FA1766B-07EE-5651-C8D7-FCBCE42A8EE5} - C:\WINDOWS\apiva.dll (file missing)
O3 - Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
Have hijackthis fix any of these O15 entries that you did not put in your Trusted Zone yourself --
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: http://www.neededware.com
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/...lim/install.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.c...sharingctrl.cab
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_6.CAB
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_04) - http://online.ccsd.k12.co.us:8011/w...e-1_4_1-win.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...StatsClient.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...pDownloader.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zu...aploader_v5.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar...ireShowdown.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.net/Installer/113/rssoft.cab
O20 - Winlogon Notify: Gunbotv7 - Gunbotv7.dll (file missing)

Close any open windows, other then hijackthis, before hitting Fix checked.

Go to C:\WINDOWS and delete apiva.dll

Do a search for neededware and delete any entries found.

Empty your Recycle Bin and reboot.

Close any open browser windows, scan with hijackthis, and post a new log please.

Member Avatar for bultoki

Thanks. I deleted the selected entries, but I could not find "apiva.dll" or any "neededware" entries. Here is a fresh log:
*Note: I deleted the "O15 - Trusted Zone: *.frame.crazywinnings.com" entry, but for some reason it keeps coming back.


Logfile of HijackThis v1.99.1
Scan saved at 11:28:44 AM, on 6/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\S3apphk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\surfmonkey\smproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Member Avatar for dlh6213

Download Ewido Security Suite from here:
http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1

Install and update it, and then close the program (don't scan yet).

Disconnect from the net and reboot into Safe Mode.

Then run a full system scan with Ewido (note: you will be posting the log from this scan when back in normal mode).

Still in Safe Mode, scan with hijackthis and have it fix the following entries:

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: *.frame.crazywinnings.com

Empty your Recycle Bin and reboot normally.

Close any open browser windows, scan with hijackthis, and post a new log along with the Ewido log.

Member Avatar for bultoki

Sorry it took me a while to reply. I have the ewido and HijackThis logs here. I forgot to delete the O9 entry on HJT, but I will do that soon.

---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:          1:54:39 PM, 7/6/2005
 + Report-Checksum:     C22D007D

 + Scan result:

    :mozilla.8:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
    :mozilla.9:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
    :mozilla.10:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
    :mozilla.12:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
    :mozilla.13:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
    :mozilla.14:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
    :mozilla.15:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Mediaplex : Ignored
    :mozilla.21:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
    :mozilla.22:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
    :mozilla.23:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
    :mozilla.24:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
    :mozilla.25:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
    :mozilla.33:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
    :mozilla.38:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Atdmt : Ignored
    :mozilla.42:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
    :mozilla.43:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
    :mozilla.44:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
    :mozilla.45:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
    :mozilla.46:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
    :mozilla.47:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
    :mozilla.49:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
    :mozilla.50:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
    :mozilla.51:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
    C:\Program Files\hijackthis\backups\backup-20050628-104005-386.dll -> Not-A-Virus.RiskWare.Downloader.PopCap.a : Ignored
    C:\WINDOWS\_MSRSTRT.EXE -> Not-A-Virus.Tool.Reboot : Ignored
    HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{38EA95B6-06DF-844E-6763-813A152D6F74} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{4BB35A55-A91A-11CF-BA7C-00A0D1001A5A} -> Spyware.BonziBuddy : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{86E5D74F-02EB-11D3-A464-0080C858F182} -> Spyware.BonziBuddy : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{86E5D751-02EB-11D3-A464-0080C858F182} -> Spyware.BonziBuddy : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{6B1BE80A-567F-11D1-B652-0060976C699F} -> Spyware.BonziBuddy : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{AAB7FAED-91F8-4591-8E4C-9291D2B7F381} -> Spyware.BonziBuddy : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCAR -> Spyware.CometCursor : Cleaned with backup
    HKU\S-1-5-21-1270689400-4103935507-3403473811-1006\Software\Support Software -> Spyware.NetworkEssentials : Cleaned with backup
    C:\Documents and Settings\Bong\Cookies\bong@ehg-nestleusainc.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Bong\Cookies\bong@hotbabes.com.19522.fb.dbbsrv[2].txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup
    C:\Documents and Settings\Bong\Cookies\bong@programs.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
    C:\Documents and Settings\Hahnbi\.jpi_cache\file\1.0\BlackBox.class-6b226ce5-2de5a93b.class -> Trojan.ClassLoader.c : Cleaned with backup
    C:\Documents and Settings\Hahnbi\.jpi_cache\file\1.0\Dummy.class-7bd741bf-358478cc.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
    C:\Documents and Settings\Hahnbi\.jpi_cache\file\1.0\VerifierBug.class-4115fd15-2f137b82.class -> Trojan.Byteverify : Cleaned with backup
    :mozilla.7:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.48:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.52:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.53:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.54:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.55:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.56:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.57:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.58:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.59:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.60:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.61:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.62:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.63:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.64:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.65:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.66:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.67:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.68:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.69:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.70:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.71:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.72:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.73:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.74:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.75:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.76:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.77:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.78:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.79:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.80:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.81:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.82:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.83:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.84:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.85:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.86:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.87:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.88:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.89:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.90:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.116:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.120:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    :mozilla.121:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    :mozilla.123:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.124:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.125:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.126:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.127:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.164:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
    :mozilla.166:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.167:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.168:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.169:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.170:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.171:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.172:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.177:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.178:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.179:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.180:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.181:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.182:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.242:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.243:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.244:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.248:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
    :mozilla.277:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
    :mozilla.280:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
    :mozilla.282:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
    :mozilla.283:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
    :mozilla.284:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
    :mozilla.285:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
    :mozilla.295:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    :mozilla.307:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.308:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.309:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    :mozilla.322:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
    :mozilla.323:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
    :mozilla.331:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    :mozilla.332:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    :mozilla.333:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    :mozilla.334:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    :mozilla.335:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
    :mozilla.336:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
    :mozilla.368:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.369:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.370:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.371:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.372:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.404:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.406:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.419:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    :mozilla.426:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.427:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.428:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.429:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.465:C:\Documents and Settings\Hahnbi\Application Data\Mozilla\Firefox\Profiles\5kwqk77q.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
    C:\Documents and Settings\Hahnbi\Cookies\hahnbi@ysbweb[1].txt -> Spyware.Cookie.Ysbweb : Cleaned with backup
    C:\WINDOWS\AolCInUn.exe:wanjxn -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\MPTBox.INI:yqihlf -> Backdoor.Small.dc : Cleaned with backup
    C:\WINDOWS\MSVCP60.DLL:vebaeh -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\opuc.dll:xmzdsz -> Spyware.OneMoreSearch : Cleaned with backup
    C:\WINDOWS\tmpcpyis.bat -> Backdoor.AcidShiver : Cleaned with backup
    C:\WINDOWS\twain.dll:tcmnim -> Spyware.OneMoreSearch : Cleaned with backup
    C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
    C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
    C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup


::Report End



Logfile of HijackThis v1.99.1
Scan saved at 1:56:39 PM, on 7/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.xanga.com[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Edited by mike_2000_17 because: Fixed formatting
Member Avatar for DMR

Hi bultoki,

1. The HijackThis log you posted is from a scan done in Safe Mode. The ewido scan should have been Safe Mode, but we need a log from a HijackThis scan that's been done when booted into Windows normally.


2. Getting rid of the "crazywinnings" entry takes a little manual work; it will just keep returning if you try to fix it with HijackThis:

This procedure involves editing your Registry, so I would highly suggest making a backup of the Registry before performing any edits. Information on making a Registry/System State backup can be found here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;322756

- First, remove the site from your Trusted Zone:
Start Internet Explorer, click Internet Options on the Tools menu, and then click the Security tab. Click Trusted Sites, and then click Sites. Click the "crazywinnings" site, and then click Remove.

- Click on the "Run..." option under your Start menu, type "regedit" (omit the quotes) in the resulting "Open:" window, and hit OK. This will open the Registry Editor program.

- In the editor, press F3 to bring up the Find window, type crazywinnings in the find box, and hit enter. There may be more than one "crazywinnings" entry, so you need to keep repeating the find until you get the message "finished searching through the registry". Delete all instances of "crazywinnings" entries you find.

Do not delete or modify anything else in the registry!!!

Member Avatar for bultoki

I deleted the "crazywinnings" entries from the registry, and it no longer appears in my trusted zone or in the HJT scan, but my internet browser still takes too much time "waiting for [host]..." or "connecting to [host]..." I've been able to slightly speed up my speed by setting Firefox as my default browser and under "about:config", I've set the "network.dns.disableIPv6" value to "true". However, other programs sometimes still take a while to connect to the host. I've attached a new HijackThis log, this time after rebooting windows normally.

Logfile of HijackThis v1.99.1
Scan saved at 11:38:15 AM, on 7/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\S3apphk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\surfmonkey\smproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Member Avatar for DMR

Your log is essentially clean, but I'd suggest removing the SurfMonkey garbage using your Add/Remove Programs control panel. It's a *barf* *gack* "kid safe" content filtering program that Earthlink now bundles with their connection software.

You don't need it to connect/surf, and since it acts as a "traffic cop" between your computer and the Internet, analyzing your Internet communications, it may have at least something to do with the conneciton lags.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.