Bazooka Adware and Spyware Scanner Log 506

****************************************
Bazooka Adware and Spyware Scanner v1.13.01
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
Log created 09:32:32.
OS: Windows NT 5.0
Database version: 2.050000
Database format version: 1.020000
Database date: 20040526
Current date: 2004-06-08 09:32


****************************************
Result when scanning:

Cydoor 399.000.000 %SystemDir%\AdCache\
C:\WINNT\system32\\AdCache\
http://www.kephyr.com/spywarescanner/library/cydoor/index.phtml

Cydoor 399.000.001 Cd_clint.dll
http://www.kephyr.com/spywarescanner/library/cydoor/index.phtml

DownloadWare 825.997.947 DownloadWare
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\DownloadWare
http://www.kephyr.com/spywarescanner/library/downloadware/index.phtml

DownloadWare 825.997.949 %ProgramsDir%\DownloadWare\
C:\Program Files\DownloadWare\
http://www.kephyr.com/spywarescanner/library/downloadware/index.phtml

Gator 112.997.000 GMT.exe
http://www.kephyr.com/spywarescanner/library/gain/index.phtml

Gator 102.098.947 CMESys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CMESys
http://www.kephyr.com/spywarescanner/library/gain/index.phtml

Winstartup 132.420.000 WINSTA~1.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WINSTA~1.EXE
http://www.kephyr.com/spywarescanner/library/winstartup/index.phtml

IGetNet 192.198.147 WinStart001.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WinStart001.EXE
http://www.kephyr.com/spywarescanner/library/igetnet/index.phtml

IGetNet 692.118.337 bho001.dll
http://www.kephyr.com/spywarescanner/library/igetnet/index.phtml

IGetNet 692.118.540 %WinDir%\system\winstart001.exe
C:\WINNT\system\winstart001.exe
http://www.kephyr.com/spywarescanner/library/igetnet/index.phtml

IGetNet 692.118.541 {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{60E78CAC-E9A7-4302-B9EE-8582EDE22FBF}
http://www.kephyr.com/spywarescanner/library/igetnet/index.phtml

My Search Bar 777.777.778 c:\Program Files\MyWay\
c:\Program Files\MyWay\
http://www.kephyr.com/spywarescanner/library/mysearchbar/index.phtml

Scbar 190.092.390 SearchEnhancement
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SearchEnhancement
http://www.kephyr.com/spywarescanner/library/scbar/index.phtml

Scbar 190.092.391 %ProgramsDir%\scbar\
C:\Program Files\scbar\
http://www.kephyr.com/spywarescanner/library/scbar/index.phtml

Scbar 190.092.392 {22941A26-7033-432C-94C7-6371DE343822}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{22941A26-7033-432C-94C7-6371DE343822}
http://www.kephyr.com/spywarescanner/library/scbar/index.phtml

****************************************
Auto start entries:
C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\GMT\GMT.exe /startup
C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\GMT\GMT.exe /startup
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Webshots\WebshotsTray.exe

Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Run entries:
Synchronization Manager mobsync.exe /logon
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Synchronization Manager

CreateCD50 "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CreateCD50

AdaptecDirectCD "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AdaptecDirectCD

MULTIMEDIA KEYBOARD C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MULTIMEDIA KEYBOARD

WorksFUD C:\Program Files\Microsoft Works\wkfud.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WorksFUD

Microsoft Works Portfolio C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Works Portfolio

Microsoft Works Update Detection C:\Program Files\Microsoft Works\WkDetect.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Works Update Detection

HP LaserJet ToolBox hppropty.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HP LaserJet ToolBox

LoadQM loadqm.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\LoadQM

DownloadWare "C:\Program Files\DownloadWare\dw.exe" /H
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\DownloadWare

WinStart001.EXE C:\WINNT\System\WinStart001.EXE -b
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WinStart001.EXE

TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TkBellExe

SearchEnhancement "C:\Program Files\scbar\v1\scbar.exe" /U
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SearchEnhancement

CMESys "C:\Program Files\Common Files\CMEII\CMESys.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CMESys

QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\

StatusClient C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\StatusClient

TomcatStartup C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TomcatStartup

WINSTA~1.EXE C:\WINNT\System\WINSTA~1.EXE -b
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WINSTA~1.EXE

wcmdmgr C:\WINNT\wt\updater\wcmdmgrl.exe -launch
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\wcmdmgr

ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ccApp

URLLSTCK.exe C:\Program Files\Norton Internet Security\UrlLstCk.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\URLLSTCK.exe

MoneyAgent "C:\Program Files\Microsoft Money\System\Money Express.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MoneyAgent

msnmsgr "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\msnmsgr

Print! C:\Program Files\Print!\print!.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Print!


Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Browser helper objects:

{0421701D-CF13-4E70-ADF0-45A953E7CB8B} Recommended Hotfix C:\Program Files\Recommended Hotfix - 421701D\v15\RH.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0421701D-CF13-4E70-ADF0-45A953E7CB8B}

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} not set C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

{22941A26-7033-432C-94C7-6371DE343822} not set C:\Program Files\scbar\v1\scbar.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22941A26-7033-432C-94C7-6371DE343822}

{60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} Natural Language Navigation C:\WINNT\System\BHO001.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60E78CAC-E9A7-4302-B9EE-8582EDE22FBF}

{9ECB9560-04F9-4bbc-943D-298DDF1699E1} Web assistant C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}

{BDF3E430-B101-42AD-A544-FADC6B084872} NAV Helper C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}


****************************************
Toolbars:

{8E718888-423F-11D2-876E-00A0C9082467} C:\WINNT\System32\msdxm.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E718888-423F-11D2-876E-00A0C9082467}

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Toolbar\01.01.1601.0\en-ca\msntb.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINNT\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINNT\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINNT\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINNT\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Toolbar\01.01.1601.0\en-ca\msntb.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}

{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINNT\system32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} C:\WINNT\System32\Shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}

{32683183-48a0-441b-a342-7c2a440a9478} C:\WINNT\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} C:\WINNT\system32\shell32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}

{EFA24E61-B078-11D0-89E4-00C04FC9E26E} C:\WINNT\system32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}


****************************************
All processes:

[System Process]
System
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
ccSetMgr.exe
ccEvtMgr.exe
spoolsv.exe
nhksrv.exe
ccProxy.exe
svchost.exe
navapsvc.exe
pppoeservice.ex
regsvc.exe
SAVScan.exe
MSTask.exe
SNDSrvc.exe
symlcsvc.exe
mspmspsv.exe
svchost.exe
Explorer.EXE
CreateCD50.exe
DirectCD.exe
MMKeybd.exe
mmusbkb2.exe
TrayMon.exe
hppropty.exe
OSD.exe
dw.exe
realsched.exe
qttask.exe
StatusClient.ex
svchost.exe
ccApp.exe
wcmdmgr.exe
MsnMsgr.Exe
javaw.exe
print!.exe
wkcalrem.exe
WZQKPICK.EXE
WebshotsTray.ex
rh.exe
spywarescanner.

Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php

****************************************
Internet Explorer Settings:

http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl\

Default_Page_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Default_Search_URL http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Local Page C:\WINNT\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

Search Bar http://www.searchenhancement.com/searchbar/iev1.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\

provider
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider

Default_Page_URL http://www.dellnet.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Local Page C:\WINNT\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

Search Bar http://www.searchenhancement.com/searchbar/iev1.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://www.google.ca/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

SearchAssistant http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant


****************************************




Related links

Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!

The File Database - Search the file database for more information. Free!

PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!

Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.




FreeFixer
I'm working on a new spyware removal tool. Would you like to help me with the testing?
Koffix Blocker - Block bad web sites.
Home & Products |  Legal |  Search

© Kephyr, 2003-2006. HtmlTidy, HTML 4.01, CSS andy@kephyr.com