Bazooka Adware and Spyware Scanner Log 874

****************************************
Bazooka Scanner v1.13.02
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
Log created 12:01:55.
OS: Windows NT 5.0
Database version: 2.290000
Database format version: 1.020000
Database date: 20040814
Current date: 2004-08-17 12:01


****************************************
Result when scanning:

A Better Internet 777.777.000 bi.dll
http://www.kephyr.com/spywarescanner/library/abetterinternet/index.phtml

A Better Internet 777.777.001 {000006B1-19B5-414A-849F-2A3C64AE6939}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000006B1-19B5-414A-849F-2A3C64AE6939}
http://www.kephyr.com/spywarescanner/library/abetterinternet/index.phtml

A Better Internet.C 779.000.000 %WinDir%\mypbutn.exe
C:\WINNT\mypbutn.exe
http://www.kephyr.com/spywarescanner/library/abetterinternet.c/index.phtml

A Better Internet.D 780.000.000 %WinDir%\cgetaway.exe
C:\WINNT\cgetaway.exe
http://www.kephyr.com/spywarescanner/library/abetterinternet.d/index.phtml

ActualNames 544.744.001 %ProgramsDir%\AdvSearch\
C:\Program\AdvSearch\
http://www.kephyr.com/spywarescanner/library/actualnames/index.phtml

AdRoar 192.900.000 {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8}
http://www.kephyr.com/spywarescanner/library/adroar/index.phtml

AdRoar 192.900.001 %WinDir%\ARUpdate.exe
C:\WINNT\ARUpdate.exe
http://www.kephyr.com/spywarescanner/library/adroar/index.phtml

AdRoar 192.900.002 AdRoarUpdate
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AdRoarUpdate
http://www.kephyr.com/spywarescanner/library/adroar/index.phtml

AutoStartup 583.200.000 %SystemDir%\AST.EXE
C:\WINNT\system32\\AST.EXE
http://www.kephyr.com/spywarescanner/library/autostartup/index.phtml

BookedSpace 100.200.300 bxxs5
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\bxxs5
http://www.kephyr.com/spywarescanner/library/bookedspace/index.phtml

BookedSpace 100.200.301 bxxs5.dll
http://www.kephyr.com/spywarescanner/library/bookedspace/index.phtml

BookedSpace 100.200.302 {0019C3E2-DD48-4A6D-ABCD-8D32436323D9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}
http://www.kephyr.com/spywarescanner/library/bookedspace/index.phtml

ClockSync 847.700.001 %ProgramsDir%\ClockSync\
C:\Program\ClockSync\
http://www.kephyr.com/spywarescanner/library/clocksync/index.phtml

Cydoor 399.000.000 %SystemDir%\AdCache\
C:\WINNT\system32\\AdCache\
http://www.kephyr.com/spywarescanner/library/cydoor/index.phtml

Cydoor 399.000.001 Cd_clint.dll
http://www.kephyr.com/spywarescanner/library/cydoor/index.phtml

Estart 634.400.000 %SystemDir%\EStartLinkRotater.exe
C:\WINNT\system32\\EStartLinkRotater.exe
http://www.kephyr.com/spywarescanner/library/estart/index.phtml

eXact Search Bar 617.299.124 %ProgramsDir%\eXact\
C:\Program\eXact\
http://www.kephyr.com/spywarescanner/library/exactsearchbar/index.phtml

eXact Search Bar.B 618.299.127 {224530A0-C9CB-4AEE-9C0F-54AC1B533211}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{224530A0-C9CB-4AEE-9C0F-54AC1B533211}
http://www.kephyr.com/spywarescanner/library/exactsearchbar.b/index.phtml

Favoriteman 692.118.339 {00000EF1-0786-4633-87C6-1AA7A44296DA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000EF1-0786-4633-87C6-1AA7A44296DA}
http://www.kephyr.com/spywarescanner/library/favoriteman/index.phtml

FlashTrack 128.293.002 %ProgramsDir%\Flt\
C:\Program\Flt\
http://www.kephyr.com/spywarescanner/library/flashtrack/index.phtml

Flingstone Bridge 483.999.000 {9C691A33-7DDA-4C2F-BE4C-C176083F35CF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF}
http://www.kephyr.com/spywarescanner/library/flingstonebridge/index.phtml

Flingstone Bridge 483.999.001 %SystemDir%\bridge.dll
C:\WINNT\system32\\bridge.dll
http://www.kephyr.com/spywarescanner/library/flingstonebridge/index.phtml

Flingstone Bridge 483.999.002 mswspl
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\mswspl
http://www.kephyr.com/spywarescanner/library/flingstonebridge/index.phtml

Flingstone Bridge 483.999.002 RunDLL
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\RunDLL
http://www.kephyr.com/spywarescanner/library/flingstonebridge/index.phtml

Free History Cleaner 312.800.001 %SystemDir%\fhccall.exe
C:\WINNT\system32\\fhccall.exe
http://www.kephyr.com/spywarescanner/library/freehistorycleaner/index.phtml

Ghost Keylogger.sa 425.888.000 Synchronization Agent
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Synchronization Agent
http://www.kephyr.com/spywarescanner/library/ghostkeylogger.sa/index.phtml

Httper 931.000.002 %ProgramsDir%\Httper\
C:\Program\Httper\
http://www.kephyr.com/spywarescanner/library/httper/index.phtml

IGetNet 692.118.337 install_all.dll
http://www.kephyr.com/spywarescanner/library/igetnet/index.phtml

IncrediFind 342.900.000 {5D60FF48-95BE-4956-B4C6-6BB168A70310}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D60FF48-95BE-4956-B4C6-6BB168A70310}
http://www.kephyr.com/spywarescanner/library/incredifind/index.phtml

Instant Access Dialer 847.000.001 %ProgramsDir%\Instant Access\
C:\Program\Instant Access\
http://www.kephyr.com/spywarescanner/library/instantaccessdialer/index.phtml

Instant Access Dialer.B 848.000.000 ia.dll
http://www.kephyr.com/spywarescanner/library/instantaccessdialer.b/index.phtml

Instant Access Dialer.C 849.000.001 EGDHTML_1024.dll
http://www.kephyr.com/spywarescanner/library/instantaccessdialer.c/index.phtml

KeenValue.Updater 643.000.000 updater
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\updater
http://www.kephyr.com/spywarescanner/library/keenvalue.updater/index.phtml

KeenValue.Updater 643.000.001 %ProgramsDir%\Common Files\updater\
C:\Program\Common Files\updater\
http://www.kephyr.com/spywarescanner/library/keenvalue.updater/index.phtml

KeySpec 895.300.001 %ProgramsDir%\Keyboard Spectator Pro\
C:\Program\Keyboard Spectator Pro\
http://www.kephyr.com/spywarescanner/library/keyspec/index.phtml

Look2Me 349.000.000
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}\InprocServer32\ThreadingModel
http://www.kephyr.com/spywarescanner/library/look2me/index.phtml

Look2Me 349.000.001 %SystemDir%\msg118.dll
C:\WINNT\system32\\msg118.dll
http://www.kephyr.com/spywarescanner/library/look2me/index.phtml

MemoryWatcher 654.777.000 %ProgramsDir%\MemoryWatcher\
C:\Program\MemoryWatcher\
http://www.kephyr.com/spywarescanner/library/memorywatcher/index.phtml

Mirar Toolbar.winnb51 932.700.000 {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
http://www.kephyr.com/spywarescanner/library/mirartoolbar.winnb51/index.phtml

Mirar Toolbar.winnb51 932.700.001 {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
http://www.kephyr.com/spywarescanner/library/mirartoolbar.winnb51/index.phtml

Mirar Toolbar.winnb51 932.700.001 {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
http://www.kephyr.com/spywarescanner/library/mirartoolbar.winnb51/index.phtml

Mirar Toolbar.winnb51 932.700.002 WinNB51.dll
http://www.kephyr.com/spywarescanner/library/mirartoolbar.winnb51/index.phtml

MS Media Player GUID 404.888.000
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
http://www.kephyr.com/spywarescanner/library/msmediaplayerguid/index.phtml

My Search Bar 777.777.778 %ProgramsDir%\MySearch\
C:\Program\MySearch\
http://www.kephyr.com/spywarescanner/library/mysearchbar/index.phtml

n-CASE 102.165.199 %SystemDir%\msbb.exe
C:\WINNT\system32\\msbb.exe
http://www.kephyr.com/spywarescanner/library/ncase/index.phtml

PowerSearch 342.300.000 {4E7BD74F-2B8D-469E-A08E-8E1CA787AD2D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{4E7BD74F-2B8D-469E-A08E-8E1CA787AD2D}
http://www.kephyr.com/spywarescanner/library/powersearch/index.phtml

PowerSearch 342.300.000 {4E7BD74F-2B8D-469E-D6F5-F66EA787AD2D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{4E7BD74F-2B8D-469E-D6F5-F66EA787AD2D}
http://www.kephyr.com/spywarescanner/library/powersearch/index.phtml

PowerSearch 342.300.000 {4E7BD74F-2B8D-469E-A08E-8E1CA787AD2D}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4E7BD74F-2B8D-469E-A08E-8E1CA787AD2D}
http://www.kephyr.com/spywarescanner/library/powersearch/index.phtml

PowerSearch 342.300.000 {4E7BD74F-2B8D-469E-D6F5-F66EA787AD2D}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4E7BD74F-2B8D-469E-D6F5-F66EA787AD2D}
http://www.kephyr.com/spywarescanner/library/powersearch/index.phtml

PowerSearch 342.300.001 %ProgramsDir%\PowerSearch\
C:\Program\PowerSearch\
http://www.kephyr.com/spywarescanner/library/powersearch/index.phtml

Real Spy Monitor 740.900.001 %WinDir%\RSM\
C:\WINNT\RSM\
http://www.kephyr.com/spywarescanner/library/realspymonitor/index.phtml

RelatedLinks.lbbho 946.340.235 {EFD84954-6B46-42f4-81F3-94CE9A77052D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFD84954-6B46-42f4-81F3-94CE9A77052D}
http://www.kephyr.com/spywarescanner/library/relatedlinks.lbbho/index.phtml

RelatedLinks.lbbho 946.340.236 %WinDir%\lbbho.dll
C:\WINNT\lbbho.dll
http://www.kephyr.com/spywarescanner/library/relatedlinks.lbbho/index.phtml

SaveNow 090.090.091 %ProgramsDir%\Save\
C:\Program\Save\
http://www.kephyr.com/spywarescanner/library/savenow/index.phtml

Shazaa.bh22 542.555.000 {59EAA50F-8F82-4998-BC9E-0FFB2283C795}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59EAA50F-8F82-4998-BC9E-0FFB2283C795}
http://www.kephyr.com/spywarescanner/library/shazaa.bh22/index.phtml

Shazaa.bh22 542.555.002 C:\Program Files\System\Misc\
C:\Program Files\System\Misc\
http://www.kephyr.com/spywarescanner/library/shazaa.bh22/index.phtml

Scbar 190.092.391 %ProgramsDir%\scbar\
C:\Program\scbar\
http://www.kephyr.com/spywarescanner/library/scbar/index.phtml

SearchXl 837.197.000 SystemSearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SystemSearch
http://www.kephyr.com/spywarescanner/library/searchxl/index.phtml

SpyBan 243.700.000 %ProgramsDir%\SpyBan\
C:\Program\SpyBan\
http://www.kephyr.com/spywarescanner/library/spyban/index.phtml

SpyAgent 199.700.000 %WinDir%\syscache\
C:\WINNT\syscache\
http://www.kephyr.com/spywarescanner/library/spyagent/index.phtml

Tiny Key Logger 342.800.000 %SystemDir%\tikl.log
C:\WINNT\system32\\tikl.log
http://www.kephyr.com/spywarescanner/library/tinykeylogger/index.phtml

Tiny Key Logger 342.800.002
HKEY_CURRENT_USER\SOFTWARE\TiKL\ExeName
http://www.kephyr.com/spywarescanner/library/tinykeylogger/index.phtml

Transponder 616.000.002 {000006B1-19B5-414A-849F-2A3C64AE6939}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000006B1-19B5-414A-849F-2A3C64AE6939}
http://www.kephyr.com/spywarescanner/library/transponder/index.phtml

Unknown Keylogger 232.800.000 syncagent.dll
http://www.kephyr.com/spywarescanner/library/unknownkeylogger/index.phtml

WebHancer 321.123.321
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent\DisplayName
http://www.kephyr.com/spywarescanner/library/webhancer/index.phtml

WebHancer 321.123.322 %Windir%\whInstaller.exe
C:\WINNT\whInstaller.exe
http://www.kephyr.com/spywarescanner/library/webhancer/index.phtml

WebHancer 321.123.323 {c900b400-cdfe-11d3-976a-00e02913a9e0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}
http://www.kephyr.com/spywarescanner/library/webhancer/index.phtml

WebSavings 523.900.001 %ProgramsDir%\WebSavingsfromEbates\
C:\Program\WebSavingsfromEbates\
http://www.kephyr.com/spywarescanner/library/websavings/index.phtml

WhenUSearch 534.000.000 WhenUSearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WhenUSearch
http://www.kephyr.com/spywarescanner/library/whenusearch/index.phtml

WhenUSearch 534.000.001 %ProgramsDir%\WhenUSearch\
C:\Program\WhenUSearch\
http://www.kephyr.com/spywarescanner/library/whenusearch/index.phtml

Winpup 340.800.001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\comms\ren
http://www.kephyr.com/spywarescanner/library/winpup/index.phtml

Winpup 340.800.002
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\pup\ren
http://www.kephyr.com/spywarescanner/library/winpup/index.phtml

Zeropopupbar.zp 173.150.000 {72A58725-2635-4725-8C53-686DFD1FEB8D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{72A58725-2635-4725-8C53-686DFD1FEB8D}
http://www.kephyr.com/spywarescanner/library/zeropopupbar.zp/index.phtml

Zeropopupbar.zp 173.150.000 {72A58725-2635-4725-8C53-686DFD1FEB8D}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{72A58725-2635-4725-8C53-686DFD1FEB8D}
http://www.kephyr.com/spywarescanner/library/zeropopupbar.zp/index.phtml

Zeropopupbar.zp 173.150.001 %SystemDir%\zp.dll
C:\WINNT\system32\\zp.dll
http://www.kephyr.com/spywarescanner/library/zeropopupbar.zp/index.phtml

****************************************
Auto start entries:
C:\Program\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
C:\Program\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe

Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Run entries:
Synchronization Manager mobsync.exe /logon
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Synchronization Manager

bxxs5 RunDLL32.EXE C:\WINNT\bxxs5.dll,DllRun
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\bxxs5

PestPatrol Control Center C:\Program\PestPatrol\PPControl.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PestPatrol Control Center

WhenUSearch "C:\Program\WhenUSearch\Search.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WhenUSearch

PPMemCheck C:\Program\PestPatrol\PPMemCheck.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PPMemCheck

CookiePatrol C:\Program\PestPatrol\CookiePatrol.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CookiePatrol

Blubster C:\Program\Blubster\Blubster.exe SILENT
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Blubster

SystemSearch regedit.exe -s C:\WINNT\spp.reg
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SystemSearch

mswspl
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\mswspl

RunDLL rundll32.exe "C:\WINNT\system32\bridge.dll",Load
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\RunDLL

WebRebates0 "C:\Program\Web_Rebates\WebRebates0.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WebRebates0

updater C:\Program\Common files\updater\wupdater.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\updater

AdRoarUpdate C:\WINNT\ARUpdate.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AdRoarUpdate

bpk C:\Program Files\BPK\bpk.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\bpk

Synchronization Agent "C:\Program\Sync Manager Demo\agent\syncagent.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Synchronization Agent

fsserv "C:\Program\Farsighter Server\.\system\fserv.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\fsserv

Session Client C:\Program\session client\system\sescli.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Session Client

internat.exe internat.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\internat.exe

Yahoo! Pager C:\Program\Yahoo!\Messenger\ypager.exe -quiet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Yahoo! Pager

Weather C:\Program\AWS\WeatherBug\Weather.EXE 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Weather


Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Browser helper objects:

{000006B1-19B5-414A-849F-2A3C64AE6939} not set C:\WINNT\bi.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000006B1-19B5-414A-849F-2A3C64AE6939}

{00000EF1-0786-4633-87C6-1AA7A44296DA} not set C:\WINNT\system32\ATPART~1.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000EF1-0786-4633-87C6-1AA7A44296DA}

{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} not set C:\WINNT\bxxs5.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}

{04079851-5845-4dea-848C-3ECD647AA554} MyWay Search Assistant BHO C:\Program\MyWay\SrchAstt\2.bin\MYSRCHAS.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04079851-5845-4dea-848C-3ECD647AA554}

{1E1B2879-88FF-11D3-8D96-D7ACAC95951A} PK IE Plugin C:\PROGRA~1\BPK\bpkwb.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}

{59EAA50F-8F82-4998-BC9E-0FFB2283C795} not set c:\PROGRA~1\System\Misc\bh22.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59EAA50F-8F82-4998-BC9E-0FFB2283C795}

{5D60FF48-95BE-4956-B4C6-6BB168A70310} not set C:\Program\INCRED~1\BHO\INCFIN~1.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D60FF48-95BE-4956-B4C6-6BB168A70310}

{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} not set C:\WINNT\system32\WinNB51.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}

{9C691A33-7DDA-4C2F-BE4C-C176083F35CF} not set C:\WINNT\system32\bridge.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF}

{AA58ED58-01DD-4d91-8333-CF10577473F7} not set c:\program\google\googletoolbar1.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}

{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} not set C:\WINNT\AdRoar.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8}

{c900b400-cdfe-11d3-976a-00e02913a9e0} not set C:\Program Files\webHancer\programs\whiehlpr.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}

{EFD84954-6B46-42f4-81F3-94CE9A77052D} not set C:\WINNT\lbbho.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFD84954-6B46-42f4-81F3-94CE9A77052D}


****************************************
Toolbars:

{8E718888-423F-11D2-876E-00A0C9082467} C:\WINNT\system32\msdxm.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E718888-423F-11D2-876E-00A0C9082467}

{4E7BD74F-2B8D-469E-A08E-8E1CA787AD2D} C:\Program\PowerSearch\Toolbar\pwrs0102.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{4E7BD74F-2B8D-469E-A08E-8E1CA787AD2D}

{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} C:\WINNT\AdRoar.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8}

{4E7BD74F-2B8D-469E-D6F5-F66EA787AD2D} C:\Program\PowerSearch\Toolbar\pwrsbikd.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{4E7BD74F-2B8D-469E-D6F5-F66EA787AD2D}

{72A58725-2635-4725-8C53-686DFD1FEB8D} C:\WINNT\system32\zp.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{72A58725-2635-4725-8C53-686DFD1FEB8D}

{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} C:\WINNT\system32\WinNB51.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}

{2318C2B1-4965-11d4-9B18-009027A5CD4F} c:\program\google\googletoolbar1.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F}

{DB43E4E6-FF8A-4018-8C8E-F68587A44A73} C:\PROGRAM\POPUPCOP\PopUpCop.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{DB43E4E6-FF8A-4018-8C8E-F68587A44A73}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINNT\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\InprocServer32

System error message: Det går inte att hitta filen.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINNT\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINNT\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\InprocServer32

System error message: Det går inte att hitta filen.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{224530A0-C9CB-4AEE-9C0F-54AC1B533211} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{224530A0-C9CB-4AEE-9C0F-54AC1B533211}\InprocServer32

System error message: Det går inte att hitta filen.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{224530A0-C9CB-4AEE-9C0F-54AC1B533211}

{4E7BD74F-2B8D-469E-A08E-8E1CA787AD2D} C:\Program\PowerSearch\Toolbar\pwrs0102.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4E7BD74F-2B8D-469E-A08E-8E1CA787AD2D}

{4E7BD74F-2B8D-469E-D6F5-F66EA787AD2D} C:\Program\PowerSearch\Toolbar\pwrsbikd.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4E7BD74F-2B8D-469E-D6F5-F66EA787AD2D}

{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} C:\WINNT\system32\WinNB51.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}

{2318C2B1-4965-11D4-9B18-009027A5CD4F} c:\program\google\googletoolbar1.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

{72A58725-2635-4725-8C53-686DFD1FEB8D} C:\WINNT\system32\zp.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{72A58725-2635-4725-8C53-686DFD1FEB8D}

{4528BBE0-4E08-11D5-AD55-00010333D0AD} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\InprocServer32

System error message: Det går inte att hitta filen.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}

{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINNT\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

{0494D0DE-F8E0-41AD-92A3-14154ECE70AC} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32

System error message: Det går inte att hitta filen.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}

{32683183-48a0-441b-a342-7c2a440a9478} C:\WINNT\System32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

{4528BBE0-4E08-11D5-AD55-00010333D0AD} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\InprocServer32

System error message: Det går inte att hitta filen.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}

{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} C:\WINNT\system32\shell32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}

{EFA24E62-B078-11D0-89E4-00C04FC9E26E} C:\WINNT\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}

{EFA24E64-B078-11D0-89E4-00C04FC9E26E} C:\WINNT\System32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}


****************************************
All processes:

[System Process]
System
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
spoolsv.exe
svchost.exe
regsvc.exe
MSTask.exe
vsmon.exe
WinMgmt.exe
Explorer.EXE
internat.exe
zonealarm.exe
svchost.exe
taskmgr.exe
bpk.exe
syncagent.exe
ntvdm.exe
sescli.exe
fserv.exe
spywarescanner.

Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php

****************************************
Internet Explorer Settings:

Default_Page_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Default_Search_URL http://www.searchxl.com/ie/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Local Page C:\WINNT\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

Search Bar http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page http://www.searchxl.com/ie/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

SearchAssistant http://www.searchxl.com/ie/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\

provider yaho
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider

Default_Search_URL http://www.searchxl.com/ie/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Local Page C:\WINNT\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

Search Bar http://www.searchxl.com/ie/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar

Search Page http://www.searchxl.com/ie/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

SearchURL http://www.searchxl.com/ie/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchURL

Use Search Asst no
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst

SearchAssistant http://www.searchxl.com/ie/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant


****************************************