Bazooka Adware and Spyware Scanner Log 402

****************************************
Bazooka Adware and Spyware Scanner v1.13.01
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
Log created 23:32:43.
OS: Windows NT 5.1
Database version: 1.950000
Database format version: 1.020000
Database date: 20040406
Current date: 2004-04-09 23:32


****************************************
Result when scanning:

My Search Bar 132.098.655
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall\DisplayName
http://www.kephyr.com/spywarescanner/library/mysearchbar/index.phtml

My Search Bar 777.777.778 c:\Program Files\MyWay\
c:\Program Files\MyWay\
http://www.kephyr.com/spywarescanner/library/mysearchbar/index.phtml

My Search Bar.B 778.777.000 {0494D0D9-F8E0-41ad-92A3-14154ECE70AC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}
http://www.kephyr.com/spywarescanner/library/mysearchbar.b/index.phtml

My Search Bar.B 778.777.000 {0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
http://www.kephyr.com/spywarescanner/library/mysearchbar.b/index.phtml

My Search Bar.B 778.777.000 {0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
http://www.kephyr.com/spywarescanner/library/mysearchbar.b/index.phtml

My Search Bar.C 779.777.001 {0494D0D1-F8E0-41ad-92A3-14154ECE70AC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}
http://www.kephyr.com/spywarescanner/library/mysearchbar.c/index.phtml

WebSearch Toolbar.Emailplug 474.900.000 MyWebSearch Email Plugin
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin
http://www.kephyr.com/spywarescanner/library/websearchtoolbar.emailplug/index.phtml

WebSearch Toolbar.Emailplug 474.900.000 MyWebSearch Email Plugin
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin
http://www.kephyr.com/spywarescanner/library/websearchtoolbar.emailplug/index.phtml

WebSearch Toolbar.bho1 475.900.000 {00A6FAF1-072E-44cf-8957-5838F569A31D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
http://www.kephyr.com/spywarescanner/library/websearchtoolbar.bho1/index.phtml

WebSearch Toolbar.bho2 476.900.000 {07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
http://www.kephyr.com/spywarescanner/library/websearchtoolbar.bho2/index.phtml

WebSearch Toolbar.b 477.900.000 {07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
http://www.kephyr.com/spywarescanner/library/websearchtoolbar.b/index.phtml

WebSearch Toolbar.b 477.900.000 {07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
http://www.kephyr.com/spywarescanner/library/websearchtoolbar.b/index.phtml

****************************************
Auto start entries:
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Adobe Gamma Loader.exe.lnk
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Corel Desktop Application Director 8.LNK
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\desktop.ini
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\HPAiODevice(hp officejet k series) - 1.lnk
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\InterVideo WinCinema Manager.lnk
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Microsoft Office.lnk
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\MyWebSearch Email Plugin.lnk
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\TaskZip.lnk
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Adobe Gamma Loader.exe.lnk
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Corel Desktop Application Director 8.LNK
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\desktop.ini
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\HPAiODevice(hp officejet k series) - 1.lnk
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\InterVideo WinCinema Manager.lnk
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Microsoft Office.lnk
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\MyWebSearch Email Plugin.lnk
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\TaskZip.lnk
C:\Documents and Settings\KS.DOM\Menu Start\Programy\Autostart\desktop.ini
C:\Documents and Settings\KS.DOM\Menu Start\Programy\Autostart\Hewlett-Packard Recorder.lnk
C:\Documents and Settings\KS.DOM\Menu Start\Programy\Autostart\MyWebSearch Email Plugin.lnk
C:\Documents and Settings\KS.DOM\Menu Start\Programy\Autostart\desktop.ini
C:\Documents and Settings\KS.DOM\Menu Start\Programy\Autostart\Hewlett-Packard Recorder.lnk
C:\Documents and Settings\KS.DOM\Menu Start\Programy\Autostart\MyWebSearch Email Plugin.lnk

Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Run entries:
MsmqIntCert regsvr32 /s mqrt.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MsmqIntCert

MediaFace Integration C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MediaFace Integration

InCD C:\Program Files\Ahead\InCD\InCD.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\InCD

IW_ControlCenter C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\IW_ControlCenter

PinnacleDriverCheck C:\WINDOWS\System32\PSDrvCheck.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PinnacleDriverCheck

VOBID C:\Program Files\Pinnacle\InstantCDDVD\\InstantDrive\InstantDrive.exe /remount
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\VOBID

LiveMonitor C:\Program Files\MSI\Live Update 3\LMonitor.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\LiveMonitor

NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon

nwiz nwiz.exe /install
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\nwiz

pccguide.exe "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\pccguide.exe

PCCClient.exe "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PCCClient.exe

Pop3trap.exe "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Pop3trap.exe

SpyHunter C:\Program Files\SpyHunter\SpyHunter.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SpyHunter

MyWebSearch Email Plugin C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin

Cookie Pal "C:\Program Files\CMan\CPBrWtch.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Cookie Pal

Share-to-Web Namespace Daemon C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Share-to-Web Namespace Daemon

Cmaudio RunDll32 cmicnfg.cpl,CMICtrlWnd
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Cmaudio

MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MSMSGS

MyWebSearch Email Plugin C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin


Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Browser helper objects:

{00A6FAF1-072E-44cf-8957-5838F569A31D} MyWebSearch Search Assistant BHO C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}

{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} myBar BHO C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} not set C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

{07B18EA1-A523-4961-B6BB-170DE4475CCA} mwsBar BHO C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}


****************************************
Toolbars:

{0494D0D9-F8E0-41ad-92A3-14154ECE70AC} C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}

{8E718888-423F-11D2-876E-00A0C9082467} C:\WINDOWS\System32\msdxm.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E718888-423F-11D2-876E-00A0C9082467}

{07B18EA9-A523-4961-B6BB-170DE4475CCA} C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}

{07B18EA9-A523-4961-B6BB-170DE4475CCA} C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

{32683183-48a0-441b-a342-7c2a440a9478} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}


****************************************
All processes:

[System Process]
System
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
spoolsv.exe
alg.exe
inetinfo.exe
mdm.exe
msdtc.exe
nvsvc32.exe
tcpsvcs.exe
snmp.exe
svchost.exe
Tmntsrv.exe
PCCPFW.exe
mqsvc.exe
explorer.exe
mqtgsvc.exe
SetHook.exe
InCD.exe
iwctrl.exe
LMonitor.exe
pccguide.exe
PCCClient.exe
Pop3trap.exe
SpyHunter.exe
MWSOEMON.EXE
CPBrWtch.exe
hpgs2wnd.exe
rundll32.exe
msmsgs.exe
hpgs2wnf.exe
hpoorn07.exe
TaskZip.exe
Remind32.exe
MSOFFICE.EXE
hpoevm07.exe
hpoipm07.exe
hposts07.exe
hpofxm07.exe
spywarescanner.exe
taskmgr.exe

Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php

****************************************
Internet Explorer Settings:

Default_Page_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Local Page C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

provider
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider

Local Page C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://www.onet.pl/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page


****************************************




Related links

Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!

The File Database - Search the file database for more information. Free!

PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!

Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.


FreeFixer
Read more about FreeFixer, Kephyr's latest spyware removal tool.
Home & Products |  Legal |  Privacy |  Search

© Kephyr, 2003-2012. HtmlTidy, HTML 4.01, CSS andy@kephyr.com