Author Topic: Spyware Doctor Scan Can I delete these files  (Read 13763 times)

0 Members and 1 Guest are viewing this topic.

roro

  • Guest
Spyware Doctor Scan Can I delete these files
« on: June 16, 2006, 10:34:04 AM »
I did a scan with Spyware Doctor and after deleting Temp files and Cookies got these file left on the machine.
Spyware Doctor gave me this info:
Of course you have to buy the software to have it delete files automatically.
----------------------------------------------------------------------------------------------------
DSSAgent

Threat Level: High

Description: A desktop computer running DSSAgent might send over 10,000 DNS requests in 15 minutes, slowing network traffic. There are reports that it slows CPU processing as well.

C:\WINNT\bbstore\DSS
--------------------------------------------------------------------------------------------------
Threat Level: High

Author: www.commonname.com

Description: CommonName is marketed as a 'keywords' service, allowing one to enter simple names instead of URLs. After its original release, the software has become a complicated (and sometimes buggy) search-hijacker and adware, aggressively bundled with many third-party applications.


HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000)
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000)##
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000)\iexplore##
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000)\iexplore##Count
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000)\iexplore##Time
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000)\iexplore##Type

Can I just delete these files safely? ???

Ro Ro

ardvark

  • Guest
Re: Spyware Doctor Scan Can I delete these files
« Reply #1 on: June 17, 2006, 06:21:48 AM »
Hi Roro...

Ah, yes, how well I remember Mr. "DSSAgent" from our good friends at Broderbund  ;) In my case, not only was it spyware but it usually managed to partially crash Windows once a session until I finally found out what the heck it was and got rid of it. This was years ago and to "him" I thank for first introducing me to the concept of spyware ;D

I would recommend downloading and installing Adaware SE to delete your entries. Deleting registry entries manually can be destructive if you aren't precise. You can find it here....

http://www.download.com/3000-2144-10045910.html

Best Regards...
« Last Edit: June 17, 2006, 06:26:06 AM by ardvark »

Spiritsongs

  • Guest
Re: Spyware Doctor Scan Can I delete these files
« Reply #2 on: June 17, 2006, 08:27:54 AM »
 :)  Hi Ro Ro :

      If you are going to download Ad-Aware, it is best to
      download from : www.majorgeeks.com/download506.html

      If at all possible, it is best to avoid Download.com ; too
      many potential problems ( From what I have read and
      personally experienced ) .

roro

  • Guest
Re: Spyware Doctor Scan Can I delete these files
« Reply #3 on: June 17, 2006, 08:35:43 AM »
Hi Ardvard,
Thanks for your answer.
I have Adaware SE, Have run it and not found these files.  In fact Adaware and Spybot S&D both find no problems at all on my computer.
Spyware doctor upon first scan found 143 infected files.  Of course, they were mostly cookies and Internet temp files.  After getting rid of all my cookies and temp files, these were the only files that were left.
Should just ignore them and leave them on my machine? 
I haven't had any problems since downloading and installing the TRIAL of Spyware Doctor.  I am not planning on buying it, but it had some good reviews.

I just got your reply Spiritsongs.  I have used download.com without problems, and I use majorgeeks also.  I will stick with majorgeeks as my primary download site, if there have been problems with download.com.

RoRo 8)

ardvark

  • Guest
Re: Spyware Doctor Scan Can I delete these files
« Reply #4 on: June 17, 2006, 09:26:14 AM »
Hi Roro...

No, do not leave them on your system. I find it interesting that neither Adaware or Spybot could detect any of them ???

I'm not sure what all you've tried but here are a couple other possibilities before bringing out the big guns. Both sites provide online scans but with Ewido, you can download and install the program for free.

http://www.ewido.net/en/onlinescan/

http://housecall.trendmicro.com/

Hopefully, one of two can nab 'em.

Should that fail, you can download and install a program called Hijack This (HJT) and post a log at this forum. Someone should be able to help you with specific instructions at that point. You can download it here...

http://www.majorgeeks.com/HijackThis_d3155.html

Best Regards...



ardvark

  • Guest
Re: Spyware Doctor Scan Can I delete these files
« Reply #5 on: June 17, 2006, 09:32:03 AM »
Hi Roro...

On the other hand, finally noticing the specs on the bottom of your posts, just stick with Housecall and HJT  ::)

Best Regards...

roro

  • Guest
Re: Spyware Doctor Scan Can I delete these files
« Reply #6 on: June 17, 2006, 09:57:02 AM »
I haven't used Housecall, but I did download Hijack this.  I did a scan on June 12, 2006 and sent it to BleepingComputer.com where they were supposed to help me with reading the scan.  I still haven't heard from them.
There are many files, and many of them belong to programs that I use. I tried to post it here but it exceeds the maximum allowable words.  would it be all right to post it in two messages?
I did scan from Ewido and it didn't find anything either.
I will download Housecall and give it a chance.
BTW, my computer seems to be working well, so this is maintenance.
Thank you.
RoRo 8)

« Last Edit: June 17, 2006, 09:58:46 AM by roro »

ardvark

  • Guest
Re: Spyware Doctor Scan Can I delete these files
« Reply #7 on: June 17, 2006, 10:06:00 AM »
Hi Roro...

You don't download anything from Trend Micro, it's just a online scan.

You can break the logs into two posts if you want and you can also go to these additional sites for help with the logs...

www.spywarewarrior.com

www.castlecops.org

Hope this helps :)


roro

  • Guest
Re: Spyware Doctor Scan Can I delete these files
« Reply #8 on: June 17, 2006, 10:36:26 AM »
I tried the online scan from Housecall.  It wanted Java installed which I did then and then it still needed more apps installed, so I didn't use it.  I don't really need these other apps.
Here is half the HJT scan.

Logfile of HijackThis v1.99.1
Scan saved at 3:18:38 AM, on 6/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\system32\hplampc.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Wacom\TabUserW.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINNT\system32\LxrJD31s.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\Tablet.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINNT\system32\fxssvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Microsoft Money\System\mnyschdl.exe
C:\Program Files\Microsoft Money\System\misuser.exe
C:\Program Files\Microsoft Money\System\mis.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender8\bdmcon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\FreshDevices\FreshDownload\fd.exe
C:\Application program setup files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphia.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot 1.3\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN
Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
« Last Edit: June 17, 2006, 10:39:32 AM by roro »

roro

  • Guest
Re: Spyware Doctor Scan Can I delete these files
« Reply #9 on: June 17, 2006, 10:41:02 AM »
HJT Part 2:

O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [hplampc] C:\WINNT\system32\hplampc.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender8\bdnagent.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Startup: Norton Disk Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - file://C:\Program Files\gateway\helpspot\TechTools.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - file://C:\Program Files\gateway\helpspot\RunExeActiveX.CAB
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINNT\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\System32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Thank you,
RoRo 8)

P.S.  I didn't find any of the files found by Spyware Doctor in my HJT log files.
I also ran Ewido again and didn't find those files either.
Spyware Doctor is starting to sound a little fishy.  Are they giving me false negatives so I buy their software.
 
« Last Edit: June 17, 2006, 11:55:49 AM by roro »

ardvark

  • Guest
Re: Spyware Doctor Scan Can I delete these files
« Reply #10 on: June 17, 2006, 12:21:26 PM »
Hi Roro...

You're right, I don't see the DSSAgent entry mentioned in your first post in your log, although I'm not experienced with reading HJT logs. Someone should be by at some point to give you a hand with the results.

I find it hard to believe that a reputable antispyware software firm would resort to false positives purposely to generate sales  ??? This may be some weird fluke.

If no one is able to help you here, go to the others sites I've mentioned.  :)

Best Regards...

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Spyware Doctor Scan Can I delete these files
« Reply #11 on: June 17, 2006, 02:05:05 PM »
Quote
If at all possible, it is best to avoid Download.com ; too
      many potential problems ( From what I have read and
      personally experienced ) .
I've downloaded from Download.com for years and still use it
without any problems.
In this case it's not where your downloading from but what your downloading
that can put you at risk.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Spyware Doctor Scan Can I delete these files
« Reply #12 on: June 17, 2006, 05:10:43 PM »
I've downloaded from Download.com for years and still use it without any problems.
Me too  8)
The best things in life are free.

Spiritsongs

  • Guest
Re: Spyware Doctor Scan Can I delete these files
« Reply #13 on: June 17, 2006, 07:26:28 PM »
 :)  RoRo :

      For future reference : many HJT forums have many people
      asking for help, therefore, there may be up to a 10-day
      wait for a response. That probably includes forums like
      Bleepingcomputer, Spywarewarrior, & Castlecops. I refer
      people to the little-known, but very good ( & QUICK
      RESPONSE ) HJT forums at www.landzdown.com .
      I can't tell from your log if you may have multiple anti-
      virus program(s) conflicting with each other ( BitDefender,
      Avast, Norton System Works ) !? That last "no name" 02
      BHO that shows "no file" most likely should be "fixed".
      Not sure if HJT should be in "Application program setup
      files" either, to be properly used .

roro

  • Guest
Re: Spyware Doctor Scan Can I delete these files
« Reply #14 on: June 18, 2006, 07:57:12 AM »
Thank you,
I do have 2 antivirus programs, and thought that only Avast was running, but found that Bitdefender was running also.  I have stopped Bitdefender and will just run it on demand.  I have uninstalled Norton Antivirus; although, I do use System works and haven't had problems.

I just checked with Bleeping computers and everything is good.  They were the ones that told me Bitdefender was running also and to turn it off.

I also went to spywarewarrior and castlecop and downloaded the tutorial on HJT to better understand which files could be dangerous and should be deleted.
I had noticed the 02 BHO file you mentioned and wondered what (no file) at the end of the string meant.  I assumed that no file was present, and therefore, there was no problem.

I ran Ewido yet again (a full system scan) and found only tracking cookies that Ewido cleaned up.

BTW can I just delete this file without problems?

C:\WINNT\bbstore\DSS

RoRo 8)
« Last Edit: June 18, 2006, 09:13:48 AM by roro »