**************************************** Bazooka Scanner v1.13.03 http://www.kephyr.com/spywarescanner/ http://www.kephyr.com/spywarescanner/library/ support@kephyr.com Log created 10:02:08. OS: Windows NT 5.1 Database version: 3.010000 Database format version: 1.020000 Database date: 20050613 Current date: 2005-06-13 10:02 **************************************** Result when scanning: CoolWebSearch.winres 232.222.000 {2D38A51A-23C9-48a1-A33C-48675AA2B494} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D38A51A-23C9-48a1-A33C-48675AA2B494} http://www.kephyr.com/spywarescanner/library/coolwebsearch.winres/index.phtml CoolWebSearch.winres 232.222.001 %WinDir%\winres.dll C:\WINDOWS\winres.dll http://www.kephyr.com/spywarescanner/library/coolwebsearch.winres/index.phtml CoolWebSearch.toolband 978.507.000 {30192F8D-0958-44E6-B54D-331FD39AC959} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30192F8D-0958-44E6-B54D-331FD39AC959} http://www.kephyr.com/spywarescanner/library/coolwebsearch.toolband/index.phtml CoolWebSearch.toolband 978.507.002 %WinDir%\webdlg32.dll C:\WINDOWS\webdlg32.dll http://www.kephyr.com/spywarescanner/library/coolwebsearch.toolband/index.phtml Unknown.startup.999 423.562.999 combo.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\combo.exe http://www.kephyr.com/spywarescanner/library/unknown.startup.999/index.phtml Unknown.startup.999 423.562.999 combop.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\combop.exe http://www.kephyr.com/spywarescanner/library/unknown.startup.999/index.phtml **************************************** Auto start entries: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\desktop.ini C:\Documents and Settings\All Users\Start-meny\Program\Autostart\desktop.ini C:\Documents and Settings\Roger\Start-meny\Program\Autostart\desktop.ini C:\Documents and Settings\Roger\Start-meny\Program\Autostart\desktop.ini Go here to analyse the startup entries and the associated files: http://www.kephyr.com/filedb/index.php **************************************** Run entries: jwrq C:\WINDOWS\System32\yris\jwrq.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\jwrq combo.exe combo.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\combo.exe combop.exe combop.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\combop.exe checkrun c:\windows\system32\eliteyel32.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\checkrun xesdowo C:\WINDOWS\System32\nhvk\xesdowo.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\xesdowo povwma C:\WINDOWS\System32\xgvddwno\povwma.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\povwma vhtkgc C:\WINDOWS\System32\cqrro\vhtkgc.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\vhtkgc Go here to analyse the run entries and the associated files: http://www.kephyr.com/filedb/index.php **************************************** Browser helper objects: {031B6D43-CBC4-46A5-8E46-CF8B407C1A33} not set C:\WINDOWS\DOWNLO~1\ipreg32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{031B6D43-CBC4-46A5-8E46-CF8B407C1A33} {2D38A51A-23C9-48a1-A33C-48675AA2B494} Windows Resources C:\WINDOWS\winres.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D38A51A-23C9-48a1-A33C-48675AA2B494} {30192F8D-0958-44E6-B54D-331FD39AC959} not set C:\WINDOWS\system32\webdlg32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30192F8D-0958-44E6-B54D-331FD39AC959} {A9AEE0DD-89E1-40EE-8749-A18650CC2175} not set C:\WINDOWS\winsx.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A9AEE0DD-89E1-40EE-8749-A18650CC2175} **************************************** Toolbars: {8E718888-423F-11D2-876E-00A0C9082467} C:\WINDOWS\System32\msdxm.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E718888-423F-11D2-876E-00A0C9082467} {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} C:\WINDOWS\system32\webdlg32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} {01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383} {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} C:\WINDOWS\system32\webdlg32.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} {01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383} {0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383} {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} C:\WINDOWS\system32\webdlg32.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} {4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} {32683183-48a0-441b-a342-7c2a440a9478} C:\WINDOWS\System32\browseui.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} {EFA24E64-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} **************************************** All processes: [System Process] System smss.exe csrss.exe winlogon.exe services.exe lsass.exe svchost.exe svchost.exe svchost.exe svchost.exe spoolsv.exe explorer.exe taskmgr.exe jwrq.exe down0.exe down2.exe xesdowo.exe down0.exe down2.exe povwma.exe vhtkgc.exe emgh.exe counterspy_download.exe msiexec.exe msiexec.exe msiexec.exe spywarescanner.exe spywarescanner.exe Go here to analyse the running processes: http://www.kephyr.com/filedb/index.php **************************************** Internet Explorer Settings: Default_Page_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL Default_Search_URL about:blank HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL Local Page about:blank HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page Search Bar http://www.2020search.com/search/9884/search.html HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar Search Page about:blank HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page SearchURL about:blank HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchURL Start Page about:blank HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page Use Search Asst no HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Use Search Asst SearchAssistant http://www.2020search.com/search/9884/search.html HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch http:// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\ www http:// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www provider HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider Default_Search_URL about:blank HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL Local Page about:blank HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page Search Bar http://www.2020search.com/search/9884/search.html HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar Search Page about:blank HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page SearchURL about:blank HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchURL Start Page http://www.web--search.com HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page Use Search Asst no HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst SearchAssistant http://www.2020search.com/search/9884/search.html HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant ****************************************