HELP! What is [Installer_shopperreports.exe] and how do I remove it?

[Redmo0n]

Just uninstall it, its not like its Sobig or Mydoom and its going to teh_f*** your pc.

If your really concerned post a Hijackthislog now and ill take a look

 

[Trotter]

I merged the threads. No need for two on the same problem.

 

[soarwitheagles]

Mak and Os,

Well, I am presently at the stage 4 of your instructions. I just completed the Smit, Vun, CCleaner, and Cleanup. I disabled my Panda antivirus before running each of those programs.

I also updated Panda to include all the newest threats.

Now Panda is no longer showing I have the malicious software. What happened?

I never saw Panda remove it. Yet now it says the malicious software detected has been neutralized!

Another interesting development is this: virus detected and removed from Smitfraudfix/Reboot.exe

Well, my question now is this:

Is it ok to stop here. The reason I am asking is because if I uninstall Panda, perhaps they will not permit me to reinstall it again and I already paid for the entire year.

Please let me know your thoughts on this.

Thanks again so much!

Freddy

 

[soarwitheagles]

I merged the threads. No need for two on the same problem.

Trotter, thank you. I am sorry but I realized my first thread was not titled correctly and I saw no way to edit the title.

 

[Redmo0n]

WoW you paid for panda.

Wait the year and install Avg, you will be much happier with a FREE anti - virus that is possibly a lot better

 

[ECTech]

Shopperreports.exe isn't anything to be overly concerned about. It's just a typical adware/malware. Panda alone should defiantly remove shopperreporter from your system no problem. Just for a second opinion i suggest posting a hijackthis log so we can confirm it's out.

 

[soarwitheagles]

Could someone please analyze my hijackthis log?

Ok, thanks again for everyone's help. This has been a total eye opener for me. And best of all, after running smit, vun, ccleaner, and cleanup, my system is running faster than ever! WOW! Thanks again everyone.

Special Note: I did not run AVG or Trojan Remover mainly because Panda is saying the malicious software has been removed. The second reason is because I was concerned that is I uninstall Panda, they may not renew my subscription. Yes, I did pay for Panda, but it was a full rebate from FRY's and so I only paid for the CA tax.

Well, I suppose I am to post both logs, start up and the hijackthis log. So here it is. Please, if possible, I am requesting Mak or Os to help me on this.

Thanks again everyone!

It is me, Freddy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:39 AM, on 2/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\New Folder\TPSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
D:\New Folder\PsCtrls.exe
D:\New Folder\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
D:\New Folder\pavsrv51.exe
D:\New Folder\AntiSpam\pskmssvc.exe
D:\New Folder\AVENGINE.EXE
d:\new folder\firewall\PSHOST.EXE
D:\New Folder\PsImSvc.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Microsoft Active Sync\wcescomm.exe
D:\Hallmark Card Studio\Planner\PLNRnote.exe
D:\MICROS~1\rapimgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
D:\New Folder\PavBckPT.exe
D:\New Folder\apvxdwin.exe
D:\New Folder\SRVLOAD.EXE
D:\New Folder\WebProxy.exe
D:\Program Files\OFFICE11\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\DIRKF~1.BRU\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [APVXDWIN] "D:\New Folder\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "D:\New Folder\Inicio.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Microsoft Active Sync\wcescomm.exe"
O4 - Global Startup: Event Planner Reminder.lnk = D:\Hallmark Card Studio\Planner\PLNRnote.exe
O4 - Global Startup: Event Reminder.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - D:\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\MICROS~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1201414327367
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - D:\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - D:\New Folder\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - D:\New Folder\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - D:\New Folder\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - D:\New Folder\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - d:\new folder\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - D:\New Folder\PsImSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - D:\New Folder\TPSrv.exe

--
End of file - 8293 bytes



StartupList report, 2/18/2008, 11:25:13 AM
StartupList version: 1.52.2
Started from : C:\DOCUME~1\DIRKF~1.BRU\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16574)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\New Folder\TPSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
D:\New Folder\PsCtrls.exe
D:\New Folder\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
D:\New Folder\pavsrv51.exe
D:\New Folder\AntiSpam\pskmssvc.exe
D:\New Folder\AVENGINE.EXE
d:\new folder\firewall\PSHOST.EXE
D:\New Folder\PsImSvc.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Microsoft Active Sync\wcescomm.exe
D:\Hallmark Card Studio\Planner\PLNRnote.exe
D:\MICROS~1\rapimgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
D:\New Folder\PavBckPT.exe
D:\New Folder\apvxdwin.exe
D:\New Folder\SRVLOAD.EXE
D:\New Folder\WebProxy.exe
D:\Program Files\OFFICE11\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\DIRKF~1.BRU\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Event Planner Reminder.lnk = D:\Hallmark Card Studio\Planner\PLNRnote.exe
Event Reminder.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

APVXDWIN = "D:\New Folder\APVXDWIN.EXE" /s
SCANINICIO = "D:\New Folder\Inicio.exe"
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
H/PC Connection Agent = "D:\Microsoft Active Sync\wcescomm.exe"

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}
(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
flashget urlcatch - D:\FlashGet\jccatch.dll - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
(no name) - D:\Program Files\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
Encarta Web Companion Helper Object - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL - {955BE0B8-BC85-4CAF-856E-8E0D8B610560}
(no name) - D:\FlashGet\getflash.dll - {F156768E-81EF-470C-9057-481BA8380DBA}

--------------------------------------------------

Enumerating Task Scheduler jobs:

!In_Touch.job
!Ultimate_Fighting.job
!Veggie Tales 2.job
!Veggie_Tales_1.job
In_Touch.job
Ultimate_Fighting.job
Veggie Tales 2.job
Veggie_Tales_1.job

--------------------------------------------------

Enumerating Download Program Files:

[YInstStarter Class]
InProcServer32 = C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1201414327367

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: D:\New Folder\Downloads\ProtInfo\Prevent.sig||D:\New Folder\Downloads\PavExp\PavExp.sig||D:\New Folder\Downloads\Antispam\sc1.bin.full.2008.02.13.23.47.00.sig||D:\New Folder\Downloads\ProtInfo\Prevent.sig


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 6,891 bytes
Report generated in 0.032 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

 

[Redmo0n]

Theres a few files there that are questionable, but i think there fine.

Uninstall your toolbars if you don't use them