Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spyware reinstaling


  • Please log in to reply

#1
Robbie2

Robbie2

    New Member

  • Member
  • Pip
  • 2 posts
Hello,
My computer infected with spyware. The spyware that microsofts beta picked up was Shop at home, Tv Media display, win tools, SEP, Aprosmedia, eXact.ISEXEng trojan, clk optimizer, Trojan.Startup.nameshifter.usofnwr, CoolWebSearch, AvenuMedia.DyFuCa, stat blaster. Here is the logs from bolth microsofts beta and hijack this.

Microsofts antispyware
Detected Threats

ShopAtHome Spyware more information...
Details: ShopAtHome installs an agent in the Winsock layer of your computer. This redirects your Web browser to merchant sites affiliated with ShopAtHome rather than the Web sites you type in or click.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099235.exe


TV Media Display Adware more information...
Details: TV Media Display is secretly installed on your computer to display advertising, usually pop-ups.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.

Infected registry keys/values detected
HKEY_CURRENT_USER\SOFTWARE\Toolbar\PlugIns\COMMON
HKEY_CURRENT_USER\SOFTWARE\Toolbar\PlugIns\COMMON PImport_Hash r})Ғ@_
HKEY_CURRENT_USER\SOFTWARE\Toolbar\PlugIns\COMMON Popblocker


WinTools Trojan more information...
Details: WinTools purpose is currently unknown. WinTools installs an Internet Explorer browser helper object, a URL search hook, and downloads several files in Common files\WinTools\. WinTools runs at startup
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.

Infected registry keys/values detected
HKEY_CURRENT_USER\Software\WinTools
HKEY_CURRENT_USER\Software\WinTools hminlzz2ym5hx3rk4irx .
HKEY_CURRENT_USER\Software\WinTools a4ix .
HKEY_CURRENT_USER\Software\WinTools alk3hm .
HKEY_CURRENT_USER\Software\WinTools 4irx2y4mnrk .
HKEY_CURRENT_USER\Software\WinTools hrhrirlx2j4xz eqqm7,,ttt+tb_pb^o`e+`lj,fb+^pmuHKEY_CURRENT_USER\Software\WinTools rmhri .


SEP Adware more information...
Details: SEP installs an Internet Explorer browser helper object and toolbar.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099195.dll

Infected registry keys/values detected
HKEY_CURRENT_USER\Software\sep
HKEY_CURRENT_USER\Software\sep PBPV 1
HKEY_CURRENT_USER\Software\sep Guid {8D097D5D-C9CB-4920-82E5-2F0F75383570}
HKEY_CURRENT_USER\Software\sep SettingsUpdate 38459.2
HKEY_CURRENT_USER\Software\sep SearchEngineUpdate 38461
HKEY_CURRENT_USER\Software\sep SettingsInterval 48
HKEY_CURRENT_USER\Software\sep SettingsUrl http://www.searchreslt.com/settings/
HKEY_CURRENT_USER\Software\sep SearchEngineInterval 72
HKEY_CURRENT_USER\Software\sep SearchEngineUrl http://www.searchreslt.com/selist/
HKEY_CURRENT_USER\Software\sep AdUrl http://www.searchreslt.com/ad/


AproposMedia Browser Modifier more information...
Details: AproposMedia is a component of PeopleOnPage, sometimes found on computers without the commonly visible portion of the application . AproposMedia displays pop-up advertisements, and changes browser settings.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.

Infected files detected
c:\documents and settings\eva\local settings\temporary internet files\content.ie5\mtuj2xm5\am_1.0.221[1].exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099271.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099272.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099273.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp237\a0097625.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp237\a0097626.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp237\a0097628.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp237\a0097629.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp237\a0097630.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp237\a0097631.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099216.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099270.exe

Infected registry keys/values detected
HKEY_CURRENT_USER\Software\Apropos


eXact.ISEXEng Trojan more information...
Details: eXact.ISEXEng is a Trojan Windows service installed by BargainBuddy and CashBack.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099200.exe


Unclassified.Spyware.77 Spyware more information...
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp230\a0097058.exe


ClkOptimizer Adware more information...
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp230\a0097063.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp230\a0097064.dll


Trojan.Startup.NameShifter.usofnwr Trojan more information...
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp236\a0097485.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp237\a0097607.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp237\a0097643.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp237\a0097671.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp238\a0097692.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp238\a0097719.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp239\a0097743.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp239\a0097750.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp239\a0098750.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp239\a0098782.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp240\a0098799.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp236\a0097491.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp240\a0098806.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp240\a0098828.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp240\a0098850.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp240\a0098971.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp236\a0097492.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp236\a0097493.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp236\a0097535.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp236\a0097536.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp236\a0097537.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp236\a0097560.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp236\a0097583.exe


CoolWebSearch Browser Modifier more information...
Details: CoolWebSearch is a wide range of browser redirection tools. All variants redirect you to specific Web sites.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.

Infected registry keys/values detected
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks _{CFBFAE00-17A6-11D0-99CB-00C04FD64497}


AvenueMedia.DyFuCA Browser Plug-in more information...
Details: AvenueMedia DyFuCA Internet Optimizer is adware that changes your browser error page. It periodically displays pop-up advertisements from its remote sites and may update itself.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp235\a0097434.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099180.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099182.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099184.dll

Infected registry keys/values detected
HKEY_CURRENT_USER\Software\Avenue Media


StatBlaster Adware more information...
Details: StatBlaster is used in partnership with other adware packages.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
c:\documents and settings\eva\local settings\tempwm_fuins.bat


WinPup Adware more information...
Details: WinPup generates large amounts of pop-up advertisements.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp226\a0096746.exe


Transponder.ABetterInternet Adware more information...
Details: ABetterInternet displays advertisements based on the Web sites you visit.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp240\a0098983.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp240\a0099009.exe


Possible Browser Hijack Browser Modifier more information...
Details: This spyware threat changes Web browser settings, such as the homepage, without adequate user consent.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.


eXact.NaviSearch Adware more information...
Details: NaviSearch 404 displays pop-up advertisements and redirects the Internet Explorers search error page.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099279.exe


eXact.Downloader Trojan Downloader more information...
Details: eXact Downloader is a Trojan used by eXact Bargain Buddy and Cash Back to download and install additional components.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp224\a0095634.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp225\a0096684.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp226\a0096736.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp226\a0096738.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp226\a0096740.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp226\a0096744.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp226\a0096846.exe


Transponder.ABetterInternet.Aurora Adware more information...
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp240\a0098989.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp240\a0099006.exe


Transponder.ABetterInternet.DrPMon Adware more information...
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp240\a0098992.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp240\a0099003.dll


Adware.picsvr Adware more information...
Details: picsvr.exe is a browser modifier which changes Internet Explorer settings.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099263.exe


WhileUSurf Adware more information...
Details: WhileUSurf is an adware program that displays advertisements in Internet Explorer.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099267.exe


Spyware.ShifterPE.A Browser Plug-in more information...
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp237\a0097634.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099281.exe


Trojan.Startup.0e3df3 Trojan more information...
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp224\a0095616.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp224\a0095650.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp224\a0096644.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp224\a0096649.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp225\a0096670.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp225\a0096680.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp225\a0096703.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp226\a0096841.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp226\a0096856.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp226\a0096857.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp226\a0096888.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp224\a0095617.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp227\a0096912.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp227\a0096913.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp227\a0096930.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp227\a0096943.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp227\a0096960.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp228\a0096972.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp228\a0096973.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp228\a0096994.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp229\a0097017.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp229\a0097019.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp224\a0095618.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp229\a0097030.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp229\a0097038.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp229\a0097042.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp229\a0097043.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp230\a0097073.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp230\a0097074.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp230\a0097092.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp230\a0097108.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp231\a0097265.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp231\a0097266.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp224\a0095620.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp231\a0097288.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp231\a0097302.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp232\a0097311.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp232\a0097319.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp233\a0097341.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp233\a0097342.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp234\a0097387.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp234\a0097395.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp234\a0097396.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp234\a0097397.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp224\a0095637.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp235\a0097413.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp235\a0097422.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp235\a0097447.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp235\a0097448.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp224\a0095645.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp224\a0095647.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp224\a0095648.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp224\a0095649.exe


Trojan.Downloader.KavSvc Trojan Downloader more information...
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp230\a0097057.exe


Trojan.Startup.NameShifter.AJ Trojan more information...
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp230\a0097059.exe


Trojan.Startup.NameShifter.u7tW38W Trojan more information...
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099266.exe


AdBehavior Adware more information...
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp230\a0097062.dll


Trojan.Startup.NameShifter.KavSvc Trojan more information...
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
c:\windows\system32\rramvv.exe
c:\documents and settings\erik\local settings\temporary internet files\content.ie5\8darkl23\2.8.7.4[1].exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099265.exe

Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run KavSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run KavSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run KavSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run KavSvc


AdDestroyer Adware more information...
Details: AdDestroyer is promoted as a spyware remover. However, it sets itself to run when you start the computer and remains memory-resident. When it runs, the software periodically attempts to contact a server to download updates and instructions.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected registry keys/values detected
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\AdDestroyer\Settings
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\AdDestroyer\Settings DistID 5400050406
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\AdDestroyer\Settings InDate 2005-07-25 13:21:29
HKEY_CURRENT_USER\software\vb and vba program settings\addestroyer
HKEY_CURRENT_USER\software\vb and vba program settings\addestroyer\Settings DistID 5400050406
HKEY_CURRENT_USER\software\vb and vba program settings\addestroyer\Settings InDate 2005-07-25 13:21:29


eXact.BargainBuddy Adware more information...
Details: BargainBuddy is a Browser Helper Object that watches the pages your browser requests and the terms you enter into a search engine web form. If a term matches a preset list of sites or keywords, BargainBuddy will display an ad.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp226\a0096748.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp226\a0096847.exe


FlashTrack Adware more information...
Details: FlashTrack is an Internet Explorer browser helper object (BHO) that monitors your Web browsing activity and the terms you enter into forms on search engines.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected registry keys/values detected
HKEY_CLASSES_ROOT\UnawareObj.UnawareObj.1
HKEY_CLASSES_ROOT\UnawareObj.UnawareObj.1\CLSID {5EDB03AF-0341-4e96-9E9B-3171522E4BAF}
HKEY_CLASSES_ROOT\UnawareObj.UnawareObj.1 FlashEnhancer Ext
HKEY_CLASSES_ROOT\UnawareObj.UnawareObj
HKEY_CLASSES_ROOT\UnawareObj.UnawareObj\CurVer FlashEnhancer.FlashEnhancer.1
HKEY_CLASSES_ROOT\UnawareObj.UnawareObj FlashEnhancer Ext


IBIS Toolbar Adware more information...
Details: IBIS Toolbar is an Internet Explorer search redirector.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
c:\documents and settings\eva\favorites\clean your system\safeerase.url
c:\documents and settings\eva\favorites\games and prizes\play games, have fun, win prizes.url

Infected folders detected
c:\documents and settings\eva\favorites\clean your system
c:\documents and settings\eva\favorites\games and prizes

Infected registry keys/values detected
HKEY_CURRENT_USER\Software\Toolbar\PlugIns
HKEY_CURRENT_USER\Software\Toolbar\Server LC_CFG_USER 20050418 14:27:20
HKEY_CURRENT_USER\Software\Toolbar
HKEY_CURRENT_USER\Software\Toolbar\PlugIns\COMMON PImport_Hash r})Ғ@_
HKEY_CURRENT_USER\Software\Toolbar\PlugIns\COMMON Popblocker
HKEY_CURRENT_USER\Software\Toolbar\PlugIns COMMON 0
HKEY_CURRENT_USER\Software\Toolbar\PlugIns RADIO 0
HKEY_CURRENT_USER\Software\Toolbar\Server INSTALL_CONFIRMED_USER 1
HKEY_CURRENT_USER\Software\Toolbar\Server P_USR 1
HKEY_CURRENT_USER\Software\Toolbar\Server P_ADMIN 1
HKEY_CURRENT_USER\Software\Toolbar\Server LC_CFG_USER 20050418 14:27:20
HKEY_CURRENT_USER\Software\Toolbar\PlugIns\COMMON PImport_Hash r})Ғ@_
HKEY_CURRENT_USER\Software\Toolbar KImport_Hash ϡMH0~
HKEY_CURRENT_USER\Software\Toolbar BCount 0
HKEY_CURRENT_USER\Software\Toolbar LastSE 0
HKEY_CURRENT_USER\Software\Toolbar ShowTray 1
HKEY_CURRENT_USER\Software\Toolbar FirstDone YES
HKEY_CURRENT_USER\Software\Toolbar LastDll 0+-+-+/4.
HKEY_CURRENT_USER\Software\Toolbar ErCount 0
HKEY_CURRENT_USER\Software\Toolbar LastSA 38460
HKEY_CURRENT_USER\Software\Toolbar JDBINFO OK
HKEY_CURRENT_USER\Software\Toolbar SEAINFO OK
HKEY_CURRENT_USER\Software\Toolbar\PlugIns\COMMON Popblocker
HKEY_CURRENT_USER\Software\Toolbar Defskinused 1
HKEY_CURRENT_USER\Software\Toolbar DownloadX 721
HKEY_CURRENT_USER\Software\Toolbar DownloadY 370
HKEY_CURRENT_USER\Software\Toolbar ST_AUTOSHOW
HKEY_CURRENT_USER\Software\Toolbar AsQ
HKEY_CURRENT_USER\Software\Toolbar DownloadEx 0
HKEY_CURRENT_USER\Software\Toolbar\PlugIns COMMON 0
HKEY_CURRENT_USER\Software\Toolbar\PlugIns RADIO 0
HKEY_CURRENT_USER\Software\Toolbar\Server
HKEY_CURRENT_USER\Software\Toolbar\Server INSTALL_CONFIRMED_USER 1
HKEY_CURRENT_USER\Software\Toolbar\Server P_USR 1
HKEY_CURRENT_USER\Software\Toolbar\Server P_ADMIN 1


IEPlugin Spyware more information...
Details: IEPlugin is an Internet Explorer browser helper object that monitors URLs, content entered into forms, and local filenames and displays pops-up advertisements.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp240\a0098986.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp240\a0099010.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099280.exe

Infected registry keys/values detected
HKEY_CURRENT_USER\Software\intexp\Config
HKEY_CURRENT_USER\Software\intexp\Config SystemDate 06/15/05
HKEY_CURRENT_USER\Software\intexp\Config InstallDay 3.849888E+004
HKEY_CURRENT_USER\Software\intexp\Config LogUrl 1
HKEY_CURRENT_USER\Software\intexp\Config KeywordMatch 0
HKEY_CURRENT_USER\Software\intexp\Config PostCGITime 84762
HKEY_CURRENT_USER\Software\intexp\MyFileSystem2 SystemID 2146810204
HKEY_CURRENT_USER\Software\intexp IID 024361224986008148946958
HKEY_CURRENT_USER\Software\intexp Version 7.0
HKEY_CURRENT_USER\Software\intexp Date 3.849870E+004
HKEY_CURRENT_USER\Software\intexp bid 20010
HKEY_CURRENT_USER\Software\intexp\Config SystemDate 06/15/05
HKEY_CURRENT_USER\Software\salm
HKEY_CURRENT_USER\Software\salm last_conn_h 29694827
HKEY_CURRENT_USER\Software\salm last_conn_l 1503806672
HKEY_CURRENT_USER\Software\salm we 2
HKEY_CURRENT_USER\Software\salm
HKEY_CURRENT_USER\Software\salm TimeOffset -25170
HKEY_CURRENT_USER\Software\salm recent_shown
HKEY_CURRENT_USER\Software\salm int_high 29704967
HKEY_CURRENT_USER\Software\salm int_low 1907941984
HKEY_CURRENT_USER\Software\salm key_int_high 29704967
HKEY_CURRENT_USER\Software\intexp\Config InstallDay 3.849888E+004
HKEY_CURRENT_USER\Software\salm key_int_low 880164112
HKEY_CURRENT_USER\Software\intexp\Config LogUrl 1
HKEY_CURRENT_USER\Software\intexp\Config KeywordMatch 0
HKEY_CURRENT_USER\Software\intexp\Config PostCGITime 84762
HKEY_CURRENT_USER\Software\intexp\MyFileSystem2
HKEY_CURRENT_USER\Software\intexp\MyFileSystem2 SystemID 2146810204
HKEY_CURRENT_USER\Software\intexp


TopRebates.WebRebates Adware more information...
Details: TopRebates is a browser toolbar that can display pop-up advertisements and monitor your Web browsing activities.
Status: Removed
Elevated threat - Eleveated-risk items have some potential for harm. Users should review such programs and remove them if unwanted.

Infected registry keys/values detected
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Web Rebates
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Web Rebates file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Web Rebates Contexts 63


FlashEnhancer Browser Plug-in more information...
Details: FlashEnhancer is an Internet Explorer browser helper object that displays pop-up advertisements.
Status: Removed
Elevated threat - Eleveated-risk items have some potential for harm. Users should review such programs and remove them if unwanted.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp224\a0095614.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp227\a0096928.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp227\a0096942.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp227\a0096958.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp228\a0096970.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp228\a0096993.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp229\a0097036.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp230\a0097071.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp230\a0097091.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp230\a0097106.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp231\a0097263.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp224\a0095643.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp231\a0097287.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp231\a0097300.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp232\a0097318.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp233\a0097339.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp234\a0097373.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp234\a0097393.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp235\a0097420.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp235\a0097446.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp236\a0097471.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp236\a0097494.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp224\a0096643.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp236\a0097538.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp236\a0097561.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp236\a0097584.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp237\a0097608.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp237\a0097644.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp237\a0097672.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp238\a0097694.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp238\a0097721.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp239\a0097751.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp239\a0098751.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp225\a0096677.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp239\a0098783.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp240\a0098807.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp240\a0098829.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp240\a0098852.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp240\a0098973.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp240\a0098997.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp240\a0099021.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp242\a0099104.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp242\a0099125.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp242\a0099149.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp225\a0096700.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099169.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099277.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099278.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp226\a0096716.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp226\a0096853.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp226\a0096886.dll
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp227\a0096911.dll


SurfSideKick Settings Modifier more information...
Details: SurfSideKick downloads and displays advertisements
Status: Removed
Elevated threat - Eleveated-risk items have some potential for harm. Users should review such programs and remove them if unwanted.

Infected registry keys/values detected
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SurfSideKick 2
HKEY_CURRENT_USER\Software\SurfSideKick2
HKEY_CURRENT_USER\Software\SurfSideKick2\Internet Explorer Time
HKEY_CURRENT_USER\Software\SurfSideKick2\Internet Explorer


BroadcastPC.B Adware more information...
Details: BroadcastPC delivers interactive media, monitors Web use, and displays advertisements.
Status: Removed
Elevated threat - Eleveated-risk items have some potential for harm. Users should review such programs and remove them if unwanted.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp234\a0097360.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp234\a0097362.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099269.exe


BroadcastPC.C Adware more information...
Status: Removed
Elevated threat - Eleveated-risk items have some potential for harm. Users should review such programs and remove them if unwanted.

Infected files detected
C:\program files\tvs\tvs_b.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp236\a0097594.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp237\a0097619.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp237\a0097656.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp237\a0097683.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp238\a0097705.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp238\a0097732.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp239\a0097761.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp239\a0098761.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp239\a0098793.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp240\a0098818.exe
c:\program files\tvs\tvs_ln.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp240\a0098841.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp240\a0098861.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp240\a0098981.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp240\a0099015.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp240\a0099033.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp242\a0099117.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp242\a0099135.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp242\a0099142.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp242\a0099159.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099178.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp234\a0097408.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099230.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099264.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099383.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099405.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099509.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099532.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp235\a0097431.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp235\a0097459.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp236\a0097473.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp236\a0097503.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp236\a0097549.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp236\a0097571.exe

Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run tvs_b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run tvs_b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run tvs_b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run tvs_b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run tvs_b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run tvs_b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run tvs_b


BroadcastPC.A Adware more information...
Details: BroadcastPC delivers interactive media, monitors Web use, and displays advertisements.
Status: Removed
Elevated threat - Eleveated-risk items have some potential for harm. Users should review such programs and remove them if unwanted.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099258.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099259.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099260.exe
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099261.exe


Virtual Bouncer Adware more information...
Details: Virtual Bouncer claims to be a spyware remover, and it actually detects a few.
Status: Quarantined
Moderate threat - Moderate-risk items have some potential for harm, but may be part of a wanted service. Users may decide to ignore such programs after review.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp226\a0096845.exe

Infected registry keys/values detected
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\VBouncer\Settings
HKEY_CURRENT_USER\software\vb and vba program settings\vbouncer\Settings InDate 2005-04-18 20:42:38
HKEY_CURRENT_USER\software\vb and vba program settings\vbouncer\Settings DestroyPopups False
HKEY_CURRENT_USER\software\vb and vba program settings\vbouncer\Settings DestroyActiveXDownloads False
HKEY_CURRENT_USER\software\vb and vba program settings\vbouncer\Settings PromtForRemovals False
HKEY_CURRENT_USER\software\vb and vba program settings\vbouncer\Settings SecurityLevel 0
HKEY_CURRENT_USER\software\vb and vba program settings\vbouncer\Settings ScanFrequency 0
HKEY_CURRENT_USER\software\vb and vba program settings\vbouncer\Settings DistID 5400050406
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\VBouncer\Settings InDate 2005-04-18 20:42:38
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\VBouncer\Settings DestroyPopups False
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\VBouncer\Settings DestroyActiveXDownloads False
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\VBouncer\Settings PromtForRemovals False
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\VBouncer\Settings SecurityLevel 0
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\VBouncer\Settings ScanFrequency 0
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\VBouncer\Settings DistID 5400050406
HKEY_CURRENT_USER\software\vb and vba program settings\vbouncer


180search Assistant Adware more information...
Details: 180search Assistant displays pop-up advertismenets.
Status: Quarantined
Moderate threat - Moderate-risk items have some potential for harm, but may be part of a wanted service. Users may decide to ignore such programs after review.

Infected registry keys/values detected
HKEY_CURRENT_USER\Software\180ax
HKEY_CURRENT_USER\Software\180ax key_file 390
HKEY_CURRENT_USER\Software\180ax kw_last_chunk 1
HKEY_CURRENT_USER\Software\180ax geourl_last_full_version 1
HKEY_CURRENT_USER\Software\180ax geourl_current_version 1
HKEY_CURRENT_USER\Software\180ax actionurl_last_full_version 99
HKEY_CURRENT_USER\Software\180ax actionurl_current_version 99
HKEY_CURRENT_USER\Software\180ax keyword_last_full_version 411
HKEY_CURRENT_USER\Software\180ax keyword_current_version 417
HKEY_CURRENT_USER\Software\180ax
HKEY_CURRENT_USER\Software\180ax key_int_high 29690174
HKEY_CURRENT_USER\Software\180ax last_conn_h 29684985
HKEY_CURRENT_USER\Software\180ax key_int_low -1220314830
HKEY_CURRENT_USER\Software\180ax int_high 29685795
HKEY_CURRENT_USER\Software\180ax int_low -89681344
HKEY_CURRENT_USER\Software\180ax last_conn_l -1908253168
HKEY_CURRENT_USER\Software\180ax we 2
HKEY_CURRENT_USER\Software\180ax
HKEY_CURRENT_USER\Software\180ax TimeOffset -28807
HKEY_CURRENT_USER\Software\180ax action_url_version 50
HKEY_CURRENT_USER\Software\180ax action_url_last_chunk 0
HKEY_CURRENT_USER\Software\180ax action_url_last_full_version 50


DelFin.Media Viewer Adware more information...
Details: DelFin Media Viewer, also called PromulGate, is an adware-based media player.
Status: Quarantined
Moderate threat - Moderate-risk items have some potential for harm, but may be part of a wanted service. Users may decide to ignore such programs after review.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099262.exe


PowerReg Scheduler Spyware more information...
Details: PowerReg Scheduler is a registration system used by some legitimate software programs.
Status: Quarantined
Moderate threat - Moderate-risk items have some potential for harm, but may be part of a wanted service. Users may decide to ignore such programs after review.

Infected files detected
c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp243\a0099233.exe

Logfile of HijackThis v1.99.1
Scan saved at 1:54:11 PM, on 6/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Eqzmhti\Huppsqq.exe
C:\WINDOWS\system32\MSNMSNGR.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rramvv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\nrpn\osoa.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\program files\tvs\tvs_b.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\mcafee.com\agent\McDash.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Documents and Settings\Bjorn\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
O2 - BHO: (no name) - {03EF5EA2-CE11-9691-18C5-95BC6A0DB39B} - C:\WINDOWS\system32\rehne.dll (file missing)
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FCB37253-F085-E75C-B539-EEE52EBD07A1} - C:\WINDOWS\system32\axdq.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [Nnrxcw] C:\Program Files\Eqzmhti\Huppsqq.exe
O4 - HKLM\..\Run: [MSN Messenger] MSNMSNGR.EXE
O4 - HKLM\..\Run: [w] C:\windows\system32\w.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [JVM0.12] C:\WINDOWS\system32\wdxtz.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [JVM0.14] C:\WINDOWS\system32\mjzgwmy.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\rramvv.exe reg_run
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\RunOnce: [tvs_re] c:\Program Files\Common Files\Java\tvs_re_inst.exe
O4 - HKLM\..\RunOnce: [Microsof
  • 0

Advertisements


#2
Robbie2

Robbie2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKCU\..\Run: [Igqhljh] C:\WINDOWS\system32\r?gedit.exe
O4 - HKCU\..\Run: [goq3RWY7O] sfcrm.exe
O4 - HKCU\..\Run: [Ncao] C:\Program Files\nrpn\osoa.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\RunOnce: [MSN Messenger] MSNMSNGR.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...76/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093139775982
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,16/mcgdmgr.cab
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Please help me i am sick and tired of this stuff
Thanks,
Robbie 2
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP