CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL | reply to bladerider
Re: Spybot bringing up a lot of popups
bladerider, you're welcome. Glad we could help  |
|
bladerider
join:2005-10-22
netherlands | reply to bladerider
Thank all of you for helping out.
special thanks to Calamity Jane and Hubba |
|
bladerider
join:2005-10-22
netherlands | reply to bladerider
After I have shut down TeaTimer and left it off for a few minutes before starting it again the popups have stopped !!! |
|
bladerider
join:2005-10-22
netherlands
| reply to bladerider
Bubba,
I cannot select any settings as the menu keeps disappearing.I can quit TeaTimer by clicking on it really fast and then the popups disappear. When starting TeaTimer they just reappear and I cannot select anything from the TeaTimer menu. |
|
Bubba
GIT-R-DONE
Premium,MVM
join:2002-08-19
Around, Us
 ·Comcast
| reply to bladerider
said by bladerider  :CJ and Bubba, I have checked the Teatime and there is an entry in there for the ITBarLayout. Should I allow this entry? Sort of....what we need to do is reset the snapshot of the registry that TeaTimer has already taken which should then dispense with this particular pop-up.
You need to right click TeaTimer's icon that's in the systray and select Exit Spybot-S&D Resident. This will close TeaTimer down and at the same time it refreshes it's snapshot of the registry.
You then need to re-start TeaTimer by opening Windows Explorer. Go to C:\Program Files\Spybot - Search & Destroy. Then double-click on the TeaTimer.exe file in order to re-start TT. |
|
bladerider
join:2005-10-22
netherlands | reply to CalamityJane
CJ and Bubba,
I have checked the Teatime and there is an entry in there for the ITBarLayout.
Should I allow this entry? |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL | reply to bladerider
Thanks, Bubba!
bladerider, try his suggestion, to see if that may be the cause  |
|
bladerider
join:2005-10-22
netherlands | reply to bladerider
Since I will be out of the house today I will post an update tonight. I will set the Adobe update to manual, perform an manual update of the software, reboot and see if the popups stop. I will also post a new HJT log. |
|
Rusty Dusty
join:2002-11-23
| reply to bladerider
Well, I do not want to interfere with CJ's process,
but I'd try changing the updates to manual, reboot
and see if you still have the problem! Adobe update may be trying to change something in the browser helper....
--
SRS 4000 CE, 4.2.1.10, G4R, 1250, W2K@all updates, IE6@all updates, ICS, 5 Clients (one wireless, one Linux) RSL 83. |
|
Bubba
GIT-R-DONE
Premium,MVM
join:2002-08-19
Around, Us
·Comcast
| reply to bladerider
Hey Jane\bladerider,
That ITBarLayout can also be caused by an initial inappropriate response by the user when the Adobe toolbar was initially added. With Spybots malfunctioning alert box....the Allow\Block buttons are not displayed properly. If the user put a check in the box and then hit the return key it then becomes and always Blocked item.
I would suggest they right click the TeaTimer systray icon and then select settings. Then select Block registry changes. Is there an entry dealing with ITBarLayout similar to the above pic ? |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| reply to bladerider
It appears to me and at least one other TeamSpybot member that something is trying to delete the Adobe toolbar - and I know of NO malware that does this (nor is any malware showing in your log). Have you recently run any spyware or other scans that "found" something new to delete?
Have you recently done an Adobe update? (Although I just did one and didn't get any popups from Spybot here)
My one thought is to let it proceed and see what happens. Post a new HijackThis log afterwards and I'll see what it looks like compared to before.
Can you recall what you were doing (or had just done) when the popups began to appear?
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
bladerider
join:2005-10-22
netherlands | reply to Rusty Dusty
Rusty,
the updates is set on automatic |
|
Rusty Dusty
join:2002-11-23 | reply to bladerider
Just wondering... Is Adobe updater turned on, or
is it in 'Manual' mode? |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| reply to bladerider
Let me see if I can find a TeamSpybot or other SB expert, perhaps we can get a better explanation of what that message is telling you. It looks like it is changing the data, but I'm not sure what is causing it or why.
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
bladerider
join:2005-10-22
netherlands | reply to CalamityJane
Adobe is installed on my system,but I do not recall that I was trying to change anything in it. If I would reinstall the program, would that solve this issue? |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| reply to bladerider
said by bladerider :The properties of the file do not show a lot of information other than the original name of the file: Fileversion: 1.0.1.2,Internal Name:CameraMonitor,Original File:CameraMonitor.exe,ProductName: CameraMonitor Application,Language: English. Ok, that is the Camera Monitor mentioned in my previous post. So not a problem file.
quote:
For better readability I will post a part of the resident log . The same line appears over and over again :
23-10-2005 15:17:43 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
That CSLID (the number that appears in brackets) belongs to the Adobe Toolbar which is legitimate. Were you trying to delete the toolbar or doing something with Adobe?
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
bladerider
join:2005-10-22
netherlands
| reply to CalamityJane
Calamity Jane, first of all thanks for your help
The properties of the file do not show a lot of information other than the original name of the file: Fileversion: 1.0.1.2,Internal Name:CameraMonitor,Original File:CameraMonitor.exe,ProductName: CameraMonitor Application,Language: English.
For better readability I will post a part of the resident log . The same line appears over and over again :
23-10-2005 15:17:43 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:43 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:44 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:44 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:45 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:46 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:47 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:47 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:48 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:48 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:49 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:49 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:50 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:50 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:51 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:51 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:52 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:52 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:53 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:54 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:55 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:55 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:56 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:56 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:57 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:57 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:58 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:58 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:59 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:17:59 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:18:01 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:18:01 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:18:02 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:18:02 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:18:03 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:18:03 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:18:04 Denied value "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (new data: "") deleted in User-specific browser toolbar!
23-10-2005 15:18:04 Denied value "ITBarLayout" (new data: "") deleted in User-specific browser toolbar! |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
1 edit | reply to bladerider
bladerider, can you rightclick on the file that is unknown:
C:\WINDOWS\vsnpstd3.exe
Choose "Properties" from the dropdown menu and look at the tabs at the top for additional information on the file. Does it belong to Sonix?
»www.exedb.com/vsnpstd3.html
vsnpstd3.exe vsnpstd3 Process Information
File Name: vsnpstd3.exe
Process Name: Camera Monitor Application
Description: vsnpstd3.exe PC Camera Monitor MFC Application. This program is not important for your system process, but should not be terminated unless suspected to be causing problems.
Author: Sonix
Part of: Camera Monitor Application
Virus: No
Trojan: No
Spyware: No
Security Risk: 0
................
Can you post the Spybot logs or more info about the registry changes Spybot is alerting you about? It might be something quite legit and only the detailed information regarding what is trying to change and change to what will help determine if it is a problem or not.
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| reply to NyQuil Kid
Google is NOT always your friend. I would not trust that data coming from a website/program that is on the "Hall of Shame" list:
Rogue/Suspect Anti-Spyware Products & Web Sites
»www.spywarewarrior.com/rogue_ant···ware.htm
RegFreeze actualresearch.com false positives work as goad to purchase (1); dubious corp associations (1) [A: 8-8-04 / U: 2-13-05]
If Virus Total says it's clean, I would be more inclined to lean towards that as more reliable since it uses reputable AV programs
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
NyQuil Kid
8f The Nyquil Kid
join:2001-01-06
Brick, NJ
·Comcast
 ·Verizon Online DSL
| reply to bladerider
This page shows that file as unidentified malware:
»64.233.161.104/search?q=cache:B5···xe&hl=en
[8F] The NyQuil Kid |
|
