Hijack This log for About:Blank issues on Win98 (Resolved)

  1. 29-08-2004  #1
    barclaju
    barclaju is offline Newbie

    Hijack This log for About:Blank issues on Win98 (Resolved)

    I've tried Spybot, Ad-aware, cwshredder, Norton, BHODemon, and PestPatrol and I can't remove the about:blank hijack. Below is my Hijack This log.PLease help before I throw my computer out the window:

    Logfile of HijackThis v1.98.2
    Scan saved at 8:13:06 AM, on 8/29/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATI2PLAB.EXE
    C:\WINDOWS\SYSTEM\ATIPTAAB.EXE
    C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
    C:\WINDOWS\DOCKAPP.EXE
    C:\PROGRAM FILES\INTUIT\QAGENT\QAGENT.EXE
    C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
    C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
    C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
    C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
    C:\WINDOWS\SYSTEM\MRTMNGR.EXE
    C:\PROGRAM FILES\ORINOCO\CLIENT MANAGER\CMLUC.EXE
    C:\QUICKENW\QWDLLS.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\BHODEMON 2\BHODEMON.EXE
    C:\PROGRAM FILES\NETSHOW SERVICES\TOOLS\REXPROXY.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
    R3 - Default URLSearchHook is missing
    O2 - BHO: WnBrowserHelperObj Class - {058FC709-D5CD-4A95-92DB-59E6488ECDA4} - C:\PROGRAM FILES\AT&T\BBCLIENT\PROGRAMS\SABHO.DLL (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {A46367A5-F944-11D8-B1B9-0000DF9FB39C} - C:\WINDOWS\SYSTEM\AHMBGA.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ATIPOLAB] ati2plab.exe
    O4 - HKLM\..\Run: [AtiPTA] Atiptaab.exe
    O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [BayMgr] DockApp.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
    O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE
    O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.EX E -r
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: ORiNOCO Client Manager.lnk = C:\Program Files\ORiNOCO\Client Manager\CMLUC.EXE
    O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
    O4 - Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
    O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
    O4 - Global Startup: NetShow PowerPoint Helper.lnk = C:\Program Files\NetShow Services\Tools\nsppthlp.exe
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Dell Home - {FC8FE0E0-6F54-11D3-B1B4-00104B9FF9ED} - http://www.dell.com/ (file missing) (HKCU)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
    O16 - DPF: {9F6D8A59-DD92-499D-944A-38FDB2CE46FF} (Napster download control v2.0) - http://sms.napster.com/client/plugin/npdownload.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O18 - Filter: text/html - {A46367A4-F944-11D8-B1B9-0000B0D31607} - C:\WINDOWS\SYSTEM\AHMBGA.DLL
    O18 - Filter: text/plain - {A46367A4-F944-11D8-B1B9-0000B0D31607} - C:\WINDOWS\SYSTEM\AHMBGA.DLL

  3. 30-08-2004  #2
    HJThis
    HJThis is offline Senior Member
    Hello,barclaju

    Download StartDreck from here.
    http://www.niksoft.at/download/startdreck.htm
    Unzip to its own folder and start the program:

    Press 'Config'
    Press 'Unmark All'

    Check the following boxes only:
    Registry -> Run Keys
    System/drivers> Running processes

    Press 'Ok'. Press 'Save' and select the location to save the log file (default is the same folder as the application). Post the log in this thread please.

    HGD
  4. 30-08-2004  #3
    barclaju
    barclaju is offline Newbie
    HJThis:

    Thanks again for your help. Below is the StartDreck log you requested. I'll wait for further instructions. -- barclaju

    StartDreck (build 2.1.7 public stable) - 2004-08-30 @ 18:30:05 (GMT -04:00)
    Platform: Windows 98 SE (Win 4.10.2222 A)
    Internet Explorer: 6.0.2800.1106
    Logged in as Default at V83F7

    »Registry
    »Run Keys
    »Current User
    »Run
    »RunOnce
    »Default User
    »Run
    »RunOnce
    »Local Machine
    »Run
    *ScanRegistry=c:\windows\scanregw.exe /autorun
    *TaskMonitor=c:\windows\taskmon.exe
    *SystemTray=SysTray.Exe
    *ATIPOLAB=ati2plab.exe
    *AtiPTA=Atiptaab.exe
    *Ati2cwxx=Ati2cwxx.exe
    *SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    *SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    *BayMgr=DockApp.exe
    *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *VsEcomrEXE=C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
    *QAGENT=C:\Program Files\Intuit\QAgent\QAGENT.EXE
    *AdaptecDirectCD="c:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    *tgcmd="C:\Program Files\Support.com\bin\tgcmd.exe" /server
    *QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    *CriticalUpdate=c:\windows\SYSTEM\wucrtupd.exe -startup
    *Symantec Core LC=C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    *ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    *PestPatrol Control Center=C:\PROGRA~1\PESTPA~1\PPControl.exe
    *PPMemCheck=C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    *CookiePatrol=C:\PROGRA~1\PESTPA~1\CookiePatrol.ex e
    *CreateCD50=C:\PROGRA~1\COMMON~1\ADAPTE~1\CREATECD \CREATE~1.EXE -r
    +OptionalComponents
    +IMAIL
    *Installed=1
    +MAPI
    *NoChange=1
    *Installed=1
    +MAPI
    *NoChange=1
    *Installed=1
    »RunOnce
    »RunServices
    *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *SchedulingAgent=mstask.exe
    *McAfeeWebScanX=C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
    *ScriptBlocking="C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    *ccEvtMgr="C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    *ccSetMgr="C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    »RunServicesOnce
    **uvfn=rundll32 C:\WINDOWS\SYSTEM\HLPIN.DLL,StreamingDeviceSetup
    »RunOnceEx
    »RunServicesOnceEx
    »Files
    »System/Drivers
    »Running Processes
    +FFEF6613=C:\WINDOWS\SYSTEM\KERNEL32.DLL
    +FFFEA633=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    +FFFEAE2B=C:\WINDOWS\SYSTEM\SPOOL32.EXE
    +FFFE86B3=C:\WINDOWS\SYSTEM\MPREXE.EXE
    +FFFE671F=C:\WINDOWS\SYSTEM\MSTASK.EXE
    +FFFD87AF=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    +FFFCBDB3=C:\WINDOWS\RUNDLL32.EXE
    +FFFC9EA3=C:\WINDOWS\SYSTEM\mmtask.tsk
    +FFFCC33B=C:\WINDOWS\SYSTEM\RPCSS.EXE
    +FFFC7CBF=C:\WINDOWS\EXPLORER.EXE
    +FFFB186B=C:\WINDOWS\TASKMON.EXE
    +FFFCF5C7=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    +FFFD1963=C:\WINDOWS\SYSTEM\ATI2PLAB.EXE
    +FFFC3D0F=C:\WINDOWS\SYSTEM\ATIPTAAB.EXE
    +FFFBFFFB=C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
    +FFFA3B9F=C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
    +FFF99EF7=C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
    +FFFAA42F=C:\WINDOWS\DOCKAPP.EXE
    +FFFA33EB=C:\PROGRAM FILES\INTUIT\QAGENT\QAGENT.EXE
    +FFF9C9DB=C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
    +FFFD7103=C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
    +FFF90827=C:\WINDOWS\SYSTEM\QTTASK.EXE
    +FFFD55CB=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    +FFE7214F=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    +FFFA640B=C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
    +FFF8126F=C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
    +FFFAFC8F=C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
    +FFE7A717=C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
    +FFE66CAF=C:\WINDOWS\SYSTEM\MRTMNGR.EXE
    +FFE628EF=C:\PROGRAM FILES\ORINOCO\CLIENT MANAGER\CMLUC.EXE
    +FFE710FB=C:\WINDOWS\SYSTEM\DDHELP.EXE
    +FFE6DFEF=C:\QUICKENW\QWDLLS.EXE
    +FFE7466B=C:\PROGRAM FILES\BHODEMON 2\BHODEMON.EXE
    +FFF8E24B=C:\WINDOWS\SYSTEM\WMIEXE.EXE
    +FFE5D8FB=C:\PROGRAM FILES\NETSHOW SERVICES\TOOLS\REXPROXY.EXE
    +FFFB1003=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    +FFE2A183=C:\UNZIPPED\STARTDRECK\STARTDRECK.EXE
    »Application specific
  5. 30-08-2004  #4
    HJThis
    HJThis is offline Senior Member
    Hi,barclaju

    Great work now do this here

    Download Win98Fix.zip from here.
    http://www10.brinkster.com/expl0iter...ast/pvtool.htm

    Unzip to its own folder. Open Folder and double click on RunFix.reg file. Hit 'Yes' to merge it into your registry. Restart your computer. The bad file should now be visible so you can delete it.

    Browse to C:\WINDOWS\SYSTEM\HLPIN.DLL then delete it. Rescan with HJT and post a new log when done.

    HGD
  6. 31-08-2004  #5
    barclaju
    barclaju is offline Newbie
    Hello HJThis:

    You seem busy today with all your posts -- like a digital crime fighter. Anyway, I'm getting a "The page cannot be found" message from the Win98Fix.zip link. This that the correct link or am I doing something wrong -- just double-click the hotlink?

    Thank. barclaju
  7. 31-08-2004  #6
    HJThis
    HJThis is offline Senior Member
    Hi,barclaju

    Sorry about that sometimes that site just gos
    let me see if i can find it be back soon

    Ok see if this works
    http://www10.brinkster.com/expl0iter...F/Win98fix.zip

    HGD
    Last edited by HJThis; 31-08-2004 at 03:28 AM.
  8. 31-08-2004  #7
    barclaju
    barclaju is offline Newbie
    Thanks for the PM. New log after deleting HLPIN.DLL:

    Logfile of HijackThis v1.98.2
    Scan saved at 11:07:33 PM, on 8/30/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATI2PLAB.EXE
    C:\WINDOWS\SYSTEM\ATIPTAAB.EXE
    C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
    C:\WINDOWS\DOCKAPP.EXE
    C:\PROGRAM FILES\INTUIT\QAGENT\QAGENT.EXE
    C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
    C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
    C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
    C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
    C:\WINDOWS\SYSTEM\MRTMNGR.EXE
    C:\PROGRAM FILES\ORINOCO\CLIENT MANAGER\CMLUC.EXE
    C:\QUICKENW\QWDLLS.EXE
    C:\PROGRAM FILES\NETSHOW SERVICES\TOOLS\REXPROXY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\BHODEMON 2\BHODEMON.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
    R3 - Default URLSearchHook is missing
    O2 - BHO: WnBrowserHelperObj Class - {058FC709-D5CD-4A95-92DB-59E6488ECDA4} - C:\PROGRAM FILES\AT&T\BBCLIENT\PROGRAMS\SABHO.DLL (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {A46367A5-F944-11D8-B1B9-0000DF9FB39C} - C:\WINDOWS\SYSTEM\AHMBGA.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ATIPOLAB] ati2plab.exe
    O4 - HKLM\..\Run: [AtiPTA] Atiptaab.exe
    O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [BayMgr] DockApp.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
    O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE
    O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.EX E -r
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: ORiNOCO Client Manager.lnk = C:\Program Files\ORiNOCO\Client Manager\CMLUC.EXE
    O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
    O4 - Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
    O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
    O4 - Global Startup: NetShow PowerPoint Helper.lnk = C:\Program Files\NetShow Services\Tools\nsppthlp.exe
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Dell Home - {FC8FE0E0-6F54-11D3-B1B4-00104B9FF9ED} - http://www.dell.com/ (file missing) (HKCU)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
    O16 - DPF: {9F6D8A59-DD92-499D-944A-38FDB2CE46FF} (Napster download control v2.0) - http://sms.napster.com/client/plugin/npdownload.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O18 - Filter: text/html - {A46367A4-F944-11D8-B1B9-0000B0D31607} - C:\WINDOWS\SYSTEM\AHMBGA.DLL
    O18 - Filter: text/plain - {A46367A4-F944-11D8-B1B9-0000B0D31607} - C:\WINDOWS\SYSTEM\AHMBGA.DLL
  9. 31-08-2004  #8
    HJThis
    HJThis is offline Senior Member
    Hi,barclaju

    We will be doing this from Safe Mode

    Boot to safe mode: Instructions here

    Make sure you can view hidden and system files: Instructions here

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    R3 - Default URLSearchHook is missing

    O2 - BHO: WnBrowserHelperObj Class - {058FC709-D5CD-4A95-92DB-59E6488ECDA4} - C:\PROGRAM FILES\AT&T\BBCLIENT\PROGRAMS\SABHO.DLL (file missing)
    O2 - BHO: (no name) - {A46367A5-F944-11D8-B1B9-0000DF9FB39C} - C:\WINDOWS\SYSTEM\AHMBGA.DLL

    O18 - Filter: text/html - {A46367A4-F944-11D8-B1B9-0000B0D31607} - C:\WINDOWS\SYSTEM\AHMBGA.DLL
    O18 - Filter: text/plain - {A46367A4-F944-11D8-B1B9-0000B0D31607} - C:\WINDOWS\SYSTEM\AHMBGA.DLL

    Delete the following files\folders IF still present:

    C:\WINDOWS\SYSTEM\AHMBGA.DLL<---This file

    Then do this here

    click start->settings->control panel->internet options->programs tab->RESET WEB SETTINGS

    That will change everything back to defaults (M$)......

    Change your homepage and search engines to whatever you wish and reset your pc.

    When it boots back up, open IE and see if the page stays the way that you set it.

    & run new scan show us a new Logfile

    HGD
  10. 31-08-2004  #9
    barclaju
    barclaju is offline Newbie
    Hello HGD:

    So far, so good. Hard to imagine life w/o a:b! FYI, as you suspected, I couldn't find C:\WINDOWS\SYSTEM\AHMBGA.DLL, but below is a new HJThis log. Thanks again, please let me know if there are additional steps.


    Logfile of HijackThis v1.98.2
    Scan saved at 12:43:27 AM, on 8/31/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATI2PLAB.EXE
    C:\WINDOWS\SYSTEM\ATIPTAAB.EXE
    C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
    C:\WINDOWS\DOCKAPP.EXE
    C:\PROGRAM FILES\INTUIT\QAGENT\QAGENT.EXE
    C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
    C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
    C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
    C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
    C:\WINDOWS\SYSTEM\MRTMNGR.EXE
    C:\PROGRAM FILES\ORINOCO\CLIENT MANAGER\CMLUC.EXE
    C:\QUICKENW\QWDLLS.EXE
    C:\PROGRAM FILES\NETSHOW SERVICES\TOOLS\REXPROXY.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\BHODEMON 2\BHODEMON.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ATIPOLAB] ati2plab.exe
    O4 - HKLM\..\Run: [AtiPTA] Atiptaab.exe
    O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [BayMgr] DockApp.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
    O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE
    O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.EX E -r
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: ORiNOCO Client Manager.lnk = C:\Program Files\ORiNOCO\Client Manager\CMLUC.EXE
    O4 - Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
    O4 - Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
    O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
    O4 - Global Startup: NetShow PowerPoint Helper.lnk = C:\Program Files\NetShow Services\Tools\nsppthlp.exe
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Dell Home - {FC8FE0E0-6F54-11D3-B1B4-00104B9FF9ED} - http://www.dell.com/ (file missing) (HKCU)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
    O16 - DPF: {9F6D8A59-DD92-499D-944A-38FDB2CE46FF} (Napster download control v2.0) - http://sms.napster.com/client/plugin/npdownload.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
  11. 31-08-2004  #10
    HJThis
    HJThis is offline Senior Member
    Save 20% on AVG Internet Security 2012 Suite!
    Hi,barclaju

    Yes if you don't have these tools here you
    should get them & use them helps to have them

    IE-SPYAD| IE-SPYAD is a Registry file (IE-ADS.REG) that adds a long list of known advertisers, marketers,pushers to the Restricted sites zone of Internet Explorer. Once IE-ADS.REG is "merged" into your Registry, most direct marketers and pushers will not be able to resort to their usual "tricks" (e.g., cookies, scripts, popups, et al) in order to monitor and track your behavior while you surf the Net.


    SpywareBlaster| doesn't clean and scan for spyware it-prevents it from ever being installed..


    SpywareGuard| provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.


    MRU-BLASTER| Protect your privacy - MRU-Blaster can detect and clean over 30,000 MRU lists and other stores of hidden information on your computer!

    HGD
Closed Thread
Page 1 of 2 1 2 LastLast
« How to remove trojan Lzio? | Browser hijack? (Resolved) »