**************************************** Bazooka Adware and Spyware Scanner v1.13.01 http://www.kephyr.com/spywarescanner/ http://www.kephyr.com/spywarescanner/library/ Log created 10:50:17. OS: Windows NT 5.1 Database version: 2.140000 Database format version: 1.020000 Database date: 20040713 Current date: 2004-07-17 10:50 **************************************** Result when scanning: No potentially unwanted software found. **************************************** Auto start entries: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -h C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -h C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\Documents and Settings\Joseph Cleary\Start Menu\Programs\Startup\desktop.ini C:\Documents and Settings\Joseph Cleary\Start Menu\Programs\Startup\desktop.ini Go here to analyse the startup entries and the associated files: http://www.kephyr.com/filedb/index.php **************************************** Run entries: NvCplDaemon RUNDLL32.EXE NvQTwk,NvCplDaemon initialize HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon QuickTime Task C:\WINDOWS\system32\qttask.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task Pop3trap.exe "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Pop3trap.exe WebTrapNT.exe "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WebTrapNT.exe TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TkBellExe SpyHunter HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SpyHunter tgcmd "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\tgcmd HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ jfruwpothjrj C:\WINDOWS\System32\ndllzxy.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\jfruwpothjrj javapu.exe C:\WINDOWS\system32\javapu.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\javapu.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\ Go here to analyse the run entries and the associated files: http://www.kephyr.com/filedb/index.php **************************************** Browser helper objects: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} not set C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} {7CF63507-F787-DEDD-FF68-BDC0D8517426} C:\WINDOWS\winar32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7CF63507-F787-DEDD-FF68-BDC0D8517426} **************************************** Toolbars: {8E718888-423F-11D2-876E-00A0C9082467} C:\WINDOWS\System32\msdxm.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E718888-423F-11D2-876E-00A0C9082467} {01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383} {01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383} {0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383} {4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} C:\WINDOWS\System32\Shdocvw.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} {30D02401-6A81-11D0-8274-00C04FD5AE38} C:\WINDOWS\System32\browseui.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38} {32683183-48a0-441b-a342-7c2a440a9478} C:\WINDOWS\System32\browseui.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} C:\WINDOWS\system32\SHELL32.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} {EFA24E61-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} {EFA24E62-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} **************************************** All processes: [System Process] System SMSS.EXE CSRSS.EXE WINLOGON.EXE SERVICES.EXE LSASS.EXE SVCHOST.EXE SVCHOST.EXE SVCHOST.EXE SVCHOST.EXE SPOOLSV.EXE EXPLORER.EXE ALG.EXE NVSVC32.EXE PMJ151LA.BIN ScsiAccess.EXE d3se32.exe QTTASK.EXE WebTrapNT.exe realsched.exe TGCMD.EXE NDLLZXY.EXE JAVAPU.EXE SpyHunter.exe spywarescanner.exe iexplore.exe Go here to analyse the running processes: http://www.kephyr.com/filedb/index.php **************************************** Internet Explorer Settings: Default_Page_URL res://yizyo.dll/index.html#96676 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL Default_Search_URL res://C:\WINDOWS\system32\yizyo.dll/sp.html#96676 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL Local Page C:\WINDOWS\system32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page Search Bar http://websearch.drsnsrch.com/sidesearch.cgi?id= HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar Search Page res://C:\WINDOWS\system32\yizyo.dll/sp.html#96676 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page Start Page res://yizyo.dll/index.html#96676 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page Use Search Asst no HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Use Search Asst SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch http:// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\ www http:// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www websearch.drsnsrch.com/q.cgi?q= HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\ provider HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider Local Page C:\WINDOWS\System32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page Search Bar http://g.msn.com/0SEENUS/SAOS07 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar Search Page res://C:\WINDOWS\system32\yizyo.dll/sp.html#96676 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page Start Page res://yizyo.dll/index.html#96676 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page Use Search Asst no HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst SearchAssistant http://approvedlinks.com/sp2.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant User Stylesheet HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Styles\User Stylesheet ****************************************
