Bazooka Adware and Spyware Scanner Log 157

****************************************
Bazooka Adware and Spyware Scanner v1.13.01
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
Log created 13:37:07.
OS: Windows NT 5.1
Database version: 1.860000
Database format version: 1.020000
Database date: 20040308
Current date: 2004-03-21 13:37


****************************************
Result when scanning:

Comet Cursor 836.000.003 %ProgramsDir%\Comet Systems\
C:\Program Files\Comet Systems\
http://www.kephyr.com/spywarescanner/library/cometcursor/index.phtml

IncrediFind 342.900.000 {5D60FF48-95BE-4956-B4C6-6BB168A70310}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D60FF48-95BE-4956-B4C6-6BB168A70310}
http://www.kephyr.com/spywarescanner/library/incredifind/index.phtml

KeenValue.Updater 643.000.000 updater
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\updater
http://www.kephyr.com/spywarescanner/library/keenvalue.updater/index.phtml

KeenValue.Updater 643.000.001 %ProgramsDir%\Common Files\updater\
C:\Program Files\Common Files\updater\
http://www.kephyr.com/spywarescanner/library/keenvalue.updater/index.phtml

Mostrar Dialer 928.555.000 MSA64CHK.DLL
http://www.kephyr.com/spywarescanner/library/mostrardialer/index.phtml

MS Media Player GUID 404.888.000
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
http://www.kephyr.com/spywarescanner/library/msmediaplayerguid/index.phtml

OpenSite 199.100.000 %ProgramsDir%\Open Site\
C:\Program Files\Open Site\
http://www.kephyr.com/spywarescanner/library/opensite/index.phtml

OpenSite 199.100.001 Open Site
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Open Site
http://www.kephyr.com/spywarescanner/library/opensite/index.phtml

****************************************
Auto start entries:
C:\Program Files\Billionton\Bluetooth Software\BTTray.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l
C:\Program Files\Nokia\PC Suite for Nokia 3650\connmngmntbox.exe
C:\Program Files\Nokia\PC Suite for Nokia 3650\ectaskscheduler.exe
C:\Program Files\Billionton\Bluetooth Software\BTTray.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l
C:\Program Files\Nokia\PC Suite for Nokia 3650\connmngmntbox.exe
C:\Program Files\Nokia\PC Suite for Nokia 3650\ectaskscheduler.exe
C:\Documents and Settings\alan.GIA_DOMAIN\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\alan.GIA_DOMAIN\Start Menu\Programs\Startup\IMsecure.lnk
C:\Documents and Settings\alan.GIA_DOMAIN\Start Menu\Programs\Startup\OpenOffice.org 1.0.2.lnk
C:\Documents and Settings\alan.GIA_DOMAIN\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\alan.GIA_DOMAIN\Start Menu\Programs\Startup\IMsecure.lnk
C:\Documents and Settings\alan.GIA_DOMAIN\Start Menu\Programs\Startup\OpenOffice.org 1.0.2.lnk

Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Run entries:
DownloadAccelerator C:\PROGRA~1\DAP\DAP.EXE /STARTUP
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\DownloadAccelerator

ATIModeChange Ati2mdxx.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ATIModeChange

AtiPTA atiptaxx.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AtiPTA

AVG_CC C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AVG_CC

SmcService C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SmcService

LTWinModem1 ltmsg.exe 9
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\LTWinModem1

CoolSwitch C:\WINDOWS\System32\taskswitch.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CoolSwitch

ServiceLayer C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ServiceLayer

Nokia Tray Application C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Nokia Tray Application

QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task

Open Site C:\Program Files\Open Site\opnste.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Open Site

TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TkBellExe

updater C:\Program Files\Common files\updater\wupdater.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\updater

CookieWall C:\Program Files\AnalogX\CookieWall\cookie.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CookieWall

vGWHwe C:\WINDOWS\h3kQaNAjF.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\vGWHwe

MsnMsgr "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MsnMsgr


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\

netsvcs C:\Windows\internat.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\netsvcs

Yahoo! Pager C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Yahoo! Pager

ctfmon.exe C:\WINDOWS\System32\ctfmon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe


Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Browser helper objects:

{0000CC75-ACF3-4cac-A0A9-DD3868E06852} not set C:\Program Files\DAP\DAPBHO.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0000CC75-ACF3-4cac-A0A9-DD3868E06852}

{02478D38-C3F9-4efb-9B51-7695ECA05670} not set C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} not set C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

{5D60FF48-95BE-4956-B4C6-6BB168A70310} NavErrRedir Class Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{5D60FF48-95BE-4956-B4C6-6BB168A70310}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D60FF48-95BE-4956-B4C6-6BB168A70310}

{F74C9A86-FED4-44A0-AF55-F5C2920CAEA9} not set C:\WINDOWS\qbVX69.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F74C9A86-FED4-44A0-AF55-F5C2920CAEA9}


****************************************
Toolbars:

{62999427-33FC-4baf-9C9C-BCE6BD127F08} C:\Program Files\DAP\DAPIEBar.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{62999427-33FC-4baf-9C9C-BCE6BD127F08}

{8E718888-423F-11D2-876E-00A0C9082467} C:\WINDOWS\System32\msdxm.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E718888-423F-11D2-876E-00A0C9082467}

{EF99BD32-C1FB-11D2-892F-0090271D4F88} C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{2318C2B1-4965-11D4-9B18-009027A5CD4F} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{2318C2B1-4965-11D4-9B18-009027A5CD4F} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

{EF99BD32-C1FB-11D2-892F-0090271D4F88} C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

{A58686ED-FC46-44C3-95C6-4A812AB776F1} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{A58686ED-FC46-44C3-95C6-4A812AB776F1}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{A58686ED-FC46-44C3-95C6-4A812AB776F1}

{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

{32683183-48a0-441b-a342-7c2a440a9478} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

{EFA24E64-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}


****************************************
All processes:

[System Process]
System
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
svchost.exe
Smc.exe
svchost.exe
svchost.exe
spoolsv.exe
alg.exe
ati2evxx.exe
avgserv.exe
btwdins.exe
SAgent2.exe
HFNetChkProService.exe
AppServices.exe
mdm.exe
svchost.exe
ZipToA.exe
fxssvc.exe
explorer.exe
DAP.exe
atiptaxx.exe
ltmsg.exe
TaskSwitch.exe
ServiceLayer.exe
NclTray.exe
qttask.exe
opnste.exe
realsched.exe
wupdater.exe
cookie.exe
h3kQaNAjF.exe
msnmsgr.exe
ctfmon.exe
ConnMngmntBox.exe
ECTaskScheduler.exe
mRouterRuntime.exe
IMsecure.exe
soffice.exe
Elogerr.exe
BROADC~1.EXE
SCRFS.exe
avgcc32.exe
AcroRd32.exe
spywarescanner.exe

Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php

****************************************
Internet Explorer Settings:

Default_Page_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Local Page C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

SearchAssistant http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

http://search.yahoo.com/search?p=%s
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\

provider yaho
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider

Search Bar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://www.w3.org/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

Use Search Asst yes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst

SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant


****************************************




Related links

Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!

The File Database - Search the file database for more information. Free!

PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!

Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.




FreeFixer
I'm working on a new spyware removal tool. Would you like to help me with the testing?
Koffix Blocker - Block bad web sites.
Home & Products |  Legal |  Search

© Kephyr, 2003-2006. HtmlTidy, HTML 4.01, CSS andy@kephyr.com