Bazooka Adware and Spyware Scanner Log 566

****************************************
Bazooka Adware and Spyware Scanner v1.13.01
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
Log created 00:29:56.
OS: Windows NT 5.1
Database version: 1.860000
Database format version: 1.020000
Database date: 20040308
Current date: 2004-06-08 00:29

****************************************
Result when scanning:

Acceleration Soft 737.700.000 %ProgramsDir%\Acceleration Software\
C:\Program Files\Acceleration Software\
http://www.kephyr.com/spywarescanner/library/accelerationsoft/index.phtml

BroadcastPC 177.977.917 RVP
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\RVP
http://www.kephyr.com/spywarescanner/library/broadcastpc/index.phtml

BroadcastPC 888.997.947 RVP
http://www.kephyr.com/spywarescanner/library/broadcastpc/index.phtml

BroadcastPC 888.997.948 %ProgramsDir%\RVP\
C:\Program Files\RVP\
http://www.kephyr.com/spywarescanner/library/broadcastpc/index.phtml

CommonName 112.197.997
HKEY_LOCAL_MACHINE\SOFTWARE\CommonName\BabeIE\Version
http://www.kephyr.com/spywarescanner/library/commonname/index.phtml

CommonName 452.457.949 %ProgramsDir%\CommonName\
C:\Program Files\CommonName\
http://www.kephyr.com/spywarescanner/library/commonname/index.phtml

CommonName.cnbabe 132.400.000 {00000000-0000-0000-0000-000000000000}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-0000-0000-0000-000000000000}
http://www.kephyr.com/spywarescanner/library/commonname.cnbabe/index.phtml

CommonName.winnet 133.400.000 winnet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\winnet
http://www.kephyr.com/spywarescanner/library/commonname.winnet/index.phtml

Cydoor 399.000.000 %SystemDir%\AdCache\
C:\WINDOWS\System32\\AdCache\
http://www.kephyr.com/spywarescanner/library/cydoor/index.phtml

Cydoor 399.000.001 Cd_clint.dll
http://www.kephyr.com/spywarescanner/library/cydoor/index.phtml

eZula 122.227.147
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eZula\DisplayName
http://www.kephyr.com/spywarescanner/library/ezula/index.phtml

eZula 122.927.150 %SystemDir%\ezstub.exe
C:\WINDOWS\System32\\ezstub.exe
http://www.kephyr.com/spywarescanner/library/ezula/index.phtml

Favoriteman 692.118.338 mpz300.dll
http://www.kephyr.com/spywarescanner/library/favoriteman/index.phtml

Favoriteman 692.118.339 {00000EF1-34E3-4633-87C6-1AA7A44296DA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000EF1-34E3-4633-87C6-1AA7A44296DA}
http://www.kephyr.com/spywarescanner/library/favoriteman/index.phtml

FlashTrack 128.293.002 %ProgramsDir%\Flt\
C:\Program Files\Flt\
http://www.kephyr.com/spywarescanner/library/flashtrack/index.phtml

Gator 102.098.947 CMESys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CMESys
http://www.kephyr.com/spywarescanner/library/gain/index.phtml

Gator 112.198.918 %ProgramsDir%\iMesh\Client\fsg.exe
C:\Program Files\iMesh\Client\fsg.exe
http://www.kephyr.com/spywarescanner/library/gain/index.phtml

Winstartup 132.420.000 WINSTA~1.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WINSTA~1.EXE
http://www.kephyr.com/spywarescanner/library/winstartup/index.phtml

HoHBBLOCKar 177.778.977 HoHBBLOCKar
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HoHBBLOCKar
http://www.kephyr.com/spywarescanner/library/hoHBBLOCKar/index.phtml

HuntBar 166.166.001 {D6DFF6D8-B94B-4720-B730-1C38C7065C3B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D6DFF6D8-B94B-4720-B730-1C38C7065C3B}
http://www.kephyr.com/spywarescanner/library/huntbar/index.phtml

HuntBar 166.166.002 {6A85D97D-665D-4825-8341-9501AD9F56A3}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{6A85D97D-665D-4825-8341-9501AD9F56A3}
http://www.kephyr.com/spywarescanner/library/huntbar/index.phtml

HuntBar 166.166.002 {6A85D97D-665D-4825-8341-9501AD9F56A3}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{6A85D97D-665D-4825-8341-9501AD9F56A3}
http://www.kephyr.com/spywarescanner/library/huntbar/index.phtml

HuntBar.btiein 167.166.000 btiein.dll
http://www.kephyr.com/spywarescanner/library/huntbar.btiein/indexphtml

HuntBar.btiein 167.166.001 {63B78BC1-A711-4D46-AD2F-C581AC420D41}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63B78BC1-A711-4D46-AD2F-C581AC420D41}
http://www.kephyr.com/spywarescanner/library/huntbar.btiein/indexphtml

HuntBar.ctoolb 169.166.000 {8952A998-1E7E-4716-B23D-3DBE03910972}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8952A998-1E7E-4716-B23D-3DBE03910972}
http://www.kephyr.com/spywarescanner/library/huntbar.ctoolb/indexphtml

HuntBar.ctoolb 169.166.001 {339BB23F-A864-48C0-A59F-29EA915965EC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{339BB23F-A864-48C0-A59F-29EA915965EC}
http://www.kephyr.com/spywarescanner/library/huntbar.ctoolb/indexphtml

IEAccess 199.000.000 IEAccess2.dll
http://www.kephyr.com/spywarescanner/library/ieaccess/index.phtml

IGetNet 692.118.337 install_all.dll
http://www.kephyr.com/spywarescanner/library/igetnet/index.phtml

IPInsight 124.124.124 Sentry
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Sentry
http://www.kephyr.com/spywarescanner/library/ipinsight/index.phtml

IPInsight 124.124.125 ipinsigt.dll
http://www.kephyr.com/spywarescanner/library/ipinsight/index.phtml

IPInsight 124.124.126 {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000004CC-E4FF-4F2C-BC30-DBEF0B983BC9}
http://www.kephyr.com/spywarescanner/library/ipinsight/index.phtml

LimeShop 120.120.001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\limeshop.xml\DisplayName
http://www.kephyr.com/spywarescanner/library/limeshop/index.phtml

LimeShop 120.120.002 %ProgramsDir%\LimeShop\
C:\Program Files\LimeShop\
http://www.kephyr.com/spywarescanner/library/limeshop/index.phtml

MS Media Player GUID 404.888.000
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
http://www.kephyr.com/spywarescanner/library/msmediaplayerguid/index.phtml

My Search Bar 132.098.654
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Search Uninstall\DisplayName
http://www.kephyr.com/spywarescanner/library/mysearchbar/index.phtml

My Search Bar 777.777.777 MySearch:Bar:
http://www.kephyr.com/spywarescanner/library/mysearchbar/index.phtml

My Search Bar 777.777.778 c:\Program Files\MySearch\
c:\Program Files\MySearch\
http://www.kephyr.com/spywarescanner/library/mysearchbar/index.phtml

My Search Bar 777.777.779 {014DA6C1-189F-421a-88CD-07CFE51CFF10}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{014DA6C1-189F-421a-88CD-07CFE51CFF10}
http://www.kephyr.com/spywarescanner/library/mysearchbar/index.phtml

My Search Bar 777.777.780 {014DA6C9-189F-421a-88CD-07CFE51CFF10}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
http://www.kephyr.com/spywarescanner/library/mysearchbar/index.phtml

n-CASE 102.165.198 msbb.dll
http://www.kephyr.com/spywarescanner/library/ncase/index.phtml

Onflow 199.299.001 %ProgramsDir%\Onflow\
C:\Program Files\Onflow\
http://www.kephyr.com/spywarescanner/library/onflow/index.phtml

ShopAtHomeSelect 111.777.666 SAHAgent
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SAHAgent
http://www.kephyr.com/spywarescanner/library/shopathomeselect/index.phtml

ShopAtHomeSelect 123.000.444
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopAtHomeSelect Agent\DisplayName
http://www.kephyr.com/spywarescanner/library/shopathomeselect/index.phtml

ShopAtHomeSelect 123.000.445 %SystemDir%\SahAgent.exe
C:\WINDOWS\System32\\SahAgent.exe
http://www.kephyr.com/spywarescanner/library/shopathomeselect/index.phtml

ShopNav 692.218.238 IEHelper.dll
http://www.kephyr.com/spywarescanner/library/shopnav/index.phtml

Transponder 616.000.000 IEHelper.dll
http://www.kephyr.com/spywarescanner/library/transponder/index.phtml

Transponder 616.000.002 {00000000-5eb9-11d5-9d45-009027c14662}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-5eb9-11d5-9d45-009027c14662}
http://www.kephyr.com/spywarescanner/library/transponder/index.phtml

WeatherBug 661.552.443 %ProgramsDir%\AWS\WeatherBug\
C:\Program Files\AWS\WeatherBug\
http://www.kephyr.com/spywarescanner/library/weatherbug/index.phtml

WebSearch Toolbar 473.900.000 {6A85D97D-665D-4825-8341-9501AD9F56A3}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{6A85D97D-665D-4825-8341-9501AD9F56A3}
http://www.kephyr.com/spywarescanner/library/websearchtoolbar/index.phtml

WebSearch Toolbar 473.900.000 {6A85D97D-665D-4825-8341-9501AD9F56A3}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{6A85D97D-665D-4825-8341-9501AD9F56A3}
http://www.kephyr.com/spywarescanner/library/websearchtoolbar/index.phtml

foistware.WildTangent 999.333.999 wcmdmgr
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\wcmdmgr
http://www.kephyr.com/spywarescanner/library/wildtangent/index.phtml

foistware.WildTangent 999.888.998 %Windir%\wt
C:\WINDOWS\wt
http://www.kephyr.com/spywarescanner/library/wildtangent/index.phtml
****************************************
Auto start entries:

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\BrokNet\brokcomm.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe
C:\BrokNet\brokcomm.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe

Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php
****************************************
Run entries:

hpsysdrv c:\windows\system\hpsysdrv.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\hpsysdrv

KBD C:\HP\KBD\KBD.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\KBD

Recguard C:\WINDOWS\SMINST\RECGUARD.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Recguard

NvCplDaemon RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon

IgfxTray C:\WINDOWS\System32\igfxtray.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\IgfxTray

HotKeysCmds C:\WINDOWS\System32\hkcmd.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds

PS2 C:\WINDOWS\system32\ps2.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PS2

HPGamesActiveMenu C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HPGamesActiveMenu

Sysres
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Sysres

regtmlp
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\regtmlp

QuickTime Task C:\WINDOWS\System32\qttask.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task

ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ccApp

ccRegVfy "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ccRegVfy

wcmdmgr C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\wcmdmgr

winnet C:\PROGRA~1\COMMON~2\ADDRES~1\Winnet.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\winnet

CMESys "C:\Program Files\Common Files\CMEII\CMESys.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CMESys

RVP "C:\Program Files\RVP\bpc.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\RVP

Sentry C:\WINDOWS\Sentry.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Sentry

WINSTA~1.EXE C:\WINDOWS\System\WINSTA~1.EXE -b
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WINSTA~1EXE

WT GameChannel C:\Program Files\WildTangent\Apps\GameChannel.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WT GameChannel

SAHAgent C:\WINDOWS\System32\SahAgent.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SAHAgent

MP_STATUS_MONITOR "C:\Program Files\Canon\MultiPASS\monitr32.exe" I
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MP_STATUS_MONITOR

MPTBox "C:\Program Files\Canon\MultiPASS\MPTBox.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MPTBox

WinTools C:\Program Files\Common files\WinTools\WToolsA.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WinTools

New.net Startup rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\New.net Startup

HoHBBLOCKar C:\PROGRA~1\iMesh\Client\HbInst.exe /Upgrade
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HoHBBLOCKar

MSys32 "C:\Program Files\Tetris 2000\morfitwebentrance.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\MSys32

Microsoft Works Update Detection C:\Program Files\Microsoft Works\WkDetect.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Works Update Detection

MoneyAgent "C:\Program Files\Microsoft Money\System\Money Express.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MoneyAgent

WPCycle.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\WPCycle.exe

Symantec NetDriver Monitor C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Symantec NetDriver Monitor

Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php
****************************************
Browser helper objects:

{00000000-0000-0000-0000-000000000000} BabeIE C:\PROGRA~1\COMMON~2\ADDRES~1\cnbabe.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-0000-0000-0000-000000000000}

{00000000-5eb9-11d5-9d45-009027c14662} not set C:\WINDOWS\SYSTEM32\IEHelper.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-5eb9-11d5-9d45-009027c14662}

{000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} not set Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{000004CC-E4FF-4F2C-BC30-DBEF0B983BC9}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000004CC-E4FF-4F2C-BC30-DBEF0B983BC9}

{00000EF1-34E3-4633-87C6-1AA7A44296DA} not set Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{00000EF1-34E3-4633-87C6-1AA7A44296DA}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000EF1-34E3-4633-87C6-1AA7A44296DA}

{014DA6C1-189F-421a-88CD-07CFE51CFF10} My Search BHO C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{014DA6C1-189F-421a-88CD-07CFE51CFF10}

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} not set C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} not set C:\Program Files\NewDotNet\newdotnet6_30.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}

{63B78BC1-A711-4D46-AD2F-C581AC420D41} not set C:\WINDOWS\System32\btiein.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63B78BC1-A711-4D46-AD2F-C581AC420D41}

{8952A998-1E7E-4716-B23D-3DBE03910972} C:\WINDOWS\System32\btiein.dll C:\PROGRA~1\Toolbar\toolbar.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8952A998-1E7E-4716-B23D-3DBE03910972}

{BDF3E430-B101-42AD-A544-FADC6B084872} NAV Helper C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}

{D6DFF6D8-B94B-4720-B730-1C38C7065C3B} C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D6DFF6D8-B94B-4720-B730-1C38C7065C3B}

****************************************
Toolbars:

{8E718888-423F-11D2-876E-00A0C9082467} C:\WINDOWS\System32\msdxm.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E718888-423F-11D2-876E-00A0C9082467}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{014DA6C9-189F-421a-88CD-07CFE51CFF10} C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{014DA6C9-189F-421a-88CD-07CFE51CFF10}

{339BB23F-A864-48C0-A59F-29EA915965EC} C:\PROGRA~1\Toolbar\toolbar.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{339BB23F-A864-48C0-A59F-29EA915965EC}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{014DA6C9-189F-421A-88CD-07CFE51CFF10} C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{014DA6C9-189F-421A-88CD-07CFE51CFF10}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{6A85D97D-665D-4825-8341-9501AD9F56A3} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{6A85D97D-665D-4825-8341-9501AD9F56A3}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{6A85D97D-665D-4825-8341-9501AD9F56A3}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{6A85D97D-665D-4825-8341-9501AD9F56A3} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{6A85D97D-665D-4825-8341-9501AD9F56A3}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{6A85D97D-665D-4825-8341-9501AD9F56A3}

{014DA6C9-189F-421A-88CD-07CFE51CFF10} C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{014DA6C9-189F-421A-88CD-07CFE51CFF10}

{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

{30D02401-6A81-11D0-8274-00C04FD5AE38} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}

{32683183-48a0-441b-a342-7c2a440a9478} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}

{EFA24E62-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}

{EFA24E64-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}

****************************************
All processes:
[System Process]
System
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
spoolsv.exe
ccEvtMgr.exe
mpservic.exe
NISUM.EXE
nvsvc32.exe
CCPXYSVC.EXE
explorer.exe
hpsysdrv.exe
KBD.EXE
qttask.exe
ccApp.exe
Winnet.exe
CMESys.exe
bpc.exe
GameChannel.exe
SahAgent.exe
wcmdmgr.exe
monitr32.exe
MPTBox.exe
WToolsA.exe
rundll32.exe
HbInst.exe
fxRedir.exe
Comwiz.exe
brokcomm.exe
WSup.exe
msmsgs.exe
NAVAPSVC.EXE
NAVW32.EXE
msn6.exe
msnmsgr.exe
javaw.exe
spywarescanner.exe

Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php
****************************************
Internet Explorer Settings:

Default_Page_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Local Page C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://us3.hpwis.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

SearchAssistant http://www.websearch.com/ie.aspx?tb_id=50017
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

CustomizeSearch res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

provider yaho
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider

Local Page C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

Search Bar http://www.websearch.com/ie.aspx?tb_id=50017
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page res://C:\WINDOWS\System32\shdoclc.dll/dnserror.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

Use Search Asst no
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst

User Stylesheet
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Styles\User Stylesheet

****************************************




Related links

Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!

The File Database - Search the file database for more information. Free!

PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!

Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.


FreeFixer
Read more about FreeFixer, Kephyr's latest spyware removal tool.
Home & Products |  Legal |  Privacy |  Search

© Kephyr, 2003-2012. HtmlTidy, HTML 4.01, CSS andy@kephyr.com