**************************************** Bazooka Adware and Spyware Scanner v1.13.01 http://www.kephyr.com/spywarescanner/ http://www.kephyr.com/spywarescanner/library/ Log created 01:27:19. OS: Windows NT 5.1 Database version: 1.860000 Database format version: 1.020000 Database date: 20040308 Current date: 2004-05-24 01:27 **************************************** Result when scanning: foistware.WildTangent 999.333.999 wcmdmgr HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\wcmdmgr http://www.kephyr.com/spywarescanner/library/wildtangent/index.phtml foistware.WildTangent 999.888.998 %Windir%\wt C:\WINDOWS\wt http://www.kephyr.com/spywarescanner/library/wildtangent/index.phtml **************************************** Auto start entries: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\desktop.ini C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\desktop.ini Go here to analyse the startup entries and the associated files: http://www.kephyr.com/filedb/index.php **************************************** Run entries: IMJPMIG8.1 C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\IMJPMIG8.1 PHIME2002ASync C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PHIME2002ASync PHIME2002A C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PHIME2002A ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ccApp Advanced Tools Check C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Advanced Tools Check NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon nwiz nwiz.exe /install HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\nwiz KeyMaestro C:\KMaestro\KMaestro.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\KeyMaestro NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NeroFilterCheck SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched wcmdmgr C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\wcmdmgr SoundMan SOUNDMAN.EXE HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SoundMan TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TkBellExe QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task AOL Spyware Protection "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AOL Spyware Protection Ad-aware "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Ad-aware MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MSMSGS ctfmon.exe C:\WINDOWS\System32\ctfmon.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe Go here to analyse the run entries and the associated files: http://www.kephyr.com/filedb/index.php **************************************** Browser helper objects: **************************************** Toolbars: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Program Files\Norton AntiVirus\NavShExt.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} {8E718888-423F-11D2-876E-00A0C9082467} C:\WINDOWS\System32\msdxm.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E718888-423F-11D2-876E-00A0C9082467} {2318C2B1-4965-11d4-9B18-009027A5CD4F} c:\program files\google\googletoolbar2.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F} {01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383} {2318C2B1-4965-11D4-9B18-009027A5CD4F} c:\program files\google\googletoolbar2.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} {01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383} {0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383} {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} C:\Program Files\Norton AntiVirus\NavShExt.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} {2318C2B1-4965-11D4-9B18-009027A5CD4F} c:\program files\google\googletoolbar2.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} {4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} C:\WINDOWS\System32\Shdocvw.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} {32683183-48a0-441b-a342-7c2a440a9478} C:\WINDOWS\System32\browseui.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} **************************************** All processes: [System Process] System smss.exe csrss.exe winlogon.exe services.exe lsass.exe svchost.exe svchost.exe svchost.exe svchost.exe spoolsv.exe acsd.exe CCSETMGR.EXE cisvc.exe gearsec.exe mdm.exe NAVAPSVC.EXE NPROTECT.EXE nvsvc32.exe svchost.exe symlcsvc.exe wanmpsvc.exe CCEVTMGR.EXE SAVSCAN.EXE rundll32.exe explorer.exe CCAPP.EXE KMaestro.exe jusched.exe soundman.exe realsched.exe qttask.exe AOLSP Scheduler.exe msmsgs.exe ctfmon.exe hpobnz08.exe hpotdd01.exe WTS_KEY.exe hpoevm08.exe HPZipm12.exe hposts08.exe aim.exe btdownloadgui.exe btdownloadgui.exe cidaemon.exe WISPTIS.EXE spywarescanner.exe iexplore.exe Go here to analyse the running processes: http://www.kephyr.com/filedb/index.php **************************************** Internet Explorer Settings: Default_Page_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL Local Page C:\WINDOWS\system32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page Start Page http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page SearchAssistant http://www.google.com/ie HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch http:// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\ www http:// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www http://www.google.com/keyword/%s HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\ provider gogl HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider Local Page C:\WINDOWS\System32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page Search Bar http://www.google.com/ie HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar Search Page http://www.google.com HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page Start Page http://www.google.com/ HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page Use Search Asst no HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst ****************************************