Bazooka Adware and Spyware Scanner Log 129

****************************************
Bazooka Adware and Spyware Scanner v1.13.01
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
Log created 12:06:36.
OS: Windows NT 5.1
Database version: 1.860000
Database format version: 1.020000
Database date: 20040308
Current date: 2004-03-09 12:06


****************************************
Result when scanning:

No potentially unwanted software found.
****************************************
Auto start entries:
C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start
C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start
C:\Program Files\Corel\Print Office 2000\Register\Remind32.exe
C:\Documents and Settings\_--~cHriS~--_\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\MRU-Blaster\mrublaster.exe -silent
C:\Documents and Settings\_--~cHriS~--_\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
C:\Program Files\SpamPal\spampal.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Corel\Print Office 2000\Register\Remind32.exe
C:\Documents and Settings\_--~cHriS~--_\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\MRU-Blaster\mrublaster.exe -silent
C:\Documents and Settings\_--~cHriS~--_\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
C:\Program Files\SpamPal\spampal.exe
C:\Program Files\SpywareGuard\sgmain.exe

Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Run entries:
TCASUTIEXE TCAUDIAG.EXE -off
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TCASUTIEXE

NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon

nwiz nwiz.exe /install
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\nwiz

NeroCheck C:\WINDOWS\system32\NeroCheck.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NeroCheck

CTSysVol C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CTSysVol

CTDVDDet C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CTDVDDet

CTHelper CTHELPER.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CTHelper

AsioReg REGSVR32.EXE /S CTASIO.DLL
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AsioReg

SBDrvDet C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SBDrvDet

UpdReg C:\WINDOWS\UpdReg.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\UpdReg

ccApp C:\Program Files\Common Files\Symantec Shared\ccApp.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ccApp

ccRegVfy "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ccRegVfy

MessengerPlus2 "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MessengerPlus2

vcdplayx "C:\WINDOWS\vcdplayx.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\vcdplayx

HPDJ Taskbar Utility C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HPDJ Taskbar Utility

zzzHPSETUP D:\Setup.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\zzzHPSETUP

Share-to-Web Namespace Daemon C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Share-to-Web Namespace Daemon

QD FastAndSafe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QD FastAndSafe

zBrowser Launcher C:\Program Files\Logitech\iTouch\iTouch.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\zBrowser Launcher

Logitech Utility Logi_MwX.Exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Logitech Utility

MRUBlaster C:\Program Files\MRU-Blaster\indexcleaner.exe -CC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\MRUBlaster

NvMediaCenter RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\NvMediaCenter

LDM C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\LDM

Creative Detector C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Creative Detector

MessengerPlus2 "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MessengerPlus2

msnmsgr "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\msnmsgr


Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Browser helper objects:

{4A368E80-174F-4872-96B5-0B27DDD11DB2} SpywareGuard Download Protection C:\Program Files\SpywareGuard\dlprotect.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}


****************************************
Toolbars:

{8E718888-423F-11D2-876E-00A0C9082467} C:\WINDOWS\System32\msdxm.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E718888-423F-11D2-876E-00A0C9082467}

{62999427-33FC-4baf-9C9C-BCE6BD127F08} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{62999427-33FC-4baf-9C9C-BCE6BD127F08}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{62999427-33FC-4baf-9C9C-BCE6BD127F08}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

{32683183-48a0-441b-a342-7c2a440a9478} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

{EFA24E64-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}


****************************************
All processes:

[System Process]
System
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
spoolsv.exe
CCEVTMGR.EXE
NISUM.EXE
explorer.exe
CTDVDDET.exe
CTHELPER.EXE
ccApp.exe
MsgPlus.exe
vcdplayx.exe
hpgs2wnd.exe
iTouch.exe
hpgs2wnf.exe
rundll32.exe
backWeb-8876480.exe
CTDetect.exe
EM_EXEC.EXE
Remind32.exe
msnmsgr.exe
CCPXYSVC.EXE
CTSVCCDA.EXE
GhostStartService.exe
NAVAPSVC.EXE
NPROTECT.EXE
nvsvc32.exe
NOPDB.EXE
svchost.exe
MsPMSPSv.exe
nost_LM.exe
KazaaLite.kpp
Rambooster.exe
sgmain.exe
spampal.exe
sgbhp.exe
scheduler.exe
msmsgs.exe
spywarescanner.exe

Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php

****************************************
Internet Explorer Settings:

Default_Page_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Local Page C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

provider
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider

Local Page C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://www.google.ca/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page


****************************************




Related links

Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!

The File Database - Search the file database for more information. Free!

PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!

Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.




FreeFixer
I'm working on a new spyware removal tool. Would you like to help me with the testing?
Koffix Blocker - Block bad web sites.
Home & Products |  Legal |  Search

© Kephyr, 2003-2006. HtmlTidy, HTML 4.01, CSS andy@kephyr.com