Bazooka Adware and Spyware Scanner Log 713

****************************************
Bazooka Adware and Spyware Scanner v1.13.01
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
Log created 18:19:07.
OS: Windows 98
Database version: 2.130000
Database format version: 1.020000
Database date: 20040706
Current date: 2004-07-07 18:19


****************************************
Result when scanning:

BrowserAid 666.333.912 {2CF0B992-5EEB-4143-99C0-5297EF71F443}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2CF0B992-5EEB-4143-99C0-5297EF71F443}
http://www.kephyr.com/spywarescanner/library/browseraid/index.phtml

BrowserAid.Rundll 667.333.000 RunWindowsUpdate
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\RunWindowsUpdate
http://www.kephyr.com/spywarescanner/library/browseraid.rundll/index.phtml

ClockSync 847.700.000 ClockSync
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ClockSync
http://www.kephyr.com/spywarescanner/library/clocksync/index.phtml

IGetNet 192.198.888 ClrSchLoader
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ClrSchLoader
http://www.kephyr.com/spywarescanner/library/igetnet/index.phtml

IGetNet 692.118.540 %ProgramsDir%\ClearSearch\
C:\Program Files\ClearSearch\
http://www.kephyr.com/spywarescanner/library/igetnet/index.phtml

PromulGate 837.700.000 Dpi
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Dpi
http://www.kephyr.com/spywarescanner/library/promulgate/index.phtml

PromulGate 837.700.001 %ProgramsDir%\Common Files\Dpi\
C:\Program Files\Common Files\Dpi\
http://www.kephyr.com/spywarescanner/library/promulgate/index.phtml

****************************************
Auto start entries:
L:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l

Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Run entries:
ScanRegistry C:\WINDOWS\scanregw.exe /autorun
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ScanRegistry

TaskMonitor C:\WINDOWS\taskmon.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TaskMonitor

SystemTray SysTray.Exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SystemTray

LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\LoadPowerProfile

AudioHQ C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AudioHQ

CTSysVol C:\PROGRAM FILES\CREATIVE\SURROUNDMIXER\CTSYSVOL.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CTSysVol

HPDJ Taskbar Utility C:\WINDOWS\SYSTEM\hpztsb04.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HPDJ Taskbar Utility

Iesearch.exe C:\Program Files\Internet Explorer\Iesearch.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Iesearch.exe

Cc.exe C:\WINDOWS\TEMP\CC.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Cc.exe

Xazm4.exe C:\WINDOWS\TEMP\XAZM4.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Xazm4.exe

ClrSchLoader \Program Files\ClearSearch\Loader.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ClrSchLoader

RunWindowsUpdate C:\WINDOWS\UPTODATE.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\RunWindowsUpdate

Rundll32_8 rundll32.exe C:\WINDOWS\SYSTEM\INETP60.DLL,DllRunServer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Rundll32_8

Dpi C:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Dpi

SpyBlocs C:\PROGRAM FILES\SPYBLOCS\SpyBlocs.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SpyBlocs

sureshotpopupkiller "C:\PROGRAM FILES\STOP-THE-POP-UP LITE\STOPTHEPOP.EXE" -minimized
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\sureshotpopupkiller

LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\LoadPowerProfile

SchedulingAgent C:\WINDOWS\SYSTEM\mstask.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\SchedulingAgent

Machine Debug Manager C:\WINDOWS\SYSTEM\MDM.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\Machine Debug Manager

sex C:\WINDOWS\sexxx.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\sex

Tsln C:\WINDOWS\Application Data\nurs.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Tsln

Pxbxgk C:\WINDOWS\SYSTEM\uopoi.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Pxbxgk

SpyKiller C:\Program Files\SpyKiller\spykiller.exe /startup
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SpyKiller

ClockSync C:\Program Files\ClockSync\Sync.exe /q
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ClockSync

xp_system C:\WINDOWS\INETDATA\SERVICES.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\xp_system


Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Browser helper objects:

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

{4DF21550-EB45-77E2-8756-645504D32F1A} C:\WINDOWS\SYSTEM\XNH.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4DF21550-EB45-77E2-8756-645504D32F1A}

{E2826E25-CF58-11D8-B9AD-0001A175AABB} C:\WINDOWS\SYSTEM\LEON.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2826E25-CF58-11D8-B9AD-0001A175AABB}

{2CF0B992-5EEB-4143-99C0-5297EF71F443} C:\WINDOWS\SYSTEM\STLBDIST.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2CF0B992-5EEB-4143-99C0-5297EF71F443}

{087173EF-9829-4F49-8340-A524177D3F60} C:\WINDOWS\SYSTEM\INETP60.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{087173EF-9829-4F49-8340-A524177D3F60}


****************************************
Toolbars:

{8E718888-423F-11D2-876E-00A0C9082467} C:\WINDOWS\SYSTEM\MSDXM.OCX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E718888-423F-11D2-876E-00A0C9082467}

{2CF0B992-5EEB-4143-99C0-5297EF71F444} C:\WINDOWS\SYSTEM\STLBDIST.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2CF0B992-5EEB-4143-99C0-5297EF71F444}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

{2CF0B992-5EEB-4143-99C0-5297EF71F444} C:\WINDOWS\SYSTEM\STLBDIST.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2CF0B992-5EEB-4143-99C0-5297EF71F444}


****************************************
All processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\CREATIVE\SURROUNDMIXER\CTSYSVOL.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IESEARCH.EXE
C:\WINDOWS\TEMP\XAZM4.EXE
C:\PROGRAM FILES\CLEARSEARCH\LOADER.EXE
C:\WINDOWS\UPTODATE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXE
C:\WINDOWS\APPLICATION DATA\NURS.EXE
C:\WINDOWS\SYSTEM\UOPOI.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\PROGRAM FILES\STOP-THE-POP-UP LITE\STOPTHEPOP.EXE
C:\PROGRAM FILES\BAZOOKA SPYWARE SCANNER\SPYWARESCANNER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php

****************************************
Internet Explorer Settings:

Search http://%6E%6B%76%64%2E%75%73
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search

Default_Page_URL http://www.msn.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Local Page C:\WINDOWS\SYSTEM\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

Search Bar file://C:\WINDOWS\TEMP\sp.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://%6E%6B%76%64%2E%75%73
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

Use Search Asst no
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Use Search Asst


HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\

SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://%6E%6B%76%64%2E%75%73/
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

www http://%6E%6B%76%64%2E%75%73/
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

Search http://%6E%6B%76%64%2E%75%73
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search

http://best.omega-search.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\

provider
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider

Default_Page_URL http://%6E%6B%76%64%2E%75%73
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Default_Search_URL http://%6E%6B%76%64%2E%75%73
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Local Page C:\WINDOWS\SYSTEM\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

Search Bar file://C:\WINDOWS\SYSTEM/left.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://www.berfield.net/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

Use Search Asst no
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst


HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\

SearchAssistant http://%6E%6B%76%64%2E%75%73
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant

CustomizeSearch http://%6E%6B%76%64%2E%75%73
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch


****************************************




Related links

Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!

The File Database - Search the file database for more information. Free!

PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!

Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.




FreeFixer
I'm working on a new spyware removal tool. Would you like to help me with the testing?
Koffix Blocker - Block bad web sites.
Home & Products |  Legal |  Search

© Kephyr, 2003-2006. HtmlTidy, HTML 4.01, CSS andy@kephyr.com