Bazooka Adware and Spyware Scanner Log 298

****************************************
Bazooka Adware and Spyware Scanner v1.13.01
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
Log created 10:42:27.
OS: Windows NT 5.1
Database version: 1.990000
Database format version: 1.020000
Database date: 20040504
Current date: 2004-05-10 10:42


****************************************
Result when scanning:

2ndthought Adware 544.644.002 %ProgramsDir%\STC\
C:\Program Files\STC\
http://www.kephyr.com/spywarescanner/library/2ndthoughtadware/index.phtml

BookedSpace 100.200.300 bxxs5
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\bxxs5
http://www.kephyr.com/spywarescanner/library/bookedspace/index.phtml

BookedSpace 100.200.301 bxxs5.dll
http://www.kephyr.com/spywarescanner/library/bookedspace/index.phtml

BookedSpace 100.200.302 {0019C3E2-DD48-4A6D-ABCD-8D32436323D9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}
http://www.kephyr.com/spywarescanner/library/bookedspace/index.phtml

ClearSearch.csie 729.978.001 %ProgramsDir%\ClearSearch\CSIE.DLL
C:\Program Files\ClearSearch\CSIE.DLL
http://www.kephyr.com/spywarescanner/library/clearsearch.csie/index.phtml

ClipGenie 102.444.948 %ProgramsDir%\ClipGenie\
C:\Program Files\ClipGenie\
http://www.kephyr.com/spywarescanner/library/clipgenie/index.phtml

FreeScratchAndWin 122.927.544 IdleUI.dll
http://www.kephyr.com/spywarescanner/library/freescratchandwin/index.phtml

Gator 112.997.000 GMT.exe
http://www.kephyr.com/spywarescanner/library/gain/index.phtml

IGetNet 192.198.888 ClrSchLoader
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ClrSchLoader
http://www.kephyr.com/spywarescanner/library/igetnet/index.phtml

IGetNet 692.118.540 %ProgramsDir%\ClearSearch\
C:\Program Files\ClearSearch\
http://www.kephyr.com/spywarescanner/library/igetnet/index.phtml

Jeired 213.500.000 {707E6F76-9FFB-4920-A976-EA101271BC25}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{707E6F76-9FFB-4920-A976-EA101271BC25}
http://www.kephyr.com/spywarescanner/library/jeired/index.phtml

n-CASE 098.098.098 msbb
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\msbb
http://www.kephyr.com/spywarescanner/library/ncase/index.phtml

n-CASE 102.165.199 %ProgramsDir%\nCase\
C:\Program Files\nCase\
http://www.kephyr.com/spywarescanner/library/ncase/index.phtml

SeekSeek 394.200.000 slmss
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\slmss
http://www.kephyr.com/spywarescanner/library/seekseek/index.phtml

SeekSeek 394.200.001 %ProgramsDir%\Common Files\slmss\
C:\Program Files\Common Files\slmss\
http://www.kephyr.com/spywarescanner/library/seekseek/index.phtml

SystemDir.iexplore 543.500.000 %SystemDir%\iexplore.exe
C:\WINDOWS\System32\\iexplore.exe
http://www.kephyr.com/spywarescanner/library/systemdir.iexplore/index.phtml

Twaintech 523.888.001 {000020DD-C72E-4113-AF77-DD56626C6C42}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000020DD-C72E-4113-AF77-DD56626C6C42}
http://www.kephyr.com/spywarescanner/library/twaintech/index.phtml

Virtual Bouncer 837.000.000 %ProgramsDir%\VBouncer\
C:\Program Files\VBouncer\
http://www.kephyr.com/spywarescanner/library/virtualbouncer/index.phtml

****************************************
Auto start entries:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\GMT\GMT.exe /startup
C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\GMT\GMT.exe /startup
C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
C:\Program Files\AdDestroyer\AdDestroyer.exe
C:\Documents and Settings\Sharon Hinson\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\AdDestroyer\AdDestroyer.exe
C:\Documents and Settings\Sharon Hinson\Start Menu\Programs\Startup\desktop.ini

Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Run entries:
WCOLOREAL "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WCOLOREAL

Smapp Smtray.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Smapp

srmclean C:\Cpqs\Scom\srmclean.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\srmclean

REGSHAVE C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\REGSHAVE

ssdiag C:\WINDOWS\ssdiag.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ssdiag

dla C:\WINDOWS\system32\dla\tfswctrl.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\dla

StorageGuard "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\StorageGuard

QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task

BJCFD C:\Program Files\BroadJump\Client Foundation\CFD.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BJCFD

2wSysTray C:\Program Files\2Wire HomePortal Monitor\2portalmon.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\2wSysTray

mwcgdtn "C:\WINDOWS\System32\mwcgdtn.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\mwcgdtn

bxxs5 RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\bxxs5

43sO33U C:\WINDOWS\System32\unlpy.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\43sO33U

dpcproxy C:\WINDOWS\System32\dpcproxy.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\dpcproxy

iexplore C:\WINDOWS\System32\iexplore.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\iexplore

fash C:\WINDOWS\fash.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\fash

TV Media C:\Program Files\TV Media\Tvm.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TV Media

slmss C:\Program Files\Common Files\slmss\slmss.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\slmss

ClrSchLoader C:\Program Files\ClearSearch\Loader.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ClrSchLoader

msbb C:\Program Files\nCase\msbb.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\msbb

AIM C:\Program Files\AIM95\aim.exe -cnetwait.odl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AIM

ctfmon.exe C:\WINDOWS\System32\ctfmon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe

SpyKiller C:\Program Files\SpyKiller\spykiller.exe /startup
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SpyKiller

TV Media C:\Program Files\TV Media\Tvm.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\TV Media

query C:\WINDOWS\system32\query.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\query


Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Browser helper objects:

{000020DD-C72E-4113-AF77-DD56626C6C42} not set Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{000020DD-C72E-4113-AF77-DD56626C6C42}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000020DD-C72E-4113-AF77-DD56626C6C42}

{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} not set C:\WINDOWS\bxxs5.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}

{707E6F76-9FFB-4920-A976-EA101271BC25} C:\Program Files\TV Media\TvmBho.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{707E6F76-9FFB-4920-A976-EA101271BC25}

{AA58ED58-01DD-4d91-8333-CF10577473F7} not set c:\windows\googletoolbar.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}

{C2DBBB89-9406-4C34-B2AD-066A8DF3EEE4} not set C:\WINDOWS\System32\ebdgdfd.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2DBBB89-9406-4C34-B2AD-066A8DF3EEE4}


****************************************
Toolbars:

{EF99BD32-C1FB-11D2-892F-0090271D4F88} C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_6.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

{2318C2B1-4965-11d4-9B18-009027A5CD4F} c:\windows\googletoolbar.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F}

{8E718888-423F-11D2-876E-00A0C9082467} C:\WINDOWS\System32\msdxm.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E718888-423F-11D2-876E-00A0C9082467}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{2318C2B1-4965-11D4-9B18-009027A5CD4F} c:\windows\googletoolbar.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{EF99BD32-C1FB-11D2-892F-0090271D4F88} C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_6.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

{2318C2B1-4965-11D4-9B18-009027A5CD4F} c:\windows\googletoolbar.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} C:\WINDOWS\System32\Shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}

{32683183-48a0-441b-a342-7c2a440a9478} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

{EFA24E61-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}

{EFA24E64-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}


****************************************
All processes:

System
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
spoolsv.exe
explorer.exe
SMTray.exe
tfswctrl.exe
qttask.exe
CFD.exe
2PortalMon.exe
iexplore.exe
slmss.exe
ctfmon.exe
QuickDCF.exe
PackethSvc.exe
WkCalRem.exe
qbdagent2002.exe
alg.exe
acsd.exe
Installer.exe
mdm.exe
pctspk.exe
scardsvr.exe
tcpsvcs.exe
snmp.exe
wanmpsvc.exe
Cjnbapep.exe
ClrSchP070.exe
ADDEST~1.EXE
wuauclt.exe
msbb.exe
aim.exe
IEXPLORE.EXE
spywarescanner.exe

Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php

****************************************
Internet Explorer Settings:

Search Bar res://%43%3a%5c%57%49%4e%44%4f%57%53%5c%53%79%73%74%65%6d%33%32%5c%65%62%64%67%64%66%64%2e%64%6c%6c/%73%70%2e%68%74%6d%6c
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page res://%43%3a%5c%57%49%4e%44%4f%57%53%5c%53%79%73%74%65%6d%33%32%5c%65%62%64%67%64%66%64%2e%64%6c%6c/%73%70%2e%68%74%6d%6c
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

Use Search Asst no
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Use Search Asst

SearchAssistant res://%43%3a%5c%57%49%4e%44%4f%57%53%5c%53%79%73%74%65%6d%33%32%5c%65%62%64%67%64%66%64%2e%64%6c%6c/%73%70%2e%68%74%6d%6c
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\

Local Page C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

Search Bar res://%43%3a%5c%57%49%4e%44%4f%57%53%5c%53%79%73%74%65%6d%33%32%5c%65%62%64%67%64%66%64%2e%64%6c%6c/%73%70%2e%68%74%6d%6c
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

Use Search Asst no
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst

SearchAssistant res://%43%3a%5c%57%49%4e%44%4f%57%53%5c%53%79%73%74%65%6d%33%32%5c%65%62%64%67%64%66%64%2e%64%6c%6c/%73%70%2e%68%74%6d%6c
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant


****************************************




Related links

Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!

The File Database - Search the file database for more information. Free!

PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!

Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.


FreeFixer
Read more about FreeFixer, Kephyr's latest spyware removal tool.
Home & Products |  Legal |  Privacy |  Search

© Kephyr, 2003-2012. HtmlTidy, HTML 4.01, CSS andy@kephyr.com