False positives?

Hi. Here's the story...

I recently tried Microsoft AntiSpyware out and it says my computer is 100%
clean. I also tried another program called SpywareDoctor. It is located at...

http://www.pctools.com/

SpywareDoctor says my computer is infected with various things and I think
these are false positives. I say that because in addition to checking my
computer with Microsoft AntiSpyware I checked it with 20 other various
programs that included anti-spyware and antivirus programs. They all say I am
clean. I was wondering if someone would be so kind as to check these entries
out and give me some feedback on them. If they are false positives... fine.
If they are not false positives, maybe detection should be added for them.
Below are the log findings from SpywareDoctor. Please look them over and let
me know what you come up with. I am very interested in the various...

"HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\"

entries.

Thank you very much! Here it is...

Infection Name Location Risk

Bargain Buddy
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0878B424-1F95-4E26-B5AB-F0D349D89650}
High

Bargain Buddy
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0878B424-1F95-4E26-B5AB-F0D349D89650}\iexplore
High

Common Components for WindUpdates
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}
Medium

Common Components for WindUpdates
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}\iexplore
Medium

ISTbar
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959}
High

ISTbar
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\iexplore
High

MediaMotor
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}
High

MediaMotor
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}\iexplore
High

Trojan.Downloader.Pacimedia
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{972BB342-14A7-4660-83C1-51DDBEE171DB}
High

Trojan.Downloader.Pacimedia
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{972BB342-14A7-4660-83C1-51DDBEE171DB}\iexplore
High

VX2.Look2Me
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}
High

VX2.Look2Me
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}\iexplore
High

YourSiteBar
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}
High

YourSiteBar
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\iexplore
High

Other Sections:

Copyright ? 2003-2005. Distributed by PC Tools. Legal
Notice

Eric Howes has your program on his short list of reputable anti-spyware
applications.

I don't know what that section of the registry controls, or what those
entries should look like.

I tend to agree with your false positive thought, though--it'd be
interesting to know more about what those GUID's relate to.

--

"LP" <LP@discussions.microsoft.com> wrote in message
news:FB455D5F-6882-42AE-A8C9-03F7567D9152@microsoft.com...
> Hi. Here's the story...
>
> I recently tried Microsoft AntiSpyware out and it says my computer is 100%
> clean. I also tried another program called SpywareDoctor. It is located
> at...
>
> http://www.pctools.com/
>
> SpywareDoctor says my computer is infected with various things and I think
> these are false positives. I say that because in addition to checking my
> computer with Microsoft AntiSpyware I checked it with 20 other various
> programs that included anti-spyware and antivirus programs. They all say I
> am
> clean. I was wondering if someone would be so kind as to check these
> entries
> out and give me some feedback on them. If they are false positives...
> fine.
> If they are not false positives, maybe detection should be added for them.
> Below are the log findings from SpywareDoctor. Please look them over and
> let
> me know what you come up with. I am very interested in the various...
>
> "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\"
>
> entries.
>
> Thank you very much! Here it is...
>
> Infection Name Location Risk
>
> Bargain Buddy
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0878B424-1F95-4E26-B5AB-F0D349D89650}
> High
>
> Bargain Buddy
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0878B424-1F95-4E26-B5AB-F0D349D89650}\iexplore
> High
>
> Common Components for WindUpdates
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}
> Medium
>
> Common Components for WindUpdates
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}\iexplore
> Medium
>
> ISTbar
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959}
> High
>
> ISTbar
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\iexplore
> High
>
> MediaMotor
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}
> High
>
> MediaMotor
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}\iexplore
> High
>
> Trojan.Downloader.Pacimedia
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{972BB342-14A7-4660-83C1-51DDBEE171DB}
> High
>
> Trojan.Downloader.Pacimedia
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{972BB342-14A7-4660-83C1-51DDBEE171DB}\iexplore
> High
>
> VX2.Look2Me
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}
> High
>
> VX2.Look2Me
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}\iexplore
> High
>
> YourSiteBar
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}
> High
>
> YourSiteBar
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\iexplore
> High
>
> Other Sections:
>
> Copyright ? 2003-2005. Distributed by PC Tools. Legal
> Notice
>

Check the list at http://www.spywarewarrior.com/rogue_anti-spyware.htm to
make certain that some of the other apps you used aren't listed there. If
they are listed there, then there's a chance they are wrong or misleading.
The top three apps that most people in this newsgroup recommend are ewido
(http://www.ewido.net/en/), Ad-Aware (http://www.lavasoft.com), and spybot
(http://www.safer-networking.org/en/home/index.html).

FYI: The three apps that I mentioned above scan for cookies, and the
current release of MSAS does not.

Alan

"LP" wrote:

> Hi. Here's the story...
>
> I recently tried Microsoft AntiSpyware out and it says my computer is 100%
> clean. I also tried another program called SpywareDoctor. It is located at...
>
> http://www.pctools.com/
>
> SpywareDoctor says my computer is infected with various things and I think
> these are false positives. I say that because in addition to checking my
> computer with Microsoft AntiSpyware I checked it with 20 other various
> programs that included anti-spyware and antivirus programs. They all say I am
> clean. I was wondering if someone would be so kind as to check these entries
> out and give me some feedback on them. If they are false positives... fine.
> If they are not false positives, maybe detection should be added for them.
> Below are the log findings from SpywareDoctor. Please look them over and let
> me know what you come up with. I am very interested in the various...
>
> "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\"
>
> entries.
>
> Thank you very much! Here it is...
>
> Infection Name Location Risk
>
> Bargain Buddy
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0878B424-1F95-4E26-B5AB-F0D349D89650}
> High
>
> Bargain Buddy
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0878B424-1F95-4E26-B5AB-F0D349D89650}\iexplore
> High
>
> Common Components for WindUpdates
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}
> Medium
>
> Common Components for WindUpdates
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}\iexplore
> Medium
>
> ISTbar
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959}
> High
>
> ISTbar
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\iexplore
> High
>
> MediaMotor
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}
> High
>
> MediaMotor
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}\iexplore
> High
>
> Trojan.Downloader.Pacimedia
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{972BB342-14A7-4660-83C1-51DDBEE171DB}
> High
>
> Trojan.Downloader.Pacimedia
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{972BB342-14A7-4660-83C1-51DDBEE171DB}\iexplore
> High
>
> VX2.Look2Me
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}
> High
>
> VX2.Look2Me
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}\iexplore
> High
>
> YourSiteBar
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}
> High
>
> YourSiteBar
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\iexplore
> High
>
> Other Sections:
>
> Copyright ? 2003-2005. Distributed by PC Tools. Legal
> Notice
>

LP..
A short addition to what Bill said.. I could give you links to forums, where
members have had many problems with Spyware Doctor, which would have you
reading all day. Someone I trust implicitly had run it on a test machine that
was clean, according to a fresh install from MS OS CD, that had never been on
any network. It was then scanned with the usual, to include HJT. Spyware
Doctor's results showed "Bonzi Buddy" infection. Personally, I don't believe
it was anything other than a false positive. It's something worth
considering. (Having said that, I wouldn't take for granted they are all
f.p.'s, without looking into it further)

Just a thought..
Conner

"LP" wrote:

> Hi. Here's the story...
>
> I recently tried Microsoft AntiSpyware out and it says my computer is 100%
> clean. I also tried another program called SpywareDoctor. It is located at...
>
> http://www.pctools.com/
>
> SpywareDoctor says my computer is infected with various things and I think
> these are false positives. I say that because in addition to checking my
> computer with Microsoft AntiSpyware I checked it with 20 other various
> programs that included anti-spyware and antivirus programs. They all say I am
> clean. I was wondering if someone would be so kind as to check these entries
> out and give me some feedback on them. If they are false positives... fine.
> If they are not false positives, maybe detection should be added for them.
> Below are the log findings from SpywareDoctor. Please look them over and let
> me know what you come up with. I am very interested in the various...
>
> "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\"
>
> entries.
>
> Thank you very much! Here it is...
>
> Infection Name Location Risk
>
> Bargain Buddy
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0878B424-1F95-4E26-B5AB-F0D349D89650}
> High
>
> Bargain Buddy
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0878B424-1F95-4E26-B5AB-F0D349D89650}\iexplore
> High
>
> Common Components for WindUpdates
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}
> Medium
>
> Common Components for WindUpdates
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}\iexplore
> Medium
>
> ISTbar
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959}
> High
>
> ISTbar
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\iexplore
> High
>
> MediaMotor
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}
> High
>
> MediaMotor
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}\iexplore
> High
>
> Trojan.Downloader.Pacimedia
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{972BB342-14A7-4660-83C1-51DDBEE171DB}
> High
>
> Trojan.Downloader.Pacimedia
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{972BB342-14A7-4660-83C1-51DDBEE171DB}\iexplore
> High
>
> VX2.Look2Me
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}
> High
>
> VX2.Look2Me
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}\iexplore
> High
>
> YourSiteBar
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}
> High
>
> YourSiteBar
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\iexplore
> High
>
> Other Sections:
>
> Copyright ? 2003-2005. Distributed by PC Tools. Legal
> Notice
>

I would not worry about it, unless it finds more and more false
positives if all the ones you listed are indeed false positives. All the
programs have false positives. Even ms antispyware has false positives.
Look around you will see several. All the the trustworthy ones list on
http://www.spywarewarrior.com/rogue...htm#trustworthy has had
and will have false positives. All you can do is report them and hope
you can spot them so you dont delete something that will cause you
computer problems. You can look and post in
http://spywarewarrior.com/index.php to see if you can find out what the
registry items are and another good forum is
http://www.wilderssecurity.com/index.php? You could google it to.

Bargain Buddy

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0878B424-1F95-4E26-B5AB-F0D349D89650}
High
http://www.google.com/search?hl=en&...%7D&btnG=Search
Did a search for {0878B424-1F95-4E26-B5AB-F0D349D89650}.

YourSiteBar
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\iexplore
High

http://www.google.com/search?hl=en&...%7D&btnG=Search

I did a search for {42F2C9BA-614F-47C0-B3E3-ECFD34EED658}
Think you get the idea. You will have to look it up yourself and you
decide if its a false positive or not and to delete it or not. If you
think it is a false positive report the items and ask.



On 5-10-2005 3:52 (+0100) LP wrote:
> Hi. Here's the story...
>
> I recently tried Microsoft AntiSpyware out and it says my computer is 100%
> clean. I also tried another program called SpywareDoctor. It is located at...
>
> http://www.pctools.com/
>
> SpywareDoctor says my computer is infected with various things and I think
> these are false positives. I say that because in addition to checking my
> computer with Microsoft AntiSpyware I checked it with 20 other various
> programs that included anti-spyware and antivirus programs. They all say I am
> clean. I was wondering if someone would be so kind as to check these entries
> out and give me some feedback on them. If they are false positives... fine.
> If they are not false positives, maybe detection should be added for them.
> Below are the log findings from SpywareDoctor. Please look them over and let
> me know what you come up with. I am very interested in the various...
>
> "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\"
>
> entries.
>
> Thank you very much! Here it is...
>
> Infection Name Location Risk
>
> Bargain Buddy
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0878B424-1F95-4E26-B5AB-F0D349D89650}
> High
>
> Bargain Buddy
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0878B424-1F95-4E26-B5AB-F0D349D89650}\iexplore
> High
>
> Common Components for WindUpdates
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}
> Medium
>
> Common Components for WindUpdates
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}\iexplore
> Medium
>
> ISTbar
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959}
> High
>
> ISTbar
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\iexplore
> High
>
> MediaMotor
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}
> High
>
> MediaMotor
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}\iexplore
> High
>
> Trojan.Downloader.Pacimedia
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{972BB342-14A7-4660-83C1-51DDBEE171DB}
> High
>
> Trojan.Downloader.Pacimedia
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{972BB342-14A7-4660-83C1-51DDBEE171DB}\iexplore
> High
>
> VX2.Look2Me
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}
> High
>
> VX2.Look2Me
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}\iexplore
> High
>
> YourSiteBar
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}
> High
>
> YourSiteBar
> HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\iexplore
> High
>
> Other Sections:
>
> Copyright ? 2003-2005. Distributed by PC Tools. Legal
> Notice
>