**************************************** Bazooka Scanner v1.13.02 http://www.kephyr.com/spywarescanner/ http://www.kephyr.com/spywarescanner/library/ support@kephyr.com Log created 14:54:28. OS: Windows NT 5.1 Database version: 3.000000 Database format version: 1.020000 Database date: 20050610 Current date: 2005-06-10 14:54 **************************************** Result when scanning: BullsEye 433.111.900 BullsEye Network HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BullsEye Network http://www.kephyr.com/spywarescanner/library/bullseye/index.phtml BullsEye 433.111.900 msxct HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\msxct http://www.kephyr.com/spywarescanner/library/bullseye/index.phtml BullsEye 433.111.901 %ProgramsDir%\BullsEye Network\ D:\Program\BullsEye Network\ http://www.kephyr.com/spywarescanner/library/bullseye/index.phtml Internet Optimizer 123.000.000 nem220.dll http://www.kephyr.com/spywarescanner/library/internetoptimizer/index.phtml Internet Optimizer 123.000.002 Internet Optimizer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Internet Optimizer http://www.kephyr.com/spywarescanner/library/internetoptimizer/index.phtml Media-Motor 523.233.401 %WinDir%\unstall.exe D:\WINDOWS\unstall.exe http://www.kephyr.com/spywarescanner/library/media-motor/index.phtml Unknown.startup.99 423.562.099 ControlPanel HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ControlPanel http://www.kephyr.com/spywarescanner/library/unknown.startup.99/index.phtml WebSiteViewer 523.8556.000 %ProgramsDir%\WebSiteViewer\ D:\Program\WebSiteViewer\ http://www.kephyr.com/spywarescanner/library/websiteviewer/index.phtml **************************************** Auto start entries: D:\Documents and Settings\All Users\Start-meny\Program\Autostart\desktop.ini D:\Documents and Settings\All Users\Start-meny\Program\Autostart\desktop.ini D:\Documents and Settings\radmin\Start-meny\Program\Autostart\desktop.ini Go here to analyse the startup entries and the associated files: http://www.kephyr.com/filedb/index.php **************************************** Run entries: Zone Labs Client "D:\Program\Zone Labs\ZoneAlarm\zlclient.exe" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Zone Labs Client wininet D:\WINDOWS\System32\wininet.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\wininet ControlPanel D:\WINDOWS\System32\popcorn64.exe rundll.dll,LoadMouseProfile HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ControlPanel Internet Optimizer "D:\Program Files\Internet Optimizer\optimize.exe" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Internet Optimizer WeirdOnTheWeb "D:\Program\WeirdOnTheWeb\WeirdOnTheWeb.exe" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WeirdOnTheWeb BullsEye Network D:\Program\BullsEye Network\bin\bargains.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BullsEye Network msxct msxct.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\msxct 0pfq9qor D:\WINDOWS\System32\0pfq9qor.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\0pfq9qor PSGuard D:\Program\PSGuard\PSGuard.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PSGuard MicrosoftAntiSpywareCleaner HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\MicrosoftAntiSpywareCleaner Ucwd D:\Program\ptwh\lruc.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Ucwd Eyvibof D:\WINDOWS\System32\??mbols\arpa.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Eyvibof Go here to analyse the run entries and the associated files: http://www.kephyr.com/filedb/index.php **************************************** Browser helper objects: {00000010-6F7D-442C-93E3-4A4827C2E4C8} not set D:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} {0E008A64-CDEF-1C24-9396-26EAE89F773C} not set D:\WINDOWS\System32\drvi\naumakpjhv.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E008A64-CDEF-1C24-9396-26EAE89F773C} {A0269420-A638-4509-889C-8FC3CC85DA7E} not set D:\WINDOWS\drexinit.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A0269420-A638-4509-889C-8FC3CC85DA7E} {F4E04583-354E-4076-BE7D-ED6A80FD66DA} D:\WINDOWS\System32\msbe.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} **************************************** Toolbars: {44BE0690-5429-47f0-85BB-3FFD8020233E} D:\Program\TheSearchAccelerator\UCMTSAIE.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{44BE0690-5429-47f0-85BB-3FFD8020233E} {01E04581-4EEE-11D0-BFE9-00AA005B4383} D:\WINDOWS\System32\browseui.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383} {014DA6C9-189F-421A-88CD-07CFE51CFF10} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\InprocServer32 System error message: Det går inte att hitta filen. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{014DA6C9-189F-421A-88CD-07CFE51CFF10} {01E04581-4EEE-11D0-BFE9-00AA005B4383} D:\WINDOWS\System32\browseui.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383} {014DA6C9-189F-421A-88CD-07CFE51CFF10} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\InprocServer32 System error message: Det går inte att hitta filen. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{014DA6C9-189F-421A-88CD-07CFE51CFF10} {0E5CBF21-D15F-11D0-8301-00AA005B4383} D:\WINDOWS\system32\SHELL32.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383} {4D5C8C25-D075-11d0-B416-00C04FB90376} D:\WINDOWS\System32\shdocvw.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} D:\WINDOWS\system32\SHELL32.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} {EFA24E64-B078-11D0-89E4-00C04FC9E26E} D:\WINDOWS\System32\shdocvw.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} **************************************** All processes: [System Process] System smss.exe csrss.exe winlogon.exe services.exe lsass.exe svchost.exe svchost.exe svchost.exe svchost.exe spoolsv.exe cisvc.exe vsmon.exe rundll32.exe explorer.exe zlclient.exe cidaemon.exe svchost.exe taskmgr.exe xxxxx.exe intronsad.exe sssdfgbsdfghbnj.exe sssdfgbsdfghbnj.exe optimize.exe weirdontheweb.exe lruc.exe bargains.exe msxct.exe 0pfq9qor.exe arpa.exe sssdfgbsdfghbnj.exe ehfflhmd.exe spywarescanner.exe Go here to analyse the running processes: http://www.kephyr.com/filedb/index.php **************************************** Internet Explorer Settings: Default_Search_URL http://home.microsoft.com/search/search.asp HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL Local Page D:\WINDOWS\System32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page Start Page HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch http:// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\ www http:// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www provider HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider Local Page D:\WINDOWS\System32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page Search Bar http://home.microsoft.com/search/lobby/search.asp HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page Start Page D:\WINDOWS\System32\msblank.html HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page Use Search Asst yes HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst ****************************************