Bazooka Adware and Spyware Scanner Log 756

****************************************
Bazooka Adware and Spyware Scanner v1.13.01
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
Log created 17:17:22.
OS: Windows NT 5.1
Database version: 2.140000
Database format version: 1.020000
Database date: 20040713
Current date: 2004-07-20 17:17


****************************************
Result when scanning:

Gator 112.997.000 GMT.exe
http://www.kephyr.com/spywarescanner/library/gain/index.phtml

Gator 102.098.947 CMESys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CMESys
http://www.kephyr.com/spywarescanner/library/gain/index.phtml

Gator eWallet 432.900.000 %ProgramsDir%\Gator.com\Gator\
C:\Program Files\Gator.com\Gator\
http://www.kephyr.com/spywarescanner/library/gatorewallet/index.phtml

NavHelper 574.000.000
HKEY_CLASSES_ROOT\AppID\{710BCB5B-8C6C-483E-A4F5-FAF083B13184}\
http://www.kephyr.com/spywarescanner/library/navhelper/index.phtml

NavHelper 574.000.001
HKEY_CLASSES_ROOT\CLSID\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}\
http://www.kephyr.com/spywarescanner/library/navhelper/index.phtml

NavHelper 574.000.002
HKEY_CLASSES_ROOT\NavExcel.NavHelper\
http://www.kephyr.com/spywarescanner/library/navhelper/index.phtml

NavHelper 574.000.003
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}\
http://www.kephyr.com/spywarescanner/library/navhelper/index.phtml

****************************************
Auto start entries:
C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\GMT\GMT.exe /startup
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe -startup
C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\GMT\GMT.exe /startup
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe -startup
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\Webshots\Launcher.exe /t
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\Webshots\Launcher.exe /t

Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Run entries:
IMJPMIG8.1 "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\IMJPMIG8.1

MSPY2002 C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSPY2002

PHIME2002ASync C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PHIME2002ASync

PHIME2002A C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PHIME2002A

hpsysdrv c:\windows\system\hpsysdrv.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\hpsysdrv

HotKeysCmds C:\WINDOWS\System32\hkcmd.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds

CamMonitor c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CamMonitor

HPHUPD05 c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HPHUPD05

HPHmon05 C:\WINDOWS\System32\hphmon05.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HPHmon05

AutoTKit C:\hp\bin\AUTOTKIT.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AutoTKit

WinCinemaMgr "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WinCinemaMgr

Home Theater SchSvr "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Home Theater SchSvr

Recguard C:\WINDOWS\SMINST\RECGUARD.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Recguard

NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon

nwiz nwiz.exe /install
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\nwiz

Sunkist2k C:\Program Files\Multimedia Card Reader\shwicon2k.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Sunkist2k

HPDJ Taskbar Utility C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HPDJ Taskbar Utility

HPHmon04 C:\WINDOWS\System32\hphmon04.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HPHmon04

HPHUPD04 "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HPHUPD04

Share-to-Web Namespace Daemon C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Share-to-Web Namespace Daemon

REGSHAVE C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\REGSHAVE

mmtask C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\mmtask

ESK C:\WINDOWS\ESK.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ESK

SKU C:\WINDOWS\SKU.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SKU

ITAL C:\WINDOWS\ITAL.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ITAL

FQLVDNITA C:\WINDOWS\FQLVDNITA.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\FQLVDNITA

FSAK C:\WINDOWS\FSAK.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\FSAK

Desksite CMA C:\Program Files\desksite\bin\cma.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Desksite CMA

PS2 C:\WINDOWS\system32\ps2.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PS2

SpeedTouch USB Diagnostics "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SpeedTouch USB Diagnostics

AlcxMonitor ALCXMNTR.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AlcxMonitor

pccguide.exe "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\pccguide.exe

PCClient.exe "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PCClient.exe

TM Outbreak Agent "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TM Outbreak Agent

NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NeroFilterCheck

HP Software Update "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HP Software Update

CMESys "C:\Program Files\Common Files\CMEII\CMESys.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CMESys

TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TkBellExe

BackupNotify c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\BackupNotify

NVIEW rundll32.exe nview.dll,nViewLoadHook
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\NVIEW

MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MSMSGS

H/PC Connection Agent "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\H/PC Connection Agent

Acme.PCHButton C:\PROGRA~1\MYHPPA~1\Pavilion\XPHAPBF3EN\plugin\bin\pchbutton.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Acme.PCHButton

NvMediaCenter RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\NvMediaCenter

MoneyAgent "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MoneyAgent


Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Browser helper objects:

{04079851-5845-4dea-848C-3ECD647AA554} not set C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04079851-5845-4dea-848C-3ECD647AA554}

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} not set C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

{1C78AB3F-A857-482e-80C0-3A1E5238A565} not set Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{1C78AB3F-A857-482e-80C0-3A1E5238A565}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C78AB3F-A857-482e-80C0-3A1E5238A565}

{243B17DE-77C7-46BF-B94B-0B5F309A0E64} not set C:\Program Files\Microsoft Money\System\mnyside.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}

{83DE62E0-5805-11D8-9B25-00E04C60FAF2} not set C:\WINDOWS\2_0_1browserhelper2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83DE62E0-5805-11D8-9B25-00E04C60FAF2}

{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} not set Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}


****************************************
Toolbars:

{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

{8F4902B6-6C04-4ade-8052-AA58578A21BD} C:\WINDOWS\System32\Shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8F4902B6-6C04-4ade-8052-AA58578A21BD}

{30D02401-6A81-11D0-8274-00C04FD5AE38} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}

{32683183-48a0-441b-a342-7c2a440a9478} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

{8F4902B6-6C04-4ADE-8052-AA58578A21BD} C:\WINDOWS\System32\Shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8F4902B6-6C04-4ADE-8052-AA58578A21BD}

{EFA24E61-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}

{EFA24E64-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}


****************************************
All processes:

[System Process]
System
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
spoolsv.exe
alg.exe
nvsvc32.exe
Tmntsrv.exe
tmproxy.exe
explorer.exe
hpsysdrv.exe
HpqCmon.exe
hphmon05.exe
WinCinemaMgr.exe
SchSvr.exe
shwicon2k.exe
hpztsb05.exe
hphmon04.exe
hpgs2wnd.exe
mmtask.exe
dragdiag.exe
ALCXMNTR.EXE
pccguide.exe
PCClient.exe
TMOAgent.exe
hpwuSchd2.exe
CMESys.exe
hpgs2wnf.exe
msmsgs.exe
wcescomm.exe
PCHButton.exe
rundll32.exe
rundll32.exe
GMT.exe
AIRPLUS.exe
QuickDCF.exe
hpqtra08.exe
BackWeb-137903.exe
webshots.scr
spywarescanner.exe

Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php

****************************************
Internet Explorer Settings:

Default_Page_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Local Page C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://www.google.com.au
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

http://www.blazefind.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\

provider
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider

Default_Page_URL http://au9.hpwis.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Local Page C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

Search Bar file://C:\WINDOWS\System32\SearchBar.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://www.google.com.au/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

Use Search Asst no
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst


****************************************




Related links

Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!

The File Database - Search the file database for more information. Free!

PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!

Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.



FreeFixer
Read more about FreeFixer, Kephyr's latest spyware removal tool.
Home & Products |  Legal |  Privacy |  Search

© Kephyr, 2003-2012. HtmlTidy, HTML 4.01, CSS andy@kephyr.com