Bazooka Adware and Spyware Scanner Log 859

****************************************
Bazooka Scanner v1.13.02
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
Log created 23:37:59.
OS: Windows NT 5.1
Database version: 2.220000
Database format version: 1.020000
Database date: 20040806
Current date: 2004-08-10 23:37


****************************************
Result when scanning:

ClearSearch.csie 729.978.001 %ProgramsDir%\LYCOS\IEAGENT\CSIE.DLL
C:\Arquivos de programas\LYCOS\IEAGENT\CSIE.DLL
http://www.kephyr.com/spywarescanner/library/clearsearch.csie/index.phtml

CoolWebSearch.xpsystem 468.000.002 {5321E378-FFAD-4999-8C62-03CA8155F0B3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321E378-FFAD-4999-8C62-03CA8155F0B3}
http://www.kephyr.com/spywarescanner/library/coolwebsearch.xpsystem/index.phtml

Flingstone Bridge 483.999.002 RunDLL
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\RunDLL
http://www.kephyr.com/spywarescanner/library/flingstonebridge/index.phtml

Instant Access Dialer 847.000.001 %ProgramsDir%\Instant Access\
C:\Arquivos de programas\Instant Access\
http://www.kephyr.com/spywarescanner/library/instantaccessdialer/index.phtml

Internet Optimizer 123.000.003 C:\Program Files\Internet Optimizer\
C:\Program Files\Internet Optimizer\
http://www.kephyr.com/spywarescanner/library/internetoptimizer/index.phtml

MS Media Player GUID 404.888.000
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
http://www.kephyr.com/spywarescanner/library/msmediaplayerguid/index.phtml

PowerScan 070.000.001 %ProgramsDir%\Power Scan\
C:\Arquivos de programas\Power Scan\
http://www.kephyr.com/spywarescanner/library/powerscan/index.phtml

SaveNow 090.090.091 %ProgramsDir%\Save\
C:\Arquivos de programas\Save\
http://www.kephyr.com/spywarescanner/library/savenow/index.phtml

WebDialer 848.800.001 c:\Program Files\Webdialer\
c:\Program Files\Webdialer\
http://www.kephyr.com/spywarescanner/library/webdialer/index.phtml

****************************************
Auto start entries:
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\desktop.ini
C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE -b -l
C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\desktop.ini
C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE -b -l
C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
C:\Documents and Settings\user\Menu Iniciar\Programas\Inicializar\desktop.ini
C:\Documents and Settings\user\Menu Iniciar\Programas\Inicializar\desktop.ini

Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Run entries:
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon

nwiz nwiz.exe /install
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\nwiz

NAV Agent C:\ARQUIV~1\NORTON~1\NORTON~1\navapw32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NAV Agent

SoundMan SOUNDMAN.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SoundMan

NeroCheck C:\WINDOWS\System32\\NeroCheck.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NeroCheck

Disc Detector C:\Arquivos de programas\Creative\ShareDLL\CtNotify.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Disc Detector

RFX_auto_upgrade
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\RFX_auto_upgrade

WinampAgent C:\Arquivos de programas\Winamp\winampa.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WinampAgent

Ad-aware "C:\Arquivos de programas\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Ad-aware

Emurayden PSX Emulator
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Emurayden PSX Emulator

QuickTime Task "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task

xp_system C:\WINDOWS\inetg\services.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\xp_system

RunDLL rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\RunDLL

zxiffg C:\WINDOWS\System32\rhqrrhxt.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\zxiffg

Windows SA C:\Program Files\WindowsSA\omniscient.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Windows SA

mslagent C:\WINDOWS\mslagent\mslagent_.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\mslagent

Symantec NetDriver Monitor C:\ARQUIV~1\SYMNET~1\SNDMon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Symantec NetDriver Monitor

xp_system C:\WINDOWS\inetg\services.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\xp_system

Jrsbvenk C:\WINDOWS\System32\hjflt.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Jrsbvenk


Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Browser helper objects:

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} not set   ¦C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

{28F65FCB-D130-11D8-BA48-8BE0C49AF370} not set c:\windows\20040810\popup_bl.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28F65FCB-D130-11D8-BA48-8BE0C49AF370}

{3EF9440F-B53F-0791-875E-655504A27F3C} not set C:\WINDOWS\System32\aiezt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EF9440F-B53F-0791-875E-655504A27F3C}

{5321E378-FFAD-4999-8C62-03CA8155F0B3} C:\WINDOWS\System32\aiezt.dll Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{5321E378-FFAD-4999-8C62-03CA8155F0B3}\InprocServer32

System error message: O sistema não pode encontrar o arquivo especificado.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321E378-FFAD-4999-8C62-03CA8155F0B3}

{53707962-6F74-2D53-2644-206D7942484F} not set C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}

{82E8FF5B-20DA-4F43-9787-09FA534B7627} not set C:\WINDOWS\System32\rocivig.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82E8FF5B-20DA-4F43-9787-09FA534B7627}

{BDF3E430-B101-42AD-A544-FADC6B084872} not set   ¦C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}

{DE3BEBDB-AEE7-4277-8B6E-4EEFFA9508AE} not set C:\WINDOWS\System32\eohuqiu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE3BEBDB-AEE7-4277-8B6E-4EEFFA9508AE}


****************************************
Toolbars:

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Arquivos de programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{7EEF1E3D-FD97-4401-BCDB-5827F2D11709}   ¦C:\ARQUIV~1\IGV6\igshop.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7EEF1E3D-FD97-4401-BCDB-5827F2D11709}

{AEE46806-2C5A-4A4E-A5DD-B4531F64A187} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{AEE46806-2C5A-4A4E-A5DD-B4531F64A187}\InprocServer32

System error message: O sistema não pode encontrar o arquivo especificado.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{AEE46806-2C5A-4A4E-A5DD-B4531F64A187}

{EF99BD32-C1FB-11D2-892F-0090271D4F88} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32

System error message: O sistema não pode encontrar o arquivo especificado.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

{815A82AE-CDEF-11D8-BA48-A6D245798277} c:\windows\20040810\TOOLBA~1.DLL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{815A82AE-CDEF-11D8-BA48-A6D245798277}

{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

{32683183-48a0-441b-a342-7c2a440a9478} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

{EFA24E61-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}

{EFA24E62-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}

{EFA24E64-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}


****************************************
All processes:

[System Process]
System
SMSS.EXE
CSRSS.EXE
WINLOGON.EXE
SERVICES.EXE
LSASS.EXE
SVCHOST.EXE
SVCHOST.EXE
SVCHOST.EXE
SVCHOST.EXE
SPOOLSV.EXE
EXPLORER.EXE
SERVICES.EXE
NAVAPW32.EXE
SOUNDMAN.EXE
CTNotify.exe
WINAMPA.EXE
Mediadet.exe
RHQRRHXT.EXE
HJFLT.EXE
Ctsvccda.exe
Crypserv.exe
Runservice.exe
mdm.exe
navapsvc.exe
nvsvc32.exe
scsiaccess.exe
slserv.exe
SVCHOST.EXE
spywarescanner.exe

Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php

****************************************
Internet Explorer Settings:

Default_Page_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Local Page C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

Search Bar
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://www.msn.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

Use Search Asst no
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Use Search Asst

SearchAssistant http://www.v73.us/search.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

CustomizeSearch http://www.v73.us/search.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

http://www.v73.us
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\

provider
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider

Local Page C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

Search Bar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page http://www.microsoft.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://www.all-websearch.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

Use Search Asst no
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst

SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant


****************************************




Related links

Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!

The File Database - Search the file database for more information. Free!

PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!

Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.


FreeFixer
Read more about FreeFixer, Kephyr's latest spyware removal tool.
Home & Products |  Legal |  Privacy |  Search

© Kephyr, 2003-2012. HtmlTidy, HTML 4.01, CSS andy@kephyr.com