This topic is locked
****************************************
Bazooka Scanner v1.13.03
http://www.kephyr.com/spywarescanner/
http://www.kephyr.co...canner/library/
[email protected]
Log created 19:18:48.
OS: Windows NT 5.1
Database version: 3.030000
Database format version: 1.020000
Database date: 20050705
Current date: 2005-07-11 19:18
****************************************
Result when scanning:
BullsEye 433.111.901 %SystemDir%\msxct.exe
C:\WINDOWS\system32\\msxct.exe
http://www.kephyr.co...eye/index.phtml
EliteBar 233.523.000 {28CAEFF3-0F18-4036-B504-51D73BD81ABC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28CAEFF3-0F18-4036-B504-51D73BD81ABC}
http://www.kephyr.co...bar/index.phtml
EliteBar 233.523.002 {825CF5BD-8862-4430-B771-0C15C5CA8DEF}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{825CF5BD-8862-4430-B771-0C15C5CA8DEF}
http://www.kephyr.co...bar/index.phtml
EliteBar 233.523.001 checkrun
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\checkrun
http://www.kephyr.co...bar/index.phtml
Internet Optimizer 123.000.003 %ProgramsDir%\Internet Optimizer\
C:\Program Files\Internet Optimizer\
http://www.kephyr.co...zer/index.phtml
ISTBar 122.122.007 %ProgramsDir%\ISTBar\
C:\Program Files\ISTBar\
http://www.kephyr.co...bar/index.phtml
PowerScan 070.000.001 %ProgramsDir%\Power Scan\
C:\Program Files\Power Scan\
http://www.kephyr.co...can/index.phtml
****************************************
Auto start entries:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
C:\Documents and Settings\Paul\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\Paul\Start Menu\Programs\Startup\desktop.ini
Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php
****************************************
Run entries:
ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ATIPTA
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon
VAIO Recovery C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\VAIO Recovery
QuickFinder Scheduler "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickFinder Scheduler
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NeroFilterCheck
ProSiteFinder C:\Program Files\ProSiteFinder\prositefinder.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ProSiteFinder
ezShieldProtector for Px C:\WINDOWS\system32\ezSP_Px.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ezShieldProtector for Px
checkrun C:\windows\system32\elitexom32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\checkrun
Microsoft Windows DLL Services Configuration poker3.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\Microsoft Windows DLL Services Configuration
MsnMsgr "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MsnMsgr
Steam
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Steam
Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php
****************************************
Browser helper objects:
{28CAEFF3-0F18-4036-B504-51D73BD81ABC} C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28CAEFF3-0F18-4036-B504-51D73BD81ABC}
****************************************
Toolbars:
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{C4F5E343-9494-4744-8E35-440449E45FD5} C:\Program Files\IEToolbar\Favouritelink_ToolBar_free_popupstopper.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{C4F5E343-9494-4744-8E35-440449E45FD5}
{825CF5BD-8862-4430-B771-0C15C5CA8DEF} C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{825CF5BD-8862-4430-B771-0C15C5CA8DEF}
{FAA356E4-D317-42A6-AB41-A3021C6E7D52} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{FAA356E4-D317-42A6-AB41-A3021C6E7D52}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{FAA356E4-D317-42A6-AB41-A3021C6E7D52}
{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
{32683183-48a0-441b-a342-7c2a440a9478} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
****************************************
All processes:
[System Process]
System
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
spoolsv.exe
explorer.exe
atiptaxx.exe
prositefinder.exe
ezSP_Px.exe
USBsircs.exe
ReserveModule.exe
gps.exe
prositefinderh.exe
prositefinder.exe
AVGUARD.EXE
AVWUPSRV.EXE
shwserv.exe
wdfmgr.exe
RM_SV.exe
alg.exe
explorer.exe
iexplore.exe
spywarescanner.exe
Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php
****************************************
Internet Explorer Settings:
Default_Page_URL http://www.microsoft...er=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
Default_Search_URL http://www.microsoft...=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
Local Page %SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
Search Page http://www.microsoft...=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
Start Page http://www.microsoft...er=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
SearchAssistant http://ie.search.msn...st/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
CustomizeSearch http://ie.search.msn...st/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\
www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www
http://home.microsof...search.asp?p=%s
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\
provider MSN
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider
Default_Page_URL http://www.microsoft...er=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
Default_Search_URL http://www.microsoft...=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
Local Page %SystemRoot%\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
Search Bar http://ie.search.msn...st/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
Search Page http://www.microsoft...=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
Start Page http://www.google.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
****************************************
Sign In
Create Account
