Bazooka Adware and Spyware Scanner Log 219

****************************************
Bazooka Adware and Spyware Scanner v1.13.01
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
Log created 15:16:42.
OS: Windows NT 5.1
Database version: 1.960000
Database format version: 1.020000
Database date: 20040412
Current date: 2004-04-15 15:16


****************************************
Result when scanning:

No potentially unwanted software found.
****************************************
Auto start entries:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Documents and Settings\Dan\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\Dan\Start Menu\Programs\Startup\desktop.ini

Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Run entries:
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon

SiSUSBRG C:\WINDOWS\SiSUSBrg.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SiSUSBRG

SiS Tray
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SiS Tray

SiS KHooker C:\WINDOWS\System32\khooker.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SiS KHooker

LTSMMSG LTSMMSG.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\LTSMMSG

pccguide.exe "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\pccguide.exe

PCCClient.exe "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PCCClient.exe

Pop3trap.exe "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Pop3trap.exe

ezShieldProtector for Px C:\WINDOWS\System32\ezSP_Px.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ezShieldProtector for Px

TkBellExe C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TkBellExe

ZTgServerSwitch c:\program files\support.com\client\lserver\server.vbs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ZTgServerSwitch

nwiz nwiz.exe /install
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\nwiz

NvMediaCenter RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NvMediaCenter

wcmdmgr C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\wcmdmgr

Windows Shell Library Loader load shell32.dll /c /set
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Windows Shell Library Loader

MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MSMSGS

AIM D:\Program Files\AIM\aim.exe -cnetwait.odl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AIM

Yahoo! Pager C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Yahoo! Pager


Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Browser helper objects:

{02478D38-C3F9-4efb-9B51-7695ECA05670} not set C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} not set C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

{1D7637CE-6816-4B1D-8869-D6865EA1A426} not set C:\WINDOWS\System32\loomn.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D7637CE-6816-4B1D-8869-D6865EA1A426}

{576EB0AD-6980-11D5-A9CD-0001032FEE17} not set C:\Program Files\Yahoo!\Common\ycheckh.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{576EB0AD-6980-11D5-A9CD-0001032FEE17}

{FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} OsbornTech Popup Blocker C:\WINDOWS\System32\mshelper.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880}


****************************************
Toolbars:

{8E718888-423F-11D2-876E-00A0C9082467} C:\WINDOWS\System32\msdxm.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E718888-423F-11D2-876E-00A0C9082467}

{EF99BD32-C1FB-11D2-892F-0090271D4F88} C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{EF99BD32-C1FB-11D2-892F-0090271D4F88} C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

{4528BBE0-4E08-11D5-AD55-00010333D0AD} C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}

{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

{32683183-48a0-441b-a342-7c2a440a9478} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

{4528BBE0-4E08-11D5-AD55-00010333D0AD} C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}


****************************************
All processes:

System
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
spoolsv.exe
explorer.exe
LTSMMSG.exe
pccguide.exe
PCCClient.exe
Pop3trap.exe
ezSP_Px.exe
wscript.exe
alg.exe
nvsvc32.exe
aim.exe
wcmdmgr.exe
VAServ.exe
Tmntsrv.exe
SSSvr.exe
mshta.exe
tgcmd.exe
PicAppSrv.exe
sv_httpd.exe
sv_httpd.exe
UPnPFramework.exe
UPnPFramework.exe
PCCPFW.exe
wuauclt.exe
spywarescanner.exe

Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php

****************************************
Internet Explorer Settings:

Search http://nkvd.us/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search

Default_Page_URL http://www.sony.com/vaiopeople
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Default_Search_URL http://nkvd.us/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Local Page C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

Search Bar res://%43%3a%5c%57%49%4e%44%4f%57%53%5c%53%79%73%74%65%6d%33%32%5c%6c%6f%6f%6d%6e%2e%64%6c%6c/%73%70%2e%68%74%6d%6c
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page http://nkvd.us/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://nkvd.us/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

Use Search Asst no
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Use Search Asst


http://%31%2D%73%65%2E%63%6F%6D/%73%72%63%68%61%73%73%74%2E%68%74%6D%6C
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\

SearchAssistant http://nkvd.us/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

CustomizeSearch http://nkvd.us/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://www.nkvd.us/
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

www http://www.nkvd.us/
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

Search http://nkvd.us/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search

http://%31%2D%73%65%2E%63%6F%6D/%68%6F%6D%65%2E%68%74%6D%6C
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\

provider
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider

Default_Page_URL http://nkvd.us/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Default_Search_URL http://nkvd.us/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Local Page C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

Search Bar http://nkvd.us/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page http://nkvd.us/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://nkvd.us/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

Use Search Asst no
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst


http://%31%2D%73%65%2E%63%6F%6D/%73%72%63%68%61%73%73%74%2E%68%74%6D%6C
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\

SearchAssistant http://nkvd.us/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant

CustomizeSearch http://nkvd.us/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch


****************************************




Related links

Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!

The File Database - Search the file database for more information. Free!

PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!

Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.




FreeFixer
I'm working on a new spyware removal tool. Would you like to help me with the testing?
Koffix Blocker - Block bad web sites.
Home & Products |  Legal |  Search

© Kephyr, 2003-2006. HtmlTidy, HTML 4.01, CSS andy@kephyr.com