Bazooka Adware and Spyware Scanner Log 193

****************************************
Bazooka Adware and Spyware Scanner v1.13.01
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
Log created 21:35:09.
OS: Windows NT 5.0
Database version: 1.940000
Database format version: 1.020000
Database date: 20040402
Current date: 2004-04-04 21:35


****************************************
Result when scanning:

DateManager 837.900.000 %ProgramsDir%\Date Manager\
C:\Program Files\Date Manager\
http://www.kephyr.com/spywarescanner/library/datemanager/index.phtml

MS Media Player GUID 404.888.000
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
http://www.kephyr.com/spywarescanner/library/msmediaplayerguid/index.phtml

WeatherBug 661.552.443 %ProgramsDir%\AWS\WeatherBug\
C:\Program Files\AWS\WeatherBug\
http://www.kephyr.com/spywarescanner/library/weatherbug/index.phtml

General Virus, Worm, Trojan 295.000.000 Services
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Services
http://www.kephyr.com/spywarescanner/library/generalvirus/index.phtml

W32.Welchia.B.Worm 534.666.000 %SystemDir%\drivers\svchost.exe
C:\WINNT\system32\\drivers\svchost.exe
http://www.kephyr.com/spywarescanner/library/w32.welchia.b.worm/index.phtml

WebSearch Toolbar.Emailplug 474.900.000 MyWebSearch Email Plugin
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin
http://www.kephyr.com/spywarescanner/library/websearchtoolbar.emailplug/index.phtml

WebSearch Toolbar.bho1 475.900.000 {00A6FAF1-072E-44cf-8957-5838F569A31D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
http://www.kephyr.com/spywarescanner/library/websearchtoolbar.bho1/index.phtml

WebSearch Toolbar.bho2 476.900.000 {07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
http://www.kephyr.com/spywarescanner/library/websearchtoolbar.bho2/index.phtml

WebSearch Toolbar.b 477.900.000 {07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
http://www.kephyr.com/spywarescanner/library/websearchtoolbar.b/index.phtml

WebSearch Toolbar.b 477.900.000 {07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
http://www.kephyr.com/spywarescanner/library/websearchtoolbar.b/index.phtml

WebSearch Toolbar.b 477.900.000 {07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
http://www.kephyr.com/spywarescanner/library/websearchtoolbar.b/index.phtml

ZipClix 930.000.003 {319A68DB-06D0-46DA-9F93-A810D5A70836}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{319A68DB-06D0-46DA-9F93-A810D5A70836}
http://www.kephyr.com/spywarescanner/library/zipclix/index.phtml

****************************************
Auto start entries:
C:\Program Files\ISS\BlackICE\blackice.exe -closed
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
C:\Program Files\ISS\BlackICE\blackice.exe -closed
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
C:\Program Files\Desktop Alert\desktopalert_1205693.exe
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
C:\Program Files\Desktop Alert\desktopalert_1205693.exe
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE

Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Run entries:
Synchronization Manager mobsync.exe /logon
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Synchronization Manager

QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task

P2P Networking C:\WINNT\system32\P2P Networking\P2P Networking.exe /AUTOSTART
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\P2P Networking

ccApp C:\Program Files\Common Files\Symantec Shared\ccApp.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ccApp

ccRegVfy "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ccRegVfy

Advanced Tools Check C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Advanced Tools Check

Microsoft Works Update Detection C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Works Update Detection

ICQ Lite C:\Program Files\ICQLite\ICQLite.exe -minimize
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ICQ Lite

MSN Status Manager MSNMG.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSN Status Manager

hidden32 c:\winnt\security\hid.exe c:\winnt\security\winlogon.exe c:\winnt\security\security.ini
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\hidden32

Services C:\WINNT\system32\DRIVERS\SVCHOST.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Services

WebScan C:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE -k
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WebScan

eanth_critical_update_alert C:\PROGRA~1\ACCELE~1\SYSTEM~1\sys_alert.exe /Startup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\eanth_critical_update_alert

MyWebSearch Email Plugin C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin

Y!TunnelPro C:\Program Files\Digital Asphyxia\Y!TunnelPro V1.3 Build 264\YTunnelPro.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Y!TunnelPro

msnmsgr "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\msnmsgr

IncrediMail C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\IncrediMail

AIM C:\Program Files\AIM\aim.exe -cnetwait.odl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AIM

ICQ Lite C:\Program Files\ICQLite\ICQLite.exe -trayboot
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\ICQ Lite


Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Browser helper objects:

{00A6FAF1-072E-44cf-8957-5838F569A31D} MyWebSearch Search Assistant BHO C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}

{02478D38-C3F9-4efb-9B51-7695ECA05670} not set C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}

{07B18EA1-A523-4961-B6BB-170DE4475CCA} mwsBar BHO C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

{BDF3E430-B101-42AD-A544-FADC6B084872} not set C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}


****************************************
Toolbars:

{8E718888-423F-11D2-876E-00A0C9082467} C:\WINNT\System32\msdxm.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E718888-423F-11D2-876E-00A0C9082467}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{EF99BD32-C1FB-11D2-892F-0090271D4F88} C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

{07B18EA9-A523-4961-B6BB-170DE4475CCA} C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINNT\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINNT\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{07B18EA9-A523-4961-B6BB-170DE4475CCA} C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINNT\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINNT\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{EF99BD32-C1FB-11D2-892F-0090271D4F88} C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

{319A68DB-06D0-46DA-9F93-A810D5A70836} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{319A68DB-06D0-46DA-9F93-A810D5A70836}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{319A68DB-06D0-46DA-9F93-A810D5A70836}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}

{07B18EA9-A523-4961-B6BB-170DE4475CCA} C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

{4528BBE0-4E08-11D5-AD55-00010333D0AD} C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}

{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINNT\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

{30D02401-6A81-11D0-8274-00C04FD5AE38} C:\WINNT\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}

{32683183-48a0-441b-a342-7c2a440a9478} C:\WINNT\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

{4528BBE0-4E08-11D5-AD55-00010333D0AD} C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}

{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} C:\WINNT\system32\shell32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}

{EFA24E61-B078-11D0-89E4-00C04FC9E26E} C:\WINNT\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}


****************************************
All processes:

[System Process]
System
SMSS.EXE
CSRSS.EXE
WINLOGON.EXE
SERVICES.EXE
LSASS.EXE
svchost.exe
CCEVTMGR.EXE
spoolsv.exe
blackd.exe
svchost.exe
firedaemon.exe
service.exe
NAVAPSVC.EXE
NPROTECT.EXE
regsvc.exe
mstask.exe
svchost1.exe
WinMgmt.exe
mspmspsv.exe
explorer.exe
svchost.exe
P2P Networking.
CCAPP.EXE
ICQLite.exe
SVCHOST.EXE
MWSOEMON.EXE
YTunnelPro.exe
msnmsgr.exe
aim.exe
blackice.exe
desktopalert_12
IMApp.exe
YPager.exe
msimn.exe
spywarescanner.
IEXPLORE.EXE

Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php

****************************************
Internet Explorer Settings:

Default_Page_URL http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Default_Search_URL http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Local Page C:\WINNT\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

Search Bar http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\

provider yaho
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider

Local Page C:\WINNT\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

Search Bar http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page


****************************************




Related links

Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!

The File Database - Search the file database for more information. Free!

PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!

Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.


FreeFixer
Read more about FreeFixer, Kephyr's latest spyware removal tool.
Home & Products |  Legal |  Privacy |  Search

© Kephyr, 2003-2012. HtmlTidy, HTML 4.01, CSS andy@kephyr.com