**************************************** Bazooka Scanner v1.13.03 http://www.kephyr.com/spywarescanner/ http://www.kephyr.com/spywarescanner/library/ support@kephyr.com Log created 10:31:53. OS: Windows NT 5.1 Database version: 3.010000 Database format version: 1.020000 Database date: 20050613 Current date: 2005-06-13 10:31 **************************************** Result when scanning: 180 Search Assistant 345.376.001 %ProgramsDir%\180searchassistant\ C:\Program\180searchassistant\ http://www.kephyr.com/spywarescanner/library/180searchassistant/index.phtml Aurora 645.353.000 %WinDir%\nail.exe C:\WINDOWS\nail.exe http://www.kephyr.com/spywarescanner/library/aurora/index.phtml BullsEye 433.111.900 BullsEye Network HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BullsEye Network http://www.kephyr.com/spywarescanner/library/bullseye/index.phtml BullsEye 433.111.900 msxct HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\msxct http://www.kephyr.com/spywarescanner/library/bullseye/index.phtml BullsEye 433.111.901 %ProgramsDir%\BullsEye Network\ C:\Program\BullsEye Network\ http://www.kephyr.com/spywarescanner/library/bullseye/index.phtml CoolWebSearch.xpsystem 468.000.002 {5321E378-FFAD-4999-8C62-03CA8155F0B3} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321E378-FFAD-4999-8C62-03CA8155F0B3} http://www.kephyr.com/spywarescanner/library/coolwebsearch.xpsystem/index.phtml Internet Optimizer 123.000.000 nem220.dll http://www.kephyr.com/spywarescanner/library/internetoptimizer/index.phtml Internet Optimizer 123.000.002 Internet Optimizer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Internet Optimizer http://www.kephyr.com/spywarescanner/library/internetoptimizer/index.phtml Unknown.startup.99 423.562.099 ControlPanel HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ControlPanel http://www.kephyr.com/spywarescanner/library/unknown.startup.99/index.phtml **************************************** Auto start entries: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\desktop.ini C:\Documents and Settings\All Users\Start-meny\Program\Autostart\desktop.ini C:\Documents and Settings\Roger\Start-meny\Program\Autostart\desktop.ini C:\Documents and Settings\Roger\Start-meny\Program\Autostart\desktop.ini Go here to analyse the startup entries and the associated files: http://www.kephyr.com/filedb/index.php **************************************** Run entries: xp_system C:\WINDOWS\inet20057\winlogon.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\xp_system Microsoft standard protector C:\WINDOWS\winsocks5.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft standard protector ControlPanel C:\WINDOWS\System32\popcorn64.exe rundll.dll,LoadMouseProfile HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ControlPanel Internet Optimizer "C:\Documents and Settings\Roger\Internet Optimizer\optimize.exe" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Internet Optimizer ysypuuf c:\windows\system32\ngirgk.exe r HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ysypuuf BullsEye Network C:\Program\BullsEye Network\bin\bargains.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BullsEye Network msxct msxct.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\msxct sac c:\program\180searchassistant\sac.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\sac WeirdOnTheWeb "C:\Program\WeirdOnTheWeb\WeirdOnTheWeb.exe" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WeirdOnTheWeb s2hcq4m0 C:\WINDOWS\System32\s2hcq4m0.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\s2hcq4m0 PSGuard C:\Program\PSGuard\PSGuard.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PSGuard gcasServ "C:\Program\Microsoft AntiSpyware\gcasServ.exe" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\gcasServ xp_system C:\WINDOWS\inet20057\winlogon.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\xp_system Go here to analyse the run entries and the associated files: http://www.kephyr.com/filedb/index.php **************************************** Browser helper objects: {00000010-6F7D-442C-93E3-4A4827C2E4C8} not set C:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} {5321E378-FFAD-4999-8C62-03CA8155F0B3} C:\WINDOWS\inet20057\3.00.05.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321E378-FFAD-4999-8C62-03CA8155F0B3} {C477E83C-29E1-62B4-A85A-6012E01E0778} not set C:\Program\UPD\lnkdfvtlwi.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C477E83C-29E1-62B4-A85A-6012E01E0778} {F4E04583-354E-4076-BE7D-ED6A80FD66DA} C:\WINDOWS\System32\msbe.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} **************************************** Toolbars: {8E718888-423F-11D2-876E-00A0C9082467} C:\WINDOWS\System32\msdxm.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E718888-423F-11D2-876E-00A0C9082467} {44BE0690-5429-47f0-85BB-3FFD8020233E} C:\Program\TheSearchAccelerator\UCMTSAIE.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{44BE0690-5429-47f0-85BB-3FFD8020233E} {01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383} {01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383} {0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383} {44BE0690-5429-47F0-85BB-3FFD8020233E} C:\Program\TheSearchAccelerator\UCMTSAIE.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{44BE0690-5429-47F0-85BB-3FFD8020233E} {4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} {32683183-48a0-441b-a342-7c2a440a9478} C:\WINDOWS\System32\browseui.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} {EFA24E64-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} **************************************** All processes: [System Process] System smss.exe csrss.exe winlogon.exe services.exe lsass.exe svchost.exe svchost.exe svchost.exe svchost.exe spoolsv.exe taskmgr.exe HijackThis.exe xxxxx.exe winlogon.exe mm.exe intronsad.exe winsocks5.exe i8.tmp SskUpdater3.exe optimize.exe ngirgk.exe 180sainstaller.exe sac.exe bargains.exe msxct.exe weirdontheweb.exe s2hcq4m0.exe l5fhmk2h.exe dwwin.exe rundll32.exe dwwin.exe IEXPLORE.EXE dwwin.exe dwwin.exe dwwin.exe dwwin.exe dwwin.exe dwwin.exe gcasDtServ.exe dwwin.exe dwwin.exe dwwin.exe dwwin.exe explorer.exe dwwin.exe spywarescanner.exe Go here to analyse the running processes: http://www.kephyr.com/filedb/index.php **************************************** Internet Explorer Settings: Default_Page_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL Local Page C:\WINDOWS\system32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page Start Page http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch http:// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\ www http:// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www provider HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider Local Page C:\WINDOWS\System32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page Start Page C:\WINDOWS\System32\msblank.html HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page ****************************************