I tried Spyware Doctor2.0 and to my great astonishment :o it found the following spyware which non of the respected spywarescanners like S&D, Adaware, Pestpatrol,Spysweeper,...found.
So i suspect they are false positives.But i want to be sure , you never know...
So i would appreciate it if someone could have a look at it. (Yes i send an email to the support also)

Download Accelerator
Tool name: Disk Scanner
Problem location: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\ChanDir\MMJB\MMC.xml
Problem type: file
Problem risk level: Very dangerous
Problem description: changes browser settings other than homepage, without user permission, displays popup/popunder ads that cannot be closed by clicking a 'close' (X) button in the upper right of the frame, silently connects to an unintended site (with or without redirecting the address request) during a browser session, to transmit usage or other information to that site, silently connects to the Internet after reboot and without user awareness or consent in that session, silently tracks sites visited along with identification of the user/machine by GUID, IP address, email address, name, SSN#, phone number, credit card info, or other identifier
stays resident in background after exiting browser. Tracks your downloads and reports this info to a central server.

NewtonKnows
Tool name: Disk Scanner
Problem location: C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\Bar.dll
Problem type: file
Problem risk level: Very dangerous
Problem description: Displays ads, and a silly dog on your browser. NewtonKnows comprises a IE search-hijacker and toolbar, and a targeting pop-up system that works across many browsers. Speech-bubble-style site links pop up in the bottom-right corner of the browser window whilst browsing. When a targeted site is visited, NewtonKnows sends a request back to its controlling servers include the hostname of the site being viewed, and a unique ID. This can be used to track your usage of different web sites. If you entered an e-mail address at the time of install, such a browsing record is personally identifying. The privacy policy explicitly allows NewtonKnows's makers to combine personally identifying web usage records with other databases (which might include, for example, addresses and telephone numbers), and to use this database for marketing. NewtonKnows also has a silent self-updating feature which allows its controlling server to execute arbitrary unsigned code.

SuperBar
Tool name: Disk Scanner
Problem location: D:\Program Files\Starship\data\settings.cfg
Problem type: file
Problem risk level: Very dangerous
Problem description: SuperBar is an IE toolbar offering search and form-filling features. Adds links to the results of other search engines, dressed up to look as if they come from the search engine itself; in fact they are from the site greasycow.com. The software can download and execute arbitrary code silently from its controlling servers. The SuperBar licence includes a clause stating that third-party software may be installed through this mechanism.

SuperBar
Tool name: Disk Scanner
Problem location: C:\Program Files\GameSpy Arcade\Profiles\33634864\settings.cfg
Problem type: file
Problem risk level: Very dangerous

SuperBar
Tool name: Disk Scanner
Problem location: C:\Program Files\GameSpy Arcade\Profiles\(default)\settings.cfg
Problem type: file
Problem risk level: Very dangerous

Download Accelerator
Tool name: Registry Scanner
Problem location: HKLM\software\classes\.vsl
Problem type: registry key
Problem risk level: Very dangerous
thers).

TinyBar
Tool name: General Scanner
Problem location: multiple
Problem type: general malware
Problem risk level: Medium
Problem description: TinyBar is adware, a hijacker and a downloader. An Internet Explorer toolbar, TinyBar installs no actual software, but adds registry entries that use the Windows system file shdocvw.dll to display a web page as a toolbar. This page may be stored locally or fetched from the internet every time an IE window is opened; it generally contains a search feature and/or link buttons, pointed at a generic portal such as tinybar.com (or at least 18 others).

Hey Ronny,

I would not recommend this as a replacement to Adaware, Spy Sweeper or Spybot( the top tier). Even tho there were a few false positives relating to entries found in my Restricted Zone....All anti-malware applications will have some level of false positives.

Also....I'm not to found of the....We found it and you pay us to fix it mentality by buying our product. Many of the rogue programs are sucking in users with that tactic....and even tho this PCTools program is not found in the Rogue/Suspect Anti-Spyware Products (http://www.spywarewarrior.com/rogue_anti-spyware.htm)list....I'll reserve final judgement as time goes on.

Hi ronny, Bubba, ;)
{QUOTE-> I'll reserve final judgement as time goes on. <-QUOTE}I sent them a request about my following question:
{QUOTE-> Today I downloaded version 2.1.0.254 and did a full scan of my system.
It found the following: SuperBar (C:\Documents and Settings\Eric\Application Data\Visicom Media\AceFTP\Settings.cfg)

I think this may be an false positive, don't you think. This is AceFTP settings version 3 (3.51.0)
This also occurred in previous versions, so I always checked it to ignore.

Could you let me know if this is either spyware or not? <-QUOTE} Their response:

{QUOTE-> RE: Product Support Hello,

Thank you for your message.

Based on the initial description of the problem and because spyware is
constantly changing and evolving, additional steps will need to be
completed so that we can further isolate the cause of the problems that are
occurring.

Please complete the following steps 1-4 on your registered version of
Spyware Doctor:

1. Please perform a Live Update

2. Please run a Full Scan, Quarantine and Remove Reboot if necessary

3. Please run another Full Scan

4. Please check if the symptoms of the issue are gone.
(If the second Full Scan finds no issues and the symptoms do not re-appear, no more action is required)
*If the second Full Scan does find issues or if the symptoms are still present,
Please Advise in detail what the symptoms are
Are they different to the original symptoms, or the same?

If the problem continues, please perform steps 5-10 below:

5. Please download our Malware Detective program (54Kb) which will be used to create a logfile of malware and other program information on your system which will be useful for us and will enable us to troubleshoot the problem.

To download, please paste the following URL (address) into your browser address bar and press enter to download Malware Detective: URL

6. Select to save MalwareDetective.exe to your desktop.

7. Best results will be obtained if Malware Detective is run in Safe
mode. If you are not comfortable with rebooting your machine into safe mode then skip this step and continue to Step 8.
7a)Shutdown and Restart your computer.
7b)At the start of the boot process press the F8 key a few times.
7c)A list of boot options will be displayed. Select 'Safe Mode' Do not select 'Safe Mode with networking' or any other modes.
Press Enter.
7d) Login to your account.
7e) You will have to reboot after performing step 8.

8. Double-click on the downloaded MalwareDetective.exe (malware detective will run and will automatically create a file named results.log)

9. If you are comfortable sending the optional extra files listed by MalwareDetective, please zip these files before sending them.

*IMPORTANT* Please also zip and attach the Spyware Doctor log files (example, log 20040713173347.html) these log files are located in C:\Program Files\Spyware Doctor\log

10. Please reply to THIS MESSAGE (please do not start a new support request ticket) with the results.log file and any optional extra files as attachments.
*VERY IMPORTANT* please also let us know your Spyware Doctor Reference file version (example:2.0095) which is indicated in the Spyware Doctor program under Status/Summary.

We will then analyze the contents of the log file or files and respond as soon as possible.

Kind Regards,

Arthur Yeung
Technical Support Representative
PCTools Support Team <-QUOTE} My final response
{QUOTE-> Thanks for your response, but I feel it's not up to me to test if this is spyware or not.
I already did a full scan with Webroot Spy Sweeper, Ad-Aware 1.03 & Spybot S&D. These programs never found problems, so why did yours find a problem.
I'm a registered user and to find that I must perform these operations is unbelievable.
You're the experts, so it's up to you to find out.

This is no support to customers. <-QUOTE} As of today Spyware Doctor has been removed from my system. :D
Eric L. Howes may add it to the rogues list.

Eldar:

I'm sorry to hear that you've had some problems with Spyware Doctor. While I would not recommend it as a replacement for Ad-aware, Spybot S&D , or Spy Sweeper at this time, I don't foresee adding this to the Rogue/Suspect Anti-Spyware list.

I have tested Spyware Doctor, and it in no way resembles the other programs that populate the rogues list. The biggest problem with Spyware Doctor, in my judgment, is an immature definitions database. That will take time to improve, but the program itself is solid so far as I can tell.

Best,

Eric L. Howes

{QUOTE-> :
Their response:

<-QUOTE}
Thanks Eldar for letting us know. I got the same answer from them.

{QUOTE-> I'm sorry to hear that you've had some problems with Spyware Doctor. While I would not recommend it as a replacement for Ad-aware, Spybot S&D , or Spy Sweeper at this time, I don't foresee adding this to the Rogue/Suspect Anti-Spyware list.] <-QUOTE} Thanks, Eric, for your concern. ;)
The rogue list was only my opinion at that time, because I was really angered by their response. Of course it's still your opinion which I value most.
As you already know I had problems with ZeroSpyware, for which I thank you very much.
In any case Spyware Doctor has been removed and will stay that way.

{QUOTE-> Thanks Eldar for letting us know. I got the same answer from them. <-QUOTE}You're welcome. ;)
PCTools responded to my other duplicate thread here: http://spywarewarrior.com/viewtopic.php?p=23863#23863

I haven't had time to respond yet, but will when the time permits.
So the story continues ...

Regards,

Eric

{QUOTE-> Hey Ronny,

I would not recommend this as a replacement to Adaware, Spy Sweeper or Spybot( the top tier). Even tho there were a few false positives relating to entries found in my Restricted Zone....All anti-malware applications will have some level of false positives.

Also....I'm not to found of the....We found it and you pay us to fix it mentality by buying our product. Many of the rogue programs are sucking in users with that tactic....and even tho this PCTools program is not found in the Rogue/Suspect Anti-Spyware Products (http://www.spywarewarrior.com/rogue_anti-spyware.htm)list....I'll reserve final judgement as time goes on. <-QUOTE}

hey Bubba
i so agree with you--on the we found it you pay us to fix it mentality or you buy the key etc. etc. etc.have a great day bubba
rita :)

C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\Bar.dll
Hi,
the above cited entry was indentified as "very dangerous" spyware by spywaredoctor on my computer, too. Recommended isolating by spywaredoctor had the consequence that Ulead Photo Express did not
start any more because the file Bar.dll was missed now. Furthermore,
there was an analog entry for Photo Impact 8.0 - with the same consequences. Restoring the backup of spywaredoctor resolved these
issues.
Thus one should state that spywaredoctor finds so called "false positives"
in some cases. But it also indentifies most entries correctly which are found by Adaware...
Nevertheless, i've removed spywaredoctor at once. The deinstallation was not clean as RFA found 7 remained registry entries.
Rechtobt
Concluding remark: As i think the designation "false positives" is an illogical one. It would made more sense to say "false negatives" because in itself useful entries are wrongly reported to be malicious.

got same false positive from Spywaredoctor.

NOT AT ALL CONVINCED BY THIS PROG

Im have also Ulead Photo Express 2.0 SE installed in my computer.
Once, i used a adware/spware remove to carry out a full scan, the program removed the bar.dll file.
Now i can't used the Photo Express as it says "Component file - bar.dll not found. Please reinstall the program to fix the problem."
Its even more sick that i can't find the disc to reinstall it...
Damm adware cleaners...

Hi guys!

{QUOTE-> Hey Ronny,

I would not recommend this as a replacement to Adaware, Spy Sweeper or Spybot( the top tier). Even tho there were a few false positives relating to entries found in my Restricted Zone....All anti-malware applications will have some level of false positives.

Also....I'm not to found of the....We found it and you pay us to fix it mentality by buying our product. Many of the rogue programs are sucking in users with that tactic....and even tho this PCTools program is not found in the Rogue/Suspect Anti-Spyware Products (http://www.spywarewarrior.com/rogue_anti-spyware.htm)list....I'll reserve final judgement as time goes on. <-QUOTE}


I would never replace them, too. Nor would I knowingly junk a potential part of my arsenal. I am not too computer literate, thus, my heavy dependence on third party apps. If the experts say it won't do any harm by deleting critical system files or valid registry entries, I'd keep the app.


still longhorn

I usually rename dll files to dl0 instead of deleting.
Easy to search for- and they seem to stay registered.
If not try this site for useful tool(s) including dll reg tool..... http://www.e-systems.ro/
IMHO Ulead seem 'too big' to harbour real spyware for long.
My digicam needs it-so I can rename bar to the correct dll ext when needed if worried' which i aint too much ' !!
Rock on..pass the head pills !!

Thank you for your message.

I am from PC Tools, maker of Spyware Doctor.

We have come a long way since the version 2 as mentioned at the beginning of this forum dated Feb 2004.

Our latest version of Spyware Doctor is 3.2 which can be downloaded at: www.pctools.com

Should you have any problems with this new release version, please submit a new ticket and a technician will assist you shortly.
http://www.pctools.com/support/submit.php?ref=1-17-9&subject=Product+Support&guide=site

Thank you.

PC Tools

I tried Spyware Doctor on my old computer with W98. My computer also had the scanner which I think is what uses Ulead. I may be incorrect in that and the computer is gone.
I had the latest version of Spyware Doctor, and it did not identify Ulead as spyware. I don't recall that I got any false positives.

Jerry

I have a folder in my MusicMatch file named Commom with lots of Application extensions and xml files, one of which is mmc.xml. My computer was hacked, and from the log files, it looks like the genuine Musicmatch files were manually overwritten by rogue files, at which point the Common directory was created. Unfortunately, the typical Spyware programs didn't flag the problem. I'm going to download Spyware Doctor and see if it catches my mmc.xml file as well. I wouldn't write those flags off as false positives so quickly...I've seen how easy it is to have "real" files overwritten by dirty ones.

Thanks,
Melissa

{QUOTE-> My computer was hacked, and from the log files, it looks like the genuine Musicmatch files were manually overwritten by rogue files, at which point the Common directory was created. Unfortunately, the typical Spyware programs didn't flag the problem. <-QUOTE}In such instances an anti-trojan scanner (such as TrojanHunter (www.trojanhunter.com), TDS-3 (http://tds.diamondcs.com.au/), Ewido (http://www.ewido.net/en/) or A2 (http://www.emsisoft.com/en/software/free/)) would be a more appropriate choice than a spyware scanner. The first two have trial downloads available and the last two have free versions which you can use to scan your system.

If you have reason to believe that only your MusicMatch files were affected, then uninstalling and reinstalling the application should fix the problem also - but a scan would still be prudent to catch anything hidden elsewhere.