****************************************
Bazooka Scanner v1.13.03
www.kephyr.com/spywarescanner/www.kephyr.com/spywarescanner/library/support@kephyr.com
Log created 10:43:10.
OS: Windows NT 5.1
Database version: 3.090000
Database format version: 1.020000
Database date: 20051005
Current date: 2005-10-31 10:43
****************************************
Result when scanning:
Exploit searchterror.com 344.777.002 c:\tmp.txt
c:\tmp.txt
www.kephyr.com/spywarescanner/library/exploit-searchterror.com/index.phtml****************************************
Auto start entries:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\Mommy\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\Mommy\Start Menu\Programs\Startup\desktop.ini
Go here to analyse the startup entries and the associated files:
www.kephyr.com/filedb/index.php****************************************
Run entries:
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon
nwiz nwiz.exe /install
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\nwiz
pccguide.exe "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\pccguide.exe
PCCClient.exe "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PCCClient.exe
Pop3trap.exe "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Pop3trap.exe
REGSHAVE C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\REGSHAVE
LXSUPMON C:\WINDOWS\System32\LXSUPMON.EXE RUN
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\LXSUPMON
Smapp C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Smapp
WMC_AutoUpdate
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WMC_AutoUpdate
cfgmgr52 RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\cfgmgr52
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task
ctfmon.exe C:\WINDOWS\System32\ctfmon.exe /k
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\ctfmon.exe
Yahoo! Pager C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Yahoo! Pager
prqtect C:\WINDOWS\System32\prqtect.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\prqtect
ctfmon.exe C:\WINDOWS\System32\ctfmon.exe /k
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\ctfmon.exe
Go here to analyse the run entries and the associated files:
www.kephyr.com/filedb/index.php****************************************
Browser helper objects:
{01923280-60AE-1F37-5324-076179ABDB22} not set C:\WINDOWS\Nqyyxpgp.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01923280-60AE-1F37-5324-076179ABDB22}
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} not set C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
{53707962-6F74-2D53-2644-206D7942484F} not set C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
{7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} not set C:\WINDOWS\system32\9qod.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3}
****************************************
Toolbars:
{B17890BA-EC9E-3B47-86C1-CF353D9B55A5} C:\WINDOWS\Nqyyxpgp.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B17890BA-EC9E-3B47-86C1-CF353D9B55A5}
{8E718888-423F-11D2-876E-00A0C9082467} C:\WINDOWS\System32\msdxm.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E718888-423F-11D2-876E-00A0C9082467}
{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
{EF99BD32-C1FB-11D2-892F-0090271D4F88} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
{40D41A8B-D79B-43D7-99A7-9EE0F344C385} C:\Program Files\AIM Toolbar\AIMBar.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{40D41A8B-D79B-43D7-99A7-9EE0F344C385}
{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
{4528BBE0-4E08-11D5-AD55-00010333D0AD} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
{30D02401-6A81-11D0-8274-00C04FD5AE38} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
{32683183-48a0-441b-a342-7c2a440a9478} C:\WINDOWS\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
{4528BBE0-4E08-11D5-AD55-00010333D0AD} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\InprocServer32
System error message: The system cannot find the file specified.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
****************************************
All processes:
[System Process]
System
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
LEXBCES.EXE
spoolsv.exe
MDM.EXE
nvsvc32.exe
SMAgent.exe
Tmntsrv.exe
wdfmgr.exe
PCCPFW.exe
explorer.exe
wuauclt.exe
pccguide.exe
PCCClient.exe
Pop3trap.exe
LXSUPMON.EXE
SMTray.exe
LEXPPS.EXE
YPager.exe
prqtect.exe
ctfmon.exe
prqtect.exe
iexplore.exe
iexplore.exe
iexplore.exe
spywarescanner.exe
Go here to analyse the running processes:
www.kephyr.com/filedb/index.php****************************************
Internet Explorer Settings:
Default_Page_URL
www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
Default_Search_URL
www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
Local Page C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
Search Page
www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
Start Page
www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
SearchAssistant
ie.search.msn.com HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
CustomizeSearch
ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\
www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www
red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\
provider
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider
Local Page C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
Search Bar file://C:\WINDOWS\System32\Searchx.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
Search Page
red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
Start Page
www.google.com/ HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
Use Search Asst
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst
****************************************
ok there is the bazooka log. My computer has been running faster thank you so much. I do have one more question about something. It isn't about how it runs, basically just how i log on. I will show you what I mean as soon as I can.