Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Logfile - Any Help?


  • This topic is locked This topic is locked
7 replies to this topic

#1 Numag

Numag

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 13 March 2006 - 05:55 AM

Hi there... I use spybot/adware/noadware and I cant seem to stop the popups! Spybot reports HUNTBAR which I cant get rid of! I have now tried HiJackThis to get to the root of the problem... but although quite good on the computer, I'm a bit nervous to get rid of anything. Any advice would be appreciated. Oh, I also hear my PC beep every now and again... any ideas on that one? Here is my HijackThis log file

Thanks
Chris

Logfile of HijackThis v1.99.1
Scan saved at 10:46:34, on 13/03/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\mgabg.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\WINNT\system32\PDesk\PDesk.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\SBLive2k\Program\CTAvTray.EXE
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\n?lookup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\updtray.exe
C:\PROGRA~1\SKS~1\msdtc.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Chris\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {340B672D-AFBC-A730-90AF-F68AABA1AECB} - C:\WINNT\system32\ilgif.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {340B672D-AFBC-A730-90AF-F68AABA1AECB} - C:\WINNT\system32\ilgif.dll
O2 - BHO: (no name) - {7B051D3D-89D8-8177-A5C1-876DD446B7C4} - C:\WINNT\system32\mof.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {CAAC251C-BE82-B756-A4AF-E3CB5F995895} - C:\WINNT\system32\gdc.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAvTray] C:\Program Files\Creative\SBLive2k\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program Files\Creative\SBLive2k\Program\CTAvStub.EXE EAX.AVI
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SureCleanProfessional] "C:\PROGRA~1\PANICW~1\SURECL~1\SRClean.exe"
O4 - HKCU\..\Run: [Jjnw] C:\WINNT\system32\n?lookup.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Ooba] "C:\PROGRA~1\SKS~1\msdtc.exe" -vt ndrv
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: Enable Wireless Optical Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122371619373
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{81046D22-D4D2-44EB-BA90-2E3D8B1AA644}: NameServer = 212.135.1.36,195.40.1.36
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF6F01A9-8F4E-45C2-94A8-D2FF1F041C5B}: NameServer = 212.135.1.36,195.40.1.36
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

BC AdBot (Login to Remove)

 


#2 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 PM

Posted 14 March 2006 - 08:03 AM

Hello Chris and welcome to the forum. You do have an assortment of nasties, including this piece of junk: http://research.sunbelt-software.com/threa...&threatid=10115
Sometimes it can be tricky to remove. Please read this information: http://sarc.com/avcenter/venc/data/adware.purityscan.html then download and run the uninstaller within the link.

This program: C:\Program Files\AdwareAlert\AdwareAlert.Exe was just removed from the rouge product list and I still do not suggest it. http://castlecops.com/startuplist-9265.html
My suggestion would be to remove it in Add Remove programs, then when you are clean, consider this one: http://russelltexas.com/malware/defender.htm

Then let's do this in the posted order:

1) ewido scan:
Please download Ewido Security Suite it is a trial version of the program.
  • Install ewido security suite
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.**
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")

2) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {340B672D-AFBC-A730-90AF-F68AABA1AECB} - C:\WINNT\system32\ilgif.dll
O2 - BHO: (no name) - {340B672D-AFBC-A730-90AF-F68AABA1AECB} - C:\WINNT\system32\ilgif.dll
O2 - BHO: (no name) - {7B051D3D-89D8-8177-A5C1-876DD446B7C4} - C:\WINNT\system32\mof.dll (file missing)
O2 - BHO: (no name) - {CAAC251C-BE82-B756-A4AF-E3CB5F995895} - C:\WINNT\system32\gdc.dll
O4 - HKCU\..\Run: [Jjnw] C:\WINNT\system32\n?lookup.exe

Close all programs but HJT and all browser windows, then click on "Fix Checked"

3) Enable hidden files&folders..reverse the process when finished.
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\WINNT\system32\n?lookup.exe >>> file (this is PurityScan and it may be gone, the ? will be another letter or number, if you are in doubt, right click and look at the properties, needs to be deleted if it is there)

C:\Windows\Prefetch\ >>> delete the contents (NOT THE FOLDER)
Prefetch info: http://www.windowsnetworking.com/articles_...refetch-XP.html

If you don't have a good cleaner, use this one with these instuctions:
Download CCleaner from this link: http://www.ccleaner.com/ Review the instructions http://www.ccleaner.com/help/tour1.asp
Run CCleaner, Windows & Applications when you run the registry cleaner (Issues) you will be prompted to backup before you can remove stuff, make sure you do.

Restart the computer and post the ewido scan results, a new HJT log and any feedback you think will help.

Make sure this information is valid for you: http://www.whois.sc/212.135.1.36

Thanks...pskelley
BleepingComputer

Edited by pskelley, 14 March 2006 - 08:04 AM.

MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#3 Numag

Numag
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 14 March 2006 - 04:11 PM

WOW... Thanks for the response... very detailed indeed!

I didn't necesserily find all the files or keys to delete, but 99% was cool and I got thru it OK... EWIDO took ages to run, but i expect it will be worth it!

Here are the ewido scan results and the HJT log....

Logfile of HijackThis v1.99.1
Scan saved at 21:05:06, on 14/03/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINNT\system32\mgabg.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINNT\system32\devldr32.exe
C:\WINNT\system32\PDesk\PDesk.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\SBLive2k\Program\CTAvTray.EXE
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\updtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\internat.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Chris\HijackThis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O2 - BHO: (no name) - {CAAC251C-BE82-B756-A4AF-E3CB5F995895} - C:\WINNT\system32\gdc.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAvTray] C:\Program Files\Creative\SBLive2k\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program Files\Creative\SBLive2k\Program\CTAvStub.EXE EAX.AVI
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SureCleanProfessional] "C:\PROGRA~1\PANICW~1\SURECL~1\SRClean.exe"
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless

Keyboard\Magickey.exe
O4 - Global Startup: Enable Wireless Optical Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless

Mouse\MouseAp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program

Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program

Files\Hello\PicasaCapture.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) -

http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdat...b?1122371619373
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -

http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{81046D22-D4D2-44EB-BA90-2E3D8B1AA644}: NameServer =

212.135.1.36,195.40.1.36
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF6F01A9-8F4E-45C2-94A8-D2FF1F041C5B}: NameServer =

212.135.1.36,195.40.1.36
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. -

C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido

anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido

anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. -

C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. -

C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. -

C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. -

C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

------

and the ewido log

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 20:27:38, 14/03/2006
+ Report-Checksum: B92322C1

+ Scan result:

HKLM\SOFTWARE\BTIEIN -> Adware.WebSearch : Error during cleaning
HKLM\SOFTWARE\BTIEIN\BTIEIN -> Adware.WebSearch : Error during cleaning
HKLM\SOFTWARE\BTIEIN\BTIEIN\taskcache -> Adware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Adware.WebSearch : Cleaned with backup
[208] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[228] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[256] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[268] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[448] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[472] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[528] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[568] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[580] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[616] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[648] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[708] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[624] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[820] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[876] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[984] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[1000] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[1012] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[1128] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[756] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[1032] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[1392] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[1188] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[1472] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[1484] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[1492] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[1512] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[1560] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[1568] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[1628] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[1652] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[1668] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[1676] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[1712] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[1704] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[1748] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[1816] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[1828] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[1872] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[1864] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[1940] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[1088] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[952] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[944] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[2160] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[2280] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[640] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
[2272] C:\WINNT\system32\gdc.dll -> Adware.PurityScan : Cleaned with backup
C:\Documents and Settings\cm.turner\Cookies\cm.turner@122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\cm.turner\Cookies\cm.turner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\cm.turner\Cookies\cm.turner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Program Files\NoAdware4\__delete_on_reboot__noadwareutils.dll -> Adware.WebRebates : Cleaned with backup
C:\WINNT\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup
C:\WINNT\system32\gdc.dll -> Adware.PurityScan : Cleaned with backup
C:\WINNT\system32\ilgif.dll -> Adware.PurityScan : Cleaned with backup
C:\WINNT\system32\oins.exe -> Adware.MediaTickets : Cleaned with backup
C:\WINNT\system32\uwpwfnj.dll -> Adware.PurityScan : Cleaned with backup


::Report End

---


Let me know what u think and thanks again!
Chris

#4 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 PM

Posted 14 March 2006 - 05:02 PM

Hi Chris, I have a couple of problems keeping me from proceeding.

1) You appear to have "word wrap" turned on in notepad and my scanner needs a single spaced log like you posted first. Turn off "word wrap" under Format and post a new log that is single spaced like you posted the first one.

2) 208] C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Error during cleaning
Did you purchase this program? It seems it has picked up some Adware.WebRebates an it must be in quarantine or somewhere within the program where ewido could not remove it. I want you to read a few comments about that program:
http://castlecops.com/r286-NoAdware.html
http://castlecops.com/reviews-117.html

This is what I would like you to do. Start > Control Panel > Add Remove programs

If you did not pay for these programs, uninstall them. If you do not see them there, let me know.

C:\Program Files\NoAdware4\

C:\Program Files\AdwareAlert\

After you uninstall them and I will give you better free programs when you are clean, restart the computer and run another ewido scan which should have none of the Adware.WebRebates because that should go with the uninstall. Since you know how ewido works now, set it to remove what it finds automatically.

Post the new HJT log with "word wrap" turned off and the ewido scan report. Review all information from my last instructions and comment were you should.

Like let me know about things like this:

Make sure this information is valid for you: http://www.whois.sc/212.135.1.36



Thanks
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#5 Numag

Numag
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 15 March 2006 - 03:05 PM

Hi there... In have changed the word wrap accordingly.. :-)

I did purchase the Noadware program... but I have now uninstalled it... what a waste of money that was! It did nothing to help! AdwareAlert I don't know anything about it and cant find any files or folders for it. Ad-Aware yes, but not AdwareAlert.

Please let me know which are better programs... That will be gr8!

Here is the Ewido report... its looking better for sure! :-)

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 19:38:01, 15/03/2006
+ Report-Checksum: 36AF0A4D

+ Scan result:

HKLM\SOFTWARE\BTIEIN -> Adware.WebSearch : Error during cleaning
HKLM\SOFTWARE\BTIEIN\BTIEIN -> Adware.WebSearch : Error during cleaning
HKLM\SOFTWARE\BTIEIN\BTIEIN\taskcache -> Adware.WebSearch : Error during cleaning


::Report End

---

Here is the HJT report...

Logfile of HijackThis v1.99.1
Scan saved at 19:51:32, on 15/03/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINNT\system32\mgabg.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\WINNT\system32\PDesk\PDesk.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\SBLive2k\Program\CTAvTray.EXE
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\updtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Chris\HijackThis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {CAAC251C-BE82-B756-A4AF-E3CB5F995895} - C:\WINNT\system32\gdc.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAvTray] C:\Program Files\Creative\SBLive2k\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program Files\Creative\SBLive2k\Program\CTAvStub.EXE EAX.AVI
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SureCleanProfessional] "C:\PROGRA~1\PANICW~1\SURECL~1\SRClean.exe"
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: Enable Wireless Optical Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122371619373
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{81046D22-D4D2-44EB-BA90-2E3D8B1AA644}: NameServer = 212.135.1.36,195.40.1.36
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF6F01A9-8F4E-45C2-94A8-D2FF1F041C5B}: NameServer = 212.135.1.36,195.40.1.36
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

---

The http://www.whois.sc/212.135.1.36 is from Easynet, which i cancelled with UKONLINE service provider I think... They failed to even respond to my email or phone calls...


inetnum: 212.135.0.0 - 212.135.1.255
netname: EASYNET-BL-BACKBONE-SERVICES
descr: Brick Lane Backbone and Core Servics
country: GB
admin-c: EH92-RIPE
tech-c: EH92-RIPE
status: ASSIGNED PA
mnt-by: EASYNET-UK-MNT
source: RIPE # Filtered


Since the past log, I have noted some Microsoft updates which I do regular anyway... not sure if thats relivent....

thanks for your help! U guys are gr8!

Chris

#6 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 PM

Posted 15 March 2006 - 04:09 PM

Thanks for that new HJT log. Looks like that junk was in the NoAdware program, I will post links to better free software as soon as we have you clean.

I Checked this number with Sam Spade and it returned this: http://www.samspade.org/t/lookat?a=195.40.1.36 which is richelieu.ns.easynet.net and I would say you can remove those lines if you are sure they have nothing to do with who is providing internet service now. How about giving them a call first to make sure. Here are the lines:
O17 - HKLM\System\CCS\Services\Tcpip\..\{81046D22-D4D2-44EB-BA90-2E3D8B1AA644}: NameServer = 212.135.1.36,195.40.1.36
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF6F01A9-8F4E-45C2-94A8-D2FF1F041C5B}: NameServer = 212.135.1.36,195.40.1.36
Just give them the information and they will be able to tell you if you can remove those lines


Logfile of HijackThis v1.99.1 Scan saved at 19:51:32, on 15/03/2006

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

(this line must have gotten missed last time around, make sure you check it)
O2 - BHO: (no name) - {CAAC251C-BE82-B756-A4AF-E3CB5F995895} - C:\WINNT\system32\gdc.dll (file missing)
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
(above is old sound card registration reminder)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

Enable hidden files&folders..reverse the process when finished.
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\WINNT\Updreg.exe >>> file

C:\Program Files\AdwareAlert\ >>> folder

Chris, I want to make sure you ran "Issues" in CCleaner, it may well remove these registry entries for you:
HKLM\SOFTWARE\BTIEIN -> Adware.WebSearch : Error during cleaning
HKLM\SOFTWARE\BTIEIN\BTIEIN -> Adware.WebSearch : Error during cleaning
HKLM\SOFTWARE\BTIEIN\BTIEIN\taskcache -> Adware.WebSearch : Error during cleaning
I believe they are old registry entries that are harmless, but try this:
Open CCleaner, make sure you update it as a new verion was just released. Then click on Issues on your left and make sure all items to scan for are checked. Now click "Scan for Issues"
CCleaner will find stuff, look to see if it found those lines, then click on "Fix selected issues". A popup at that point will remind you to make a backup, make sure you do. Have it placed on your Desktop, and delete it after a few days.

Post a new HJT log along with your comments, tell me how the computer is running.

And yes, Microsoft just released updates on Tuesday, if you are on autoupdates you should have them by now.

Thanks...Phil

Edited by pskelley, 15 March 2006 - 04:12 PM.

MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#7 Numag

Numag
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 15 March 2006 - 06:58 PM

Hi Phil

I have removed

O17 - HKLM\System\CCS\Services\Tcpip\..\{81046D22-D4D2-44EB-BA90-2E3D8B1AA644}: NameServer = 212.135.1.36,195.40.1.36
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF6F01A9-8F4E-45C2-94A8-D2FF1F041C5B}: NameServer = 212.135.1.36,195.40.1.36

No probs there...

I was able to delete C:\WINNT\Updreg.exe but C:\Program Files\AdwareAlert\ >>> folder was not found at all as before

CCleaner found lots of stuff which i backed up as u recommended to desktop... there were no entries for the BTIEIN stuff tho that I could see.

I rebooted and the new HJT log is

Logfile of HijackThis v1.99.1
Scan saved at 23:49:28, on 15/03/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINNT\system32\mgabg.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINNT\system32\devldr32.exe
C:\WINNT\system32\PDesk\PDesk.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\SBLive2k\Program\CTAvTray.EXE
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\Creative\SBLive2k\Launcher\TaskGuide\updtray.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\notepad.exe
C:\Chris\HijackThis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTAvTray] C:\Program Files\Creative\SBLive2k\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program Files\Creative\SBLive2k\Program\CTAvStub.EXE EAX.AVI
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: Enable Wireless Optical Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122371619373
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
---

Although u didnt ask for it, I did try the EWIDO scan again quick and the BTIEIN problems are still shown there... As u say, these may be old entries from long ago. I remember dealing with this over a year ago I think.. Perhaps nothing more to worry about.

My computer 'seems' to be running gr8! So far so good... I cant believe how much quicker it is actually! No POPUPS at all!!! This has been gr8 Phil... Thanks so much!

Let me know your comments and what to do next.... :-) U guys will have my donation NO PROBLEM! I just wish I hadn't wasted my money on some other programs!

Chris

#8 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 PM

Posted 15 March 2006 - 07:31 PM

Hi Chris, Your HJT log is looking good so here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://boards.cexx.org/viewtopic.php?t=957
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

I am a volunteer but I am sure Grinler can find a use for a donation if you are so inclined.

The AdawareAlert must have been just the line in the HJT log, it is no longer there. I think you can forget those registry lines unless you want to edit the registry to kill them. If there ever cause you a problem, find my name and send me a PM and I will PM you a free registry cleaner with instructions for using it.

ewido is a great program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Safe surfing...Phil

Thanks...pskelley
BleepingComputer
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

You will see this in the links above, but besides your av and firewall, I suggest these free programs:
SpywareBlaster
http://www.bleepingcomputer.com/tutorials/use-spywareblaster-to-protect-your-computer/
SpywareGuard:
http://www.bleepingcomputer.com/tutorials/use-spywareguard-to-protect-your-computer/
IE-Spyad
http://www.bleepingcomputer.com/tutorials/using-ie-spyad-to-enhance-your-privacy/
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users