**************************************** Bazooka Adware and Spyware Scanner v1.13 http://www.kephyr.com/spywarescanner/ http://www.kephyr.com/spywarescanner/library/ Log created 21:40:35. OS: Windows NT 5.1 Database version: 1.830000 Database format version: 1.020000 Database date: 20040227 Current date: 2004-02-29 21:40 **************************************** Result when scanning: General Virus, Worm, Trojan 294.000.005 Microsoft Tray HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Tray http://www.kephyr.com/spywarescanner/library/generalvirus/index.phtml **************************************** Auto start entries: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini Go here to analyse the startup entries and the associated files: http://www.kephyr.com/filedb/index.php **************************************** Run entries: Hot Key Kbd 9910 Daemon SK9910DM.EXE HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Hot Key Kbd 9910 Daemon GWMDMMSG GWMDMMSG.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\GWMDMMSG IgfxTray C:\WINNT\System32\igfxtray.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\IgfxTray HotKeysCmds C:\WINNT\System32\hkcmd.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds Keyboard Preload Check C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Keyboard Preload Check GWMDMpi C:\WINNT\GWMDMpi.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\GWMDMpi ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ccApp ccRegVfy "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ccRegVfy AdaptecDirectCD "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AdaptecDirectCD NeroCheck C:\WINNT\system32\NeroCheck.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NeroCheck Microsoft Tray C:\PROGRA~1\KAZAAL~1\My Shared Folder\1500 nokia ringtones.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Tray QDNA C:\WINNT\QDNA.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QDNA Share-to-Web Namespace Daemon C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Share-to-Web Namespace Daemon SpyHunter HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SpyHunter msnmsgr "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\msnmsgr Go here to analyse the run entries and the associated files: http://www.kephyr.com/filedb/index.php **************************************** Browser helper objects: **************************************** Toolbars: **************************************** All processes: [System Process] System smss.exe csrss.exe winlogon.exe services.exe lsass.exe svchost.exe svchost.exe svchost.exe svchost.exe explorer.exe spoolsv.exe CCEVTMGR.EXE SK9910DM.EXE GWMDMMSG.exe igfxtray.exe hkcmd.exe ccApp.exe Directcd.exe hpgs2wnd.exe msnmsgr.exe hpgs2wnf.exe alg.exe NAVAPSVC.EXE NMSSvc.Exe PRISMXL.SYS svchost.exe IEXPLORE.EXE wmplayer.exe Kazaa.exe msmsgs.exe Speed Up.exe spywarescanner.exe Go here to analyse the running processes: http://www.kephyr.com/filedb/index.php **************************************** Internet Explorer Settings: Default_Page_URL http://www.gateway.net HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL Local Page C:\WINNT\system32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page Start Page http://www.gateway.net HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page SearchAssistant http://www.orbitexplorer.com/cgi-bin/IESearch.cgi?bid=&affid=1cj HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant CustomizeSearch http://www.orbitexplorer.com/cgi-bin/IESearch.cgi?bid=&affid=1cj HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch http:// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\ www http:// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www provider HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider Local Page C:\WINNT\System32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page Search Bar http://www.orbitexplorer.com/cgi-bin/IESearch.cgi?bid=&affid=1cj HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page Start Page http://www.terra.com.gt/ HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page ****************************************
