'Stein
Lapsed Skeptic
Team Colleague
1,941 posts since Jan 2006
Reputation Points: 222
Solved Threads: 106
Have something to say? Contribute New Article Reply to this Article
spydoctor?
I downloaded spydoctor and ran it. it scanned my computer and found 55 infections. of course after the scan it said to clean please register which cost $$ :( but I saved the log.
and was wondering if that is a good spyware remover? here is the log.
<?xml version="1.0"?>
3/4/2006 12:43:39 AM3/4/2006 5:42:53 AMTrojan.Downloader.Small.AIQgeneral malwaremultipleHighTrojan.Downloader.Small.AIQ runs as a process in memory and periodically contacts servers for malicious files to download.genscanner.dllSpyAxeProcessesExplorer.EXE (C:\WINNT\system32\dxmpp.dll)ElevatedSpyAxe is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.pscanner.dllTrojan.Dropper.Small.OIRegistryHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler##{5FFD4A60-C328-128D-44EB-21D258091D15}HighTrojan.Dropper.Small.OI silently hides itself inside explorer. Running in stealth mode the Trojan will silently try to download additional malware from remote servers over the internet. More to that it will hijack your homepage to www.searchzoommer.com.StartupScanner.dllWindows AdControlRegistryHKCR\WinServAdX.InstallerElevatedWindows AdControl tracks a users browsing habits and distributes the data to remote servers to produce pop-up advertisements, mainly of pornographic nature.regscanner.dllWindows AdControlRegistryHKCR\WinServAdX.Installer##ElevatedWindows AdControl tracks a users browsing habits and distributes the data to remote servers to produce pop-up advertisements, mainly of pornographic nature.regscanner.dllWindows AdControlRegistryHKCR\WinServAdX.Installer\CLSIDElevatedWindows AdControl tracks a users browsing habits and distributes the data to remote servers to produce pop-up advertisements, mainly of pornographic nature.regscanner.dllWindows AdControlRegistryHKCR\WinServAdX.Installer\CLSID##ElevatedWindows AdControl tracks a users browsing habits and distributes the data to remote servers to produce pop-up advertisements, mainly of pornographic nature.regscanner.dllWindows ServeAdRegistryHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs##C:\WINNT\Downloaded Program Files\WinServAdX.dllElevatedAn adware based ad delivery software which displays targeted advertising offers.regscanner.dllSpyFalconRegistryHKCR\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}MediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKCR\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\dpiujutihkwqMediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKCR\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\fzsekwUcujgkoMediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKCR\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\ieuKgzlgbbRnmMediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKCR\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\iiHsfOlbncMediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKCR\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\InProcServer32MediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKCR\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\jqVtnzaiMediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKCR\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\lobpMediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKCR\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\mtQqSmMediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKCR\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\neRdqwlpudcMediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKCR\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\pVcmdotxyOMediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKCR\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\qjpjMediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKCR\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\wduZdsduaoYijMediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKCR\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\ZbvabmsjafyamMediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKCR\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\ZhVuwhVocXfvMediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKCR\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\zmEuynwiMediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKLM\Software\Classes\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}MediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKLM\Software\Classes\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\dpiujutihkwqMediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKLM\Software\Classes\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\fzsekwUcujgkoMediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKLM\Software\Classes\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\ieuKgzlgbbRnmMediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKLM\Software\Classes\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\iiHsfOlbncMediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKLM\Software\Classes\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\InProcServer32MediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKLM\Software\Classes\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\jqVtnzaiMediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKLM\Software\Classes\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\lobpMediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKLM\Software\Classes\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\mtQqSmMediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKLM\Software\Classes\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\neRdqwlpudcMediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKLM\Software\Classes\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\pVcmdotxyOMediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKLM\Software\Classes\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\qjpjMediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKLM\Software\Classes\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\wduZdsduaoYijMediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKLM\Software\Classes\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\ZbvabmsjafyamMediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKLM\Software\Classes\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\ZhVuwhVocXfvMediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllSpyFalconRegistryHKLM\Software\Classes\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}\zmEuynwiMediumSpyFalcon is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.bhoscanner.dllTrojan.Downloader.Small.AIQRegistryHKCR\CLSID\{DAA873D4-958C-453C-81CA-3FE6F3676A87}HighTrojan.Downloader.Small.AIQ runs as a process in memory and periodically contacts servers for malicious files to download.bhoscanner.dllTrojan.Downloader.Small.AIQRegistryHKCR\CLSID\{DAA873D4-958C-453C-81CA-3FE6F3676A87}\InprocServer32HighTrojan.Downloader.Small.AIQ runs as a process in memory and periodically contacts servers for malicious files to download.bhoscanner.dllTrojan.Downloader.Small.AIQRegistryHKLM\Software\Classes\CLSID\{DAA873D4-958C-453C-81CA-3FE6F3676A87}HighTrojan.Downloader.Small.AIQ runs as a process in memory and periodically contacts servers for malicious files to download.bhoscanner.dllTrojan.Downloader.Small.AIQRegistryHKLM\Software\Classes\CLSID\{DAA873D4-958C-453C-81CA-3FE6F3676A87}\InprocServer32HighTrojan.Downloader.Small.AIQ runs as a process in memory and periodically contacts servers for malicious files to download.bhoscanner.dllTrojan.Dropper.Small.OIRegistryHKCR\CLSID\{5FFD4A60-C328-128D-44EB-21D258091D15}HighTrojan.Dropper.Small.OI silently hides itself inside explorer. Running in stealth mode the Trojan will silently try to download additional malware from remote servers over the internet. More to that it will hijack your homepage to www.searchzoommer.com.bhoscanner.dllTrojan.Dropper.Small.OIRegistryHKCR\CLSID\{5FFD4A60-C328-128D-44EB-21D258091D15}\InProcServer32HighTrojan.Dropper.Small.OI silently hides itself inside explorer. Running in stealth mode the Trojan will silently try to download additional malware from remote servers over the internet. More to that it will hijack your homepage to www.searchzoommer.com.bhoscanner.dllTrojan.Dropper.Small.OIRegistryHKLM\Software\Classes\CLSID\{5FFD4A60-C328-128D-44EB-21D258091D15}HighTrojan.Dropper.Small.OI silently hides itself inside explorer. Running in stealth mode the Trojan will silently try to download additional malware from remote servers over the internet. More to that it will hijack your homepage to www.searchzoommer.com.bhoscanner.dllTrojan.Dropper.Small.OIRegistryHKLM\Software\Classes\CLSID\{5FFD4A60-C328-128D-44EB-21D258091D15}\InProcServer32HighTrojan.Dropper.Small.OI silently hides itself inside explorer. Running in stealth mode the Trojan will silently try to download additional malware from remote servers over the internet. More to that it will hijack your homepage to www.searchzoommer.com.bhoscanner.dllTracking Cookie(s)Cookies (counter2.hitslink.com)C:\Documents and Settings\pbmp3\Cookies\pbmp3@counter2.hitslink[1].txtMediumA tracking cookie is any cookie that is shared among two or more unrelated sites for the purpose of tracking a user's browsing and/or gathering and/or sharing information which many users regard as "private" Definitions of "private" may differ. Some consider any code "private" if it uniquely identifies a user, even if it is not their name or email address. A typical tracking cookie might look like this: "1www.somedomainname.com/ 0 2719785088 29508922 2980377808 29496852 * " The encoded info in this cookie includes a unique UserID assigned by a web server; the cookie can be used to track a user as they visit other sites that accept this cookie.BAScanner.dllTracking Cookie(s)Cookies (atdmt.com)C:\Documents and Settings\pbmp3\Cookies\pbmp3@atdmt[1].txtMediumA tracking cookie is any cookie that is shared among two or more unrelated sites for the purpose of tracking a user's browsing and/or gathering and/or sharing information which many users regard as "private" Definitions of "private" may differ. Some consider any code "private" if it uniquely identifies a user, even if it is not their name or email address. A typical tracking cookie might look like this: "1www.somedomainname.com/ 0 2719785088 29508922 2980377808 29496852 * " The encoded info in this cookie includes a unique UserID assigned by a web server; the cookie can be used to track a user as they visit other sites that accept this cookie.BAScanner.dllTracking Cookie(s)Cookies (www.myaffiliateprogram.com)C:\Documents and Settings\pbmp3\Cookies\pbmp3@www.myaffiliateprogram[1].txtMediumA tracking cookie is any cookie that is shared among two or more unrelated sites for the purpose of tracking a user's browsing and/or gathering and/or sharing information which many users regard as "private" Definitions of "private" may differ. Some consider any code "private" if it uniquely identifies a user, even if it is not their name or email address. A typical tracking cookie might look like this: "1www.somedomainname.com/ 0 2719785088 29508922 2980377808 29496852 * " The encoded info in this cookie includes a unique UserID assigned by a web server; the cookie can be used to track a user as they visit other sites that accept this cookie.BAScanner.dllAdvertisingCookies (com.com)C:\Documents and Settings\pbmp3\Cookies\pbmp3@com[2].txtLowAdvertising companies store cookies on a user's computer to serve targeted ads based on the web surfers interests when visiting a website serving their ads.BAScanner.dllTrojan.PopuperFilesC:\WINNT\system32\dfrgsrv.exeHighTrojan.Popuper hijacks the default Internet Explorer settings and changes your Internet Explorer homepage. It also appears as a security alert notifying users that their PC has been compromised and then downloads rogue antispyware products onto their PC.diskscanner.dllSpyAxeFilesC:\WINNT\system32\dxmpp.dllElevatedSpyAxe is a Rogue Anti-Spyware product which comes bundled along with a malicious downloader. It is downloaded and installed without the users consent.diskscanner.dllCWSFilesC:\WINNT\eybwe.datHighCWS is a trojan that hijacks Internet Explorer start and search settings to one of several different web sites. Most of these web sites appear to have an affiliate relationship with coolwebsearch.com in which coolwebsearch pays them for every visitor they refer. There could be other domains involved in the future.diskscanner.dll3/4/2006 12:51:10 AM49335550General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts file scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner3/4/2006 12:42:56 AM - Spyware Doctor started3.5.1.4983.042003/4/200648928never0OFFC:\Program Files\Spyware Doctor\EnglishNoYesYesNoYes20Yesno actionNoNoNo
Log is hard to read really, but I am seeing some bad names in there.
Follow the instructions in this post on using HijackThis and attach a log for us
http://www.daniweb.com/techtalkforums/thread28196.html
Also look in Add/Remove Programs and let me know if you see either of these
SpyFalcon
SpyAxeWhen you return - attach the HijackThis log and we will outline the steps needed.
Alrite, great. You'll begin by posting a HJT log here. Directions for this can be found here (be SURE to follow directions):
http://www.daniweb.com/techtalkforums/thread28196.html
Thanks.
'Stein
Lapsed Skeptic
Team Colleague
1,941 posts since Jan 2006
Reputation Points: 222
Solved Threads: 106
Im not sure how good Spyware Doctor is at removing trojans but it does have real-time protection and you can use it in conjunction with you Anti-Virus software. If you want it for free, Google offers a fully functional version for free in its service pack. http://pack.google.com/intl/en/pack_installer.html?hl=en&brand=GPMD&utm_source=en_US-et-more&utm_medium=et&utm_campaign=en_US
Trying to get an answer to a question. I am not a computer pro or tech or anything...just a woman using a home computer ! I have SpyHunter on my computer. It runs a scan and only finds items for repair in my cookies. I can run a Spy Doctor (free trial) and it will pick up over 450 threats. I cannot fix them because I have to purchase. Want to know what am I getting from the SpyHunter that I paid for if threats are being detected from something else. It is a gimmick to get me to purchase?
Thanks for any help!
kberry
Kerryberry, a suggestion, rather than post to a very old thread, please begin your own NEW thread, you are likely to get a lot more answers.
There are several great FREE programs out there that we always recommend. Uninstall BOTH of those programs you mentioned, post your own question and we will be happy to help.
Begin with Malwarebytes' Anti-Malware. Follow these directions
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.
* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
REBOOT after running MBA-M!
and post your problems and results of the MBA-M scan in your own new thread and one of us will be most happy to help you.
Judy
jholland1964
Posting Expert
Moderator
5,785 posts since Jul 2008
Reputation Points: 725
Solved Threads: 340
This article has been dead for over three months
You
© 2012 DaniWeb® LLC
