Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Can Not Remove A R0 Entry


  • This topic is locked This topic is locked
11 replies to this topic

#1 krazykat

krazykat

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 21 December 2006 - 01:11 AM

Hi,

See the second R0 entry. When I check mark and say fix, HijackThis does the removal, but when I run HijackThis a second time the same R0 entry is still present. From my research the about:blank is associated with a virus, but I have run detection and removal programs for the about :blank virus, but the R0 problem is not fixed.

Additional background information:

The problem I am trying to solve is I can not boot to safe mode> I get a stop error message duruing safe mode boot. Tsearch for a cause of the safe mode boot error lead to the HijackThis scan.

One interesting observationabout the HijackThis program. The opening page, in the lower right hand corner has a tab labeled "other stuff, config". I clicked on the conig... tab which brought up a configuration page. In the center of the page is this sentence:

Below URL's will be usec when fixing hijacked/unwanted MSIE pages:
Default Start page: about:blank.

I would have expected my home page of www.comcast.net.

I have WIN2K PRO and do not have any problems booting to the desktop or slow running apps. I also have spysweeper and Zonealarm PRO running.

I have run out of things to try and would appreciate some suggestions.

Thanks, krazykat


Logfile of HijackThis v1.99.1
Scan saved at 9:54:57 PM, on 12/20/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\SYSTEM32\ZONELABS\VSMON.EXE
D:\UTILITES\SpySweeperFull\SpySweeper+AV(111006)\SpySweeperProgram_5_2\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsgSys.EXE
D:\ZoneAlarmPro_61_737update(032606)\ZoneAlarm\zlclient.exe
F:\Omni_Page_Pro_14_Office\WorkFlowTray.exe
C:\Program Files\NavNT\vptray.exe
D:\UTILITES\Acronis_True_Image_9_B3677\TrueImageMonitor.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Omni_Page_Pro_14_Office\PdfPrn\SPrnAgent.exe
D:\UTILITES\SpySweeperFull\SpySweeper+AV(111006)\SpySweeperProgram_5_2\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
E:\Rose_City_Software\Registry_First_Aid_5_0\RFA_5.0\RFA\rfagent.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
F:\Omni_Page_Pro_14_Office\OpScheduler.exe
C:\windows\system32\spool\drivers\w32x86\2\hpoopm07.exe
C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\atiptaxx.exe
D:\UTILITES\Acronis_True_Image_9_B3677\TimounterMonitor.exe
F:\Ashampoo_2002_2003\UIWatcher.exe
D:\Sea_Monkey_1_0_2(060206)\SeaMonkey.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Nikon_View_4\NkVwMon.exe
C:\HP_G85_drivers\AiO\hp officejet g series\Bin\hpoavn07.exe
D:\ZoneAlarm_2_6\AdSubtract\AdSubtract CE\AdSubtract\adsub.exe
C:\HP_G85~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\wuauclt.exe
D:\UTILITES\SpySweeperFull\SpySweeper+AV(111006)\SpySweeperProgram_5_2\Spy Sweeper\SSU.EXE
D:\UTILITES\Desktop_Search\Yahoo\YDSsystray.exe
C:\WINDOWS\system32\hpoipm07.exe
F:\Explorer_Plus_1_0\Nxdlghlp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\System32\svchost.exe
F:\Explorer_Plus_1_0\NxExplo.exe
D:\UTILITES\HIjack_this\Hijack_This_Program_V199_1(101806)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:4444
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CitiUSBrowserHelper Class - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - D:\UTILITES\ReGetDx\iebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [TaskScheduler] D:\TURBOTAX\PRO_2003\32bit\TaskSch.exe
O4 - HKLM\..\Run: [ProTaskScheduler] D:\TURBOTAX\PRO_2005\32bit\TaskSch.exe
O4 - HKLM\..\Run: [Zone Labs Client] D:\ZoneAlarmPro_61_737update(032606)\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WorkFlowTray] "F:\Omni_Page_Pro_14_Office\WorkFlowTray.exe"
O4 - HKLM\..\Run: [vptray] "C:\Program Files\NavNT\vptray.exe"
O4 - HKLM\..\Run: [Tweak UI] "RUNDLL32.EXE" TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\UTILITES\Acronis_True_Image_9_B3677\TrueImageMonitor.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] "C:\Program Files\Common Files\Symantec Shared\Symtray.exe" SetReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SSPrnAgent] F:\Omni_Page_Pro_14_Office\PdfPrn\SPrnAgent.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SpySweeper] "D:\UTILITES\SpySweeperFull\SpySweeper+AV(111006)\SpySweeperProgram_5_2\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [rfagent] "E:\Rose_City_Software\Registry_First_Aid_5_0\RFA_5.0\RFA\rfagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "F:\Omni_Page_Pro_14_Office\PdfCnv\RegistryController.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [Opware14] "F:\Omni_Page_Pro_14_Office\Opware14.exe"
O4 - HKLM\..\Run: [OpScheduler] "F:\Omni_Page_Pro_14_Office\OpScheduler.exe"
O4 - HKLM\..\Run: [Omnipage] "C:\Program Files\ScanSoft\OmniPagePro11.0\opware32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] c:\windows\system32\spool\drivers\w32x86\2\hpoopm07.exe
O4 - HKLM\..\Run: [CitiVAN] "C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe" /dontopenmycards
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\UTILITES\Acronis_True_Image_9_B3677\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [UIWatcher] F:\Ashampoo_2002_2003\UIWatcher.exe
O4 - HKCU\..\Run: [SeaMonkey Quick Launch] "d:\Sea_Monkey_1_0_2(060206)\SeaMonkey.exe" -turbo
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Yahoo! Desktop Search.lnk = D:\UTILITES\Desktop_Search\Yahoo\YahooDesktopSearch.exe
O4 - Startup: Yahoo! Desktop Search System Tray.lnk = D:\UTILITES\Desktop_Search\Yahoo\YDSsystray.exe
O4 - Startup: Dialog Tracker.lnk = F:\Explorer_Plus_1_0\Nxdlghlp.exe
O4 - Global Startup: NkVwMon.exe.lnk = E:\Nikon_View_4\NkVwMon.exe
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\HP_G85_drivers\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: AdSubtract.lnk = D:\ZoneAlarm_2_6\AdSubtract\AdSubtract CE\AdSubtract\adsub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open PDF in Word - res://F:\Omni_Page_Pro_14_Office\PdfCnv\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\WAREZ_~2\VISIO_~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @Home - {0A01ED80-F4C9-11D5-8FBB-0050BAE7F34C} - http://home.excite.com (file missing) (HKCU)
O12 - Plugin for .asx: D:\Netscape\COMMUN~3\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O12 - Plugin for .wm: D:\Netscape\COMMUN~3\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .wmv: D:\Netscape\COMMUN~3\Program\PLUGINS\npdsplay.dll
O15 - Trusted Zone: *.accruradio.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {1FA643B0-F90E-11D3-BA0B-00C04F384A92} (HomeTsrCtrl Class) - http://image.excite.com/sputnik/dynacat_up...ationchange.dll
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://isvprod1.landonline.com.au/ecwplugins/ncs.cab
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - http://support.gateway.com/eSupport/static.../weblaunch2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/instal...edsolutions.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Fuse Service - Intuit - C:\Program Files\Common Files\Intuit\Fuse\Service\Intuit Fuse Service.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - F:\Sandra_Lite\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - F:\Sandra_Lite\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\VSMON.EXE
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\UTILITES\SpySweeperFull\SpySweeper+AV(111006)\SpySweeperProgram_5_2\Spy Sweeper\SpySweeper.exe

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:12 AM

Posted 22 December 2006 - 06:24 AM

Hello,

The reason why you can't fix that entry in Hijackthis is because of your Spysweeper and/or zonealarm.
I know both are watching the homepage and try to prevent it being changed.

For your spysweeper, do this:

Open Spysweeper.
Click shields (in the menu left)
Click the tab Internet Explorer
There you see: "IE hijack shield" and under it: "Edit IE hijack Shield settings"
Check "Edit IE hijack Shield settings"
This will open some settings below.
There you can change what you want as IE home page shield (your homepage) and click save next to it.
Under it, you will see also Advanced settings where the url http://www.microsoft.com/isapi/redir.dll?p...6.0&ar=home is present.
You can change that if you want, or you can also uncheck "Automatically Restore Default without Notification".

In case above didn't work, it's your Zonealarm responsible.
For that you have to fix it in Hijackthis in Windows safe mode, because shutting down zonealarm and then changing it won't work.
In some cases, Zonealarm stays stubborn here and uninstalling Zonealarm, then reboot, then fixing in Hijackthis and then reinstalling Zonealarm should do it.

But I guess changing the settings in Spysweeper will already solve your problem.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 krazykat

krazykat
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 23 December 2006 - 12:22 AM

miekiemoes,

Thanks for the reply and advise. I went to the Spy Sweeper page. All seems to be OK

IE home page; Use this page::: http://www.comcast.com ----- This is correct and as expected

IE Serch page; Use this page::: http://www.google.com ------ This is correct an as expected

Advanced settings

User Search bar http://www.google.com/ie ------- This is correct

System: default page http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome --This is correct

So, all the Spysweeper settings appear to be OK. I did not change any of the Spysweeper settings shown above.

Zone Alarm

You suggested to work in Safe mode run the HijackThis in safe node.

I can not boot to safe mode ------ That is the problem I am trying to fix.

Do you have any suggestions on how to fix a safe mode boot stop error?

Thanks. krazykat

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:12 AM

Posted 23 December 2006 - 01:05 AM

Hi krazykat,

In Spysweeper, uncheck "Automatically Restore Default without Notification"
then fix that entry in Hijackthis and then normally Spysweeper should give an alert. Just allow this! Because if you click block, it sill replace the entry you just fixed in Hijackthis again.

Can you tell me what exact error you get when trying to boot into safe mode?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 krazykat

krazykat
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 28 December 2006 - 01:05 AM

miekiemoes,

I went to Spysweeper, Shields, Web Browser, Edit IE Hijack Shield settings, Advanced Settings. There are two selections:

User Search Bar set to http://www.google.com/ie

System Default page set to http://www.microsoft.com/isapi/redir.dll?.......

next is a checkbox that says "Alert me before restoring yhis setting"

I did not see a check box with "Automatically Restore Default without Notification". I tried looking on other Spysweeper pages but could not find it. Am I looking on the right spysweeper menu?


Also, here is the exact text of the Safe Mode, Stop Error I receive.

***STOP : 0x0000000A (0xF6D19354,0x000000FF,0x00000001,0x80464109)

IRQL_NOT_LESS_OR_EQUAL

***Address 80464109 base at 80400000, Date Stamp 45069e6e-ntoskrnl,exe

Thanks, krazykat

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:12 AM

Posted 28 December 2006 - 01:44 AM

Hi,

Just check the box in spysweeper where it says: "Alert me before restoring this setting"
So, after you fix that R0 entry in Hijackthis, Spysweeper should alert you now that that value has been modified. In that case choose to ALLOW the changes, otherwise when you choose to deny/block it, it will replace that R0 entry again.

For the safe mode issue, it looks like it is rather a hardware problem and for that it's better you start a new thread about this in the hardware part of this forum.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:12 AM

Posted 28 December 2006 - 09:59 AM

By the way.. I see there are already a lot of helpers also analysing your issue at other forums.. Aumha Forums, Techarena and some others.
This is really confusing and not so nice towards the other who are already helping you while they could help someone else instead. :thumbsup:
Some are already analysing your problem and helping you somewhere else.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 krazykat

krazykat
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 28 December 2006 - 04:46 PM

miekiemoes,

Thank you for the reply. I will follow your suggestion.

I have been working with Bill in the Aumha forum for over two months and making progress. Bill has been great and I do not mean to be rude to him, I was hoping to get a different pair of eyes on the problem. I was unaware of the "Techarena and some others". If it is best I stop my conversation with you and bleepingcomputers, I will do it. As I said, I appreciate all the help, both Bill's and yours and do not want to offend anybody. I also apologize to Bill in the Aumha forum.

I will wait to post the Safe mode error until I solve the HijackThis problem. Just one problem at a time.

krazykat

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:12 AM

Posted 28 December 2006 - 05:38 PM

That's ok. I think you understand our point of view in this as well.. and I also do understand you wanted a different pair of eyes.

Unfortunately I can't really help you with the safe boot error - since this is most probably a hardware issue and I am not really into hardware. So for that, Bill is an excellent guide.

And as I already said, the fact that you're not able to fix that R0 entry in Hijackthis is most because of Spysweeper interfering (pretty sure of that) or Zonealarm interfering. Seen that A LOT as well, especially with certain versions of zonealarm free. In the zonealarm Pro version, you can modify this:

1.) Close all Internet browsers
2.) Open ZoneAlarm
3.) Click the Privacy Panel, Main Tab, turn all items to off.
4.) Open your browser and then test the issue again.

If this does not resolve the issue, please do the following instead.

1.) Open ZoneAlarm
2.) Click Program Control on the left
3.) Click Main in the upper right
4.) Click the Custom button next to Program Control
5.) Click the OS Firewall tab at the top
6.) Click the 'Reset to Default' button in the lower left
7.) Click Apply, then OK
8.) Restart your system to ensure that these changes take effect

Here you can read (where I posted links to other similar threads as well), that zonealarm was the cause of not be able to change startpage.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 krazykat

krazykat
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 31 December 2006 - 02:33 AM

miekiemoes,

Thanks for your response. I have been successful in removing the R0 entries from the HijackThis scan!!

I followed your instruction andnew suggestions from Bill. Here is what I did:


Details of what I did to remove the R0 entries from HijackThis.
First, I disconnected cable from the cable modem. Booted and turned off/ disabled Zone Alarm. This had no affect on the R0 entries. Ran a few checks suggested by Bill, which did not affect the R0 entry.


Now for SpySweeper. A series tests were run.
1. Shut down SpySweeper (SSP) completely and run Hijack(HJ) sweep. R0 entries DO NOT APPEAR.
2. Start SSP and run HJ sweep. 2 R0 entries appear and are not removed by "fix this".
3. Trun off all "Browser shields in SSP. No R0 entries appear.
4. Through a series of eliminations , it is the SSP "critical Web Browser Shields, IE Hijack" that are causing the R0 entries. I disabled the IE hijack shield and checked the box to give notice if SSP detected changes to IE default pages. Shut down SSP and restarted, then turned on the IE Hijack shields.
Ran HJ and the R0 entries DID not appear (and the HJ config page did not show the about blank entry )
5. Complete shut down and restart. Zone Alarm and SSP start at boot up. SSP gives notice of a change in IE pages and I click "accept new and update SSP protected pages.
6. Run HJ sweep and NO R0 entries.

I am not sure why SSP is now allowing the R0 entry to be removed and stay removed, but it is. Here is the new HijackThis log. I posted the results to Aumha for Bill to review and suggest the next step. Thanks for your help, your comments are appreciated if you care to.

Logfile of HijackThis v1.99.1
Scan saved at 9:46:41 PM, on 12/30/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\SYSTEM32\ZONELABS\VSMON.EXE
D:\UTILITES\SpySweeperFull\SpySweeper+AV(111006)\SpySweeperProgram_5_2\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
D:\ZoneAlarmPro_61_737update(032606)\ZoneAlarm\zlclient.exe
F:\Omni_Page_Pro_14_Office\WorkFlowTray.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\NavNT\vptray.exe
D:\UTILITES\Acronis_True_Image_9_B3677\TrueImageMonitor.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Omni_Page_Pro_14_Office\PdfPrn\SPrnAgent.exe
D:\UTILITES\SpySweeperFull\SpySweeper+AV(111006)\SpySweeperProgram_5_2\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\StartupMonitor.exe
E:\Rose_City_Software\Registry_First_Aid_5_0\RFA_5.0\RFA\rfagent.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
F:\Omni_Page_Pro_14_Office\OpScheduler.exe
C:\windows\system32\spool\drivers\w32x86\2\hpoopm07.exe
C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\atiptaxx.exe
D:\UTILITES\Acronis_True_Image_9_B3677\TimounterMonitor.exe
F:\Ashampoo_2002_2003\UIWatcher.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Nikon_View_4\NkVwMon.exe
C:\HP_G85_drivers\AiO\hp officejet g series\Bin\hpoavn07.exe
D:\ZoneAlarm_2_6\AdSubtract\AdSubtract CE\AdSubtract\adsub.exe
D:\UTILITES\Desktop_Search\Yahoo\YahooDesktopSearch.exe
D:\UTILITES\Desktop_Search\Yahoo\YDSsystray.exe
F:\Explorer_Plus_1_0\Nxdlghlp.exe
C:\HP_G85~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\WINDOWS\system32\wuauclt.exe
D:\UTILITES\SpySweeperFull\SpySweeper+AV(111006)\SpySweeperProgram_5_2\Spy Sweeper\SSU.EXE
F:\Explorer_Plus_1_0\NxExplo.exe
D:\UTILITES\HIjack_this\Hijack_This_Program_V199_1(101806)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:4444
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CitiUSBrowserHelper Class - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - D:\UTILITES\ReGetDx\iebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [TaskScheduler] D:\TURBOTAX\PRO_2003\32bit\TaskSch.exe
O4 - HKLM\..\Run: [ProTaskScheduler] D:\TURBOTAX\PRO_2005\32bit\TaskSch.exe
O4 - HKLM\..\Run: [Zone Labs Client] D:\ZoneAlarmPro_61_737update(032606)\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WorkFlowTray] "F:\Omni_Page_Pro_14_Office\WorkFlowTray.exe"
O4 - HKLM\..\Run: [vptray] "C:\Program Files\NavNT\vptray.exe"
O4 - HKLM\..\Run: [Tweak UI] "RUNDLL32.EXE" TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\UTILITES\Acronis_True_Image_9_B3677\TrueImageMonitor.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] "C:\Program Files\Common Files\Symantec Shared\Symtray.exe" SetReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SSPrnAgent] F:\Omni_Page_Pro_14_Office\PdfPrn\SPrnAgent.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SpySweeper] "D:\UTILITES\SpySweeperFull\SpySweeper+AV(111006)\SpySweeperProgram_5_2\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [rfagent] "E:\Rose_City_Software\Registry_First_Aid_5_0\RFA_5.0\RFA\rfagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "F:\Omni_Page_Pro_14_Office\PdfCnv\RegistryController.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [Opware14] "F:\Omni_Page_Pro_14_Office\Opware14.exe"
O4 - HKLM\..\Run: [OpScheduler] "F:\Omni_Page_Pro_14_Office\OpScheduler.exe"
O4 - HKLM\..\Run: [Omnipage] "C:\Program Files\ScanSoft\OmniPagePro11.0\opware32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] c:\windows\system32\spool\drivers\w32x86\2\hpoopm07.exe
O4 - HKLM\..\Run: [CitiVAN] "C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe" /dontopenmycards
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\UTILITES\Acronis_True_Image_9_B3677\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [UIWatcher] F:\Ashampoo_2002_2003\UIWatcher.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Yahoo! Desktop Search.lnk = D:\UTILITES\Desktop_Search\Yahoo\YahooDesktopSearch.exe
O4 - Startup: Yahoo! Desktop Search System Tray.lnk = D:\UTILITES\Desktop_Search\Yahoo\YDSsystray.exe
O4 - Startup: Dialog Tracker.lnk = F:\Explorer_Plus_1_0\Nxdlghlp.exe
O4 - Global Startup: NkVwMon.exe.lnk = E:\Nikon_View_4\NkVwMon.exe
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\HP_G85_drivers\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: AdSubtract.lnk = D:\ZoneAlarm_2_6\AdSubtract\AdSubtract CE\AdSubtract\adsub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open PDF in Word - res://F:\Omni_Page_Pro_14_Office\PdfCnv\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\WAREZ_~2\VISIO_~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @Home - {0A01ED80-F4C9-11D5-8FBB-0050BAE7F34C} - http://home.excite.com (file missing) (HKCU)
O12 - Plugin for .asx: D:\Netscape\COMMUN~3\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O12 - Plugin for .wm: D:\Netscape\COMMUN~3\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .wmv: D:\Netscape\COMMUN~3\Program\PLUGINS\npdsplay.dll
O15 - Trusted Zone: *.accruradio.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {1FA643B0-F90E-11D3-BA0B-00C04F384A92} (HomeTsrCtrl Class) - http://image.excite.com/sputnik/dynacat_up...ationchange.dll
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://isvprod1.landonline.com.au/ecwplugins/ncs.cab
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - http://support.gateway.com/eSupport/static.../weblaunch2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/instal...edsolutions.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Fuse Service - Intuit - C:\Program Files\Common Files\Intuit\Fuse\Service\Intuit Fuse Service.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - F:\Sandra_Lite\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - F:\Sandra_Lite\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\VSMON.EXE
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\UTILITES\SpySweeperFull\SpySweeper+AV(111006)\SpySweeperProgram_5_2\Spy Sweeper\SpySweeper.exe

Thanks, krazykat

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:12 AM

Posted 31 December 2006 - 04:57 AM

It's gone now. :thumbsup:

I am not sure why SSP is now allowing the R0 entry to be removed and stay removed, but it is.

Well, that's why real time scanners are for, to prevent malware. And it watches every modification that can be related with malware and block it.
It's all a matter of knowing how to use the scanners and how to configure it if you want to change something yourself.
This is the same with Teatimer and Adwatch. The forums are full with threads where people are telling that they can't change their homepage, and that's just because Adwatch or Teatimer are blocking the changes again. So in such case, reconfigure the real time settings, then change the startpage and then make sure that you tell those realtime scanners to allow the changes.

And that's what you have done as well - you checked the box to give notice if SSP detected changes to IE default pages. Then changed your startpage and when the alert appears, you told spysweeper to allow the changes :flowers:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:12 AM

Posted 04 January 2007 - 04:09 PM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users