about blank

[AndyManchesta]

Hi there one of the problems here is NOADWARE

Heres abit about them :

NoAdware was listed on the rogue antispy page because of
concerns with false positives and the use of aggressive,
deceptive advertising including exploitation of the
name "ad-aware"

Earlier versions of NoAdware are also the same underlying
application as Adware Hitman, Consumer Identity, Protect
Your Identity, SpyBan, SpywareAssassin, Spyware C.O.P.,
SpywareKilla, The Adware Hunter, & TheSpywareKiller.


Patrick Kolla, developer of Spybot Search & Destroy,
wrote about the misleading use of the term "spybot" in
Google ads . it was also in his Big Fake Warning earlier
this year.

NoAdware, is using the terms "spybot" and "search &
destroy" which are showing up in the Google search
results for spybot.


Search & Destroy For Free
Remove spyware, adware & popups.
This software will fix your pc. aff
www.NoAdware.net


Spybots - Free Download
2004 Highest-Rated Spyware Remover.
Search & Destroy Spyware -Free! aff
www.NoAdware.net

If you search for "spybot spyware", this also turns up:


Free Spy-Bot Scan
Delete Spyware and Viruses fast!
Free download, 3 million users -aff
NoAdware.net

Interestingly, four of the eight sponsored links on that
page are for NoAdware. Evidently they have been place by
different ClickBank affiliates. The links go to these
URLs:
http://x.cb.kount.com/pop/1095657751/wintech2.noadware/1/1
/2/8075258/?
http://x.cb.kount.com/pop/1095657814/boost4.noadware/1/1/2
/5585928/?
http://x.cb.kount.com/pop/1095657877/jaskemr.noadware/1/1/
2/6189627/?
http://x.cb.kount.com/pop/1095657902/db294.noadware/1/1/2/
5647918/?

These are on the rogues list (supposed spyware removers
that actually install spyware or are rip off's of the
real spyware removers).

The list all owned by the same company :

NoAdware from Noadware.net
Spyban by Bundelware
spywarekilla.com SPYWARE KILLA
ScanSpyware.com SCANSPYWARE


You will notice that when you view ScanSpyware's version
properties ABSoft is listed. They are also looking for a
programmer to create a definitions database. I beleive
that ABSoft is the real owners of scanpyware.net
Here is what they posted for bids:

"Our company needs a database containing definitions of
spyware and adwares. This database needs to contain
enough information using which we can compete the top
quality softwares in the market like Ad-Aware, Spy
Hunter, Spy Sweeper, Spyware Search & Destroy etc."

Doesnt fill you will confidence does it ?

Anyway on to the about blank trojan your first steps
should be to run ad-aware se and spybot s&d and if that
doesnt clear it then carry on with these tips

SPYBOT S&D

http://ejrs.com/spybot/spybot.exe

Adaware SE

http://www.download.com/3000-2144-10045910.html?
part=69274&subj=dlpage&tag=button

Run these 2 first then if you are still having problems
download hijack this

Hijack this

http://www.spywareinfo.com/~merijn/files/hijackthis.zip

You can post the log results back if you want to but
generally you are looking at the R0 / R1 + 04 entries
for any reference to

about:blank
se.dll
res://

If its the res:// variant use AboutBuster


R1 -HKCU\Software\Microsoft\InternetExplorer\Main,
SearchBar=res://C:\WINDOWS\system32
\xaiyh.dll/sp.html#29126

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page = res://C:\WINDOWS\system32
\xaiyh.dll/sp.html#29126

R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
res://C:\WINDOWS\system32\xaiyh.dll/sp.html#29126

R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar = res://C:\WINDOWS\system32
\xaiyh.dll/sp.html#29126

R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page = res://C:\WINDOWS\system32
\xaiyh.dll/sp.html#29126

R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
res://C:\WINDOWS\system32\xaiyh.dll/sp.html#29126

The dll file shown in these lines (in this case its
called xaiyh.dll) is the second problematic file in the
about:blank hijack.

The key to the hijack is a hidden dll file that is
connected to a BHO (Browser Hijack Object). This hidden
dll file shows up in the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Windows\\AppInit_DLLs

Unfortunately removing this About:Blank hijacker can be
difficult. Its a very persistent problem that can return
quickly if it is not removed carefully.


Open My Computer and choose Tools, then click on Folder
Options, click on the View tab and under Advanced
Setting, choose Show Hidden Files and Folders, then click
on OK and close My Computer. In Windows XP/2000, you may
also want to uncheck the options for "Hide extensions for
known file types" and "hide protected operating system
files". This will allow you to easily find the dll files
to delete them.


Try using the aboutbuster

http://www.downloads.subratam.org/AboutBuster.zip


if not then try either of these:


1st method :


Download Ccleaner :

http://www.filehippo.com/download/ncAOCJr-
Om3Lq35Rh3QQoQ2/download.html


Next :

Copy the following reg info to Notepad.
Name the file Appinit.bat
Save as type All Files
Save on the Desktop.




Reg save "HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Windows" windows1.hiv
ren windows1.hiv windows.txt





Double click on Appinit.bat
This will create a file on the desktop named windows.txt

Copy and paste that txt here if you want to . It will
look weird to you something like this :

regf




Pugf hbin  ¨ÿÿÿnk, ÚÜ»ùÄ
ÿÿÿÿ
ÿÿÿÿÿÿÿÿ ð x ÿÿÿÿ 0 : T Z  Windows ÿÿÿsk x x
Ô

?¸ È   ¤    
  !  ?
  !  ? 
   

    ? 

  

  


  


Øÿÿÿvk :


fùAppInit_DLLsÖæGÀÿÿÿC : \ W I N D O W S
\ S y s t e m 3 2 \ c t l d . d l l  h
Ðÿÿÿvk  


ÀUDeviceNotSelectedTimeoutðÿÿÿ1 5  Pâ ðÿÿÿ9 0  Ð
Ðÿÿÿvk  ?' 
zGDIProcessHandleQuota"þàÿÿÿvk  x


°ºSpooler2ðÿÿÿy e s
Ñ_å h
Ø
( X  àÿÿÿvk  ?

5swapdiskÐÿÿÿvk  


. TransmissionRetryTimeoutàÿÿÿh
Ø
( X  À 
Ðÿÿÿvk  ?' 
2 USERProcessHandleQuotaS À


In this example above you can clearly see the filename
(This is from a machine with the about blank trojan) in
this case the trojan filename was :

\ W I N D O W S \ S y s t e m 3 2 \ c t l d . d l l

so whats needed now is to kill that file (plus the file
in the hijack log under R0 or R1 and will typically be in
the windows system folder then fix all the about blank
entries in hijack and these 2 file names if found)the
best way to kill the above files is by using killbox
there's probably a temp file involved aswell and this is
where hijack this comes in handy,Download and save hijack
this to either the c drive or desktop and then open it .
choose to do a system scan and save the logfile.You will
notice the R0 + R1 entries will say about:blank at the
end but ignore these for now you need to look for a file
similar to this :

O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\User\LOCALS~1
\Temp\se.dll,DllInstall

If you have problems with this post your hijack log back
together with the Appinit.bat log.If you do find it carry
on with this :


Killbox

http://www.atribune.org/downloads/KillBox.exe


Once you know the filenames involved you can copy them
and paste them into killbox for deleting.with the files
shown above to delete them i would do the following

Copy these 2 lines:


C:\DOCUME~1\User\LOCALS~1\Temp\se.dll
C:\WINDOWS\System32\ctld.dll


Now run killbox and click file and from the dropdown list
choose paste from clipboard
This should enter both filenames into killbox

Next check the Delete on Reboot checkbox and the Use
Dummy checkbox directly below it.

Make sure all other windows are closed and any projects
you are working are saved, Then click the red circle with
the white x.

Reboot.

Run Ccleaner and run hijack this to make sure all the
entries are gone


2nd method:


Network Security, Workstation Netlogon Services & Remote
Procedure Call (RPC) Helper (Windows XP, 2K, NT);

You need to check to see if any of the following three
Windows services are running:

Network Security Service

Workstation Netlogon Service

Remote Procedure Call (RPC) Helper

To do this, click Start, Run, and enter the following in
the Open box:

"services.msc" (without the quotes)

Then click OK. Now, in the Services window that pops up
look for exactly the following service names (no others)

"Network Security Service" or
"Workstation Netlogon Service" or
"Remote Procedure Call (RPC) Helper"

(NOTE: DO NOT DISABLE: Remote Procedure Call (RPC) or
Remote Procedure Call (RPC) Locator. They are both
required services and are unrelated to the hijacker.)

You could have more than one of the 3 mentioned bad
services, so look for all of them. If you find these
services, you must right click on it to bring up the
service Properties window and do the following :

Step 1: Stop the service by click the Stop button.

Step 2: Now, disable it by changing the Startup type to
Disabled and click Apply


If you do not find these exact services, do not worry and
just skip this step. DO NOT DISABLE ANYTHING UNLESS THE
EXACT WORDING OF THE SERVICE NAMES IS MATCHED.


Run Fix agent :

Program to remove Trojans ( Troj_Agent.J &
Troj_Agent.ACx )

Fix Agent

http://www.greyknight17.com/spy/FixAgent.zip


Fix Agent utility can mess with your permissions so we
have to reset those if it finds anything.

Download FixAgent and unzip it. Run FixAgent.exe. If
something is found, also
download home_missing_114

http://www.greyknight17.com/spy/home_missing_114.zip

and unzip it. Run the Home winkey missing batch file.


Remember: ONLY run home_missing_114 if FixAgent found
something.


Run Hijack this and put a tick next to all the about
blank entries and any showing as se.dll, close all open
windows except hijack this and then choose fix checked

double check your system for any file names found by fix
agent or hijack this (you may need to enable hidden files
and folders- Start Windows Explorer and click on your
main hard drive, usually c:\. Then select Tools from the
top of Windows Explorer and then Folder Options. Go to
the View tab. Scroll down to the folder icon that says
Hidden files and folders and check show hidden files and
folders. Also, right below it, uncheck the hide file
extensions for known types. Not doing this could allow
file extensions commonly used by trojans and spyware to
be hidden, for example a file ending in .exe or dll
making manually finding it very difficult.

Then run Ccleaner to remove any temp or unused files and
reboot.

If you can fix this using the aboutbuter that would save
you loads of time but if you need any help let me know

Another advisable tool if you have been hijacked is
deldomains to reset your security and trusted zones,its
very quick to use just save it to your desktop , right
click it and choose install ,all you will notice is your
desktop icons flash then its reset the settings

http://www.mvps.org/winhelp2002/DelDomains.inf


And

Hoster V1.4

http://xsorbit26.com/users5/andymanchesta/index.php?
action=dlattach;topic=2654.0;id=285

You can do this manually without downloading the above
file by opening the host file with notepad and checking
the entries but the hoster program is another great free
tool

Run the hoster(or open the host file) and you will see
examples and a 127.0.0.1 localhost entry if theres
anything below this localhost line and you havent added
it then delete it, delete all except the local host line
or if using the hoster file just choose "Restore Original
Hosts" to reset them to the microsoft default

Hope this helps you

Good Luck

Andy

 

[AndyManc]

Another tool that might be usefull is if this is showing
up in hijackthis as se.dll or about:blank in the R0 & R1
entries is 'SpSeHjfix'


Boot into safe mode

Disconnect from the net and Close ALL OPEN PROGRAMS.
Run 'SpSeHjfix'. and click on "Start Disinfection".
When it's finished it will reboot your machine to finish
the cleaning process.
The tool creates a log of the fix which will appear in
the folder.

Now run the Shredder - Hit The FIX button!

Reboot and repeat the process above.

Theres 2 versions the second is better for Windows ME but
maybe worth trying both anyway .

Check using hijack this for anything remaining after
running the tools :

SpSeHjfix
Version 1.12

http://xsorbit26.com/users5/andymanchesta/index.php?
action=dlattach;topic=3236.0;id=288


SpSeHjfix
Version 1.09

http://xsorbit26.com/users5/andymanchesta/index.php?
action=dlattach;topic=3236.0;id=289



Regards Andy

 

[AndyManc \(Again:\)]

If you have any problems with the appinit.bat showing the
hidden file then download this hiving.bat that will
create the windows.txt in the same way


Download to desktop and run check the log file for the
hidden .dll about:blank file


http://xsorbit26.com/users5/andymanchesta/index.php?
action=dlattach;topic=3238.0;id=291


All the best

 

[Martin]

Andy

Do you suggest that I should delete any NoAdware programs
on my PC as a start point ?
Thanks
Martin

-----Original Message-----

Hi there one of the problems here is NOADWARE

Heres abit about them :

NoAdware was listed on the rogue antispy page because of
concerns with false positives and the use of aggressive,
deceptive advertising including exploitation of the
name "ad-aware"

Earlier versions of NoAdware are also the same underlying
application as Adware Hitman, Consumer Identity, Protect
Your Identity, SpyBan, SpywareAssassin, Spyware C.O.P.,
SpywareKilla, The Adware Hunter, & TheSpywareKiller.


Patrick Kolla, developer of Spybot Search & Destroy,
wrote about the misleading use of the term "spybot" in
Google ads . it was also in his Big Fake Warning earlier
this year.

NoAdware, is using the terms "spybot" and "search &
destroy" which are showing up in the Google search
results for spybot.


Search & Destroy For Free
Remove spyware, adware & popups.
This software will fix your pc. aff
www.NoAdware.net


Spybots - Free Download
2004 Highest-Rated Spyware Remover.
Search & Destroy Spyware -Free! aff
www.NoAdware.net

If you search for "spybot spyware", this also turns up:


Free Spy-Bot Scan
Delete Spyware and Viruses fast!
Free download, 3 million users -aff
NoAdware.net

Interestingly, four of the eight sponsored links on that
page are for NoAdware. Evidently they have been place by
different ClickBank affiliates. The links go to these
URLs:
http://x.cb.kount.com/pop/1095657751/wintech2.noadware/1/ 1
2
/
/
5647918/?

These are on the rogues list (supposed spyware removers
that actually install spyware or are rip off's of the
real spyware removers).

The list all owned by the same company :

NoAdware from Noadware.net
Spyban by Bundelware
spywarekilla.com SPYWARE KILLA
ScanSpyware.com SCANSPYWARE


You will notice that when you view ScanSpyware's version
properties ABSoft is listed. They are also looking for

a

programmer to create a definitions database. I beleive
that ABSoft is the real owners of scanpyware.net
Here is what they posted for bids:

"Our company needs a database containing definitions of
spyware and adwares. This database needs to contain
enough information using which we can compete the top
quality softwares in the market like Ad-Aware, Spy
Hunter, Spy Sweeper, Spyware Search & Destroy etc."

Doesnt fill you will confidence does it ?

Anyway on to the about blank trojan your first steps
should be to run ad-aware se and spybot s&d and if that
doesnt clear it then carry on with these tips

SPYBOT S&D

http://ejrs.com/spybot/spybot.exe

Adaware SE

http://www.download.com/3000-2144-10045910.html?
part=69274&subj=dlpage&tag=button

Run these 2 first then if you are still having problems
download hijack this

Hijack this

http://www.spywareinfo.com/~merijn/files/hijackthis.zip

You can post the log results back if you want to but
generally you are looking at the R0 / R1 + 04 entries
for any reference to

about:blank
se.dll
res://

If its the res:// variant use AboutBuster


R1 -HKCU\Software\Microsoft\InternetExplorer\Main,
SearchBar=res://C:\WINDOWS\system32
\xaiyh.dll/sp.html#29126

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page = res://C:\WINDOWS\system32
\xaiyh.dll/sp.html#29126

R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
res://C:\WINDOWS\system32\xaiyh.dll/sp.html#29126

R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar = res://C:\WINDOWS\system32
\xaiyh.dll/sp.html#29126

R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page = res://C:\WINDOWS\system32
\xaiyh.dll/sp.html#29126

R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
res://C:\WINDOWS\system32\xaiyh.dll/sp.html#29126

The dll file shown in these lines (in this case its
called xaiyh.dll) is the second problematic file in the
about:blank hijack.

The key to the hijack is a hidden dll file that is
connected to a BHO (Browser Hijack Object). This hidden
dll file shows up in the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Windows\\AppInit_DLLs

Unfortunately removing this About:Blank hijacker can be
difficult. Its a very persistent problem that can return
quickly if it is not removed carefully.


Open My Computer and choose Tools, then click on Folder
Options, click on the View tab and under Advanced
Setting, choose Show Hidden Files and Folders, then click
on OK and close My Computer. In Windows XP/2000, you may
also want to uncheck the options for "Hide extensions for
known file types" and "hide protected operating system
files". This will allow you to easily find the dll files
to delete them.


Try using the aboutbuster

http://www.downloads.subratam.org/AboutBuster.zip


if not then try either of these:


1st method :


Download Ccleaner :

http://www.filehippo.com/download/ncAOCJr-
Om3Lq35Rh3QQoQ2/download.html


Next :

Copy the following reg info to Notepad.
Name the file Appinit.bat
Save as type All Files
Save on the Desktop.




Reg save "HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Windows" windows1.hiv
ren windows1.hiv windows.txt





Double click on Appinit.bat
This will create a file on the desktop named windows.txt

Copy and paste that txt here if you want to . It will
look weird to you something like this :

regf




Pugf hbin  ¨ÿÿÿnk, ÚÜ»ùÄ
ÿÿÿÿ
ÿÿÿÿÿÿÿÿ ð x ÿÿÿÿ 0 : T Z  Windows ÿÿÿsk x x
Ô

?¸ È   ¤    
  !  ?
  !  ? 
   

    ? 

  

  


  


Øÿÿÿvk :


fùAppInit_DLLsÖæGÀÿÿÿC : \ W I N D O W

S

\ S y s t e m 3 2 \ c t l d . d l l  h
Ðÿÿÿvk  

ÀUDeviceNotSelectedTimeoutðÿÿÿ1 5  Pâ ðÿÿÿ9 0  Ð
Ðÿÿÿvk  ?' 
zGDIProcessHandleQuota"þàÿÿÿvk  x


°ºSpooler2ðÿÿÿy e s
Ñ_å h
Ø
( X  àÿÿÿvk  ?

5swapdiskÐÿÿÿvk  


. TransmissionRetryTimeoutàÿÿÿh
Ø
( X  À 
Ðÿÿÿvk  ?' 
2 USERProcessHandleQuotaS À


In this example above you can clearly see the filename
(This is from a machine with the about blank trojan) in
this case the trojan filename was :

\ W I N D O W S \ S y s t e m 3 2 \ c t l d . d l l

so whats needed now is to kill that file (plus the file
in the hijack log under R0 or R1 and will typically be in
the windows system folder then fix all the about blank
entries in hijack and these 2 file names if found)the
best way to kill the above files is by using killbox
there's probably a temp file involved aswell and this is
where hijack this comes in handy,Download and save hijack
this to either the c drive or desktop and then open it .
choose to do a system scan and save the logfile.You will
notice the R0 + R1 entries will say about:blank at the
end but ignore these for now you need to look for a file
similar to this :

O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\User\LOCALS~1
\Temp\se.dll,DllInstall

If you have problems with this post your hijack log back
together with the Appinit.bat log.If you do find it carry
on with this :


Killbox

http://www.atribune.org/downloads/KillBox.exe


Once you know the filenames involved you can copy them
and paste them into killbox for deleting.with the files
shown above to delete them i would do the following

Copy these 2 lines:


C:\DOCUME~1\User\LOCALS~1\Temp\se.dll
C:\WINDOWS\System32\ctld.dll


Now run killbox and click file and from the dropdown list
choose paste from clipboard
This should enter both filenames into killbox

Next check the Delete on Reboot checkbox and the Use
Dummy checkbox directly below it.

Make sure all other windows are closed and any projects
you are working are saved, Then click the red circle with
the white x.

Reboot.

Run Ccleaner and run hijack this to make sure all the
entries are gone


2nd method:


Network Security, Workstation Netlogon Services & Remote
Procedure Call (RPC) Helper (Windows XP, 2K, NT);

You need to check to see if any of the following three
Windows services are running:

Network Security Service

Workstation Netlogon Service

Remote Procedure Call (RPC) Helper

To do this, click Start, Run, and enter the following in
the Open box:

"services.msc" (without the quotes)

Then click OK. Now, in the Services window that pops up
look for exactly the following service names (no others)

"Network Security Service" or
"Workstation Netlogon Service" or
"Remote Procedure Call (RPC) Helper"

(NOTE: DO NOT DISABLE: Remote Procedure Call (RPC) or
Remote Procedure Call (RPC) Locator. They are both
required services and are unrelated to the hijacker.)

You could have more than one of the 3 mentioned bad
services, so look for all of them. If you find these
services, you must right click on it to bring up the
service Properties window and do the following :

Step 1: Stop the service by click the Stop button.

Step 2: Now, disable it by changing the Startup type to
Disabled and click Apply


If you do not find these exact services, do not worry and
just skip this step. DO NOT DISABLE ANYTHING UNLESS THE
EXACT WORDING OF THE SERVICE NAMES IS MATCHED.


Run Fix agent :

Program to remove Trojans ( Troj_Agent.J &
Troj_Agent.ACx )

Fix Agent

http://www.greyknight17.com/spy/FixAgent.zip


Fix Agent utility can mess with your permissions so we
have to reset those if it finds anything.

Download FixAgent and unzip it. Run FixAgent.exe. If
something is found, also
download home_missing_114

http://www.greyknight17.com/spy/home_missing_114.zip

and unzip it. Run the Home winkey missing batch file.


Remember: ONLY run home_missing_114 if FixAgent found
something.


Run Hijack this and put a tick next to all the about
blank entries and any showing as se.dll, close all open
windows except hijack this and then choose fix checked

double check your system for any file names found by fix
agent or hijack this (you may need to enable hidden files
and folders- Start Windows Explorer and click on your
main hard drive, usually c:\. Then select Tools from the
top of Windows Explorer and then Folder Options. Go to
the View tab. Scroll down to the folder icon that says
Hidden files and folders and check show hidden files and
folders. Also, right below it, uncheck the hide file
extensions for known types. Not doing this could allow
file extensions commonly used by trojans and spyware to
be hidden, for example a file ending in .exe or dll
making manually finding it very difficult.

Then run Ccleaner to remove any temp or unused files and
reboot.

If you can fix this using the aboutbuter that would save
you loads of time but if you need any help let me know

Another advisable tool if you have been hijacked is
deldomains to reset your security and trusted zones,its
very quick to use just save it to your desktop , right
click it and choose install ,all you will notice is your
desktop icons flash then its reset the settings

http://www.mvps.org/winhelp2002/DelDomains.inf


And

Hoster V1.4

http://xsorbit26.com/users5/andymanchesta/index.php?
action=dlattach;topic=2654.0;id=285

You can do this manually without downloading the above
file by opening the host file with notepad and checking
the entries but the hoster program is another great free
tool

Run the hoster(or open the host file) and you will see
examples and a 127.0.0.1 localhost entry if theres
anything below this localhost line and you havent added
it then delete it, delete all except the local host line
or if using the hoster file just choose "Restore Original
Hosts" to reset them to the microsoft default

Hope this helps you

Good Luck

Andy
.

 

[AndyManchesta]

Hi Martin

It's really a case of whats best for you The vendor for
NoAdware has been revamping the application. NoAdware has
taken steps to reign in its affiliates and released a new
version of NoAdware (version 3.0) that may addresses the
concerns with false positves,

They have used some very crafty tactics in the past But
really its up to you it's not as bad as some of the rogue
products but its removal capabilities are not really
proven but if you've payed money for this product i'd get
other peoples opinion on this too before losing out on
the money and uninstalling it ,I'll list some alternative
programs that are free and highly recommended if you need
them

Heres some links so NoAdware reviews :


http://www.adwarereport.com/mt/archives/000023.html

http://reviews.cnet.com/5208-6132-0.html?
forumID=32&threadID=28383&messageID=321358




Alternative Protection Products

Spyware Blaster

Prevent's the installation of ActiveX-based spyware,
adware, browser hijackers, dialers, and other potentially
unwanted pests.
Block spyware/tracking cookies in Internet Explorer and
Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in
Internet Explorer.

http://downloads.net-
integration.net/spywareblastersetup33.exe


Spyware Guard

SpywareGuard provides a real-time protection solution
against spyware that is a great addition to
SpywareBlaster's protection method.

An anti-virus program scans files before you open them
and prevents execution if a virus is detected -
SpywareGuard does the same thing, but for spyware! And
you can easily have an anti-virus program running
alongside SpywareGuard.

http://www.javacoolsoftware.net/downloads/spywareguardsetu
p.exe


Spybot Search & Destroy

Use the immunize feature at least once every 2 weeks to
block known sites that spread adware/spyware & Ad's also
update and use the scanner often.

http://ejrs.com/spybot/spybot.exe


Ad-Aware SE

The Ad-Aware SE personal is free...and very effective.

http://www.download.com/3000-2144-10045910.html?
part=69274&subj=dlpage&tag=button



CCleaner (Crap Cleaner) is a freeware tool. That removes
unused and temporary files from your system - allowing
Windows to run faster and giving you more hard disk
space. The best part is that it's fast and Free.

http://download.ccleaner.com/download119bin.asp


Andy