Bazooka Adware and Spyware Scanner Log 89

Bazooka Adware and Spyware Scanner v1.13
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
Log created 15:36:54.
OS: Windows NT 5.1
Database version: 1.830000
Database format version: 1.020000
Database date: 20040227
Current date: 2004-02-29 15:36

****************************************
Result when scanning:
CoolWebSearch.sys 461.000.001 sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\sys
http://www.kephyr.com/spywarescanner/library/coolwebsearch.sys/index.phtml
MS Media Player GUID 404.888.000
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
http://www.kephyr.com/spywarescanner/library/msmediaplayerguid/index.phtml
General Virus, Worm, Trojan 294.000.006 Online Service
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Online Service
http://www.kephyr.com/spywarescanner/library/generalvirus/index.phtml
****************************************
Auto start entries:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l
C:\WINDOWS\Installer\{A839294B-70A9-11D5-9F5A-0050DAD742CD}\_5880C51.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Reboot.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l
C:\WINDOWS\Installer\{A839294B-70A9-11D5-9F5A-0050DAD742CD}\_5880C51.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Reboot.exe
C:\Documents and Settings\-\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\-\Start Menu\Programs\Startup\desktop.ini
Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php
****************************************
Run entries:
Pad39A-HtEHL E:\Pad39A.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Pad39A-HtEHL
NeroCheck C:\WINDOWS\System32\\NeroCheck.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NeroCheck
InCD C:\Program Files\Ahead\InCD\InCD.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\InCD
Online Service C:\WINDOWS\svchost.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Online Service
sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\sys
HP Lamp C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HP Lamp
msconfig C:\WINDOWS\system32\msconfig.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\msconfig
SpyHunter
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SpyHunter
EnigmaPopupStop C:\Program Files\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\EnigmaPopupStop
PxClient.exe "C:\Program Files\Proxyconn\PxUi.exe" /Automation
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PxClient.exe
hpppt C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppt.exe /ICON
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\hpppt
Pop3trap.exe "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Pop3trap.exe
WebTrapNT.exe "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WebTrapNT.exe
FilterGate C:\PROGRA~1\FILTER~1\filtergate.exe /ASK
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\FilterGate
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MSMSGS
IncrediMail C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\IncrediMail
msconfig C:\WINDOWS\system32\msconfig.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\msconfig

Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php
****************************************
Browser helper objects:
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} not set C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
{53707962-6F74-2D53-2644-206D7942484F} not set C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
{7D9E713D-0388-4384-BDD8-2A42EB1C4F04} ProxyConn Browser Helper Object C:\PROGRA~1\PROXYC~1\PRXCNB~1.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D9E713D-0388-4384-BDD8-2A42EB1C4F04}

****************************************
Toolbars:
{8E718888-423F-11D2-876E-00A0C9082467} C:\WINDOWS\System32\msdxm.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E718888-423F-11D2-876E-00A0C9082467}
{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
{30D02401-6A81-11D0-8274-00C04FD5AE38} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
{32683183-48a0-441b-a342-7c2a440a9478} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
{EFA24E62-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}

****************************************
All processes:
[System Process]
System
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
explorer.exe
spoolsv.exe
InCD.exe
HPLamp.exe
msconfig.exe
msconfig.exe
EnigmaPopupStop.exe
PxUi.exe
HPPPT.exe
WebTrapNT.exe
filtergate.exe
msmsgs.exe
PxClient.exe
msconfig.exe
IMApp.exe
alg.exe
snmp.exe
svchost.exe
fxssvc.exe
IEXPLORE.EXE
IEXPLORE.EXE
wuauclt.exe
IEXPLORE.EXE
TMNTSRV.EXE
Pop3trap.exe
PNTIOMON.exe
pccntupd.exe
IncMail.exe
spywarescanner.exe
Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php
****************************************
Internet Explorer Settings:
Default_Page_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
Local Page C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
Start Page http://www.31234.com/www/homepage.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\
www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www
SearchAssistant http://www.008i.com/search.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchAssistant
CustomizeSearch http://www.008i.com/search.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\CustomizeSearch
provider
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider
Local Page C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
Start Page http://www.31234.com/www/homepage.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
Use Search Asst no
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst
User Stylesheet
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Styles\User Stylesheet

****************************************