1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

spybot and ad aware question

Discussion in 'Virus & Other Malware Removal' started by lalala82, Jun 23, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. lalala82

    lalala82 Thread Starter

    Joined:
    Jun 16, 2003
    Messages:
    76
    How effective are these for finding dialers?

    Also, I've got windows xp, and there are many users in the computer I'm using, therefore we have different "profiles"

    If I used the spybot or ad aware while I'm logged in, in my profile, would it only check my part of the profile or would it cover everyones?

    thank you
     
  2. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Hard to say about the profiles. I think you would have to run it under each profile. Or maybe under "admin" and it would cover everything.

    AdAware is not that great for dialers. Spybot is much better.
     
  3. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Ad-Aware is getting better, though.

    Also, both search the entire Registry, so you only need to run them once.

    Cheers,
     
  4. lalala82

    lalala82 Thread Starter

    Joined:
    Jun 16, 2003
    Messages:
    76
    TonyKlein

    So I need only to run it once in my profile and I dont need to run it in other people's profiles?
    I'm just checking, .
    I ran it and it did pick up some things from other people's profiles,
    I just need clarification.



    How do you guys feel about this software called
    "StopItNow" ?
    It's supposed to stop any dialers to work.
    Do you guys recommend it?
     
  5. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    I don't see the point..if your not going to porn sites you don't have to worry about downloading dialers. Just call the phone company already and block 900 numbers.
     
  6. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
  7. lalala82

    lalala82 Thread Starter

    Joined:
    Jun 16, 2003
    Messages:
    76
    ok, I have a serious question.

    I just went to the porno site that I was stressing about. the one whichi i went to before which made me fear that I got dialers from it.

    I was in the website for 3 minutes.
    I kept clicking on the icon in the bottom right hand side of the screen which looks like 2 computers.

    It says that I was STILL CONNECTED TO MY ISP and not to another line.
    I went then disconnected my self just to make sure after 3 minutes in that site.

    I ran spybot search and destroy. and ad aware.

    It did not find any dialers.
    Does that mean that that site has no dialers.

    NOTE: the only reason I went there again was to check if it had dialers. Not to look at porn!!!.
     
  8. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    It means that neither Ad-Aware nor SpyBot were able to detect a dialer.
    You may have twelve of them, for all we know (although it isn't likely... :D )

    The thing to do is tighten your security settings, so that nothing will be able to install without your express approval.
     
  9. lalala82

    lalala82 Thread Starter

    Joined:
    Jun 16, 2003
    Messages:
    76
    no, maybe it did not find a dialer becuase that site dont have any dialer?
    Also, I was clicking on the little icon that looked like 2 computers the whole 3miuntes I was there. then I disconnected my line and restarted the computer. I ran spybot and ad aware.

    This is the question::::::

    If I was clicking on the 2 little computer icon on the bottom right side of the screen and it said I was still connected to my ISP, does that mean theres a possiblity that I was still reconnected to another line. I was clicking on it every 10 seconds and it said I was connected to my ISP.
     
  10. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    No. If you've ever used a telephone, you can only dial 1 phone number at a time. (Unless you set up 3-way-calling :p)
     
  11. lalala82

    lalala82 Thread Starter

    Joined:
    Jun 16, 2003
    Messages:
    76
    what the hell, i thought you said spybot and ad aware were really good. How can they not detect 12 dialers?
     
  12. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    They can only detect dialers that they know how to detect. If the dialers aren't in their updates/definitions, it doesnt know they are dialers.
     
  13. lalala82

    lalala82 Thread Starter

    Joined:
    Jun 16, 2003
    Messages:
    76
    someone please check this. I ran startUplist.

    StartupList report, 6/25/2003, 2:16:34 AM
    StartupList version: 1.52
    Started from : D:\Documents and Settings\Ray\Local Settings\Temp\Temporary Directory 3 for startuplist1521.zip\StartupList.EXE
    Detected: Windows XP (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 (6.00.2600.0000)
    * Using default options
    ==================================================

    Running processes:

    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\System32\CTSVCCDA.EXE
    D:\WINDOWS\System32\nvsvc32.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
    D:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
    D:\WINDOWS\Explorer.EXE
    D:\PROGRA~1\GOLDEN~1\CDGHOS~1\MndlSvr.exe
    D:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
    D:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
    D:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
    D:\WINDOWS\essspk.exe
    D:\WINDOWS\Mixer.exe
    D:\Program Files\Creative\WebCam Control\CAMTRAY.EXE
    D:\Program Files\Creative\ShareDLL\CtNotify.exe
    D:\Program Files\Messenger Plus! 2\MsgPlus.exe
    D:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
    D:\Program Files\Kazaa\kazaa.exe
    D:\Program Files\Creative\ShareDLL\MediaDet.exe
    D:\PROGRA~1\BROWSE~1\adblck.exe
    D:\Program Files\Winamp3\winampa.exe
    D:\Program Files\Messenger\msmsgs.exe
    F:\Program Files\Crazy Browser\Crazy Browser.exe
    D:\Program Files\ICQ\ICQ.exe
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\PROGRA~1\BROWSE~1\bp.exe
    D:\Documents and Settings\EJ\Local Settings\Temp\Temporary Directory 3 for startuplist1521.zip\StartupList.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [D:\Documents and Settings\Ray\Start Menu\Programs\Startup]
    BJ Status Monitor Canon i320.lnk = D:\Documents and Settings\EJ\cnmss Canon i320 (Local).exe

    Shell folders Common Startup:
    [D:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = D:\WINDOWS\System32\Userinit.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    Goldensoft_MndlSvr = d:\PROGRA~1\GOLDEN~1\CDGHOS~1\MndlSvr.exe
    VCDTower = d:\PROGRA~1\GOLDEN~1\CDGHOS~1\VCDTower.exe
    pccguide.exe = "D:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
    PCCClient.exe = "D:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
    Pop3trap.exe = "D:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
    SiSUSBRG = D:\WINDOWS\SiSUSBrg.exe
    NvCplDaemon = RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
    nwiz = nwiz.exe /install
    EssSpkPhone = essspk.exe
    Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd
    C-Media Mixer = Mixer.exe /startup
    NeroCheck = D:\WINDOWS\System32\NeroCheck.exe
    Creative WebCam Tray = D:\Program Files\Creative\WebCam Control\CAMTRAY.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    MSMSGS = "D:\Program Files\Messenger\msmsgs.exe" /background

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

    ICQ = D:\Program Files\ICQ\ICQ.exe -trayboot

    --------------------------------------------------

    Shell & screensaver key from D:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=explorer.exe
    SCRNSAVE.EXE=D:\WINDOWS\System32\logon.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - D:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
    (no name) - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - D:\PROGRA~1\BROWSE~1\bptlb.dll - {5F5564AC-DE7A-4DCD-9296-32E71A35DCB7}
    (no name) - D:\PROGRA~1\BROWSE~1\blckbho.DLL - {D34F641F-5210-4EB0-8ED5-9179F47E15B7}

    --------------------------------------------------

    Enumerating Download Program Files:

    [Shockwave ActiveX Control]
    InProcServer32 = D:\WINDOWS\System32\macromed\Shockwave 8\Download.dll
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    [YInstStarter Class]
    InProcServer32 = D:\WINDOWS\Downloaded Program Files\yinsthelper.dll
    CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab

    [HouseCall Control]
    InProcServer32 = D:\WINDOWS\DOWNLO~1\xscan53.ocx
    CODEBASE = http://a840.g.akamai.net/7/840/537/2003050501/housecall.antivirus.com/housecall/xscan53.cab

    [Update Class]
    InProcServer32 = D:\WINDOWS\System32\iuctl.dll
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37709.6950694444

    [HeartbeatCtl Class]
    InProcServer32 = D:\WINDOWS\DOWNLO~1\hrtbeat.ocx
    CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab

    [Shockwave Flash Object]
    InProcServer32 = D:\WINDOWS\System32\macromed\flash\Flash.ocx
    CODEBASE = http://active.macromedia.com/flash4/cabs/swflash.cab

    [Yahoo! Companion]
    InProcServer32 = D:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll
    CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab

    [MSN Chat Control 4.5]
    InProcServer32 = D:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
    CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: D:\WINDOWS\system32\SHELL32.dll
    CDBurn: D:\WINDOWS\system32\SHELL32.dll
    WebCheck: D:\WINDOWS\System32\webcheck.dll
    SysTray: D:\WINDOWS\System32\stobject.dll

    --------------------------------------------------
    End of report, 7,035 bytes
    Report generated in 0.120 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  14. lalala82

    lalala82 Thread Starter

    Joined:
    Jun 16, 2003
    Messages:
    76
    If theres none, does that mean there is no dailers working when i start my computer?
     
  15. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    You have two BrowserAid browser plugins:

    no name) - D:\PROGRA~1\BROWSE~1\bptlb.dll - {5F5564AC-DE7A-4DCD-9296-32E71A35DCB7}
    (no name) - D:\PROGRA~1\BROWSE~1\blckbho.DLL - {D34F641F-5210-4EB0-8ED5-9179F47E15B7}



    Download BHODemon at http://www.spywareinfo.com/downloads/bhod/
    Launch the program, and locate the following BHOs: bptlb.dll and blckbho.DLL

    Highlight each one, click 'details', and in "Select Status" click 'disabled'
    Click OK, and close the program

    Now restart your computer.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/141839

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice