ModeUser Toolbar Removal from IE

Hello,
I recently got the CoolWebSearch trojan but used merijn's CWShredder removal tool successfully. But I still think my system's still being hijacked somehow.

I noticed a new toolbar option under View->Toolbars that shows up called ModeUser for IE. It puts a search toolbar under the address bar. Never noticed it until recently. I'll uncheck it, but it'll come up again after a little while. I went into the Advanced options in IE, unchecked "Enable 3rd Party Browser Extsensions" option, but haven't rebooted to see if worked. My questions are: if anyone knows where this came from, and is there a way to permanently remove it from the Toolbar options?

There's a bit more.....where previously, if I typed up an incorrect web page, it would come up with the generic IE "page not found" message, now it's coming up with some search engine. There was an html file in the C:\Documents and Settings\My Name\... folder, which came up in the Address bar, but of course, now I can't find the html. It's also throwing some new folders in my Favorites for IE.

Still a bit more related items....I have a popup blocker from my Cable Modem ISP (COX Communications) called CheckIT 86, which worked great for ALL popups, up until recently. Now, some are coming thru now. Not sure why, and of course CheckIT doesn't have any options to configure the popup blocking.

I running Win2K w/ Norton AV, ZoneAlarm Pro, Ad-aware 6 (which I removed because I thought this was where the ModeUser toolbar came from, Spybot Search & Destroy, and System Mechanic.

I'll run Ad-aware and it'll find some files even after I quarantined, removed them, & rebooted my system. Running CWShredder doesn't detect anything anymore. I ran HijackThis and I'll include the log in a follow up to this original message (log too long to meet the 10K character limit.

If anybody would have any suggestions, I would greatly appreciate any help you could offer.

Please see the follow up to this msg for the HijackThis log.

Thanks,
Paul Mendes

 

HijackThis Log File

Hello again,

Here's my HijackThis log file for my system. Again, any help would be greatly appreciated.

Thanks,
Paul Mende
cintomanATcox.net
(not good idea to post your emeil in a public forum edited by Lonny)

Logfile of HijackThis v1.97.7
Scan saved at 12:25:26 PM, on 4/17/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Software\Norton Anti Virus 2002\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\ZipToA.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\atiptaxx.exe
C:\Software\NORTON~1\navapw32.exe
C:\HARDWARE\Mouse\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\PROGRA~1\NETRAT~1\NetMeter\NetMeter.exe
C:\hardware\zip drive\DriveIcons\ImgIcon.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\PROGRA~1\AMENGP~1\City Gram.exe
C:\WINNT\System32\CD_Load.exe
C:\INTERNET\AIM\aim.exe
C:\Internet\CConnect\CConnect.exe
C:\Internet\CheckIt 86\CheckIt86.exe
C:\HARDWARE\HP PSC 2110v\Digital Imaging\bin\hpotdd01.exe
C:\HARDWARE\HP PSC 2110v\Digital Imaging\bin\hpobnz08.exe
C:\Internet\Nielsen Netratings\NielsenNetratings\bin\insight.exe
C:\HARDWARE\HP PSC 2110v\Digital Imaging\bin\hpoevm08.exe
C:\HARDWARE\HP PSC 2110v\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\COMMON~1\Logitech\WebColct\WebColct.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.probetalk.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search-all.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8010
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh304181.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Software\Adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {52789D02-532D-6BED-C043-637988572B59} - C:\PROGRA~1\BLAHAN~1\transbook.dll
O2 - BHO: (no name) - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\Program Files\Yahoo!\Common\ycheckh.dll
O2 - BHO: (no name) - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Internet\CheckIt 86\CheckIt86.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Software\Norton Anti Virus 2002\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Software\Norton Anti Virus 2002\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ModeUser - {0737ED7E-8041-612C-C484-B92E4491285E} - C:\PROGRA~1\BLAHAN~1\transbook.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NAV Agent] C:\Software\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\HARDWARE\Mouse\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [QuickTime Task] "C:\graphics\quicktime 5\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NetMeter] C:\PROGRA~1\NETRAT~1\NetMeter\NetMeter.exe
O4 - HKLM\..\Run: [Iomega Startup Options] c:\hardware\zip drive\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] c:\hardware\zip drive\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Deskup] c:\hardware\zip drive\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [BaseThird] C:\PROGRA~1\AMENGP~1\City Gram.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe "
O4 - HKCU\..\Run: [Cydoor] CD_Load.exe
O4 - HKCU\..\Run: [AIM] C:\INTERNET\AIM\aim.exe -cnetwait.odl
O4 - Startup: Nielsen NetRatings.lnk = C:\Internet\Nielsen Netratings\NielsenNetratings\bin\insight.exe
O4 - Global Startup: CorrectConnect.lnk = C:\Internet\CConnect\CConnect.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Internet\ZoneAlarm\zapro.exe
O4 - Global Startup: CheckIt 86.lnk = C:\Internet\CheckIt 86\CheckIt86.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\HARDWARE\HP PSC 2110v\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\HARDWARE\HP PSC 2110v\Digital Imaging\bin\hpobnz08.exe
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\INTERNET\CHECKI~1\AddToTrustList.js
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh304181.dll/201
O9 - Extra 'Tools' menuitem: CheckIt &86 (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: @Home (HKCU)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nmtracer.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nmtracer.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nmtracer.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=www.viewpoint.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1410/ftp.coupons.com/v7/brix6ie.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt503/us/win/QuickTimeInstaller.exe
O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1433/ftp.coupons.com/v3121/cpbrkpie.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38006.5858796296
O16 - DPF: {C6B086D2-146B-47A4-A218-B82DCAF2D872} (cpbrxpie Control) - http://a19.g.akamai.net/7/19/7125/1433/ftp.coupons.com/r3120/cpbrxpie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab

 

You still got problems. Moving this to security section.

Did you update ad-aware and spybot just before you ran them?

Ad-aware should be build 6.181 and the reference file should be 01R291 14.04.2004. The last spybot ref file update was March 5.

 

First Please wait and see what the other forum members think

Go back into IE option's and "Enable 3rd Party Browser Extsensions" then restart IE

Download LSPfix but dont use untill further down, Link below.

It might help to print this out

Start Hijackthis and place a check next to these items
Close all browser windows and shut down all other programs(even Folders)
that show in the taskbar. Then Hit fix selected
[items in blue are recommended or optional]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about :blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =http://prosearching.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page http://prosearching.com/searchbar.html
>> is this yours if not fix it>>R0 - HKCU
\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.probetalk.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about :blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about :blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search-all.net/ R0 - HKCU\S...]http://www.snapfish.com/SnapfishUploader.cab
====

Check in addremove programs for >netratings, Nielson/Netratings
if there uninstall them.
also uninstall Kontiki (optional)
====
Go here and download the LSP tool
http://www.cexx.org/lspfix.htm
read the documentation, close the internet connection and close any programs that show in the taskbar,, start the tool, check the box that says you know what you are doing, fix all instances (and only those) of "nmtracer.dll" (ie, move it/them to the remove window, click finish)

restart your computer, and delete that c:\windows\system\nmtracer.dll file

find and delete (ONLY THESE EXACT) files and folder's.If still there.
Be very carefull, You might have to have windows show hidden file's and folder's in order to see them.
How to Show hidden files and folders.

C:\PROGRA~1\ AMENGP~1
C:\PROGRA~1\ BLAHAN~1
C:\PROGRAM FILES\ NETRATINGS
C:\ Internet

Do a file search for "CD_Load.exe" and delete it if found anywhere
You might have to set search up to find hidden files and folders to.

Let us know if any of those would not delete

Finaly come back then scan-with and post a new hijackthis log

 

Updated HijackThis log

Hello again,
Ran thru everything Lonny Jones mentioned in his post, and also got the updated Ad-aware 6 and Spybot programs Newt suggested. My new HijackThis log is at the bottom, however, I wanted to mention a few things I DIDN'T delete/fix in the original HijackThis log that Lonny suggested fixing (with my explanation in parentheses):

O4 - HKLM\..\Run: [NetMeter] C:\PROGRA~1\NETRAT~1\NetMeter\NetMeter.exe
(I'm on the Nielson NetRatings panel, so this is their program I installed on my system as a panel member)

O4 - Startup: Nielsen NetRatings.lnk = C:\Internet\Nielsen
(Same reason as above)

I also DIDN'T add/remove programs for netratings, Nielson/Netratings.

In add/remove programs, there was no Kontiki program to remove.

I was also unable to delete the c:\windows\system\nmtracer.dll file (getting: in use by Windows)

I DIDN'T delete the following directories:

C:\PROGRAM FILES\ NETRATINGS (reason already mentioned up top)
C:\ Internet (here's where I keep certain internet-related programs)

Here's my new HijackThis log:

Thank you SO MUCH for your continued assistance
Paul


Logfile of HijackThis v1.97.7
Scan saved at 1:06:39 AM, on 4/19/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Software\Norton Anti Virus 2002\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\ZipToA.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\atiptaxx.exe
C:\Software\NORTON~1\navapw32.exe
C:\HARDWARE\Mouse\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\PROGRA~1\NETRAT~1\NetMeter\NetMeter.exe
C:\hardware\zip drive\DriveIcons\ImgIcon.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\INTERNET\AIM\aim.exe
C:\Internet\CConnect\CConnect.exe
C:\Internet\ZoneAlarm\zapro.exe
C:\Internet\CheckIt 86\CheckIt86.exe
C:\HARDWARE\HP PSC 2110v\Digital Imaging\bin\hpotdd01.exe
C:\HARDWARE\HP PSC 2110v\Digital Imaging\bin\hpobnz08.exe
C:\Internet\Nielsen Netratings\NielsenNetratings\bin\insight.exe
C:\HARDWARE\HP PSC 2110v\Digital Imaging\bin\hpoevm08.exe
C:\HARDWARE\HP PSC 2110v\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\notepad.exe
C:\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.probetalk.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8010
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Software\Adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\Program Files\Yahoo!\Common\ycheckh.dll
O2 - BHO: (no name) - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Internet\CheckIt 86\CheckIt86.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Software\Norton Anti Virus 2002\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Software\Norton Anti Virus 2002\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NAV Agent] C:\Software\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\HARDWARE\Mouse\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [QuickTime Task] "C:\graphics\quicktime 5\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NetMeter] C:\PROGRA~1\NETRAT~1\NetMeter\NetMeter.exe
O4 - HKLM\..\Run: [Iomega Startup Options] c:\hardware\zip drive\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] c:\hardware\zip drive\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Deskup] c:\hardware\zip drive\DriveIcons\deskup.exe /IMGSTART
O4 - HKCU\..\Run: [AIM] C:\INTERNET\AIM\aim.exe -cnetwait.odl
O4 - Startup: Nielsen NetRatings.lnk = C:\Internet\Nielsen Netratings\NielsenNetratings\bin\insight.exe
O4 - Global Startup: CorrectConnect.lnk = C:\Internet\CConnect\CConnect.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Internet\ZoneAlarm\zapro.exe
O4 - Global Startup: CheckIt 86.lnk = C:\Internet\CheckIt 86\CheckIt86.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\HARDWARE\HP PSC 2110v\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\HARDWARE\HP PSC 2110v\Digital Imaging\bin\hpobnz08.exe
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\INTERNET\CHECKI~1\AddToTrustList.js
O9 - Extra 'Tools' menuitem: CheckIt &86 (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nmtracer.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nmtracer.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nmtracer.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=www.viewpoint.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1410/ftp.coupons.com/v7/brix6ie.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt503/us/win/QuickTimeInstaller.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1433/ftp.coupons.com/v3121/cpbrkpie.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38006.5858796296
O16 - DPF: {C6B086D2-146B-47A4-A218-B82DCAF2D872} (cpbrxpie Control) - http://a19.g.akamai.net/7/19/7125/1433/ftp.coupons.com/r3120/cpbrxpie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab

 

Its unfortunate you must keep a known adaware component
I hope removing the other items has helped with any problems you were having.


More information on NetMeter.exe

I suppose you could fix that one and leave this item and still use there program,
insight.exe

The nmtracer.dll is part of the first, probaly the second one also,
I would suggest leaving it.
BUT
If It were me I would fix the first one then use lspfix to remove the nmtracer.dll, if then the program didnt funtion correctly a reinstall would put it back.

 

Lonnie - since cintoman knew the software was there and agreed that it should send info, I can't see that as being spyware in his case. Not sure about others but

I think the pestpatrol folks may have goofed classifying this one.

 

True if you throughly understand and agree to there ULA
its not a problem,
Some programs contain adware/spyware if we accept that for the use of the program, its how they are able to provide the software for free, and make improvement's.

Regards

 

Thank You

Lonny and Newt,

I can't thank you both enough for all of your assisstance. System's running SO much better, and I appreciate all your help. I guess signing up for the Nielson Netratings does have some negatives, but it's not as bad as all the other junk both of you have helped me remove.

Thank you again
Paul