Is MS's Spyware Tool Friendly To Filesharers?

[Arby]

Is MS's spyware tool friendly to filesharers like myself? I am using Shareaza 2.1, and, while it's not super great for returning audio files, I do like it and have no plans to move to something else. Considering how so much of the music I'm after is ancient, Shareaza isn't all that bad. I don't need everything I'm after in 5 minutes either.

My question comes about because I have been trying to get control of the 'use current' setting for search engines in my IE 6. I have fairly abandoned IE, mind you. But, since my Thunderbird comes with an error message, and I just don't know my way around settings that well (assuming that it's just a setting I'm missing), I thought I might sometimes like to browse with my browser and email program in one. It's no biggy though. I can use my Firefox and my Outlook Express, for now.

Still, It irks me mightily that I can't get Google to stay off of my browser. What is that?! One suggestion that was given to me, and which worked but only for a little while, was to use the 'browser pages' option in Spybot to deselect Google and replace it with my chosen search engine, which happes to be, for now, Yahoo's 'All The Web'. I don't know why that worked for a little while only. Then someone else (in The Computer Mechanics forums) suggested downloading and installing and running Microsoft's spyware removal tool, I think. That certainly makes sense. But I've been avoiding that one download just because I don't trust Microsoft, frankly.

Any thoughts or free money?

[RACKnRAIL]

sounds like a IE hijacker. have you run spyware scans. you could always get hijack this and post your findings. if you don't trust M$ spyware scanner, then use spybot s&d which you already have. maybe use ad-aware as a second opinion.

[Arby]

Thanks RacknRail. I've been running my Ad-Aware Plus SE and Spybot regularly. But you know what? It just occurs to me that this problem might have popped up since my last time doing so. It's worth a shot.

[Arby]

I ran both Ad Aware and Spybot, and came up with only one critical object found with my Ad Aware, which I completely removed.

I downloaded Hijack This and ran it and had a look at the returns. I won't be setting this to mark all be default, obviously. But I did find Google.ca and clicked to fix/delete. I also took a minute to download and install the latest Spyware Blaster.

Then I tried my IE. No luck. Google will not go.

Here's the log from my Hijack This scan:

Logfile of HijackThis v1.99.1
Scan saved at 11:03:40 AM, on 5/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\AnalogX\CookieWall\cookie.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\AdsGone\adsgone.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.vroomsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vroomsearch.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.excite.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.alltheweb.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=proxy:8080
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [CookieWall] C:\Program Files\AnalogX\CookieWall\cookie.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - Startup: BHO Cop.lnk = C:\Program Files\BHOCop\BHOCop.exe
O4 - Global Startup: AdsGone 2004.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: @Home - {9C151CD1-4B7F-4049-8651-A3442832FCD2} - http://home.excite.ca (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.excite.ca/
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edge...oadManager.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {87D1A6EF-8CBC-458A-84B5-0333562418CD} - http://www.sitetracking.info/cttdl.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/ps/en/check/qdiagh.cab?326
O16 - DPF: {EEF29D20-9A47-4657-ADF7-283EC2504001} - http://download.bigwebportal.com/toolbar2/winenc32.cab
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.98.176.62/EPlugin.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

[RACKnRAIL]

At a glance, I think you still have some issues. I am not an expert, but perhaps someone here could help you in editing some problem entries. I will try and find out more and get back. I checked a couple of these and vroomsearch is definely spyware. There is a removal tool if you do a google search.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.vroomsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vroomsearch.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.excite.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.alltheweb.com/

[Arby]

I thought vroomsearch was nasty too, but I didn't want to be too hasty with the destruction here.

The home.excite.ca has me flummoxed. That used to be what Rogers gave us when Rogers was paired with excite, which it is no longer. Rogers claims that it wanted to give better customer service, which getting full control of it's operation would allow it to do. When I asked the tech guys a couple of times about it and whether I should try to uninstall Excite's 'at home' settings on my pc (after Rogers's disengagement), they didn't really have an answer. One guy just said that if it's not causing me problems, then don't worry about it. So, Rogers cares, but they don't, Or they would have come up with some tool to clean up the mess on our computers that their disengagement left behind. The only thing Rogers is concerned about is their bottom line. And I don't like the Excite being on my pc one bit. If I am not dealing with Excite, then I don't appreciate having it on my pc.

I suspect that the alltheweb.com is okay. That's the search engine I keep trying to replace my Google with. But I will defer to others' judgment since I don't know exactly how Hijack This works.

Later...