Bazooka Adware and Spyware Scanner Log 719

****************************************
Bazooka Adware and Spyware Scanner v1.13.01
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
Log created 22:12:42.
OS: Windows NT 5.1
Database version: 2.130000
Database format version: 1.020000
Database date: 20040706
Current date: 2004-07-06 22:12


****************************************
Result when scanning:

MS Media Player GUID 404.888.000
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
http://www.kephyr.com/spywarescanner/library/msmediaplayerguid/index.phtml

****************************************
Auto start entries:
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l
C:\Documents and Settings\sebrady\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l
C:\Documents and Settings\sebrady\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l

Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Run entries:

SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched

SoundMan SOUNDMAN.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SoundMan

RoxioEngineUtility "C:\Program Files\Common Files\RoxioShared\System\EngUtil.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\RoxioEngine Utility

RoxioDragToDisc "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\RoxioDragTo Disc

RoxioAudioCentral "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\RoxioAudioC entral

QD FastAndSafe "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QD FastAndSafe

POINTER C:\Program Files\Microsoft Hardware\Mouse\point32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\POINTER

PinnacleDriverCheck C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PinnacleDriverCheck

MsmqIntCert regsvr32 /s mqrt.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MsmqIntCert

ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ATIPTA

RemoteControl "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\RemoteControl

UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\UpdateManager

PCLEPCI C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PCLEPCI

iexg32.exe C:\WINDOWS\system32\iexg32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\iexg32.exe

QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task

KernelFaultCheck C:\WINDOWS\system32\dumprep 0 -k
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\KernelFaultCheck

IMJPMIG8.1 "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\IMJPMIG8.1

IMEKRMIG6.1 C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\IMEKRMIG6.1

mfcot32.exe C:\WINDOWS\system32\mfcot32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\mfcot32.exe

ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ccApp

URLLSTCK.exe C:\Program Files\Norton Internet Security\UrlLstCk.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\URLLSTCK.exe

sdkaz.exe C:\WINDOWS\system32\sdkaz.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\sdkaz.exe

addoh32.exe C:\WINDOWS\system32\addoh32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\addoh32.exe

iebs.exe C:\WINDOWS\iebs.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\iebs.exe

winyy32.exe C:\WINDOWS\system32\winyy32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\winyy32.exe

ntqd32.exe C:\WINDOWS\system32\ntqd32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\ntqd32.exe

mfcfn32.exe C:\WINDOWS\mfcfn32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\mfcfn32.exe

ipfz.exe C:\WINDOWS\system32\ipfz.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\ipfz.exe

mfcrr32.exe C:\WINDOWS\system32\mfcrr32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\mfcrr32.exe

apind32.exe C:\WINDOWS\apind32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\apind32.exe

ipqd32.exe C:\WINDOWS\system32\ipqd32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\ipqd32.exe

addje32.exe C:\WINDOWS\system32\addje32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\addje32.exe

iedv32.exe C:\WINDOWS\system32\iedv32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\iedv32.exe

MSMSGS "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MSMSGS

Desktop Weather 3 C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Desktop Weather 3

Symantec NetDriver Monitor C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Symantec NetDriver Monitor


Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Browser helper objects:

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} not set C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

{544F8ECF-7661-CF47-2FD0-EA32255B9B7C} C:\WINDOWS\system32\apigt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{544F8ECF-7661-CF47-2FD0-EA32255B9B7C}

{BDF3E430-B101-42AD-A544-FADC6B084872} NAV Helper C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}


****************************************
Toolbars:

{8E718888-423F-11D2-876E-00A0C9082467} C:\WINDOWS\System32\msdxm.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E718888-423F-11D2-876E-00A0C9082467}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

{30D02401-6A81-11D0-8274-00C04FD5AE38} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}

{32683183-48a0-441b-a342-7c2a440a9478} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}

{EFA24E61-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}

{EFA24E62-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}

{EFA24E64-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}


****************************************
All processes:

[System Process]
System
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
ati2evxx.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
ccSetMgr.exe
ccEvtMgr.exe
spoolsv.exe
CCPROXY.EXE
dcfssvc.exe
inetinfo.exe
msdtc.exe
NAVAPSVC.EXE
NPROTECT.EXE
SAVScan.exe
tcpsvcs.exe
SNDSrvc.exe
snmp.exe
NOPDB.exe
symlcsvc.exe
MsPMSPSv.exe
sdkaz.exe
mqsvc.exe
mqtgsvc.exe
ati2evxx.exe
explorer.exe
jusched.exe
SOUNDMAN.EXE
DrgToDsc.exe
RxMon.exe
ccApp.exe
point32.exe
atiptaxx.exe
PDVDServ.exe
sgtray.exe
iexg32.exe
qttask.exe
ccApp.exe
msmsgs.exe
AcroTray.exe
Playlist.exe
spywarescanner.exe
spywarescanner.exe
iexplore.exe
MDM.EXE

Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php

****************************************
Internet Explorer Settings:

Default_Page_URL res://yjmeb.dll/index.html#28129
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Default_Search_URL res://C:\WINDOWS\yjmeb.dll/sp.html#28129
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Local Page C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

Search Page res://C:\WINDOWS\yjmeb.dll/sp.html#28129
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page res://yjmeb.dll/index.html#28129
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

Use Search Asst no
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Use Search Asst

SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPref ix\

www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

provider
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider

Local Page C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

Search Page res://C:\WINDOWS\yjmeb.dll/sp.html#28129
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page res://yjmeb.dll/index.html#28129
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

Use Search Asst no
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst


****************************************