Something has changed my SpywareBlaster settings twice now. The first time protection was disabled for Overture only. This time protection was disabled for Overture, vundo.b, win32.delf, Tfactory.a Trojan and a big group of platform dialers. Is there a way to find out what is causing the changes? They were all in the Internet Explorer section which I don't use very often.
I'm not sure when it happens. It doesn't happen right away when I reboot or when I use IE7 Beta.
A TrendMicro scan I did a couple days ago said it found ABetterInternet and an http cookie. I let TrendMicro fix them both.
Thanks
Logfile of HijackThis v1.99.1
Scan saved at 00:18, on 06-08-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Locate\Locate32.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\NetZero\exec.exe
E:\Program Files\NetZero\exec.exe
C:\Program Files\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Anders Kjersem: TransBar] C:\Program Files\Anders Kjersem\TransBar\TransBar.exe /NoConfig
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Locate32 Autorun.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155315260687
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155326637174
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7050BE0C-F695-4183-BA05-CB635CC7073F}: NameServer = 64.136.28.120 64.136.20.120
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
SpywareBlaster Issue
Started by Mike Rochip, Aug 28 2006 06:35 AM
6 replies to this topic
#2 OFFLINE
-
- Banned
-
- 3,071 posts
Lunarian
Posted 28 August 2006 - 01:12 PM
Are you still using Advanced Windows Onecare?
#3 OFFLINE
-
- Spyware Moderators
-
- 606 posts
Power Member
- Gender:Male
- Location:Netherlands
Posted 28 August 2006 - 01:58 PM
Also, it's always a good idea to post at the Javacool Software forum at Wilderssecurity:
http://www.wildersse...isplay.php?f=23
http://www.wildersse...isplay.php?f=23
#4 OFFLINE
-
- Members
-
- 1,958 posts
Power Member
- Gender:Female
- Location:Missouri, USA
Posted 28 August 2006 - 02:46 PM
I could easily be way off here....BUT! I had a similar(ish) situation.
Turn Windows Defender off for a few days (disable it in services.msc), and see if your settings stay put. It's easy enough to try.
(it worked for me)
Turn Windows Defender off for a few days (disable it in services.msc), and see if your settings stay put. It's easy enough to try.
(it worked for me)
CCleaner Beginner's Guide | Winapp2.ini: Personalize Your CCleaner | DAF | Fix CCleaner Crashes | CCleaner Issues Re-appearing
#5 OFFLINE
-
- Spyware Moderators
-
- 606 posts
Power Member
- Gender:Male
- Location:Netherlands
Posted 28 August 2006 - 02:47 PM
That could well be the solution, as there's a known similar "conflict" with SpySweeper... 
#6 OFFLINE
-
- Members
-
- 844 posts
Power Member
Posted 29 August 2006 - 04:10 AM
Thanks everyone for all the replies ...
@Tarun I used Advanced Windowscare V2 [which I'm guessing is the same thing] one time and I'm pretty sure that's what disabled protection for Overture the first time. I haven't used it since then and I removed it from the Startup list and haven't seen anything that looks unusual running in Process Explorer. However, I didn't uninstall it from my PC so maybe there's a remnant somewhere?
@TonyKlein Thanks, I didn't know they had a forum [I didn't think to look either
] so I'm going to see if anyone had a similar issue and I will post mine in a little bit.
@Krit I'll give that a try if this happens again. So far it hasn't. The thing I don't get about Defender is why it has to do everything in the background and the only warnings and informational messages I ever see from it is when I check Event Viewer which I do at least once a day. And the thing I don't get about Microsoft in general is why their messages often seem to be so cryptic and generally not helpful. My favorite is the "There is no further information available for this Event" or something like that. Umm, it's your Event ID Microsoft you must know something about it since you created it
...
I haven't used Spysweeper.
Two other things that may or may not be relevant is I visited the site that had the Ghost Car video and afterwards I noticed Eldmannen posted that the site had tried to install ErrorSafe on his PC.
Also I've gotten some popups from Yahoo and one or two other sites asking me to fill out a survey which I've ignored. They didn't seem malicious but I've never gotten them before.
...@Tarun I used Advanced Windowscare V2 [which I'm guessing is the same thing] one time and I'm pretty sure that's what disabled protection for Overture the first time. I haven't used it since then and I removed it from the Startup list and haven't seen anything that looks unusual running in Process Explorer. However, I didn't uninstall it from my PC so maybe there's a remnant somewhere?
@TonyKlein Thanks, I didn't know they had a forum [I didn't think to look either
] so I'm going to see if anyone had a similar issue and I will post mine in a little bit.@Krit I'll give that a try if this happens again. So far it hasn't. The thing I don't get about Defender is why it has to do everything in the background and the only warnings and informational messages I ever see from it is when I check Event Viewer which I do at least once a day. And the thing I don't get about Microsoft in general is why their messages often seem to be so cryptic and generally not helpful. My favorite is the "There is no further information available for this Event" or something like that. Umm, it's your Event ID Microsoft you must know something about it since you created it
...I haven't used Spysweeper.
Two other things that may or may not be relevant is I visited the site that had the Ghost Car video and afterwards I noticed Eldmannen posted that the site had tried to install ErrorSafe on his PC.
Also I've gotten some popups from Yahoo and one or two other sites asking me to fill out a survey which I've ignored. They didn't seem malicious but I've never gotten them before.
#7 OFFLINE
-
- Members
-
- 844 posts
Power Member
Posted 29 August 2006 - 04:39 AM
I just read through quite a few posts on the Javacool forum and the problem seems to occur mostly if Spysweeper is used [which I've never had] and sometimes due to an issue with other antispyware applications such as Windows Firewall [which I don't use] or Spybot's Resident Shield [don't use] etc.
So I'm guessing this happened because of the one time I used Advanced Windowscare or due to an issue with Defender like krit mentioned.
A couple people posted that the problem appeared to resolve itself for unknown reasons which mine seems to have done.
So I guess if it doesn't happen again I'll just be glad it was a temporary fluke of some kind.
THANKS AGAIN everyone for all your help. I'll post again if the problem repeats itself.
BTW I did check for Vundo.B, Win32.delf and the others and none were found on my PC.
So I'm guessing this happened because of the one time I used Advanced Windowscare or due to an issue with Defender like krit mentioned.
A couple people posted that the problem appeared to resolve itself for unknown reasons which mine seems to have done.
So I guess if it doesn't happen again I'll just be glad it was a temporary fluke of some kind.
THANKS AGAIN everyone for all your help. I'll post again if the problem repeats itself.
BTW I did check for Vundo.B, Win32.delf and the others and none were found on my PC.
