Bazooka Adware and Spyware Scanner Log 1228

****************************************
Bazooka Scanner v1.13.02
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
Log created 01:49:43.
OS: Windows 98
Database version: 2.320000
Database format version: 1.020000
Database date: 20040902
Current date: 2004-09-08 01:49


****************************************
Result when scanning:

No potentially unwanted software found.
****************************************
Auto start entries:
C:\Program Files\Network ICE\BlackICE\blackice.exe -closed
C:\Program Files\FinePixViewer\QuickDCF.exe

Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Run entries:
SystemTray SysTray.ExE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SystemTray

LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\LoadPowerProfile

internat.exe internat.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\internat.exe

Colorific Control Panel C:\PROGRA~1\CREATIVE\COLORIF\PROGRAM\HGCCTL95.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Colorific Control Panel

3Deep Control Panel C:\PROGRA~1\CREATIVE\3DEEP\PROGRAM\3DeepCTL.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\3Deep Control Panel

PCIMODEM pcimodem.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PCIMODEM

EnsoniqMixer starter.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\EnsoniqMixer

StillImageMonitor C:\WINDOWS\SYSTEM\STIMON.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\StillImageMonitor

LexmarkPrinTray PrinTray.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\LexmarkPrinTray

AdaptecDirectCD "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AdaptecDirectCD

3dfx Tools rundll32.exe 3dfxCmn.dll,UpdateRegSettings
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\3dfx Tools

Agent C:\Program Files\CyberLink\PowerVCRII\Agent.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Agent

Remote_Agent C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Remote_Agent

LoadQM loadqm.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\LoadQM

CreateCD50 C:\PROGRA~1\FICHIE~1\ADAPTE~1\CREATECD\CREATE~1.EXE -r
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CreateCD50

CloneCDTray "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CloneCDTray

LexStart Lexstart.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\LexStart

WinampAgent "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WinampAgent

QuickTime Task "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task

REGSHAVE C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\REGSHAVE

iHP-100 C:\PROGRAM FILES\IRIVER\IHP100\IHPDETECT.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\iHP-100

NAV Agent C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NAV Agent

gfuqhpvajlus C:\WINDOWS\SYSTEM\ggrfxg.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\gfuqhpvajlus

LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\LoadPowerProfile

SchedulingAgent mstask.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\SchedulingAgent

BCDetect C:\WINDOWS\SYSTEM\bcdetect.exe defer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\BCDetect

LoadBlackD C:\Program Files\Network ICE\BlackICE\blackd.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\LoadBlackD

ScriptBlocking "C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\SBServ.exe" -reg
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\ScriptBlocking

IEFF.EXE C:\WINDOWS\SYSTEM\IEFF.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\IEFF.EXE

MSXB32.EXE C:\WINDOWS\MSXB32.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\MSXB32.EXE

NETWE32.EXE C:\WINDOWS\NETWE32.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\NETWE32.EXE

SDKKB.EXE C:\WINDOWS\SDKKB.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\SDKKB.EXE

CRSN32.EXE C:\WINDOWS\SYSTEM\CRSN32.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\CRSN32.EXE

APPYG.EXE C:\WINDOWS\SYSTEM\APPYG.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\APPYG.EXE

IEZV.EXE C:\WINDOWS\IEZV.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\IEZV.EXE

NTXV32.EXE C:\WINDOWS\SYSTEM\NTXV32.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\NTXV32.EXE

APIIB32.EXE C:\WINDOWS\APIIB32.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\APIIB32.EXE

MFCEB.EXE C:\WINDOWS\SYSTEM\MFCEB.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\MFCEB.EXE

NTDM32.EXE C:\WINDOWS\SYSTEM\NTDM32.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\NTDM32.EXE

SDKHJ32.EXE C:\WINDOWS\SYSTEM\SDKHJ32.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\SDKHJ32.EXE

D3TG.EXE C:\WINDOWS\D3TG.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\D3TG.EXE

JAVABA32.EXE C:\WINDOWS\JAVABA32.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\JAVABA32.EXE

NETUR32.EXE C:\WINDOWS\SYSTEM\NETUR32.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\NETUR32.EXE

NTOB.EXE C:\WINDOWS\NTOB.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\NTOB.EXE

MFCNO.EXE C:\WINDOWS\MFCNO.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\MFCNO.EXE

MSNU32.EXE C:\WINDOWS\SYSTEM\MSNU32.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\MSNU32.EXE

APPIC.EXE C:\WINDOWS\SYSTEM\APPIC.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\APPIC.EXE

CRTQ.EXE C:\WINDOWS\CRTQ.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\CRTQ.EXE

MFCUV32.EXE C:\WINDOWS\SYSTEM\MFCUV32.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\MFCUV32.EXE

WINSJ32.EXE C:\WINDOWS\WINSJ32.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\WINSJ32.EXE

APPKY32.EXE C:\WINDOWS\SYSTEM\APPKY32.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\APPKY32.EXE

NETOC32.EXE C:\WINDOWS\NETOC32.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\NETOC32.EXE

NTKV32.EXE C:\WINDOWS\SYSTEM\NTKV32.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\NTKV32.EXE

IEMZ32.EXE C:\WINDOWS\IEMZ32.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\IEMZ32.EXE

SYSAV32.EXE C:\WINDOWS\SYSAV32.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\SYSAV32.EXE

ADDKV32.EXE C:\WINDOWS\ADDKV32.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\ADDKV32.EXE

MFCCG.EXE C:\WINDOWS\SYSTEM\MFCCG.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\MFCCG.EXE

ADDIU.EXE C:\WINDOWS\SYSTEM\ADDIU.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\ADDIU.EXE

IPGP.EXE C:\WINDOWS\IPGP.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\IPGP.EXE

MFCKD32.EXE C:\WINDOWS\MFCKD32.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\MFCKD32.EXE

MSSJ.EXE C:\WINDOWS\MSSJ.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\MSSJ.EXE

IEAH32.EXE C:\WINDOWS\IEAH32.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\IEAH32.EXE

Taskbar Display Controls RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Taskbar Display Controls

Yahoo! Pager C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Yahoo! Pager

MsnMsgr "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MsnMsgr

Lma C:\WINDOWS\SYSTEM\xnjdl.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Lma


Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Browser helper objects:

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

{EF99BD32-C1FB-11D2-892F-0090271D4F88} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32

System error message: Le fichier spécifié est introuvable.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

{BDF3E430-B101-42AD-A544-FADC6B084872} NAV Helper C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}

{F4484B24-78BE-755A-D1F5-2CBCFF226F9C} C:\WINDOWS\SYSTEM\APIZD.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4484B24-78BE-755A-D1F5-2CBCFF226F9C}


****************************************
Toolbars:

{8E718888-423F-11D2-876E-00A0C9082467} C:\WINDOWS\SYSTEM\MSDXM.OCX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E718888-423F-11D2-876E-00A0C9082467}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

{4528BBE0-4E08-11D5-AD55-00010333D0AD} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\InprocServer32

System error message: Le fichier spécifié est introuvable.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}

{32683183-48a0-441b-a342-7c2a440a9478} C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

{EFA24E64-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}

{4528BBE0-4E08-11D5-AD55-00010333D0AD} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\InprocServer32

System error message: Le fichier spécifié est introuvable.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}


****************************************
All processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETWORK ICE\BLACKICE\BLACKD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\NETWE32.EXE
C:\WINDOWS\SYSTEM\IEFF.EXE
C:\WINDOWS\MSXB32.EXE
C:\WINDOWS\SDKKB.EXE
C:\WINDOWS\SYSTEM\APPYG.EXE
C:\WINDOWS\IEZV.EXE
C:\WINDOWS\SYSTEM\NTXV32.EXE
C:\WINDOWS\APIIB32.EXE
C:\WINDOWS\SYSTEM\CRSN32.EXE
C:\WINDOWS\SYSTEM\MFCEB.EXE
C:\WINDOWS\SYSTEM\SDKHJ32.EXE
C:\WINDOWS\SYSTEM\NTDM32.EXE
C:\WINDOWS\NTOB.EXE
C:\WINDOWS\D3TG.EXE
C:\WINDOWS\JAVABA32.EXE
C:\WINDOWS\SYSTEM\NETUR32.EXE
C:\WINDOWS\MFCNO.EXE
C:\WINDOWS\SYSTEM\MSNU32.EXE
C:\WINDOWS\SYSTEM\APPIC.EXE
C:\WINDOWS\CRTQ.EXE
C:\WINDOWS\SYSTEM\MFCUV32.EXE
C:\WINDOWS\WINSJ32.EXE
C:\WINDOWS\NETOC32.EXE
C:\WINDOWS\SYSTEM\NTKV32.EXE
C:\WINDOWS\SYSTEM\APPKY32.EXE
C:\WINDOWS\IEMZ32.EXE
C:\WINDOWS\SYSAV32.EXE
C:\WINDOWS\ADDKV32.EXE
C:\WINDOWS\SYSTEM\MFCCG.EXE
C:\WINDOWS\IPGP.EXE
C:\WINDOWS\SYSTEM\ADDIU.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\MSXMIDI.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\CREATIVE\COLORIF\PROGRAM\HGCCTL95.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\CYBERLINK\POWERVCRII\AGENT.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\ELABORATE BYTES\CLONECD\CLONECDTRAY.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\IRIVER\IHP100\IHPDETECT.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\GGRFXG.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\XNJDL.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NETWORK ICE\BLACKICE\BLACKICE.EXE
C:\WINDOWS\MFCKD32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\APPLICATION DATA\AESL.EXE
C:\WINDOWS\SYSTEM\APPIC.EXE
C:\WINDOWS\SYSTEM\ADDIU.EXE
C:\WINDOWS\MSSJ.EXE
C:\WINDOWS\SYSTEM\APPIC.EXE
C:\WINDOWS\IEAH32.EXE
C:\PROGRAM FILES\BAZOOKA SCANNER\SPYWARESCANNER.EXE

Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php

****************************************
Internet Explorer Settings:

Default_Page_URL about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Default_Search_URL res://C:\WINDOWS\system\bvplf.dll/sp.html#29126
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Search Bar res://C:\WINDOWS\system\bvplf.dll/sp.html#29126
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page res://C:\WINDOWS\system\bvplf.dll/sp.html#29126
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

Use Search Asst no
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Use Search Asst


HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\

SearchAssistant res://C:\WINDOWS\system\bvplf.dll/sp.html#29126
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

User Stylesheet C:\WINDOWS\hh.htt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Styles\User Stylesheet


HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\

provider YAHO
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider

Local Page C:\WINDOWS\SYSTEM\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

Search Bar res://C:\WINDOWS\system\bvplf.dll/sp.html#29126
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page res://C:\WINDOWS\system\bvplf.dll/sp.html#29126
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

Use Search Asst no
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst


HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\

SearchAssistant res://C:\WINDOWS\system\bvplf.dll/sp.html#29126
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant

User Stylesheet C:\WINDOWS\Web\tips.ini
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Styles\User Stylesheet


****************************************




Related links

Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!

The File Database - Search the file database for more information. Free!

PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!

Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.


FreeFixer
Read more about FreeFixer, Kephyr's latest spyware removal tool.
Home & Products |  Legal |  Privacy |  Search

© Kephyr, 2003-2012. HtmlTidy, HTML 4.01, CSS andy@kephyr.com