Hiya! I hope ive given u what u wanted
Here is my microsoft spyware thing, but i didnt know if this is what u wanted?
Spyware Scan Details
Start Date: 24/04/2005 16:44:31
End Date: 24/04/2005 16:50:29
Total Time: 5 mins 58 secs
Detected Threats
ShopAtHome Spyware more information...
Details: ShopAtHome installs itself in the Winsock layer of your system and redirects your browser to merchant sites to take advantage of the affiliate fees.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.
Infected registry keys/values detected
HKEY_CLASSES_ROOT\clsid\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}
HKEY_CLASSES_ROOT\clsid\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\InprocServer32 C:\WINDOWS\Downloaded Program Files\WEBInstaller.dll
HKEY_CLASSES_ROOT\clsid\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\ProgID WEBInstaller.CExecute.1
HKEY_CLASSES_ROOT\clsid\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\TypeLib {52CACFDF-9170-46a9-AE2E-E594D324C72A}
HKEY_CLASSES_ROOT\clsid\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7}\VersionIndependentProgID WEBInstaller.CExecute
HKEY_CLASSES_ROOT\clsid\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} CExecute Class
WinTools Trojan more information...
Details: Bubba WinTools purpose is currently unknown. Bubba.WinTools installs an Internet Explorer browser helper object, a URL search hook, and downloads several files in Common files\WinTools\. Bubba.WinTools runs at startup
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.
Infected files detected
C:\temp\EDowPack.exe
C:\temp\EDow.exe
C:\Documents and Settings\Abigail\Local Settings\Temp\WToolsA.exe
C:\Documents and Settings\Abigail\Local Settings\Temp\WToolsB.dll
Infected registry keys/values detected
HKEY_CURRENT_USER\Software\WinTools
WindUpdates Browser Plug-in more information...
Details: WindUpdates downloads additional adware and displays pop-up advertising.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.
Infected files detected
c:\windows\system32\ide21201.vxd
Infected folders detected
c:\temp\fleok
CallingHome.Biz.A Trojan Downloader more information...
Details: CallingHome.biz installs spyware on a users computer by doanloading via an FTP server on a remote server.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.
Infected files detected
c:\windows\system32\nzapeo.exe
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nzapeo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nzapeo
AproposMedia Browser Modifier more information...
Details: AproposMedia is a component of PeopleOnPage, sometimes found on computers without the commonly visible portion of the application . AproposMedia displays pop-up advertisements, and changes browser settings.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.
Infected folders detected
c:\program files\cxtpls
Infected registry keys/values detected
HKEY_CLASSES_ROOT\clsid\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}
HKEY_CLASSES_ROOT\clsid\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}\LocalServer32 C:\Program Files\CxtPls\CxtPls.exe
HKEY_CLASSES_ROOT\clsid\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}\ProgID
HKEY_CLASSES_ROOT\clsid\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}\VersionIndependentProgID
HKEY_CLASSES_ROOT\clsid\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}
HKEY_CLASSES_ROOT\clsid\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}
HKEY_CLASSES_ROOT\clsid\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}\InProcServer32 C:\Program Files\CxtPls\proxystub.dll
HKEY_CLASSES_ROOT\clsid\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}\InProcServer32 ThreadingModel Both
HKEY_CLASSES_ROOT\clsid\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} PSFactoryBuffer
Transponder.DLMax Spyware more information...
Details: Transponder is an Internet Explorer Browser Helper Object (BHO) that monitors web pages requested and data entered into forms.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.
Infected files detected
c:\windows\dlmax.dll
C:\Documents and Settings\Abigail\Local Settings\Temp\THI3D23.tmp\dlmax.dll
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-59D4-4008-9058-080011001200}
HKEY_CLASSES_ROOT\clsid\{00000000-59D4-4008-9058-080011001200}\ProgID DLMax.DLMaxObj.1
HKEY_CLASSES_ROOT\clsid\{00000000-59D4-4008-9058-080011001200}\TypeLib {230c3786-1c2c-45bd-9d2d-9d277fce6289}
HKEY_CLASSES_ROOT\clsid\{00000000-59D4-4008-9058-080011001200}\VersionIndependentProgID DLMax.DLMaxObj
HKEY_CLASSES_ROOT\clsid\{00000000-59D4-4008-9058-080011001200} DLMaxObj Class
HKEY_CURRENT_USER\Software\DLMax
HKEY_CURRENT_USER\Software\DLMax DLI6d7OfSDist 52|58|6|1|BANNER.EXE
HKEY_CURRENT_USER\Software\DLMax DLI6d7OfSInst {BFB0A47B-7E2B-465F-A224-F154434AF2A5}
HKEY_CURRENT_USER\Software\DLMax DLC6n7trMsgSDisp 27
HKEY_CURRENT_USER\Software\DLMax DLT6o7pListSPos 0
HKEY_CURRENT_USER\Software\DLMax DLs6t7icky1S lflshdt%3D1114105443%26capdatedy%3D0424%26lstlogdt%3D20050424%26capdate%3D2411%26capcntdy%3D16%260%3D%26cntp%3Ddsl%26capcnt%3D3%26
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-59D4-4008-9058-080011001200}
HKEY_CURRENT_USER\Software\DLMax DLs6t7icky2S 0%3D%26fstcidt%3D1114105443232%26
HKEY_CURRENT_USER\Software\DLMax
HKEY_CURRENT_USER\Software\DLMax
HKEY_CURRENT_USER\Software\DLMax DLC1o6d7eOfSFinalAd 1
HKEY_CURRENT_USER\Software\DLMax DLT6i7m8eOfSFinalAd 1114355643|0|0|0|0|1114354977|0|1114349143|0|
HKEY_CURRENT_USER\Software\DLMax DLD6s7tSSEnd ΐΐΝΜΤΥΝΆΜ
HKEY_CURRENT_USER\Software\DLMax DL6N7a8tionSCode UK
HKEY_CURRENT_USER\Software\DLMax DLP6D7om Μ
HKEY_CURRENT_USER\Software\DLMax DLT6h7rshSCheckSIn 45
HKEY_CURRENT_USER\Software\DLMax DLT6h7rshSMots 100
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-59D4-4008-9058-080011001200}
HKEY_CURRENT_USER\Software\DLMax DLM6o7deSSync 11
HKEY_CURRENT_USER\Software\DLMax DLI6n7ProgSCab 0
HKEY_CURRENT_USER\Software\DLMax DLI6n7ProgSEx 0
HKEY_CURRENT_USER\Software\DLMax DLI6n7ProgSLstest 0
HKEY_CURRENT_USER\Software\DLMax DLL6a7stMotsSDay 24
HKEY_CURRENT_USER\Software\DLMax DLL6a7stSSChckin 14612
HKEY_CURRENT_USER\Software\DLMax DLB6D7om άΑ
HKEY_CURRENT_USER\Software\DLMax DLE6v7nt 0
HKEY_CURRENT_USER\Software\DLMax DLT6h7rshSBath 10000
HKEY_CURRENT_USER\Software\DLMax DLT6h7rshSysSInf 2000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-59D4-4008-9058-080011001200}
HKEY_CURRENT_USER\Software\DLMax DLL6n7Title 30
HKEY_CURRENT_USER\Software\DLMax DLC6u7rrentSMode 1
HKEY_CURRENT_USER\Software\DLMax DLC6n7tFyl 0
HKEY_CURRENT_USER\Software\DLMax
HKEY_CURRENT_USER\Software\DLMax DLS6t7atusOfSInst roger
HKEY_CURRENT_USER\Software\DLMax HighestListIndex 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-59D4-4008-9058-080011001200}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-59D4-4008-9058-080011001200}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-59D4-4008-9058-080011001200}
HKEY_CLASSES_ROOT\clsid\{00000000-59D4-4008-9058-080011001200}
HKEY_CLASSES_ROOT\clsid\{00000000-59D4-4008-9058-080011001200}\InprocServer32 C:\WINDOWS\dlmax.dll
HKEY_CLASSES_ROOT\clsid\{00000000-59D4-4008-9058-080011001200}\InprocServer32 ThreadingModel Apartment
CoolWebSearch Browser Modifier more information...
Details: CoolWebSearch is a wide range of browser redirection tools. All variants redirect you to specific Web sites.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.
Infected registry keys/values detected
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks _{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
AvenueMedia.DyFuCA Browser Plug-in more information...
Details: AvenueMedia DyFuCA Internet Optimizer is adware that changes your browser error page. It periodically displays pop-up advertisements from its remote sites and may update itself.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer Changed 0
IST.ISTbar Browser Modifier more information...
Details: ISTbar is an Internet Explorer redirector that modifies your homepage and searches without your consent using an Internet Explorer toolbar.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.
Infected files detected
C:\Documents and Settings\Abigail\Local Settings\Temp\iinstall.exe
VX2.ABetterInternet Adware more information...
Details: ABetterInternet displays advertisements based on the Web sites you visit.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.
Infected files detected
C:\WINDOWS\banner.dll
Comet Systems Adware more information...
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.
Infected files detected
c:\windows\inf\cc_43.pnf
IST.ISTbar.ActiveX Spyware more information...
Details: ISTactivex is an Internet Explorer redirector that silently modifies homepages and searches using an Internet Explorer toolbar.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.
Infected registry keys/values detected
HKEY_CLASSES_ROOT\clsid\{7C559105-9ECF-42b8-B3F7-832E75EDD959}
HKEY_CLASSES_ROOT\clsid\{7C559105-9ECF-42b8-B3F7-832E75EDD959}\VersionIndependentProgID ISTx.Installer
HKEY_CLASSES_ROOT\clsid\{7C559105-9ECF-42b8-B3F7-832E75EDD959} Installer Class
HKEY_CLASSES_ROOT\clsid\{7C559105-9ECF-42b8-B3F7-832E75EDD959}\InprocServer32 C:\WINDOWS\DOWNLO~1\ISTACT~1.DLL
HKEY_CLASSES_ROOT\clsid\{7C559105-9ECF-42b8-B3F7-832E75EDD959}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{7C559105-9ECF-42b8-B3F7-832E75EDD959}\MiscStatus\1 132497
HKEY_CLASSES_ROOT\clsid\{7C559105-9ECF-42b8-B3F7-832E75EDD959}\MiscStatus 0
HKEY_CLASSES_ROOT\clsid\{7C559105-9ECF-42b8-B3F7-832E75EDD959}\ProgID ISTx.Installer.2
HKEY_CLASSES_ROOT\clsid\{7C559105-9ECF-42b8-B3F7-832E75EDD959}\ToolboxBitmap32 C:\WINDOWS\DOWNLO~1\ISTACT~1.DLL, 101
HKEY_CLASSES_ROOT\clsid\{7C559105-9ECF-42b8-B3F7-832E75EDD959}\TypeLib {EDBC8C5F-C58B-4d4e-A86D-956213E39691}
HKEY_CLASSES_ROOT\clsid\{7C559105-9ECF-42b8-B3F7-832E75EDD959}\Version 1.2
Transponder.ABetterInternet.Ceres Spyware more information...
Details: VX2.ABetterInternet.Transponder.2 is a new transponder variant of aBetterInternet.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.
Infected files detected
C:\Documents and Settings\Abigail\Local Settings\Temp\banner.exe
MediaPass.LoaderX Trojan Downloader more information...
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.
Infected registry keys/values detected
HKEY_CLASSES_ROOT\clsid\{1E5E0D38-214B-4085-AD2A-D2290E6A2D2C}
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Media Pass DisplayName Media Pass
HKEY_CLASSES_ROOT\clsid\{1E5E0D38-214B-4085-AD2A-D2290E6A2D2C}\LocalServer32 C:\PROGRA~1\MEDIAP~1\MEDIAP~2.EXE
HKEY_CLASSES_ROOT\clsid\{1E5E0D38-214B-4085-AD2A-D2290E6A2D2C}\ProgID LoaderX.Installer.1
HKEY_CLASSES_ROOT\clsid\{1E5E0D38-214B-4085-AD2A-D2290E6A2D2C}\TypeLib {15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}
HKEY_CLASSES_ROOT\clsid\{1E5E0D38-214B-4085-AD2A-D2290E6A2D2C}\VersionIndependentProgID LoaderX.Installer
HKEY_CLASSES_ROOT\clsid\{1E5E0D38-214B-4085-AD2A-D2290E6A2D2C} Installer Class
HKEY_CLASSES_ROOT\clsid\{1E5E0D38-214B-4085-AD2A-D2290E6A2D2C} AppID {735C5A0C-F79F-47A1-8CA1-2A2E482662A8}
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Media Pass
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Media Pass UninstallString C:\Program Files\Media Pass\MediaPass.exe /Remove
WindUpdates.MediaAccess Adware more information...
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.
Infected files detected
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
c:\program files\media access\mediaaccc.dll
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Media Access
HKEY_CLASSES_ROOT\clsid\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C} Installer Class
HKEY_CLASSES_ROOT\clsid\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C} AppID {735C5A0C-F79F-47A1-8CA1-2A2E482662A8}
HKEY_LOCAL_MACHINE\Software\Media Access
HKEY_LOCAL_MACHINE\Software\Media Access param 96e66a3e0b7ec801c58a1c614211eddadbd55fbc4a7195:3863346261646666626136316263363438656663346364373531383936333063
HKEY_LOCAL_MACHINE\Software\Media Access track 0
HKEY_LOCAL_MACHINE\Software\Media Access reqcount 42
HKEY_LOCAL_MACHINE\Software\Media Access DownloadPath \temp
HKEY_LOCAL_MACHINE\Software\Media Access Language en
HKEY_LOCAL_MACHINE\Software\Media Access
HKEY_LOCAL_MACHINE\Software\Media Access LastUpdate 1114276022
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Media Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Media Access
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Media Access
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Media Access UninstallString C:\Program Files\Media Access\MediaAccess.exe /Remove
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Media Access DisplayName Media Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Media Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Media Access
HKEY_CLASSES_ROOT\clsid\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}
HKEY_CLASSES_ROOT\clsid\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\LocalServer32 C:\PROGRA~1\MEDIAA~1\MEDIAA~2.EXE
HKEY_CLASSES_ROOT\clsid\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\ProgID MediaAccess.Installer
HKEY_CLASSES_ROOT\clsid\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\TypeLib {15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}
HKEY_CLASSES_ROOT\clsid\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\VersionIndependentProgID MediaAccess.Installer
IST.SlotchBar Toolbar more information...
Details: Slotch Bar is an adware toolbar program for affiliates to distribute on sites. Affiliates get paid per install of the toolbar.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar Changed 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll .Owner {7C559105-9ECF-42B8-B3F7-832E75EDD959}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll {7C559105-9ECF-42B8-B3F7-832E75EDD959}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\ISTactivex.dll
Transponder.Farmmext Adware more information...
Details: Advertising network software to display popup advertising.
Status: Removed
Elevated threat - Eleveated-risk items have some potential for harm. Users should review such programs and remove them if unwanted.
Infected files detected
c:\windows\farmmext.exe
C:\Documents and Settings\Abigail\Local Settings\Temp\THI20BF.tmp\farmmext.exe
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run farmmext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run farmmext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run farmmext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run farmmext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run farmmext
eBates.MoeMoneyMaker Adware more information...
Details: ebates Moe MoneyMaker displays pop-up advertisements and disables programs, including pop-up blockers that might interfere with its operation.
Status: Removed
Elevated threat - Eleveated-risk items have some potential for harm. Users should review such programs and remove them if unwanted.
Infected files detected
C:\Documents and Settings\Abigail\Local Settings\Temp\THI1C0A.tmp\MMaker4b.exe
WhenU.SaveNow Adware more information...
Details: WhenU SaveNow displays pop-up advertisements.
Status: Removed
Moderate threat - Moderate-risk items have some potential for harm, but may be part of a wanted service. Users may decide to ignore such programs after review.
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} ILoader
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader.1\clsid
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader.1\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\clsid
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver RunMSC.Loader.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Program Files\BearShare\RunMSC.dll
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
BearShare Software Bundler more information...
Details: BearShare is a file sharing network. The free version installs a number of known spyware and adware.
Status: Removed
Moderate threat - Moderate-risk items have some potential for harm, but may be part of a wanted service. Users may decide to ignore such programs after review.
Infected registry keys/values detected
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Program Files\BearShare\
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Program Files\BearShare\RunMSC.dll
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Program Files\BearShare\
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Program Files\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Program Files\BearShare\RunMSC.dll
Detected Spyware Cookies
No spyware cookies were found during this scan.
Here is the other logSymantec Adware.BetterInternet Removal Tool 1.0.6
C:\System Volume Information: (not scanned)
Adware.BetterInternet has not been found on your computer.
Here is my hijackthis fileLogfile of HijackThis v1.99.1
Scan saved at 17:43:22, on 24/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Abigail\Desktop\Hijack\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.hp.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKLM\..\RunServices: [PcSync] PCsync.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\RunServices: [PcSync] PCsync.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....467&clcid=0x409O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} -
http://64.158.165.49...dsldbaccess.exeO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
http://download.mcaf...84/mcinsctl.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://groups.msn.co...UC/MsnPUpld.cabO16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) -
http://dm.screensave.../sinstaller.cabO16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} -
http://www.netvenda....c16/games30.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pdownloader.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://download.mcaf...,23/mcgdmgr.cabO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe