Bazooka Adware and Spyware Scanner Log 328

****************************************
Bazooka Adware and Spyware Scanner v1.13.01
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
Log created 06:02:28.
OS: Windows NT 5.1
Database version: 2.040000
Database format version: 1.020000
Database date: 20040518
Current date: 2004-05-25 06:02


****************************************
Result when scanning:

WeatherBug 828.313.151 Weather
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Weather
http://www.kephyr.com/spywarescanner/library/weatherbug/index.phtml

WeatherBug 661.552.442
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WeatherBug\DisplayName
http://www.kephyr.com/spywarescanner/library/weatherbug/index.phtml

WeatherBug 661.552.443 %ProgramsDir%\AWS\WeatherBug\
C:\Program Files\AWS\WeatherBug\
http://www.kephyr.com/spywarescanner/library/weatherbug/index.phtml

****************************************
Auto start entries:
C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
C:\Program Files\Marimba\Application Installer\Tuner.exe -noprimary
C:\Program Files\Backup To L Drive\Backup My Documents.cmd
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Palm\HOTSYNC.EXE
C:\Program Files\Zone Labs\Integrity Agent\iagent.exe -nopopup
C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
C:\Program Files\Marimba\Application Installer\Tuner.exe -noprimary
C:\Program Files\Backup To L Drive\Backup My Documents.cmd
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Palm\HOTSYNC.EXE
C:\Program Files\Zone Labs\Integrity Agent\iagent.exe -nopopup
C:\Documents and Settings\PPS285\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\PPS285\Start Menu\Programs\Startup\desktop.ini

Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Run entries:
AtiPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AtiPTA

ATIModeChange Ati2mdxx.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ATIModeChange

CARPService carpserv.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CARPService

vptray C:\Program Files\NavNT\vptray.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\vptray

AdaptecDirectCD C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AdaptecDirectCD

QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task

ACUMon "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ACUMon

ReportListener "C:\Program Files\Nortel Networks\Symposium Call Center Server\client\en\bin\nicrlstn.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ReportListener

WinVNC "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WinVNC

HPDJ Taskbar Utility C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HPDJ Taskbar Utility

mswspl
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\mswspl

2DBQCWZ2XBYZM2 C:\WINDOWS\System32\LsxI5g.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\2DBQCWZ2XBYZM2

TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TkBellExe

SysUpd C:\WINDOWS\sysupd.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SysUpd

SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched

Logitech Utility Logi_MwX.Exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Logitech Utility

jPgXtN.exe C:\documents and settings\pps285\local settings\temp\jPgXtN.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\jPgXtN.exe

DiscoverDeskshop C:\Program Files\Discover Deskshop\Deskshop.exe /dontopenmycards
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\DiscoverDeskshop

Client Access Service "C:\Program Files\IBM\Client Access\CwbSvStr.Exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Client Access Service

Client Access Help Update "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Client Access Help Update

Client Access Check Version "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Client Access Check Version

AutoLoader50qt1bIfXbPO "C:\WINDOWS\System32\ufagr1.exe" /PC="AM.WILD" /HideUninstall
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AutoLoader50qt1bIfXbPO

Apoint C:\Program Files\Apoint\Apoint.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Apoint

579R3nV ufagr1.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\579R3nV

Weather C:\Program Files\AWS\WeatherBug\Weather.exe 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Weather

Sametime Connect C:\Program Files\Lotus\Sametime Client\Connect.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Sametime Connect

HM Update C:\PROGRA~1\HMI\HMUpdate\HMUpdate\hmupdate.exe lu30
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\HM Update


Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Browser helper objects:

{02478D38-C3F9-4efb-9B51-7695ECA05670} not set C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} not set C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

{8DB3D69D-DA5E-4165-B781-72A761790672} Discover deskshop Browser Helper Object C:\WINDOWS\System32\BhoDshop.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DB3D69D-DA5E-4165-B781-72A761790672}


****************************************
Toolbars:

{2F58E342-EEBD-46D4-AD58-5939C428C440} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{2F58E342-EEBD-46D4-AD58-5939C428C440}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2F58E342-EEBD-46D4-AD58-5939C428C440}

{8E718888-423F-11D2-876E-00A0C9082467} C:\WINDOWS\system32\msdxm.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E718888-423F-11D2-876E-00A0C9082467}

{EF99BD32-C1FB-11D2-892F-0090271D4F88} C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{2F58E342-EEBD-46D4-AD58-5939C428C440} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{2F58E342-EEBD-46D4-AD58-5939C428C440}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{2F58E342-EEBD-46D4-AD58-5939C428C440}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{2F58E342-EEBD-46D4-AD58-5939C428C440} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{2F58E342-EEBD-46D4-AD58-5939C428C440}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2F58E342-EEBD-46D4-AD58-5939C428C440}

{EF99BD32-C1FB-11D2-892F-0090271D4F88} C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

{32683183-48a0-441b-a342-7c2a440a9478} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

{EFA24E64-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}


****************************************
All processes:

[System Process]
System
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
nslsvice.exe
nsl.exe
ati2evxx.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
spoolsv.exe
scardsvr.exe
cvpnd.exe
defwatch.exe
rtvscan.exe
vsmon.exe
winvnc.exe
ati2evxx.exe
explorer.exe
atiptaxx.exe
carpserv.exe
vptray.exe
Directcd.exe
ACUMon.exe
hpztsb04.exe
realsched.exe
jusched.exe
LOGI_MWX.EXE
jPgXtN.exe
Apoint.exe
Weather.exe
Connect.exe
ApntEx.exe
HOTSYNC.EXE
iagent.exe
Yrtzf.exe
YabRFy8f.exe
iexplore.exe
spywarescanner.exe

Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php

****************************************
Internet Explorer Settings:

Default_Page_URL http://hmn.hermanmiller.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Local Page C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

provider
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider

Local Page C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

Search Bar file://C:\WINDOWS\System32\SearchBar.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://hmn.hermanmiller.com/HMN/Intranet.nsf
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page


****************************************