Bazooka Adware and Spyware Scanner Log 392

****************************************
Bazooka Adware and Spyware Scanner v1.13.01
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
Log created 23:43:04.
OS: Windows NT 5.1
Database version: 1.930000
Database format version: 1.020000
Database date: 20040326
Current date: 2004-03-28 23:43


****************************************
Result when scanning:

HuntBar 166.166.002 {850CD0B8-DA33-4558-A8C8-95D7908E37A7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{850CD0B8-DA33-4558-A8C8-95D7908E37A7}
http://www.kephyr.com/spywarescanner/library/huntbar/index.phtml

IGetNet 692.118.337 Update_Hosts.DLL
http://www.kephyr.com/spywarescanner/library/igetnet/index.phtml

KeenValue.Updater 643.000.001 %ProgramsDir%\Common Files\updater\
C:\Program Files\Common Files\updater\
http://www.kephyr.com/spywarescanner/library/keenvalue.updater/index.phtml

MS Media Player GUID 404.888.000
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
http://www.kephyr.com/spywarescanner/library/msmediaplayerguid/index.phtml

n-CASE 102.165.199 %ProgramsDir%\nCase\
C:\Program Files\nCase\
http://www.kephyr.com/spywarescanner/library/ncase/index.phtml

NetRatings 737.123.834 %ProgramsDir%\NETRATINGSNETMETER\
C:\Program Files\NETRATINGSNETMETER\
http://www.kephyr.com/spywarescanner/library/netratings/index.phtml

WeatherBug 828.313.151 Weather
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Weather
http://www.kephyr.com/spywarescanner/library/weatherbug/index.phtml

WeatherBug 661.552.442
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WeatherBug\DisplayName
http://www.kephyr.com/spywarescanner/library/weatherbug/index.phtml

WeatherBug 661.552.443 %ProgramsDir%\AWS\WeatherBug\
C:\Program Files\AWS\WeatherBug\
http://www.kephyr.com/spywarescanner/library/weatherbug/index.phtml

****************************************
Auto start entries:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\Quicken\bagent.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\sytem32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\Quicken\bagent.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\sytem32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\Webshots\WebshotsTray.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\Webshots\WebshotsTray.exe

Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Run entries:
BlockTracker c:\hp\bin\BlockTracker.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BlockTracker

hpsysdrv c:\windows\system\hpsysdrv.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\hpsysdrv

HotKeysCmds C:\WINDOWS\System32\hkcmd.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds

KBD C:\HP\KBD\KBD.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\KBD

AutoTBar C:\hp\bin\autotbar.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AutoTBar

Recguard C:\WINDOWS\SMINST\RECGUARD.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Recguard

NvCplDaemon RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon

nwiz nwiz.exe /installquiet /keeploaded
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\nwiz

PS2 C:\WINDOWS\system32\ps2.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PS2

ConMgr.exe "C:\Program Files\EarthLink 5.0\ConMgr.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ConMgr.exe

wcmdmgr C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\wcmdmgr

WT GameChannel C:\Program Files\WildTangent\Apps\GameChannel.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WT GameChannel

HPDJ Taskbar Utility C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HPDJ Taskbar Utility

CStar C:\PROGRA~1\CStar\CStar.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CStar

UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\UpdateManager

S3TRAY2 S3tray2.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\S3TRAY2

WinampAgent C:\Program Files\Winamp\winampa.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WinampAgent

QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task

system32.dll C:\WINDOWS\system\systeminit.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\system32.dll

pccguide.exe "C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\pccguide.exe

PCCClient.exe "C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PCCClient.exe

Pop3trap.exe "C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Pop3trap.exe

Openwares LiveUpdate C:\Program Files\LiveUpdate\LiveUpdate.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Openwares LiveUpdate

NVIEW rundll32.exe nview.dll,nViewLoadHook
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\NVIEW

MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MSMSGS

Weather C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Weather

EPSON Stylus COLOR 580 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P22 "EPSON Stylus COLOR 580" /O6 "USB001" /M "Stylus COLOR 580"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\EPSON Stylus COLOR 580

RoboForm "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\RoboForm

Yahoo! Pager C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Yahoo! Pager


Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Browser helper objects:

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} not set C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

{724d43a9-0d85-11d4-9908-00400523e39a} not set C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}

{AA58ED58-01DD-4d91-8333-CF10577473F7} not set c:\windows\googletoolbar1.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}


****************************************
Toolbars:

{8E718888-423F-11D2-876E-00A0C9082467} C:\WINDOWS\System32\msdxm.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E718888-423F-11D2-876E-00A0C9082467}

{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} C:\HP\EXPLOREBAR\HPTOOLKT.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}

{724d43a0-0d85-11d4-9908-00400523e39a} C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{724d43a0-0d85-11d4-9908-00400523e39a}

{2318C2B1-4965-11d4-9B18-009027A5CD4F} c:\windows\googletoolbar1.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F}

{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} C:\HP\EXPLOREBAR\HPTOOLKT.DLL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{724D43A0-0D85-11D4-9908-00400523E39A} C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{724D43A0-0D85-11D4-9908-00400523E39A}

{2318C2B1-4965-11D4-9B18-009027A5CD4F} c:\windows\googletoolbar1.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{724D43A0-0D85-11D4-9908-00400523E39A} C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{724D43A0-0D85-11D4-9908-00400523E39A}

{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} C:\HP\EXPLOREBAR\HPTOOLKT.DLL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{2318C2B1-4965-11D4-9B18-009027A5CD4F} c:\windows\googletoolbar1.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

{4528BBE0-4E08-11D5-AD55-00010333D0AD} C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}

{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

{850CD0B8-DA33-4558-A8C8-95D7908E37A7} C:\PROGRA~1\COMMON~1\MSIETS\msielink.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{850CD0B8-DA33-4558-A8C8-95D7908E37A7}

{8F4902B6-6C04-4ade-8052-AA58578A21BD} C:\WINDOWS\System32\Shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8F4902B6-6C04-4ade-8052-AA58578A21BD}

{32683183-48a0-441b-a342-7c2a440a9478} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

{4528BBE0-4E08-11D5-AD55-00010333D0AD} C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}

{EFA24E61-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}

{EFA24E62-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}


****************************************
All processes:

[System Process]
System
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
spoolsv.exe
Tmntsrv.exe
tmproxy.exe
explorer.exe
hpsysdrv.exe
kbd.exe
GameChannel.exe
hpztsb07.exe
CStar.exe
S3tray2.exe
winampa.exe
qttask.exe
pccguide.exe
PCCClient.exe
Pop3trap.exe
msmsgs.exe
Weather.exe
RoboTaskBarIcon.exe
YPager.exe
WZQKPICK.EXE
dialer.exe
wcmdmgr.exe
spywarescanner.exe

Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php

****************************************
Internet Explorer Settings:

Default_Page_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Local Page C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

Search Bar http://www.thebestse.com/search.shtml
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page http://www.thebestse.com/search.shtml
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://www.thebestse.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

Use Search Asst no
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Use Search Asst

SearchAssistant http://www.thebestse.com/search.shtml
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

CustomizeSearch http://www.thebestse.com/search.shtml
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

User Stylesheet C:\WINDOWS\sstyle.css
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Styles\User Stylesheet

http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\

provider
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider

Default_Page_URL http://www.thebestse.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Default_Search_URL http://www.thebestse.com/search.shtml
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Local Page C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

Search Bar http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page http://www.thebestse.com/search.shtml
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://www.yahoo.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

Use Search Asst yes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst

Default_Search_URL http://www.thebestse.com/search.shtml
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\Default_Search_URL

SearchAssistant http://www.thebestse.com/search.shtml
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant

CustomizeSearch http://www.thebestse.com/search.shtml
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

User Stylesheet C:\WINDOWS\sstyle.css
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Styles\User Stylesheet


****************************************




Related links

Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!

The File Database - Search the file database for more information. Free!

PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!

Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.



FreeFixer
Read more about FreeFixer, Kephyr's latest spyware removal tool.
Home & Products |  Legal |  Privacy |  Search

© Kephyr, 2003-2012. HtmlTidy, HTML 4.01, CSS andy@kephyr.com