Slow wireless connection

[cazua]

I had a slow wireless connection and I was referred to this section of the forum to get help to see if any malware is interfering my connection. The following is my log file. Help asap!

--------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:27:17 PM, on 4/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\Zhong Rong\Desktop\HijackThis\HijackThis.exe

O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTS...t_outline.html
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/.../GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1159495836466
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--------------------------------------------------------------------------

[cazua]

Bump!!!

[cazua]

Bump!!! Bump!!!

[LonnyRJones]

Hi cazua
Download Deckard's System Scanner (DSS) to your Desktop.Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized
   and extra.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your thread in the HijackThis Log Help Forum.
5. Please attach extra.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:

   C:\Deckard\System Scanner\extra.txt
   

3. Click Upload.

Post a log from one of the below free onlines scan


Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Pess "scan your PC now" allow the active x to install (if prompted)
Do a full scan > Click the my computer button
After the scan click see report then Save the report and post it back here please.
If you have problems read the FAQ http://www.pandasoftware.com/actives...q.asp?IdLang=2

Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!

• Follow the Instruction Here for installation.
• Accept the License Agreement.
• Once the ActiveX installs,Click Full System Scan
• Once the download completes,the scan will begin automatically.
• The scan will take some time to finish,so please be patient.
• When the scan completes, click the Automatic cleaning (recommended) button.
• Click the Show Report button and Copy&Paste the entire report in your next reply.

[cazua]

Quote:

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your thread in the HijackThis Log Help Forum.

This means that I create another thread?

[LonnyRJones]

Use this thread please

[cazua]

main.txt:

------------------------------------------------------------------------

Deckard's System Scanner v20070426.43
Run by Zhong Rong on 2007-05-02 at 06:34:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
12: 2007-05-01 22:34:41 UTC - RP142 - Deckard's System Scanner Restore Point
11: 2007-05-01 01:59:57 UTC - RP141 - System Checkpoint
10: 2007-04-29 17:29:25 UTC - RP140 - System Checkpoint
9: 2007-04-28 17:21:35 UTC - RP139 - System Checkpoint
8: 2007-04-27 14:30:03 UTC - RP138 - System Checkpoint


-- First Restore Point --
1: 2007-04-17 12:22:15 UTC - RP131 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Zhong Rong.exe) ------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:37:00 AM, on 5/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Zhong Rong\Desktop\dss.exe
C:\DOCUME~1\ZHONGR~1\Desktop\HIJACK~1\Zhong Rong.exe

O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTS...t_outline.html
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/.../GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1159495836466
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe


-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 drvmcdb - c:\windows\system32\drivers\drvmcdb.sys <Not Verified; VERITAS Software, Inc.; >
R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys
R1 ikhfile (File Security Kernel Anti-Spyware Driver) - c:\windows\system32\drivers\ikhfile.sys <Not Verified; PCTools Research Pty Ltd.; Spyware Doctor>
R1 ikhlayer (Kernel Anti-Spyware Driver) - c:\windows\system32\drivers\ikhlayer.sys <Not Verified; PCTools Research Pty Ltd.; Spyware Doctor>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R1 sscdbhk5 - c:\windows\system32\drivers\sscdbhk5.sys <Not Verified; VERITAS Software, Inc.; >
R1 ssrtln - c:\windows\system32\drivers\ssrtln.sys <Not Verified; VERITAS Software, Inc.; >
R1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys
R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TPPWR - c:\windows\system32\drivers\tppwr.sys <Not Verified; IBM Corp.; IBM ThinkPad Utility>
R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
R2 drvnddm - c:\windows\system32\drivers\drvnddm.sys <Not Verified; VERITAS Software, Inc.; >
R2 PMEM - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 tfsnboio - c:\windows\system32\dla\tfsnboio.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsncofs - c:\windows\system32\dla\tfsncofs.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsndrct - c:\windows\system32\dla\tfsndrct.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsndres - c:\windows\system32\dla\tfsndres.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnifs - c:\windows\system32\dla\tfsnifs.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnopio - c:\windows\system32\dla\tfsnopio.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnpool - c:\windows\system32\dla\tfsnpool.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnudf - c:\windows\system32\dla\tfsnudf.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnudfa - c:\windows\system32\dla\tfsnudfa.sys <Not Verified; VERITAS Software, Inc.; >
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>

S3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 QCONSVC - system32\qconsvc.exe
R2 RegSrvc - c:\windows\system32\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 StyleXPService - "c:\program files\tgtsoft\stylexp\stylexpservice.exe" <Not Verified; ; StyleXPService Module>

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Scheduled Tasks -------------------------------------------------------------

2006-09-20 06:26:54 314 --a------ C:\WINDOWS\Tasks\BMMTask.job


-- Files created between 2007-04-02 and 2007-05-02 -----------------------------

2007-05-01 22:29:41 0 dr-h----- C:\Documents and Settings\Zhong Rong\Recent
2007-04-15 16:19:51 0 d-------- C:\Program Files\Windows Live Safety Center
2007-04-08 22:10:59 0 d-------- C:\Program Files\iPod
2007-04-08 22:10:42 0 d-------- C:\Program Files\iTunes
2007-04-07 17:39:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-04-06 23:56:59 836 --a------ C:\WINDOWS\bthservsdp.dat
2007-04-02 18:34:36 0 d-------- C:\Program Files\SystemRequirementsLab
2007-04-02 18:33:18 0 d-------- C:\Documents and Settings\Zhong Rong\Application Data\SystemRequirementsLab


-- Find3M Report ---------------------------------------------------------------

2007-05-01 22:12:51 0 d-------- C:\Documents and Settings\Zhong Rong\Application Data\DMCache
2007-05-01 21:48:51 0 d-------- C:\Documents and Settings\Zhong Rong\Application Data\Skype
2007-04-29 19:19:00 0 d-------- C:\Program Files\Total Video Converter
2007-04-29 18:48:37 0 d-------- C:\Documents and Settings\Zhong Rong\Application Data\IDM
2007-04-29 15:34:38 0 d-------- C:\Documents and Settings\Zhong Rong\Application Data\uTorrent
2007-04-29 15:22:01 0 d-------- C:\Documents and Settings\Zhong Rong\Application Data\Babylon
2007-04-29 13:53:57 5 --a------ C:\WINDOWS\system32\SySCut.dat
2007-04-28 09:20:03 0 d-------- C:\Documents and Settings\Zhong Rong\Application Data\AVG7
2007-04-14 17:28:29 0 d-------- C:\Program Files\EvilLyrics
2007-04-08 22:07:13 0 d-------- C:\Program Files\QuickTime
2007-04-01 13:49:48 0 d-------- C:\Program Files\Spyware Doctor
2007-04-01 10:26:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-03-22 20:25:02 124928 -----n--- C:\WINDOWS\system32\prntvpt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-18 10:34:38 0 d-------- C:\Documents and Settings\Zhong Rong\Application Data\Screenshot Sender
2007-03-18 10:32:58 0 d-------- C:\Program Files\Messenger Plus! Live
2007-03-17 17:31:30 0 d-------- C:\Program Files\Common Files\SystemRequirementsLab
2007-03-17 17:31:30 0 d-------- C:\Documents and Settings\Zhong Rong\Application Data\System Requirements Lab
2007-03-15 08:50:28 0 d-------- C:\Program Files\Common Files\Ahead
2007-03-14 20:57:10 0 d-------- C:\Program Files\NCH Swift Sound
2007-03-14 16:15:16 0 d-------- C:\Documents and Settings\Zhong Rong\Application Data\Adobe
2007-03-14 16:02:38 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-03-14 15:55:10 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-12 09:55:08 0 d-------- C:\Program Files\Symantec
2007-03-12 09:54:52 0 d-------- C:\Program Files\Common Files\Symantec Shared


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{0055C089-8582-441B-A0BF-17B458C2A3A8} C:\Program Files\Internet Download Manager\IDMIECC.dll
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
{5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\system32\dla\tfswshx.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{B56A7D7D-6927-48C8-A975-17DF180C71AC} C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
{C333CF63-767F-4831-94AC-E683D962C63C} C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=""
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-05-02 at 06:37:45 ---------

------------------------------------------------------------------------




Panda ActiveScan-Free Scan Report:

------------------------------------------------------------------------


Incident Status Location

Adware:adware/windowenhancer Not disinfected c:\windows\system32\SBUtils
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-1.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-1.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-1.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-10.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-10.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-10.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-11.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-11.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-11.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-12.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-12.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-12.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-13.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-13.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-13.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-14.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-14.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-14.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-15.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-15.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-15.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-16.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-16.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-16.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-17.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-17.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-17.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-18.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-18.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-18.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-19.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-19.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-19.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-2.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-2.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-2.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-20.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-20.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-20.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-21.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-21.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-21.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-22.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-22.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-22.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-23.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-23.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-23.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-24.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-24.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-24.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-25.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-25.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-25.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-26.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-26.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-26.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-27.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-27.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-27.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-28.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-28.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-28.txt[.toplist.cz/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-29.txt[.realmedia.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-29.txt[.statcounter.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-29.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-3.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-3.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-3.txt[.toplist.cz/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-30.txt[.realmedia.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-30.txt[.statcounter.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-30.txt[.toplist.cz/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-31.txt[.bravenet.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-31.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-4.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-4.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-4.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-5.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-5.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-5.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-6.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-6.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-6.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-7.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-7.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-7.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-8.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-8.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-8.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-9.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-9.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies-9.txt[.toplist.cz/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies.txt[.go.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Zhong Rong\Application Data\Mozilla\Firefox\Profiles\7rw3vnv2.default\cookies.txt[searchportal.information.com/]

------------------------------------------------------------------------

[LonnyRJones]

c:\windows\system32\SBUtils < list the contents ?

I see memnants of Symantec, Possibly part of the problem.
http://basconotw.mvps.org/SymRem.htm
after running the utility there this item should be gone
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

Is it still present ?

[cazua]

Which link should I click after I visited http://basconotw.mvps.org/SymRem.htm?

[LonnyRJones]

Depends on what version or symantec you had
Check the sections after ** WARNING**

[cazua]

I've ran Norton_Removal_tool.exe, what's next?

[LonnyRJones]

Did you reboot afterward ?


Does this still show in a hijackthis log ?
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
If so go start run type in
sc delete CLTNetCnService
and press enter

are these folders still present ?
C:\Program Files\Symantec
C:\Program Files\Common Files\Symantec Shared
If so delete them

Is there any improvment in your connection

[cazua]

I've rebooted.

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

The above entry is gone.

"C:\Program Files\Symantec"
It was still present as I have PartitionMagic being installed, so I guess I do not have to delete it.

"C:\Program Files\Common Files\Symantec Shared"
Deleted this folder.

I think I have to wait for a few days to see the change in my connection.

[cazua]

Regarding "c:\windows\system32\SBUtils",


Common name: Windowhancer

Technical name: Adware/WindowEnhancer

Threat level: Low

Alias: SBWatchDog, SBWebCtl

Type: Spyware

Subtype: Adware

Effects: It collects information on Internet usage and the applications installed in the computer and uses it to display pop-up advertisements.


Affected platforms: Windows XP/2000/NT/ME/98/95


First detected on: June 20, 2004

Detection updated on: Dec. 26, 2006

In circulation? No

[LonnyRJones]

"Regarding "c:\windows\system32\SBUtils",

And the contents are ?

I dont think it was maleware/spyware/trojans, If your connection has not improved you should consider continuing in the
http://www.techsupportforum.com/netw...dsl-satellite/ section

[cazua]

ok then.

[LonnyRJones]

Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.

If you should need to post another log for the same PC let me know via a PM (personal message).