Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » Hijack This - It's Killing Me!

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

Hijack This - It's Killing Me!

Reply
Page 1 of 2 1 2
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 26-01-2007, 09:45 AM
Newbie
D-A-L Newbie
  
Join Date: Jan 2007
Posts: 14
yichung Is a beginner here at D-A-L
Exclamation Hijack This - It's Killing Me!
Hey all,

I just got this problem 2 nights ago. My laptop's pretty fast, it's a Toshiba 1.66GHz and 1Gig of Ram. I have 2 drives (C and E) and both have between 10-20 gig free space. I defrag, use spybot, windows defender and check for virus using McAffee quite regularly.

It's fast enough to run Windows Media Player (WMP), MSN messenger, IE explorer and many other programs at once. However that night, everything suddenly super slowed down. I knew something was wrong when my WMP started sputtering music instead of playing it. So I checked my task manager and I got something along the lines of this:

Iexplorer.exe running at about 100,000k of mem, wmplayer.exe usually about 50000k mem, msnmsgr.exe at about 70000k exe a few examples to boot. And the other background programs started at about 5000k mem. The largest being svchost.exe which goes between 50000 to 80000 k mem with about 1600 handles.

My WM Player actually SPUTTERS! Lol. It's quite crap. I can't do my work properly. I tried resetting CMOS and doing just about anything besides reformatting.

I followed the instructions on your Hijack This Log Post using the Adware programs and my hijack log is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 8:35:13 AM, on 1/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TweakNow PowerPack\TweakNow PowerPack\RAM_XP.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\Go ogleToolbarNotifier.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\TweakNow PowerPack\TweakNow PowerPack\RAM_XP.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxuk101KDGB
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe


I hope someone can help me out - I need my laptop to do some work.

Thanks so much for your time and consideration! I really really appreciate it.

Cheers!
YiChung
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 26-01-2007, 07:22 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Hijack This - It's Killing Me!
You may have security process dupication from three (3) vendors and/or uninstalled leftovers:

McAfee
Network Assoociates
Norton

If you are running more that one antivirus or firewall tool, there is going to be problems and issues. Pick one tool in each category and uninstall the rest, where applicable.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 26-01-2007, 09:12 PM
Newbie
D-A-L Newbie
  
Join Date: Jan 2007
Posts: 14
yichung Is a beginner here at D-A-L
Re: Hijack This - It's Killing Me!
I had all those 3 for awhile already....I disabled Norton though and I don't use it. I don't understand why it happened so suddenly.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 26-01-2007, 09:21 PM
Newbie
D-A-L Newbie
  
Join Date: Jan 2007
Posts: 14
yichung Is a beginner here at D-A-L
Re: Hijack This - It's Killing Me!
Oh and McAffee seems to come with the Network Associates.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 26-01-2007, 10:04 PM
Newbie
D-A-L Newbie
  
Join Date: Jan 2007
Posts: 14
yichung Is a beginner here at D-A-L
Re: Hijack This - It's Killing Me!
One of the programs that stand out the most is svchost.exe that has 1493 handles. In terms of handles, everything else is below 1000.

MSN messenger and IE explorer both take on average about 50000K of virtual memory. Even with just one window open, IE takes on about 70000K of CPU mem. Is this normal?

Cos' when I open WMPlayer and MSN and IE explorer together, I can't listen to music anymore...
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 27-01-2007, 06:08 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Hijack This - It's Killing Me!
Quote:
Oh and McAffee seems to come with the Network Associates.
So it seems. Please go into 'Add/Remove Programs' (Control Panel) and remove 'LiveUpdate' entry (leftover from NORTON). Post your latest HijackThis LOG, please.

Quote:
One of the programs that stand out the most is svchost.exe that has 1493 handles.
Where did you come up with that statistic? I'll compare them to my laptop.

Quote:
MSN messenger and IE explorer both take on average about 50000K of virtual memory. Even with just one window open, IE takes on about 70000K of CPU mem. Is this normal?
YES. On my PC IE = 96MB and explorer = 75MB.


Please look at (sort) the CPU column (Processes TAB in Task Manager) and report back anything that is using excessive CPU cycles. My dual core laptop is showing 74 processes, 9% cpu, and has a commit charge of 643m/3938m (2GB ram matched by 2GB of virtual memory). What are your numbers for these?
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 27-01-2007, 07:30 PM
Newbie
D-A-L Newbie
  
Join Date: Jan 2007
Posts: 14
yichung Is a beginner here at D-A-L
Re: Hijack This - It's Killing Me!
Hey Vincent,

Yep, have removed LiveUpdate.

Quote:
Quote:
One of the programs that stand out the most is svchost.exe that has 1493 handles.
Where did you come up with that statistic? I'll compare them to my laptop.
Well, I have been observing my Task Manager very very carefully for the past few days. And the svchost.exe is now running at about 40MB Virtual Mem but at 1.6k handles. Everything else is below 650 handles or so.

Here's a look at my latest HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:20:11 PM, on 1/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TweakNow PowerPack\TweakNow PowerPack\RAM_XP.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\Go ogleToolbarNotifier.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE
E:\Program Files\StrongDCCAM\StrongDCCAM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\TweakNow PowerPack\TweakNow PowerPack\RAM_XP.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Games\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\Go ogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxuk101KDGB
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe


Well...things are a bit better now. The computer is starting up a bit faster. However...I still can't play Windows Media Player while surfing the net with IE Explorer without my songs sputtering out like they are dying on me. Music...is pretty important to work.

What I did was I went to msconfig, went to the 'services' tab and disabled 'SSDP Discovery Service' which is some Plug and Play device. I read in somewhere that it's not very important but causes a slowdown. Right after, the usage on my CPU mem fell quite drastically. However, Virtual Mem is still relatively high...especially for IE Explorer which is about 70MB+.

Today I also started my laptop in Safe Mode and used Lavasoft Ad-Aware as well as Windows Defender to scan my laptop. Twice. It got rid of much more Adware than usual...but the problem where my WMP dies on me is pretty much the same. If I run it alone, the sound is alright. It's a bit jerky at the start but smoothens out eventually. It starts sputtering when I play it with my other programs like MSN Messenger, IE Explorer, Frontpage, etc.

As for from my Task Manager, the svchost still takes up 1400-1600 handles (is this normal at all?) and CPU usage at this very moment when nothing much is happening fluctuates between 1-10%. The graph shows quite a bit of fluctuations.

51 Processes running, Commit Charge of 354M/2444M.

As for Handles, total handles is 10462, 515 threads and 51 processes.

Commit charges (K), total is 361672, limit is 2502956 and peak is 1247188.

Physical Memory (K), total is 1038444, available is 784516 and system cache is 38828. (these are averages)

As for Kernel Memory (K), total is 62184, paged is 43468 and nonpaged is 18664.

CPU memory isn't so high now after disabling the PNP thingy...but computer is relatively still slow when I run more than 2 programs. It lags. Virtual memory for svchost.exe at this time is 40MB but will probably shoot higher when more programs are run. But the handle is still within the 1600 range.

What do you think, short of formatting my laptop? Things really were perfectly fine a few days ago...

Thanks
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 29-01-2007, 02:47 AM
Newbie
D-A-L Newbie
  
Join Date: Jan 2007
Posts: 14
yichung Is a beginner here at D-A-L
Re: Hijack This - It's Killing Me!
I tried restarting my laptop in Safe Mode and running AdAware, Spybot SND, Windows Defender and McAffee Virus Scan but besides deleting the Adwares, there doesn't seem to be any virus.

What could be the problem? The laptop's only half a year old, about, and it's a Toshiba.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 30-01-2007, 02:10 AM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Hijack This - It's Killing Me!
Quote:
Physical Memory (K), total is 1038444, available is 784516 and system cache is 38828. (these are averages)
This doesn't look right. I based this on my dual core laptop which has 2GB memory with only 1GB available. MY laptop is not doing anything extraordinary but is managing to easily use up 1GB of memory in use and a larger system cache. On your PC, only 256 MB appears to be in use (a very low number - barely enough to effectively run operating system processes) which would suggest that your PC must need to be swapping to disk excessively. Do you notice a lot of HDD light activity? I suspect that your multimedia activity certainly requires that you have more RAM memory is order for your PC to perform properly.


1600 handles for svchost.exe as well as most everthing else you have described is not unusual. I increasingly have my doubts that your issues are malware related. Wouldn't hurt to check further (see below).



We will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet. Accordingly, it is probably a good idea to print out the following directions or copy them to a text file on your desktop using NOTEPAD. Read these instructions carefully and feel free to ask if you're unsure about anything.




Download and install AVG Anti-Spyware 7.5 (AVG AS - formally known as Ewido anti-spyware 4.0 - uninstall any previous version first).
  • Click the Download BUTTON. On the next page click the Download now BUTTON.
  • Save and then install (Run) from the save location.
  • Open/Run AVG Anti-Spyware
  • Wait a few moments and AVG Anti-Spyware should Auto update itself (note date of last update). If it doesn't update, click the update ICON at top of screen:

    Quote:
  • Click on the Update now LINK at the top of the window
    • Click on the Start update button
    • Wait for the update to download and install
    		•
  • This is very important to get the LATEST updates.
  • Click on the Status ICON
    • Under "Your computers Security"
      Click change status on Resident shield to inactive (ONLY consider activation of that feature once you are clean)
  • Click on the Scanner ICON at the top of the window
  • Click on the Settings tab then select Recommended Actions and choose Quarantine
  • When updating has finished. Close AVG Anti-Spyware.



We will be using this tool in a later step.




Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________


Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware , and run a full scan:
  • Click on the default Status ICON and select the Scan now LINK.

    OR

  • Click on the Scanner ICON . Select the Scan TAB.

    • Select Complete System Scan. AVG Anti-Spyware will now begin to scan your system.

  • If AVG Anti-Spyware finds anything it will list them in the Preview WINDOW:
    • Make sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • Select Apply all actions at the bottom of the window (and the items found will be quarantined – and recoverable, if any items are needed back).

  • When the scan has completed, click on the Save Scan Report button and save the scan to your Desktop where it can be easily found.
  • Copy and paste the AVG Anti-Spyware scan results into your next post.
  • Close AVG Anti-Spyware.


REBOOT and Post your latest HijackThis log. And, let us know how your PC is now behaving – any changes in behavior.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 30-01-2007, 03:43 PM
Newbie
D-A-L Newbie
  
Join Date: Jan 2007
Posts: 14
yichung Is a beginner here at D-A-L
Re: Hijack This - It's Killing Me!
Here are the AVG Anti-Spyware scan results:


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:36:14 PM 1/30/2007

+ Scan result:



HKU\S-1-5-21-3304503652-202474595-1718036563-1006\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{C95FE080-8F5D-11D2-A20B-00AA003C157A} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-3304503652-202474595-1718036563-1006\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{F1FABE79-25FC-46DE-8C5A-2C6DB9D64333} -> Adware.Generic : Cleaned with backup (quarantined).
E:\Internet\Program\searchenginecommando\othercrac k\rp_Search_Engine_Commando_v3[1][1].x_crack.zip/sec_patch.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
E:\Internet\Program\searchenginecommando\othercrac k\sec_patch.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
E:\Internet\Program\searchenginecommando\searcheng inecommandov3.1crackrp\searchenginecommandov3.1cra ckrp.zip/sec_patch.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
E:\Internet\Program\searchenginecommando\searcheng inecommandov3.1crackrp\sec_patch.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
E:\Internet\Program\searchenginecommando\sec_patch .exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
:mozilla.205:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.105:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.106:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.107:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.108:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.109:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.110:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.345:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Damien Ng\Cookies\damien_ng@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Damien Ng\Cookies\damien_ng@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Damien Ng\Cookies\damien_ng@msnservices.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Damien Ng\Cookies\damien_ng@nba.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Damien Ng\Cookies\damien_ng@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.210:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.211:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.401:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.11:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.9:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Damien Ng\Cookies\damien_ng@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.112:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.113:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.114:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.115:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Damien Ng\Cookies\damien_ng@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.13:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.14:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.8:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\Damien Ng\Cookies\damien_ng@adviva[1].txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.93:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Damien Ng\Cookies\damien_ng@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.136:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.209:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.234:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.235:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Damien Ng\Cookies\damien_ng@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Damien Ng\Cookies\damien_ng@techrepublic.com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.12:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Damien Ng\Cookies\damien_ng@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.123:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.156:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.157:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.158:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.159:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.160:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.183:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.184:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.185:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.202:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.503:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.376:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Damien Ng\Cookies\damien_ng@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
:mozilla.383:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.384:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.385:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.386:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.387:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.483:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.484:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.485:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.486:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.487:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.476:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.111:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Damien Ng\Cookies\damien_ng@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.398:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.399:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.243:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.344:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.346:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.120:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.121:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.122:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.360:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.361:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.430:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.362:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.100:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.101:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.96:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.97:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.98:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.99:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Damien Ng\Cookies\damien_ng@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Damien Ng\Cookies\damien_ng@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.492:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.493:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.161:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.412:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.413:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Damien Ng\Cookies\damien_ng@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.155:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.169:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Damien Ng\Cookies\damien_ng@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.196:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.197:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.198:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.199:C:\Documents and Settings\Damien Ng\Application Data\Mozilla\Firefox\Profiles\47ltsxzo.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help! I'm killing too many trees!! LaGatoBlanco General Internet Issues and Questions 3 17-04-2007 02:15 PM
HJT log posted.. pop ups are killing me! jordanfsu Spyware, Adware, Viruses and HijackThis Logs 1 13-04-2007 02:32 AM
Updates killing my Processor PlatinumMoto Windows XP Help 34 05-04-2006 10:04 PM
Web pop-ups killing performance equackenbush Spyware, Adware, Viruses and HijackThis Logs 1 06-04-2005 09:00 PM
Error Message is killing me. Larryc69 Windows XP Help 18 12-11-2004 04:44 PM


All times are GMT +1. The time now is 10:26 AM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav