Bazooka Adware and Spyware Scanner Log 90

****************************************
Bazooka Adware and Spyware Scanner v1.13
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
Log created 21:40:35.
OS: Windows NT 5.1
Database version: 1.830000
Database format version: 1.020000
Database date: 20040227
Current date: 2004-02-29 21:40


****************************************
Result when scanning:

General Virus, Worm, Trojan 294.000.005 Microsoft Tray
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Tray
http://www.kephyr.com/spywarescanner/library/generalvirus/index.phtml

****************************************
Auto start entries:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini

Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Run entries:
Hot Key Kbd 9910 Daemon SK9910DM.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Hot Key Kbd 9910 Daemon

GWMDMMSG GWMDMMSG.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\GWMDMMSG

IgfxTray C:\WINNT\System32\igfxtray.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\IgfxTray

HotKeysCmds C:\WINNT\System32\hkcmd.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds

Keyboard Preload Check C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Keyboard Preload Check

GWMDMpi C:\WINNT\GWMDMpi.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\GWMDMpi

ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ccApp

ccRegVfy "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ccRegVfy

AdaptecDirectCD "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AdaptecDirectCD

NeroCheck C:\WINNT\system32\NeroCheck.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NeroCheck

Microsoft Tray C:\PROGRA~1\KAZAAL~1\My Shared Folder\1500 nokia ringtones.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Tray

QDNA C:\WINNT\QDNA.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QDNA

Share-to-Web Namespace Daemon C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Share-to-Web Namespace Daemon

SpyHunter
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SpyHunter

msnmsgr "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\msnmsgr


Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Browser helper objects:


****************************************
Toolbars:


****************************************
All processes:

[System Process]
System
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
explorer.exe
spoolsv.exe
CCEVTMGR.EXE
SK9910DM.EXE
GWMDMMSG.exe
igfxtray.exe
hkcmd.exe
ccApp.exe
Directcd.exe
hpgs2wnd.exe
msnmsgr.exe
hpgs2wnf.exe
alg.exe
NAVAPSVC.EXE
NMSSvc.Exe
PRISMXL.SYS
svchost.exe
IEXPLORE.EXE
wmplayer.exe
Kazaa.exe
msmsgs.exe
Speed Up.exe
spywarescanner.exe

Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php

****************************************
Internet Explorer Settings:

Default_Page_URL http://www.gateway.net
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Local Page C:\WINNT\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://www.gateway.net
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

SearchAssistant http://www.orbitexplorer.com/cgi-bin/IESearch.cgi?bid=&affid=1cj
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

CustomizeSearch http://www.orbitexplorer.com/cgi-bin/IESearch.cgi?bid=&affid=1cj
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

provider
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider

Local Page C:\WINNT\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

Search Bar http://www.orbitexplorer.com/cgi-bin/IESearch.cgi?bid=&affid=1cj
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://www.terra.com.gt/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page


****************************************




Related links

Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!

The File Database - Search the file database for more information. Free!

PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!

Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.



FreeFixer
Read more about FreeFixer, Kephyr's latest spyware removal tool.
Home & Products |  Legal |  Privacy |  Search

© Kephyr, 2003-2012. HtmlTidy, HTML 4.01, CSS andy@kephyr.com