Bazooka Adware and Spyware Scanner Log 853

****************************************
Bazooka Scanner v1.13.02
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
Log created 12:25:17.
OS: Windows NT 5.1
Database version: 2.220000
Database format version: 1.020000
Database date: 20040806
Current date: 2004-08-12 12:25


****************************************
Result when scanning:

Internet Washer Pro 139.000.000 InternetWasherPro
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\InternetWasherPro
http://www.kephyr.com/spywarescanner/library/internetwasherpro/index.phtml

ISTBar 122.122.002 IST Service
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\IST Service
http://www.kephyr.com/spywarescanner/library/istbar/index.phtml

ISTBar 122.122.007 %ProgramsDir%\ISTsvc\
C:\Program Files\ISTsvc\
http://www.kephyr.com/spywarescanner/library/istbar/index.phtml

****************************************
Auto start entries:
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\ContentWatch\EmailProtect\EProtect.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l
C:\Program Files\ContentWatch\PopupProtect\PP.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\ContentWatch\EmailProtect\EProtect.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l
C:\Program Files\ContentWatch\PopupProtect\PP.exe
C:\Documents and Settings\Juicy\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\Juicy\Start Menu\Programs\Startup\desktop.ini

Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Run entries:
SoundMan SOUNDMAN.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SoundMan

NvCplDaemon RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon

nwiz nwiz.exe /install
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\nwiz

B'sCLiP C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\B'sCLiP

DeltTray DeltTray.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\DeltTray

EssSpkPhone essspk.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\EssSpkPhone

VetTray C:\Vet\VetTray.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\VetTray

QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task

CP_AutoStartup C:\Program Files\ContentWatch\common\cprotect.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CP_AutoStartup

IST Service C:\Program Files\ISTsvc\istsvc.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\IST Service

CTFMON.EXE C:\WINDOWS\System32\ctfmon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\CTFMON.EXE

MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MSMSGS

IncrediMail C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\IncrediMail

InternetWasherPro C:\PROGRA~1\INTERN~2\iw.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\InternetWasherPro

CWU_AutoStartup C:\Program Files\ContentWatch\Updater\cwupdate.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\CWU_AutoStartup


Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Browser helper objects:

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} not set C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}


****************************************
Toolbars:

{8E718888-423F-11D2-876E-00A0C9082467} C:\WINDOWS\System32\msdxm.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E718888-423F-11D2-876E-00A0C9082467}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

{30D02401-6A81-11D0-8274-00C04FD5AE38} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}

{32683183-48a0-441b-a342-7c2a440a9478} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

{EFA24E61-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}

{EFA24E62-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}

{EFA24E64-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}


****************************************
All processes:

[System Process]
System
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
spoolsv.exe
nvsvc32.exe
svchost.exe
VetMsgNT.exe
explorer.exe
SOUNDMAN.EXE
BsCLiP.exe
delttray.exe
essspk.exe
VetTray.exe
qttask.exe
cprotect.exe
istsvc.exe
ctfmon.exe
msmsgs.exe
CWUpdate.exe
AcroTray.exe
EProtect.exe
WinCinemaMgr.exe
PP.exe
IMApp.exe
wuauclt.exe
spywarescanner.exe
IEXPLORE.EXE

Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php

****************************************
Internet Explorer Settings:

Default_Page_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Local Page C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

provider
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider

Local Page C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

Search Bar http://www.couldnotfind.com/search_page.html?&account_id=134168
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page http://www.couldnotfind.com/search_page.html?&account_id=134168
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://www.netspeed.com.au/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

Use Search Asst no
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst

SearchAssistant http://www.couldnotfind.com/search_page.html?&account_id=134168
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant


****************************************




Related links

Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!

The File Database - Search the file database for more information. Free!

PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!

Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.



FreeFixer
Read more about FreeFixer, Kephyr's latest spyware removal tool.
Home & Products |  Legal |  Privacy |  Search

© Kephyr, 2003-2012. HtmlTidy, HTML 4.01, CSS andy@kephyr.com