Bazooka Adware and Spyware Scanner Log 1187

****************************************
Bazooka Adware and Spyware Scanner v1.13
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
Log created 22:05:39.
OS: Windows NT 5.1
Database version: 2.310000
Database format version: 1.020000
Database date: 20040824
Current date: 2004-08-24 22:05


****************************************
Result when scanning:

Mirar Toolbar 927.700.000 {179E4B4A-76C3-4F65-BCED-C9FA1A28D2EF}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{179E4B4A-76C3-4F65-BCED-C9FA1A28D2EF}
http://www.kephyr.com/spywarescanner/library/mirartoolbar/index.phtml

Mirar Toolbar.B 928.700.001 NN_Bar31.dll
http://www.kephyr.com/spywarescanner/library/mirartoolbar.b/index.phtml

Statblaster 432.888.001 %ProgramsDir%\Media\Media\
C:\Program Files\Media\Media\
http://www.kephyr.com/spywarescanner/library/statblaster/index.phtml

****************************************
Auto start entries:
C:\Program Files\ISS\BlackICE\blackice.exe -closed
C:\Program Files\ScanSoft\PaperPort\PopUp\SmartUI.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\GhostSurf\GhostSurf.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\ISS\BlackICE\blackice.exe -closed
C:\Program Files\ScanSoft\PaperPort\PopUp\SmartUI.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\GhostSurf\GhostSurf.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\Vas Mach\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\Vas Mach\Start Menu\Programs\Startup\PowerReg Scheduler.exe
C:\Documents and Settings\Vas Mach\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\Vas Mach\Start Menu\Programs\Startup\PowerReg Scheduler.exe

Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Run entries:
NvCplDaemon RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon

WCOLOREAL "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WCOLOREAL

Smapp Smtray.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Smapp

CPQEASYACC C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CPQEASYACC

Microsoft Works Portfolio C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Works Portfolio

srmclean C:\Cpqs\Scom\srmclean.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\srmclean

PaperPort PTD C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PaperPort PTD

IndexSearch C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\IndexSearch

InstallNAIProduct "E:\Vsp\setup.exe" /RUNKEY
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\InstallNAIProduct

EM_EXEC C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\EM_EXEC

MMTray C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MMTray

RCScheduleCheck C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\RCScheduleCheck

Fix-It AV C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Fix-It AV

WinampAgent C:\Program Files\Winamp\winampa.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WinampAgent

MaxtorOneTouch C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MaxtorOneTouch

MXO Auto Loader C:\WINDOWS\MXOALDR.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MXO Auto Loader

MediaFace Integration C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MediaFace Integration

mmtask C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\mmtask

MSConfig C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSConfig

Desktop Weather 3 C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Desktop Weather 3

LDM \Program\BackWeb-8876480.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\LDM

RoboForm "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\RoboForm


Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Browser helper objects:

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} not set C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

{0CF0B8EE-6596-11D5-A98E-0003470BB48E} CCHelper C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CF0B8EE-6596-11D5-A98E-0003470BB48E}

{53707962-6F74-2D53-2644-206D7942484F} not set C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}

{724d43a9-0d85-11d4-9908-00400523e39a} not set C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}

{9527D42F-D666-11D3-B8DD-00600838CD5F} C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll C:\WINDOWS\System32\IETie.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9527D42F-D666-11D3-B8DD-00600838CD5F}

{AA58ED58-01DD-4d91-8333-CF10577473F7} not set c:\program files\google\googletoolbar1.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}


****************************************
Toolbars:

{8F05B1A8-9D77-4B8F-AF54-6B2202066F95} C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8F05B1A8-9D77-4B8F-AF54-6B2202066F95}

{8E718888-423F-11D2-876E-00A0C9082467} C:\WINDOWS\System32\msdxm.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E718888-423F-11D2-876E-00A0C9082467}

{2318C2B1-4965-11d4-9B18-009027A5CD4F} c:\program files\google\googletoolbar1.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F}

{724d43a0-0d85-11d4-9908-00400523e39a} C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{724d43a0-0d85-11d4-9908-00400523e39a}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{F3DF2532-A2CC-48D8-8643-A033AE4FC313} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{F3DF2532-A2CC-48D8-8643-A033AE4FC313}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{F3DF2532-A2CC-48D8-8643-A033AE4FC313}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{F3DF2532-A2CC-48D8-8643-A033AE4FC313} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{F3DF2532-A2CC-48D8-8643-A033AE4FC313}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{F3DF2532-A2CC-48D8-8643-A033AE4FC313}

{724D43A0-0D85-11D4-9908-00400523E39A} C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{724D43A0-0D85-11D4-9908-00400523E39A}

{179E4B4A-76C3-4F65-BCED-C9FA1A28D2EF} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{179E4B4A-76C3-4F65-BCED-C9FA1A28D2EF}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{179E4B4A-76C3-4F65-BCED-C9FA1A28D2EF}

{2318C2B1-4965-11D4-9B18-009027A5CD4F} c:\program files\google\googletoolbar1.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

{30D02401-6A81-11D0-8274-00C04FD5AE38} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}

{32683183-48a0-441b-a342-7c2a440a9478} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}

{EFA24E61-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}

{EFA24E62-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}

{EFA24E64-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}


****************************************
All processes:

[System Process]
System
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
spoolsv.exe
scardsvr.exe
compaq-rba.exe
gearsec.exe
AppServices.exe
nvsvc32.exe
pctspk.exe
svchost.exe
MXTask.exe
fxssvc.exe
BrmfRsmg.exe
MXTask.exe
STARTEAK.exe
pptd40nt.exe
CPQEADM.exe
CPQInet.exe
EAUSBKBD.EXE
BttnServ.exe
EM_EXEC.EXE
mm_tray.exe
OneTouch.exe
MXOALDR.EXE
mmtask.exe
RoboTaskBarIcon.exe
blackice.exe
WkCalRem.exe
blackd.exe
iPodService.exe
explorer.exe
spywarescanner.exe

Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php

****************************************
Internet Explorer Settings:

Start Page about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

SearchAssistant http://www.comcast.net
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

CustomizeSearch http://www.comcast.net
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

provider
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider

Search Bar http://www.comcast.net
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar

Start Page http://www.comcast.net/chsi.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page


****************************************




Related links

Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!

The File Database - Search the file database for more information. Free!

PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!

Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.



FreeFixer
Read more about FreeFixer, Kephyr's latest spyware removal tool.
Home & Products |  Legal |  Privacy |  Search

© Kephyr, 2003-2012. HtmlTidy, HTML 4.01, CSS andy@kephyr.com