Bazooka Adware and Spyware Scanner Log 803

****************************************
Bazooka Adware and Spyware Scanner v1.13.01
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
Log created 14:24:04.
OS: Windows NT 5.1
Database version: 2.170000
Database format version: 1.020000
Database date: 20040727
Current date: 2004-08-02 14:24

****************************************
Result when scanning:

Twaintech.mxtarget 524.888.000 %WinDir%\mxtarget.dll
C:\WINDOWS\mxtarget.dll
http://www.kephyr.com/spywarescanner/library/twaintech.mxtarget/index.phtml

Twaintech.mxtarget 524.888.001 {0000607D-D204-42C7-8E46-216055BF9918}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0000607D-D204-42C7-8E46-216055BF9918}
http://www.kephyr.com/spywarescanner/library/twaintech.mxtarget/index.phtml
****************************************
Auto start entries:

C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\PROGRA~1\MACROE~1\MACEXP.EXE
C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\PROGRA~1\MACROE~1\MACEXP.EXE
C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\WinZip\WZQKPICK.EXE

Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php
****************************************
Run entries:

NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon

nwiz nwiz.exe /install
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\nwiz

UpdReg C:\WINDOWS\Updreg.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\UpdReg

CTStartup C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CTStartup

Jet Detection C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Jet Detection

WheelMouse C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WheelMouse

AdaptecDirectCD C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AdaptecDirectCD

HPDJ Taskbar Utility C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HPDJ Taskbar Utility

iKeyWorks C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\iKeyWorks

CARPService carpserv.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CARPService

QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task

NAV Agent C:\PROGRA~1\NORTON~1\navapw32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NAV Agent

Mirabilis ICQ C:\Program Files\ICQ\ICQNet.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Mirabilis ICQ

IntelliPoint "C:\Program Files\Microsoft IntelliPoint\point32.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\IntelliPoint

8DU C:\documents and settings\user\local settings\temp\8DU.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\8DU

Rundll32_8 rundll32.exe C:\WINDOWS\System32\inetp60.dll,DllRunServer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Rundll32_8

SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched

omuL4 C:\docume~1\user\locals~1\temp\omuL4.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\omuL4

omuL4.exe C:\docume~1\user\locals~1\temp\omuL4.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\omuL4.exe

8DU.exe C:\documents and settings\user\local settings\temp\8DU.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\8DU.exe

lcemazwiq C:\WINDOWS\System32\wzmjtw.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\lcemazwiq

Windows SA C:\Program Files\WindowsSA\omniscient.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Windows SA

TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TkBellExe

46BWGN43TWEX@B C:\WINDOWS\System32\Ryeo85lm.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\46BWGN43TWEX@B

Q.exe C:\documents and settings\user\local settings\temp\Q.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Q.exe

xFof34j dcikager.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\xFof34j

AnZ.exe C:\documents and settings\user\local settings\temp\AnZ.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AnZ.exe

W4VIHUr.exe C:\documents and settings\user\local settings\temp\W4VIHUr.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\W4VIHUr.exe

MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MSMSGS

Gadwin PrintScreen 2.6 C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Gadwin PrintScreen 2.6

Aacn C:\Documents and Settings\User\Application Data\ctur.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Aacn

go7pRQH4O uliquota.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\go7pRQH4O

NDrv C:\WINDOWS\System32\NDrv.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\NDrv

Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Symantec NetDriver Monitor

ICQ C:\Program Files\ICQ\ICQ.exe -trayboot
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\ICQ

Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Browser helper objects:

{0000607D-D204-42C7-8E46-216055BF9918} not set C:\WINDOWS\mxTarget.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0000607D-D204-42C7-8E46-216055BF9918}

{04079851-5845-4dea-848C-3ECD647AA554} MyWay Search Assistant BHO C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04079851-5845-4dea-848C-3ECD647AA554}

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} not set C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

{087173EF-9829-4F49-8340-A524177D3F60} not set C:\WINDOWS\System32\inetp60.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{087173EF-9829-4F49-8340-A524177D3F60}

{1B7D753B-1981-4bd2-91F3-6D055EE113A0} not set C:\WINDOWS\System32\NDrv.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B7D753B-1981-4bd2-91F3-6D055EE113A0}

{83DE62E0-5805-11D8-9B25-00E04C60FAF2} not set C:\WINDOWS\2_0_1browserhelper2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83DE62E0-5805-11D8-9B25-00E04C60FAF2}

{BDF3E430-B101-42AD-A544-FADC6B084872} NAV Helper C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}

{E8EAEB34-F7B5-4C55-87FF-720FAF53D841} WinPage Affiliate C:\Documents and Settings\User\Local Settings\Temp\yE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8EAEB34-F7B5-4C55-87FF-720FAF53D841}

****************************************
Toolbars:

{2318C2B1-4965-11D4-9B18-009027A5CD4F} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{2318C2B1-4965-11D4-9B18-009027A5CD4F} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

{014DA6C9-189F-421A-88CD-07CFE51CFF10} C:\PROGRA~1\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{014DA6C9-189F-421A-88CD-07CFE51CFF10}

{2CF0B992-5EEB-4143-99C0-5297EF71F444} C:\WINDOWS\System32\stlbdist.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2CF0B992-5EEB-4143-99C0-5297EF71F444}

{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

{30D02401-6A81-11D0-8274-00C04FD5AE38} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}

{32683183-48a0-441b-a342-7c2a440a9478} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

{EFA24E61-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}

{EFA24E62-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}

{EFA24E64-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}

****************************************
All processes:

[System Process]
System
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
spoolsv.exe
explorer.exe
CDAC11BA.EXE
CTSVCCDA.EXE
NAVAPSVC.EXE
nvsvc32.exe
svchost.exe
MsPMSPSv.exe
Amoumain.exe
Directcd.exe
hpztsb04.exe
Ikeymain.exe
carpserv.exe
qttask.exe
NAVAPW32.EXE
point32.exe
8DU.exe
rundll32.exe
jusched.exe
omuL4.exe
omuL4.exe
8DU.exe
Icq.exe
wzmjtw.exe
omniscient.exe
realsched.exe
Q.exe
dcikager.exe
AnZ.exe
W4VIHUr.exe
msmsgs.exe
PrintScreen.exe
ctur.exe
uliquota.exe
NDrv.exe
macexp.EXE
NkvMon.exe
WZQKPICK.EXE
OwfwHLN.exe
Fwf524V7.exe
spywarescanner.exe

Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php

****************************************
Internet Explorer Settings:

Default_Page_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Local Page C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

http://www.google.com/keyword/%s
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\

provider
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider

Local Page C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

Search Bar file://C:\WINDOWS\System32/left.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://www.cox.net/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

Use Search Asst no
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst

User Stylesheet
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Styles\User Stylesheet

****************************************