Bazooka Adware and Spyware Scanner Log 560

****************************************
Bazooka Adware and Spyware Scanner v1.13.01
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
Log created 12:36:01.
OS: Windows NT 5.1
Database version: 2.050000
Database format version: 1.020000
Database date: 20040526
Current date: 2004-06-02 12:36


****************************************
Result when scanning:

Bargain Buddy 102.997.949 %ProgramsDir%\Bargain Buddy\
C:\Program Files\Bargain Buddy\
http://www.kephyr.com/spywarescanner/library/bargainbuddy/index.phtml

Cydoor 399.000.001 Cd_clint.dll
http://www.kephyr.com/spywarescanner/library/cydoor/index.phtml

IE SearchBar 328.550.001 %ProgramsDir%\IESEARCHBAR\
C:\Program Files\IESEARCHBAR\
http://www.kephyr.com/spywarescanner/library/iesearchbar/index.phtml

Internet Optimizer 123.000.003 %ProgramsDir%\Internet Optimizer\
C:\Program Files\Internet Optimizer\
http://www.kephyr.com/spywarescanner/library/internetoptimizer/index.phtml

n-CASE 102.165.198 ncmyb.dll
http://www.kephyr.com/spywarescanner/library/ncase/index.phtml

NetRatings 737.123.834 %ProgramsDir%\Netratings\
C:\Program Files\Netratings\
http://www.kephyr.com/spywarescanner/library/netratings/index.phtml

WeatherBug 661.552.443 %ProgramsDir%\AWS\WeatherBug\
C:\Program Files\AWS\WeatherBug\
http://www.kephyr.com/spywarescanner/library/weatherbug/index.phtml

WebSearch Toolbar.Emailplug 474.900.000 MyWebSearch Email Plugin
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin
http://www.kephyr.com/spywarescanner/library/websearchtoolbar.emailplug/index.phtml

WebSearch Toolbar.bho1 475.900.000 {00A6FAF1-072E-44cf-8957-5838F569A31D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
http://www.kephyr.com/spywarescanner/library/websearchtoolbar.bho1/index.phtml

WebSearch Toolbar.bho2 476.900.000 {07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
http://www.kephyr.com/spywarescanner/library/websearchtoolbar.bho2/index.phtml

WebSearch Toolbar.b 477.900.000 {07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
http://www.kephyr.com/spywarescanner/library/websearchtoolbar.b/index.phtml

WebSearch Toolbar.b 477.900.000 {07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
http://www.kephyr.com/spywarescanner/library/websearchtoolbar.b/index.phtml

****************************************
Auto start entries:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe -DeviceID 1062995754
C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe -DeviceID 1062995754
C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Documents and Settings\Cody\Start Menu\Programs\Startup\DESKTOP.INI
C:\Documents and Settings\Cody\Start Menu\Programs\Startup\DESKTOP.INI

Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Run entries:
ATIModeChange Ati2mdxx.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ATIModeChange

BCMSMMSG BCMSMMSG.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BCMSMMSG

ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ATIPTA

CTHelper CTHELPER.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CTHelper

UpdReg C:\WINDOWS\UpdReg.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\UpdReg

DVDSentry C:\WINDOWS\System32\DSentry.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\DVDSentry

AdaptecDirectCD "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AdaptecDirectCD

TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TkBellExe

DwlClient C:\Program Files\Common Files\Dell\EUSW\Support.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\DwlClient

AVG_CC C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AVG_CC

KAZAA C:\Program Files\Kazaa\Kazaa.exe /SYSTRAY
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\KAZAA

sr1exe "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\sr1exe

Share-to-Web Namespace Daemon C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Share-to-Web Namespace Daemon

CTSysVol C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CTSysVol

CTDVDDet C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CTDVDDet

eynaeugw C:\WINDOWS\fckqkbwe.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\eynaeugw

tmtgpowc C:\WINDOWS\tpqqpomr.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\tmtgpowc

mmtask C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\mmtask

QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task

ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ViewMgr

cvbbh C:\WINDOWS\jijak.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\cvbbh

zamkyg C:\WINDOWS\bjcqczea.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\zamkyg

ooahrnqgw C:\WINDOWS\nvde.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ooahrnqgw

ctfmon.exe C:\WINDOWS\System32\ctfmon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe

MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MSMSGS

GameSpot "C:\Program Files\Kontiki\bin\kontiki.exe" -s GameSpot -q
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\GameSpot


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\

Yahoo! Pager C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Yahoo! Pager

AIM C:\Program Files\AIM\aim.exe -cnetwait.odl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AIM

Spam Alarm Proxy C:\PROGRA~1\DIGNIT~1\SPAMAL~2\spmalarm.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Spam Alarm Proxy

MyWebSearch Email Plugin C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin


Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Browser helper objects:

{00A6FAF1-072E-44cf-8957-5838F569A31D} MyWebSearch Search Assistant BHO C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}

{029CA12C-89C1-46a7-A3C7-82F2F98635CB} not set C:\Program Files\Kontiki\bin\bh304181.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{029CA12C-89C1-46a7-A3C7-82F2F98635CB}

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} not set C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

{07B18EA1-A523-4961-B6BB-170DE4475CCA} mwsBar BHO C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

{7D85DB05-73C4-4824-9D54-7589847CD869} C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL C:\WINDOWS\jwweh.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D85DB05-73C4-4824-9D54-7589847CD869}

{AA58ED58-01DD-4d91-8333-CF10577473F7} not set c:\program files\google\googletoolbar2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}

{EB1F11BF-1690-45FA-A9F1-D702FE874653} c:\program files\google\googletoolbar2.dll C:\WINDOWS\bhycknp.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB1F11BF-1690-45FA-A9F1-D702FE874653}


****************************************
Toolbars:

{8E718888-423F-11D2-876E-00A0C9082467} C:\WINDOWS\System32\msdxm.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E718888-423F-11D2-876E-00A0C9082467}

{07B18EA9-A523-4961-B6BB-170DE4475CCA} C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

{2318C2B1-4965-11d4-9B18-009027A5CD4F} c:\program files\google\googletoolbar2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F}

{2318C2B1-4965-11D4-9B18-009027A5CD4F} c:\program files\google\googletoolbar2.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{2318C2B1-4965-11D4-9B18-009027A5CD4F} c:\program files\google\googletoolbar2.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

{71ED4FBA-4024-4BBE-91DC-9704C93F453E} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{71ED4FBA-4024-4BBE-91DC-9704C93F453E}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{71ED4FBA-4024-4BBE-91DC-9704C93F453E}

{07B18EA9-A523-4961-B6BB-170DE4475CCA} C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

{4528BBE0-4E08-11D5-AD55-00010333D0AD} C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}

{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} C:\WINDOWS\System32\Shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}

{32683183-48a0-441b-a342-7c2a440a9478} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

{4528BBE0-4E08-11D5-AD55-00010333D0AD} C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}

{EFA24E61-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}


****************************************
All processes:

[System Process]
System
SMSS.EXE
CSRSS.EXE
WINLOGON.EXE
SERVICES.EXE
LSASS.EXE
ati2evxx.exe
SVCHOST.EXE
SVCHOST.EXE
SVCHOST.EXE
SVCHOST.EXE
SPOOLSV.EXE
ALG.EXE
avgserv.exe
CISVC.EXE
CTSVCCDA.EXE
mdm.exe
SVCHOST.EXE
wanmpsvc.exe
MsPMSPSv.exe
CIDAEMON.EXE
CIDAEMON.EXE
ati2evxx.exe
explorer.exe
BCMSMMSG.exe
CTHELPER.EXE
DSentry.exe
Directcd.exe
realsched.exe
Support.exe
avgcc32.exe
hpgs2wnd.exe
CTSysVol.exe
CTDVDDET.exe
fckqkbwe.exe
tpqqpomr.exe
mmtask.exe
hpgs2wnf.exe
ViewMgr.exe
jijak.exe
bjcqczea.exe
nvde.exe
CTFMON.EXE
kontiki.exe
aim.exe
MWSOEMON.EXE
iexplore.exe
spywarescanner.exe

Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php

****************************************
Internet Explorer Settings:

Default_Page_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Local Page C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://education.dellnet.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

SearchAssistant http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

http://www.google.com/keyword/%s
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\

provider gogl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider

Default_Page_URL http://education.dellnet.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Local Page C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

Search Bar http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://www.nfl.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

Use Search Asst no
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst


****************************************




Related links

Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!

The File Database - Search the file database for more information. Free!

PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!

Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.



FreeFixer
Read more about FreeFixer, Kephyr's latest spyware removal tool.
Home & Products |  Legal |  Privacy |  Search

© Kephyr, 2003-2012. HtmlTidy, HTML 4.01, CSS andy@kephyr.com