i just got infected same as last time whats going on???????????????????????Spyware Doctor Activity Report
Generated on 5/6/2007 2:24:14 AM
Spyware Doctor Homepage PC Tools Homepage Technical Support
Scans (basic information only):
Scan Results:
scan start: 5/6/2007 2:24:48 AM
scan stop: 5/6/2007 2:24:50 AM
scanned items: 6
found items: 0
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Browser Scanner, Hosts Scanner, Disk Scanner, ActiveX Scanner

Infection Name Location Risk

Scan Results:
scan start: 5/6/2007 2:24:57 AM
scan stop: 5/6/2007 2:25:00 AM
scanned items: 2352
found items: 11
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Browser Scanner, Hosts Scanner, Disk Scanner, ActiveX Scanner

Infection Name Location Risk
CWS.Home Search Assistant C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe High
CWS.Home Search Assistant C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll High
CWS.Home Search Assistant C:\PROGRA~1\Sygate\SPF\smc.exe -startgui High
CWS.Home Search Assistant C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime High
CWS.Home Search Assistant C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe High
CWS.Home Search Assistant C:\Program Files\HP\HP Software Update\HPWuSchd2.exe High
CWS.Home Search Assistant C:\Program Files\Java\jre1.6.0\bin\jusched.exe High
CWS.Home Search Assistant C:\Program Files\QuickTime\qttask.exe -atboottime High
CWS.Home Search Assistant C:\WINDOWS\system32\NeroCheck.exe High
CWS.Home Search Assistant multiple High
CWS.Home Search Assistant RTHDCPL.EXE High

Scan Results:
scan start: 5/6/2007 2:27:58 AM
scan stop: 5/6/2007 2:28:02 AM
scanned items: 4743
found items: 10
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Browser Scanner, Hosts Scanner, Disk Scanner, ActiveX Scanner

Infection Name Location Risk
CWS.Home Search Assistant C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe High
CWS.Home Search Assistant C:\PROGRA~1\Sygate\SPF\smc.exe -startgui High
CWS.Home Search Assistant C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime High
CWS.Home Search Assistant C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe High
CWS.Home Search Assistant C:\Program Files\HP\HP Software Update\HPWuSchd2.exe High
CWS.Home Search Assistant C:\Program Files\Java\jre1.6.0\bin\jusched.exe High
CWS.Home Search Assistant C:\Program Files\QuickTime\qttask.exe -atboottime High
CWS.Home Search Assistant C:\WINDOWS\system32\NeroCheck.exe High
CWS.Home Search Assistant multiple High
CWS.Home Search Assistant RTHDCPL.EXE High


Other Sections:

Copyright © 2003 PC Tools. All rights reserved. Legal NoticeCANT GET RID OF IT

Hi
These all look like legit startup entries on your computer. This must be a False Positive, please report it: support@pctools.com

im afraid its not a false positive, avast isnt working,my printer needs the helper i had to load the disk,sd did remove some of the infection.

im afraid its not a false positive, avast isnt working,my printer needs the helper i had to load the disk,sd did remove some of the infection.

Trend Micro has CWS Shredder, which is supposed to be regularly updated to handle new variants of this crapware. You can find it at
http://us.trendmicro.com/us/products/personal/CWShredder/
It is supposed to be real good.

i am not an "expert", but, in the scan-logs that you posted, all of the items that were flagged look like they are false-positives.. you should have been able to tell that by looking at the file-path and the files that were being flagged..

if you allowed SD to "clean" (delete) those files, that explains why your avast isn't working, your printer had problems, etc..

if all of the files that were "cleaned" by SD are in "quarantine", i would try restoring them (from "quarantine"), and, hopefully they can be restored to where they will still work properly..

in the future, when something is flagged by an antimalware-program, you should verify that the files really are malware before you allow them to be "cleaned" ie deleted..

i don't know why SD flagged those items on your computer.. i did a scan and SD did not flag anything on my computer, and i have some of the same files on my computer that SD flagged on your computer, including the ATI "cli.exe" file and the "iesdpb.dll" "spyware doctor" file..

(the "RTHDCPL.EXE" file is associated with "realtek", which is the software for your integrated sound card)

i am sorry this happened to you.. something went wrong, somewhere, and you should let pctools know about it (imo)..

the problem that you are having, with SD's flagging those files, which i am not seeing, might be related to the recent microsoft-patch for the "ani-file" vulnerability, seeing that this involves the "realtek" file.. a lot of people who use the realtek software had problems as a result of the MS patch, and there was another MS patch for the patch..

http://support.microsoft.com/kb/935448/en-us

again, in the future, always check to make sure that items that are being flagged by your antimalware-programs are not false-positives before you allow them to be "cleaned" ie deleted..

i am running SD 4.1 with win xpsp2

i don't use "realtek" drivers, so i am not familiar with that issue, but here is a link for the latest realtek drivers:

http://www.realtek.com.tw/downloads/downloadsView.aspx?Langid=1&PNid=24&PFid=24&Level=4&Conn=3&DownTypeID=3&GetDown=false

thats one hell of a fp i see enteries relating to your cd rom in my computor your av,firewall,graphic drivers & more legit stuff if you removed what sd has flagged your system & software would not operate properley, new comers to computors & spyware doctor would trust sd & remove those legit enteries.

Hi
It may be (this is a bit of a long shot) that there was DLL injection into those processes/files which is why SD detected them.

heya!
Your Windows is screwed man.

Makesure your Windows settings are correctly setup!

Hey Samual,

Can you make sure your default Windows language is English. Sometimes having foreign character as a main language in Windows can cause false positives or your legitimate app files are infected.

Cheers,
Chippa