republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » Spybot bringing up a lot of popups
Search Topic:
Uniqs:
2715		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Please review this hijack log.. »
« Found New Security Flaw in Cingular VM  
page: 1 · 2
AuthorAll Replies

bladerider

join:2005-10-22
netherlands

Spybot bringing up a lot of popups

My Spybot is producing a lot of popups about denying a change in the registry.

This is what my HJT log looks like. Any tips would be useful.

Logfile of HijackThis v1.99.1
Scan saved at 17:43:14, on 22-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\System32\HPHipm11.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Visualware Security Suite\tscore.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCM2.exe
C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
E:\downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = »windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files\Visual IP Trace\VisualIPTraceIE.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [mssSort] C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Visualware Security Suite] "C:\Program Files\Visualware Security Suite\tscore.exe" -autostartup
O4 - HKLM\..\Run: [Mobile Phone Suite] C:\Program Files\Logitech\Mobile Phone Suite\MobilePhoneSuite.exe -nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NoAdware] "C:\Program Files\NoAdware\NoAdware.exe" /s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] e:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_3
O4 - Global Startup: ABN AMRO TTS-RAS EMEA VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cordless DUALphone opstarten.lnk = C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - »go.microsoft.com/fwlink/?linkid=···id=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - »v5.windowsupdate.microsoft.com/v···43457863
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - »www.drivershq.com/cab/prod/Drive···mber.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - »activex.webcam.nl/AxisCamControl.cab
O18 - Protocol: bw+0 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3A986294-DE8E-4998-BF01-A5090985CA70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O20 - Winlogon Notify: LBTServ - C:\Program Files\Common Files\Logitech\Bluetooth\lbtserv.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
to forum · permalink · · 2005-10-22 11:44:51 · Reply to this


Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire

 What message and when does Spybot, on startup while browsing etc, notify on reg change

could you check this with one of the online av or multi ones
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
»Security »What are some web based virus scanners and encyclopedias?

Cudni
--
....nothing but a well informed optimist
Help yourself so God can help you
to forum · permalink · · 2005-10-22 16:11:12 · Reply to this

bladerider

join:2005-10-22
netherlands

 I have run an online virusscanner and it has come up with no result.
th file c:\windows\vsnpstd3.exe has been checked by virustotal (www.virustotal.com) and has shown clean from virusus. or at least not identified as such.
Sypot goes nuts after startup.
to forum · permalink · · 2005-10-22 20:40:11 · Reply to this


NyQuil Kid
8f The Nyquil Kid

join:2001-01-06
Brick, NJ
·Comcast
·Verizon Online DSL

 This page shows that file as unidentified malware:

»64.233.161.104/search?q=cache:B5···xe&hl=en

[8F] The NyQuil Kid
to forum · permalink · · 2005-10-22 21:26:53 · Reply to this


CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
said by NyQuil Kid See Profile :

This page shows that file as unidentified malware:

»64.233.161.104/search?q=cache:B5···xe&hl=en

[8F] The NyQuil Kid
Google is NOT always your friend. I would not trust that data coming from a website/program that is on the "Hall of Shame" list:
Rogue/Suspect Anti-Spyware Products & Web Sites
»www.spywarewarrior.com/rogue_ant···ware.htm
RegFreeze actualresearch.com false positives work as goad to purchase (1); dubious corp associations (1) [A: 8-8-04 / U: 2-13-05]

If Virus Total says it's clean, I would be more inclined to lean towards that as more reliable since it uses reputable AV programs
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals)
to forum · permalink · · 2005-10-23 07:52:43 · Reply to this


CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL

1 edit		reply to bladerider
bladerider, can you rightclick on the file that is unknown:
C:\WINDOWS\vsnpstd3.exe
Choose "Properties" from the dropdown menu and look at the tabs at the top for additional information on the file. Does it belong to Sonix?
»www.exedb.com/vsnpstd3.html
vsnpstd3.exe vsnpstd3 Process Information
File Name: vsnpstd3.exe
Process Name: Camera Monitor Application
Description: vsnpstd3.exe PC Camera Monitor MFC Application. This program is not important for your system process, but should not be terminated unless suspected to be causing problems.
Author: Sonix
Part of: Camera Monitor Application
Virus: No
Trojan: No
Spyware: No
Security Risk: 0
................
Can you post the Spybot logs or more info about the registry changes Spybot is alerting you about? It might be something quite legit and only the detailed information regarding what is trying to change and change to what will help determine if it is a problem or not.
--
It takes a disaster to make a woman out of a female

Microsoft MVP/Windows Security 2003-2006


Proud Member of ASAP (Alliance of Security Analysis Professionals)
to forum · permalink · · 2005-10-23 08:39:33 · Reply to this

bladerider

join:2005-10-22
netherlands

 Calamity Jane, first of all thanks for your help

The properties of the file do not show a lot of information other than the original name of the file: Fileversion: 1.0.1.2,Internal Name:CameraMonitor,Original File:CameraMonitor.exe,ProductName: CameraMonitor Application,Language: English.

For better readability I will post a part of the resident log . The same line appears over and over again :

23-10-2005 15:17:43 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:43 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:44 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:44 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:45 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:46 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:47 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:47 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:48 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:48 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:49 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:49 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:50 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:50 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:51 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:51 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:52 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:52 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:53 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:54 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:55 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:55 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:56 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:56 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:57 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:57 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:58 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:58 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:59 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:59 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:18:01 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:18:01 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:18:02 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:18:02 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:18:03 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:18:03 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:18:04 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:18:04 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
to forum · permalink · · 2005-10-23 09:33:30 · Reply to this


CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
said by bladerider See Profile :

The properties of the file do not show a lot of information other than the original name of the file: Fileversion: 1.0.1.2,Internal Name:CameraMonitor,Original File:CameraMonitor.exe,ProductName: CameraMonitor Application,Language: English.
Ok, that is the Camera Monitor mentioned in my previous post. So not a problem file.

quote:
For better readability I will post a part of the resident log . The same line appears over and over again :

23-10-2005 15:17:43 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
That CSLID (the number that appears in brackets) belongs to the Adobe Toolbar which is legitimate. Were you trying to delete the toolbar or doing something with Adobe?
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals)
to forum · permalink · · 2005-10-23 10:09:10 · Reply to this

bladerider

join:2005-10-22
netherlands		 Adobe is installed on my system,but I do not recall that I was trying to change anything in it. If I would reinstall the program, would that solve this issue?
to forum · permalink · · 2005-10-23 11:48:14 · Reply to this


CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL

 Let me see if I can find a TeamSpybot or other SB expert, perhaps we can get a better explanation of what that message is telling you. It looks like it is changing the data, but I'm not sure what is causing it or why.
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals)
to forum · permalink · · 2005-10-23 12:15:27 · Reply to this


Rusty Dusty

join:2002-11-23
Littleton, NH		reply to bladerider
Just wondering... Is Adobe updater turned on, or
is it in 'Manual' mode?
to forum · permalink · · 2005-10-23 14:45:25 · Reply to this

bladerider

join:2005-10-22
netherlands		 Rusty,

the updates is set on automatic
to forum · permalink · · 2005-10-23 16:41:04 · Reply to this


CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL

reply to bladerider
It appears to me and at least one other TeamSpybot member that something is trying to delete the Adobe toolbar - and I know of NO malware that does this (nor is any malware showing in your log). Have you recently run any spyware or other scans that "found" something new to delete?

Have you recently done an Adobe update? (Although I just did one and didn't get any popups from Spybot here)

My one thought is to let it proceed and see what happens. Post a new HijackThis log afterwards and I'll see what it looks like compared to before.

Can you recall what you were doing (or had just done) when the popups began to appear?

--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals)
to forum · permalink · · 2005-10-23 18:07:40 · Reply to this


Bubba
GIT-R-DONE
Premium,MVM
join:2002-08-19
Around, Us
·Comcast

reply to bladerider
Hey Jane\bladerider,

That ITBarLayout can also be caused by an initial inappropriate response by the user when the Adobe toolbar was initially added. With Spybots malfunctioning alert box....the Allow\Block buttons are not displayed properly. If the user put a check in the box and then hit the return key it then becomes and always Blocked item.

I would suggest they right click the TeaTimer systray icon and then select settings. Then select Block registry changes. Is there an entry dealing with ITBarLayout similar to the above pic ?
to forum · permalink · · 2005-10-23 22:17:59 · Reply to this


Rusty Dusty

join:2002-11-23
Littleton, NH

reply to bladerider
Well, I do not want to interfere with CJ's process,
but I'd try changing the updates to manual, reboot
and see if you still have the problem! Adobe update may be trying to change something in the browser helper....
--
SRS 4000 CE, 4.2.1.10, G4R, 1250, W2K@all updates, IE6@all updates, ICS, 5 Clients (one wireless, one Linux) RSL 83.
to forum · permalink · · 2005-10-23 22:29:42 · Reply to this

bladerider

join:2005-10-22
netherlands		reply to bladerider
Since I will be out of the house today I will post an update tonight. I will set the Adobe update to manual, perform an manual update of the software, reboot and see if the popups stop. I will also post a new HJT log.
to forum · permalink · · 2005-10-24 04:47:03 · Reply to this


CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL		 Thanks, Bubba!

bladerider, try his suggestion, to see if that may be the cause
to forum · permalink · · 2005-10-24 11:44:37 · Reply to this

bladerider

join:2005-10-22
netherlands		 CJ and Bubba,

I have checked the Teatime and there is an entry in there for the ITBarLayout.
Should I allow this entry?
to forum · permalink · · 2005-10-24 14:33:53 · Reply to this


Bubba
GIT-R-DONE
Premium,MVM
join:2002-08-19
Around, Us
·Comcast
said by bladerider See Profile :

CJ and Bubba,

I have checked the Teatime and there is an entry in there for the ITBarLayout.
Should I allow this entry?
Sort of....what we need to do is reset the snapshot of the registry that TeaTimer has already taken which should then dispense with this particular pop-up.

You need to right click TeaTimer's icon that's in the systray and select Exit Spybot-S&D Resident. This will close TeaTimer down and at the same time it refreshes it's snapshot of the registry.

You then need to re-start TeaTimer by opening Windows Explorer. Go to C:\Program Files\Spybot - Search & Destroy. Then double-click on the TeaTimer.exe file in order to re-start TT.
to forum · permalink · · 2005-10-24 15:22:04 · Reply to this

bladerider

join:2005-10-22
netherlands

reply to bladerider
Bubba,

I cannot select any settings as the menu keeps disappearing.I can quit TeaTimer by clicking on it really fast and then the popups disappear. When starting TeaTimer they just reappear and I cannot select anything from the TeaTimer menu.
to forum · permalink · · 2005-10-24 16:38:43 · Reply to this
Forums » Up and Running » Security » SecurityPlease review this hijack log.. »
« Found New Security Flaw in Cingular VM  
page: 1 · 2

Tuesday, 10-Nov 04:24:41 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [83] VoIP Over 3G Still Not Working For iPhone
· [81] Verizon Keeps Swinging At AT&T
· [33] Bill Would Force ISPs To Block Financial Scams
· [24] Mediacom Hints At 50, 100 Mbps Speeds
· [14] Clearwire To Get Another $1.5 Billion
· [11] Monday Morning Links
· [9] 15 States Have Now Gotten Broadband Mapping Money
· [5] AT&T Launching New 7.2 Mbps 3G Modem
Most people now reading
· Windows 7 boot manager editing questions [Microsoft Help]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· Framed for child porn 151; by a PC virus [Security]
· Microsoft Security Bulletin Summary for October 13, 2009 [Security]
· MI424WR-GEN2 Rev E Configuration Thread [Verizon Fiber Optics]
· My cat is reluctant to exercise. [General Questions]
· netTalk tk6000 [VOIP Tech Chat]
· Upcoming Games for 2009 [PC gaming GAMES]
· Know when to run! [Home Repair & Improvement]
· Google Has Acquired Gizmo5 [VOIP Tech Chat]