Bazooka Adware and Spyware Scanner Log 636

****************************************
Bazooka Adware and Spyware Scanner v1.13.01
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
Log created 09:05:31.
OS: Windows NT 5.1
Database version: 2.100000
Database format version: 1.020000
Database date: 20040623
Current date: 2004-06-28 09:05


****************************************
Result when scanning:

HoHBBLOCKar 111.934.944
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HoHBBLOCKar Uninstall\DisplayName
http://www.kephyr.com/spywarescanner/library/hoHBBLOCKar/index.phtml

HoHBBLOCKar.hostie 178.700.000 {FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}
http://www.kephyr.com/spywarescanner/library/hoHBBLOCKar.hostie/index.phtml

MediaLoads 132.927.944
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaLoads Enhanced\DisplayName
http://www.kephyr.com/spywarescanner/library/medialoads/index.phtml

MS Media Player GUID 404.888.000
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
http://www.kephyr.com/spywarescanner/library/msmediaplayerguid/index.phtml

General Virus, Worm, Trojan 294.000.004 Key1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Key1
http://www.kephyr.com/spywarescanner/library/generalvirus/index.phtml

****************************************
Auto start entries:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AClock\AClock.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AClock\AClock.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Gilles Larose\Menu Démarrer\Programmes\Démarrage\desktop.ini
C:\Documents and Settings\Gilles Larose\Menu Démarrer\Programmes\Démarrage\desktop.ini

Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Run entries:
CARPService carpserv.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CARPService

CPQEASYACC C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CPQEASYACC

Smapp C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Smapp

DrvLsnr C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\DrvLsnr

WCOLOREAL "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WCOLOREAL

PROMon.exe PROMon.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PROMon.exe

srmclean C:\Cpqs\Scom\srmclean.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\srmclean

AutoLogon
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AutoLogon

HPDJ Taskbar Utility C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HPDJ Taskbar Utility

LVCOMS C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\LVCOMS

AvirMail C:\Program Files\AvirMail\AvirMail.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AvirMail

Share-to-Web Namespace Daemon C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Share-to-Web Namespace Daemon

SmcService C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SmcService

HotKeysCmds C:\WINDOWS\System32\hkcmd.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds

ccApp "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ccApp

ccRegVfy "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ccRegVfy

TkBellExe "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TkBellExe

Key1 C:\WINDOWS\system\rlid.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Key1

IgfxTray C:\WINDOWS\System32\igfxtray.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\IgfxTray

New.net Startup rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\New.net Startup

ntue32.exe C:\WINDOWS\ntue32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ntue32.exe

QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task

d3sg.exe C:\WINDOWS\system32\d3sg.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\d3sg.exe

crky.exe C:\WINDOWS\crky.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\crky.exe

javabe32.exe C:\WINDOWS\javabe32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\javabe32.exe

appju.exe C:\WINDOWS\appju.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\appju.exe

d3of.exe C:\WINDOWS\d3of.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\d3of.exe

apijf.exe C:\WINDOWS\system32\apijf.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\apijf.exe

mfcfh32.exe C:\WINDOWS\system32\mfcfh32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\mfcfh32.exe

msmj32.exe C:\WINDOWS\msmj32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\msmj32.exe

netxt.exe C:\WINDOWS\system32\netxt.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\netxt.exe

netyx32.exe C:\WINDOWS\netyx32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\netyx32.exe

ntse.exe C:\WINDOWS\system32\ntse.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\ntse.exe

netfo32.exe C:\WINDOWS\netfo32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\netfo32.exe

WebCamRT.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\WebCamRT.exe

Desktop Weather 3 C:\PROGRA~1\THEWEA~1\The Weather Channel.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Desktop Weather 3

StatBar C:\Program Files\StatBar\StatBar.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\StatBar

popupeclair C:\Program Files\Popup Eclair\popupeclair.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\popupeclair

MétéoIMédia C:\program files\MétéoMédia\MétéoIMédia\WeatherEye
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MétéoIMédia


Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Browser helper objects:

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} not set C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

{3F78C941-E449-EC74-0DED-EF0707F1BD9C} C:\WINDOWS\crpr32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3F78C941-E449-EC74-0DED-EF0707F1BD9C}

{BDF3E430-B101-42AD-A544-FADC6B084872} NAV Helper C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}


****************************************
Toolbars:

{8E718888-423F-11D2-876E-00A0C9082467} C:\WINDOWS\System32\msdxm.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E718888-423F-11D2-876E-00A0C9082467}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Toolbar\01.01.1721.0\fr-ca\msntb.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Toolbar\01.01.1721.0\fr-ca\msntb.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

{6F480F82-C3A6-4D35-96F7-B297AD49FBE8} C:\Program Files\Copernic Agent\CopernicAgentExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{6F480F82-C3A6-4D35-96F7-B297AD49FBE8}

{9455301C-CF6B-11D3-A266-00C04F689C50} C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\EROProj.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{9455301C-CF6B-11D3-A266-00C04F689C50}

{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{F2E259E8-0FC8-438C-A6E0-342DD80FA53E}\InprocServer32

System error message: Le fichier spécifié est introuvable.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{F2E259E8-0FC8-438C-A6E0-342DD80FA53E}

{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} C:\WINDOWS\System32\Shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}

{30D02401-6A81-11D0-8274-00C04FD5AE38} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}

{32683183-48a0-441b-a342-7c2a440a9478} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

{6F480F82-C3A6-4D35-96F7-B297AD49FBE8} C:\Program Files\Copernic Agent\CopernicAgentExt.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{6F480F82-C3A6-4D35-96F7-B297AD49FBE8}

{9404901D-06DA-4B23-A0EE-3EA4F64EC9B3} C:\Program Files\Microsoft Money\System\mnyviewer.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{9404901D-06DA-4B23-A0EE-3EA4F64EC9B3}

{9455301C-CF6B-11D3-A266-00C04F689C50} C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\EROProj.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{9455301C-CF6B-11D3-A266-00C04F689C50}

{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}

{EFA24E61-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}

{EFA24E62-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}

{EFA24E64-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}

{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6} C:\Program Files\HoHBBLOCKar\bin\4.3.6.0\HbHostIE.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}


****************************************
All processes:

[System Process]
System
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
svchost.exe
Smc.exe
svchost.exe
svchost.exe
spoolsv.exe
ccEvtMgr.exe
GBPoll.exe
Navapsvc.exe
mpsvc.exe
SMAgent.exe
svchost.exe
wanmpsvc.exe
MsPMSPSv.exe
d3sg.exe
explorer.exe
carpserv.exe
STARTEAK.exe
SMTray.exe
DrvLsnr.exe
PROMon.exe
LVComS.exe
avirmail.exe
hpgs2wnd.exe
hkcmd.exe
ccApp.exe
NMSSvc.Exe
realsched.exe
EAUSBKBD.exe
rundll32.exe
ntue32.exe
rnathchk.exe
The Weather Channel.exe
StatBar.exe
PopupEclair.exe
hpgs2wnf.exe
WeatherEye.exe
GBTray.exe
AClock.exe
WZQKPICK.EXE
wmiapsrv.exe
wisptis.exe
CpqEAKSystemTray.exe
CPQEADM.exe
BttnServ.exe
msnmsgr.exe
rsvp.exe
spywarescanner.exe
msmsgs.exe

Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php

****************************************
Internet Explorer Settings:

Default_Page_URL res://xmfyo.dll/index.html#44272
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Default_Search_URL res://C:\WINDOWS\xmfyo.dll/sp.html#44272
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Local Page C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

Search Page res://C:\WINDOWS\xmfyo.dll/sp.html#44272
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page res://xmfyo.dll/index.html#44272
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

Use Search Asst no
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Use Search Asst

SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\

provider
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider

Local Page C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

Search Bar http://g.fr.msn.ca/0SEFRCA/SAOS01
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page res://C:\WINDOWS\xmfyo.dll/sp.html#44272
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page res://xmfyo.dll/index.html#44272
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

Use Search Asst no
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst


****************************************




Related links

Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!

The File Database - Search the file database for more information. Free!

PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!

Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.


FreeFixer
Read more about FreeFixer, Kephyr's latest spyware removal tool.
Home & Products |  Legal |  Privacy |  Search

© Kephyr, 2003-2012. HtmlTidy, HTML 4.01, CSS andy@kephyr.com