1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

need help with windows xp

Discussion in 'Windows XP' started by suzana, Feb 14, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. suzana

    suzana Thread Starter

    Joined:
    Feb 7, 2003
    Messages:
    106
    Looks I am having all this problem .My IE is so slow and sometime I can go for coffe and I can go noweare.Please Help.I am no pro.I do not know whot to do. After I come back from work I will ran the program and paste every think.Sometime I think That I have more then one IE,and Aol
    Suzana
     
  2. suzana

    suzana Thread Starter

    Joined:
    Feb 7, 2003
    Messages:
    106
    I anStartupList report, 2/14/2003, 6:43:31 AM
    StartupList version: 1.51
    Started from : C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for startuplist151.zip\StartupList.EXE
    Detected: Windows XP (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 (6.00.2600.0000)
    * Using default options
    ==================================================

    Running processes:

    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\SK9910DM.EXE
    C:\WINNT\GWMDMMSG.exe
    C:\WINNT\System32\CTHELPER.EXE
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\PhoneTools\CapFax.EXE
    C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE
    C:\Program Files\Xupiter\XupiterStartup.exe
    C:\SCANJET\PrecisionScanLT\hppwrsav.exe
    C:\Program Files\DownloadWare\dw.exe
    C:\Program Files\Kazaa\kazaa.exe
    C:\Program Files\Common Files\CMEII\CMESys.exe
    C:\Program Files\microsoft hardware\dnetc.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\Program Files\ATI Multimedia\main\ATISched.EXE
    C:\Program Files\America Online 7.0b\aoltray.exe
    C:\Program Files\Common Files\GMT\GMT.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\wanmpsvc.exe
    C:\WINNT\System32\MSCStat2.exe
    C:\Program Files\America Online 7.0b\waol.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Money\System\urlmap.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for startuplist151.zip\StartupList.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\Owner\Start Menu\Programs\Startup]
    PalNetaware.lnk = C:\Program Files\morpheus\PalTalk\pnetaware.exe

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0b\aoltray.exe
    GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINNT\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    Hot Key Kbd 9910 Daemon = SK9910DM.EXE
    NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    GWMDMMSG = GWMDMMSG.exe
    Keyboard Preload Check = C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
    GWMDMpi = C:\WINNT\GWMDMpi.exe
    WINDVDPatch = CTHELPER.EXE
    UpdReg = C:\WINNT\UpdReg.EXE
    Jet Detection = C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    AdaptecDirectCD = "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    Microsoft Works Portfolio = C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    Microsoft Works Update Detection = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    MoneyStartUp10.0 = "C:\Program Files\Microsoft Money\System\Activation.exe"
    WorksFUD = C:\Program Files\Microsoft Works\wkfud.exe
    NAV Agent = C:\PROGRA~1\NORTON~1\navapw32.exe
    CapFax = C:\Program Files\PhoneTools\CapFax.EXE
    LVCOMS = C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    EanthologyApp = C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE /b
    XupiterStartup = C:\Program Files\Xupiter\XupiterStartup.exe
    hppwrsav = C:\SCANJET\PrecisionScanLT\hppwrsav.exe
    PromulGate = "C:\Program Files\DelFin\PromulGate\PgMonitr.exe"
    MediaLoads Installer = "C:\Program Files\DownloadWare\dw.exe" /H
    KAZAA = C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
    RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    CMESys = "C:\Program Files\Common Files\CMEII\CMESys.exe"
    Sentry = C:\WINNT\Sentry.exe
    Windows Update Files = C:\Program Files\microsoft hardware\dnetc.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
    Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    WebCamRT.exe =
    ATI Scheduler = C:\Program Files\ATI Multimedia\main\ATISched.EXE
    ATI Launchpad = "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\WINNT\IPINSIGT.DLL - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9}
    (no name) - C:\WINNT\MSView.DLL - {00000580-C637-11D5-831C-00105AD6ACF0}
    (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\ycomp5_0_2_4.dll - {13F537F0-AF09-11d6-9029-0002B31F9E59}
    (no name) - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll - {6ACD11BD-4CA0-4283-A8D8-872B9BA289B6}
    MediaLoads Enhanced - C:\Program Files\MediaLoads Enhanced\ME1.DLL - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E}
    (no name) - C:\WINNT\system32\mbho.dll - {8E9C4F32-BD3F-4C49-9AF5-3F4C5D32EBD7}
    NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
    UCmore toolbar - C:\Program Files\UCmore\UCMIE.dll - {ED8DB0FD-D8F4-4b2c-BB5B-9EF040FE104D}
    (no name) - C:\Program Files\Microsoft Money\System\mnyviewer.dll - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Norton AntiVirus - Scan my computer.job
    Symantec NetDetect.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [YInstStarter Class]
    InProcServer32 = C:\WINNT\Downloaded Program Files\yinsthelper.dll
    CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab

    [Create and Print ActiveX Plug-in]
    InProcServer32 = C:\WINNT\System32\AxCtp.dll
    CODEBASE = http://www.egreetings.com/cnp/Install/AxCtp.cab

    [{69FD62B1-0216-4C31-8D55-840ED86B7C8F}]
    CODEBASE = http://installs.hotbar.com/installs/hotbar/programs/hotbar.cab

    [StartFirstControl.CheckFirst]
    InProcServer32 = C:\WINNT\Downloaded Program Files\StartFirstControl.ocx
    CODEBASE = hcp://system/StartFirstControl.CAB

    [YahooYMailTo Class]
    InProcServer32 = C:\WINNT\Downloaded Program Files\ymmapi.dll
    CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0410.dll

    [Shockwave Flash Object]
    InProcServer32 = C:\WINNT\System32\macromed\flash\Flash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    --------------------------------------------------
    End of report, 7,665 bytes
    Report generated in 0.281 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
    back.I run the startup this is the results
     
  3. gotmikey

    gotmikey

    Joined:
    Jan 9, 2003
    Messages:
    48
    http://www.dietk.com/ <<-- Website for Diet Kazaa, all the Kazaa w/o the junk :)
     
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Wow, you do have an incredible amount of spy and junkware there.

    Your first mission is to download, install, update and run Spybot following the directions in this link. Reboot afterwards and run it again.

    Then give us another post of your Startups and let's see what is left.

    http://tomcoyote.org/SPYBOT/

    Please, continue to post to this thread for this problem. Don't try to tag onto another as that often gets ignored.
     
  5. suzana

    suzana Thread Starter

    Joined:
    Feb 7, 2003
    Messages:
    106
    Now I have spybot I RUN IT, please I do not know what next,
    Wich I neAdvertising.com: Tracking cookie or cookie of tracking site (File)
    [email protected]rtising[1].txt

    Advertising.com: Tracking cookie or cookie of tracking site (File)
    [email protected][2].txt

    Alexa Related: What's related link (Replace file)
    related.htm

    Avenue A, Inc.: Tracking cookie or cookie of tracking site (File)
    [email protected][2].txt

    BDE Projector: Class (Registry key)
    HKEY_CLASSES_ROOT\BDESmartInstaller25.BDESmartInstaller25.1

    BDE Projector: Class (Registry key)
    HKEY_CLASSES_ROOT\BDESmartInstaller25.BDESmartInstaller25

    BDE Projector: Class (Registry key)
    HKEY_CLASSES_ROOT\BDEPLAYER.BDEPlayerCtrl.1

    BDE Projector: Class (Registry key)
    HKEY_CLASSES_ROOT\BDEPLAYER.BDEPlayerCtrl

    BDE Projector: Class ID (Registry key)
    HKEY_CLASSES_ROOT\CLSID\{3EEC42B5-FB94-40D3-A588-BB54B383A7CB}

    BDE Projector: Class ID (Registry key)
    HKEY_CLASSES_ROOT\CLSID\{51958169-D5E3-11D1-AA42-0000E842E40A}

    BDE Projector: Download library (File)
    bdedownloader.dll

    BDE Projector: Extension link (Registry key)
    HKEY_CLASSES_ROOT\b3dini_auto_file

    BDE Projector: Extension link (Registry key)
    HKEY_CLASSES_ROOT\s3d_auto_file

    BDE Projector: Extension link (Registry key)
    HKEY_CLASSES_ROOT\b3d_auto_file

    BDE Projector: File extension link (Registry key)
    HKEY_CLASSES_ROOT\.b3dini

    BDE Projector: File extension link (Registry key)
    HKEY_CLASSES_ROOT\.b3d

    BDE Projector: Global settings (Registry key)
    HKEY_LOCAL_MACHINE\SOFTWARE\Brilliant Digital Entertainment

    BDE Projector: Install library (File)
    bdeinsta25.dll

    BDE Projector: Interface( (IBDESmartInstaller)) (Registry key)
    HKEY_CLASSES_ROOT\Interface\{67925164-C4B6-11D2-B9C6-0000E84F59A6}

    BDE Projector: Library (File)
    bdeimage.dll

    BDE Projector: Library (File)
    bdeengine3.dll

    BDE Projector: Library (File)
    bdeplayer3.dll

    BDE Projector: Library (File)
    bderastmmx3.dll

    BDE Projector: Library (File)
    bdesac24.dll

    BDE Projector: Library (File)
    bdesac10.dll

    BDE Projector: Library (File)
    bderastdx3.dll

    BDE Projector: Library (File)
    bdefdi.dll

    BDE Projector: Library (File)
    bdedata2.dll

    BDE Projector: Library (File)
    bde3dref3p4.dll

    BDE Projector: Loader library (File)
    bdeload.dll

    BDE Projector: Program directory (Directory)
    C:\WINNT\BDE

    BDE Projector: Program directory (Directory)
    C:\WINNT\BDE\

    BDE Projector: Temporary directory (Directory)
    C:\WINNT\Temp\Brilliant

    BDE Projector: Typelib( (BDEInstallerComponent 1.0 Type Library)) (Registry key)
    HKEY_CLASSES_ROOT\Typelib\{82FC7881-AACC-11D2-B9C6-0000E842E40A}

    BDE Projector: Typelib (Registry key)
    HKEY_CLASSES_ROOT\Typelib\{51958166-D5E3-11D1-AA42-0000E842E40A}

    BDE Projector: Uninstall settings (Registry key)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bdeplayer

    BDE Projector: User settings (Registry key)
    HKEY_CURRENT_USER\SOFTWARE\Brilliant Digital Entertainment

    Commission Junction: Tracking cookie or cookie of tracking site (File)
    [email protected]www.qksrv[1].txt

    CommonName: Temporary directory (Directory)
    C:\WINNT\Temp\Adware

    Cydoor: Cache for ads (Directory)
    C:\WINNT\System32\AdCache

    Cydoor: Global settings (Registry key)
    HKEY_LOCAL_MACHINE\Software\Cydoor

    Cydoor: Internet connection library (File)
    cd_htm.dll

    Cydoor: Internet library (Replace file)
    cd_clint.dll

    Cydoor: Service settings for current user (Registry key)
    HKEY_CURRENT_USER\Software\Cydoor services

    Cydoor: Settings for current user (Registry key)
    HKEY_CURRENT_USER\Software\Cydoor

    DoubleClick: Tracking cookie or cookie of tracking site (File)
    [email protected][2].txt

    DownloadWare: Autorun settings (Registry value)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MediaLoads Installer

    DownloadWare: Program directory (Directory)
    C:\Program Files\DownloadWare

    DownloadWare: User settings (Registry key)
    HKEY_CURRENT_USER\Software\Updater

    DownloadWare: User settings (Registry key)
    HKEY_CURRENT_USER\Software\WebInstall

    DownloadWare: User settings (Registry key)
    HKEY_CURRENT_USER\Software\DownloadWare

    eAcceleration: (Registry key)
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{6ACD11BD-4CA0-4283-A8D8-872B9BA289B6}

    eAcceleration: (Registry key)
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{2F099F5D-7003-4441-82C2-707C7C273FEB}

    eAcceleration: Autorun settings (Registry value)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EanthologyApp

    eAcceleration: Class (Registry key)
    HKEY_CLASSES_ROOT\Webcelerator.WebcBrowserHelper

    eAcceleration: Class ID (Registry key)
    HKEY_CLASSES_ROOT\CLSID\{F63C5B10-B709-4DF5-BA27-B90102AD313B}

    eAcceleration: Class ID (Registry key)
    HKEY_CLASSES_ROOT\CLSID\{6ACD11BD-4CA0-4283-A8D8-872B9BA289B6}

    eAcceleration: Common files (Directory)
    C:\Program Files\Common Files\eAcceleration

    eAcceleration: Global settings (Registry key)
    HKEY_LOCAL_MACHINE\Software\Acceleration Software International Corporation

    eAcceleration: Interface (Registry key)
    HKEY_CLASSES_ROOT\Interface\{E6A8EE26-1FAD-431C-99D6-8DBA1E25CD72}

    eAcceleration: Interface (Registry key)
    HKEY_CLASSES_ROOT\Interface\{D951B1F4-7399-426A-A925-D2C41FCF2002}

    eAcceleration: Program directory (Directory)
    C:\Program Files\Acceleration Software

    eAcceleration: Type library (Registry key)
    HKEY_CLASSES_ROOT\TypeLib\{3E072AB7-3CDA-4536-8AFD-56B0FE6846B4}

    eAcceleration: Uninstall settings (Registry key)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StopSignEac

    eAcceleration: User settings (Registry key)
    HKEY_CURRENT_USER\Software\Acceleration Software International Corporation

    eAcceleration: Version setting (Registry key)
    HKEY_CLASSES_ROOT\Defender.ScanGUi

    eAcceleration: Version setting (Registry key)
    HKEY_CLASSES_ROOT\Defender.ScanCore

    eZula HotText: Typelib( (AolHook 1.0 Type Library)) (Registry key)
    HKEY_CLASSES_ROOT\Typelib\{DC79C5BB-FF78-4A45-B12E-0D53889CE824}

    Gator: Autorun settings (Registry value)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CMESys

    Gator: Autostart item (File)
    GStartup.lnk

    Gator: Global settings (Registry key)
    HKEY_LOCAL_MACHINE\Software\GatorTest

    Gator: Global settings (Registry key)
    HKEY_LOCAL_MACHINE\Software\Gator.com

    Gator: GMT directory (Directory)
    C:\Program Files\Common Files\GMT

    Gator: Hidden identity (Registry key)
    HKEY_CLASSES_ROOT\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}

    Gator: Log (File)
    GatorPdpSetup.log

    Gator: Program directory (Directory)
    C:\Program Files\Gator.com

    Gator: Program directory (Directory)
    C:\Program Files\Common Files\CMEII

    Gator: Program group (Directory)
    C:\Documents and Settings\All Users\Start Menu\Programs\GAIN

    Hacker.ag: Log file (File)
    coder.log

    Hacker.ag: Settings (File)
    coder.ini

    Hotbar: Code storage database (Registry key)
    HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{69FD62B1-0216-4C31-8D55-840ED86B7C8F}

    Internet Explorer: Data source object exploit (Registry change)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\01004=W=3

    IPinsight: Autorun settings (Registry value)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sentry

    IPinsight: Browser helper object (Registry key)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000004CC-E4FF-4F2C-BC30-DBEF0B983BC9}

    IPinsight: Class (Registry key)
    HKEY_CLASSES_ROOT\IPInsigt.IPInsigtObj.1

    IPinsight: Class (Registry key)
    HKEY_CLASSES_ROOT\Mbho.IEHlprObj.1

    IPinsight: Class (Registry key)
    HKEY_CLASSES_ROOT\Mbho.IEHlprObj

    IPinsight: Class ID (Registry key)
    HKEY_CLASSES_ROOT\CLSID\{000004CC-E4FF-4F2C-BC30-DBEF0B983BC9}

    IPinsight: Class ID (Registry key)
    HKEY_CLASSES_ROOT\CLSID\{8E9C4F32-BD3F-4C49-9AF5-3F4C5D32EBD7}

    IPinsight: Executable (File)
    IPINSIGT.DLL

    IPinsight: Executable (File)
    Sentry.exe

    IPinsight: Global settings (Registry key)
    HKEY_LOCAL_MACHINE\Software\IPInsight

    IPinsight: Installer (File)
    IPINSIGT.inf

    IPinsight: Interface (Registry key)
    HKEY_CLASSES_ROOT\Interface\{297AFC77-2039-4D3C-BEF9-598819EB2C8A}

    IPinsight: Interface (Registry key)
    HKEY_CLASSES_ROOT\Interface\{3CB6DEF9-1DB2-4B5D-9A70-9BF8345ED73C}

    IPinsight: Log (File)
    INSTALL.LOG

    IPinsight: Type library (Registry key)
    HKEY_CLASSES_ROOT\Typelib\{BE35582C-9796-4CF1-AED9-556ADA120B38}

    IPinsight: Typelib (Registry key)
    HKEY_CLASSES_ROOT\Typelib\{11CC62B9-65F8-4A8B-B33F-5DE4E838442D}

    IPinsight: Typelib (Registry key)
    HKEY_CLASSES_ROOT\Typelib\{4769DD43-4045-405C-945F-752516445E89}

    IPinsight: Uninstall settings (Registry key)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IPinsight

    IPinsight: Uninstaller (File)
    UNWISE.INI

    IPinsight: Uninstaller (File)
    UNWISE.EXE

    MediaPlex: Tracking cookie or cookie of tracking site (File)
    [email protected][2].txt

    MiniBug: User ad settings (Registry key)
    HKEY_CURRENT_USER\Software\AWS\MiniBug

    MS Media Player: Client ID (Registry change)
    HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Settings\Client ID=

    MS Works: Autorun settings (Registry value)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Works Update Detection

    MS Works: Program file (File)
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

    Network Essentials: User settings (Registry key)
    HKEY_CURRENT_USER\Software\Hopper

    New.net: Uninstaller (File)
    NDNuninstall4_50.exe

    PromulGate: Autorun settings (Registry value)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PromulGate

    PromulGate: Program directory (Directory)
    C:\Program Files\DelFin\PromulGate

    SaveNow: Global settings (Registry key)
    HKEY_LOCAL_MACHINE\SOFTWARE\whenu

    SaveNow: Settings (Registry key)
    HKEY_CLASSES_ROOT\wusn.1

    UCmore: Browser helper object (Registry key)
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{ED8DB0FD-D8F4-4b2c-BB5B-9EF040FE104D}

    UCmore: Class ID( (UCmore Toolbar)) (Registry key)
    HKEY_CLASSES_ROOT\CLSID\{ED8DB0FD-D8F4-4B2C-BB5B-9EF040FE104D}

    UCmore: Class ID( (UCmore Toolbar)) (Registry key)
    HKEY_CLASSES_ROOT\CLSID\{53CBEE82-D747-11D3-9ED0-005004189684}

    UCmore: Global settings (Registry value)
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ucid

    UCmore: Global settings (Registry key)
    HKEY_LOCAL_MACHINE\Software\UCmore

    UCmore: IE toolbar (Registry value)
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{53CBEE82-D747-11d3-9ED0-005004189684}

    UCmore: Program directory (Directory)
    C:\Program Files\UCmore

    UCmore: Uninstall settings (Registry key)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore

    Unknown: Class ID (Registry key)
    HKEY_CLASSES_ROOT\CLSID\{85A702BA-EA8F-4B83-AA07-07A5186ACD7E}

    VX2/f: Browser helper object (Registry key)
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{00000580-C637-11D5-831C-00105AD6ACF0}

    VX2/f: Class (Registry key)
    HKEY_CLASSES_ROOT\MSView.MSViewObj.1

    VX2/f: Class (Registry key)
    HKEY_CLASSES_ROOT\VX2.VX2Obj

    VX2/f: Class ID (Registry key)
    HKEY_CLASSES_ROOT\CLSID\{00000580-C637-11D5-831C-00105AD6ACF0}

    VX2/f: Global settings (Registry key)
    HKEY_LOCAL_MACHINE\Software\MSView

    VX2/f: Interface (Registry key)
    HKEY_CLASSES_ROOT\Interface\{4534CD6B-59D6-43FD-864B-06A0D843444A}

    VX2/f: Library (File)
    MSView.DLL

    VX2/f: Type library (Registry key)
    HKEY_CLASSES_ROOT\TypeLib\{690BCCB4-6B83-4203-AE77-038C116594EC}

    WurldMedia: Browser helper object (Registry key)
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{8E9C4F32-BD3F-4C49-9AF5-3F4C5D32EBD7}

    WurldMedia: Global settings (Registry key)
    HKEY_LOCAL_MACHINE\Software\mscrp

    WurldMedia: Library (File)
    mbho.dll

    WurldMedia: Target list (File)
    msc021003.de

    WurldMedia: Uninstall settings (Registry key)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WURLD Shopping Community

    Xupiter: Autorun settings (Registry value)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XupiterStartup

    Xupiter: IE Search bar (Registry change)
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar=about:blank

    Xupiter: Program directory (Directory)
    C:\Program Files\Xupiter

    Xupiter: Program file (File)
    C:\Program Files\Xupiter\XupiterStartup.exe

    Xupiter: Temporary file (File)
    XupiterToolbarInstaller.exe

    Xupiter: User settings (Registry key)
    HKEY_CURRENT_USER\Software\Xupiter

    Adobe Acrobat Reader 5: Recent file #1 (Registry key)
    HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\5.0\AVGeneral\cRecentFiles\c1

    Common Dialogs: History( (89 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

    Internet Explorer: AutoComplete data( (24 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\SPW

    Internet Explorer: Cookies( (27 cookies)) (Directory)
    C:\Documents and Settings\Owner\Cookies

    Internet Explorer: Download directory (Registry change)
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download Directory=

    Internet Explorer: Temporary internet files( (2254 entries)) (Empty cache)

    Internet Explorer: URL history #1( (4 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs

    Internet Explorer: User agent (Registry change)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent=Mozilla/4.0 (compatible; MSIE; Win32)

    Log: Activity: imsins.log (Backup file)
    C:\WINNT\imsins.log

    Log: Activity: ntbtlog.txt (Backup file)
    C:\WINNT\ntbtlog.txt

    Log: Activity: OEWABLog.txt (Backup file)
    C:\WINNT\OEWABLog.txt

    Log: Activity: SchedLgU.Txt (Backup file)
    C:\WINNT\SchedLgU.Txt

    Log: Install: comsetup.log (Backup file)
    C:\WINNT\comsetup.log

    Log: Install: Directx.log (Backup file)
    C:\WINNT\Directx.log

    Log: Install: DtcInstall.log (Backup file)
    C:\WINNT\DtcInstall.log

    Log: Install: ocgen.log (Backup file)
    C:\WINNT\ocgen.log

    Log: Install: setupact.log (Backup file)
    C:\WINNT\setupact.log

    Log: Install: setupapi.log (Backup file)
    C:\WINNT\setupapi.log

    Log: Install: setuperr.log (Backup file)
    C:\WINNT\setuperr.log

    Log: Install: setuplog.txt (Backup file)
    C:\WINNT\setuplog.txt

    Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file)
    C:\WINNT\System32\wbem\logs\mofcomp.log

    Log: Shutdown: System32\wbem\logs\setup.log (Backup file)
    C:\WINNT\System32\wbem\logs\setup.log

    Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file)
    C:\WINNT\System32\wbem\logs\wbemcore.log

    Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file)
    C:\WINNT\System32\wbem\logs\wbemess.lo_

    Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file)
    C:\WINNT\System32\wbem\logs\wbemess.log

    Log: Shutdown: System32\wbem\logs\wbemsnmp.log (Backup file)
    C:\WINNT\System32\wbem\logs\wbemsnmp.log

    Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file)
    C:\WINNT\System32\wbem\logs\winmgmt.log

    Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file)
    C:\WINNT\System32\wbem\logs\wmiadap.log

    Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file)
    C:\WINNT\System32\wbem\logs\wmiprov.log

    MS Direct3D: Most recent application (Registry change)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name=

    MS DirectDraw: Most recent application (Registry change)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name=

    MS Media Player: Application data file( ()) (File)
    Microsoft\Media Index\wmplibrary_v_0_12.db

    MS Media Player: Last opened playlist (Registry value)
    HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist

    MS Media Player: Recent file list( (9 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\RecentFileList

    MS Media Player: Recent open directory (Registry change)
    HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Settings\OpenDir=

    MS Office 10.0 (Office Startup Assistant): Last used directory (Registry change)
    HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Osa\FindFile\Place=

    MS Office 10.0 (Word): Recently used documents list (Registry value)
    HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Word\Data\Settings

    MS Office 10.0: Used cliparts( (6 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Clip Organizer\Search\Last Query

    MS Paint: Recent file list( (4 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

    MS Regedit: Recent open key (Registry change)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey=

    MS Wordpad: Recent file list( (1 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

    Windows Explorer: Last visited history( (19 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

    Windows Explorer: Program run history( (1 entries)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

    Windows Explorer: Recent file global history (Registry key)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Windows Explorer: Recent file global history (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Windows Explorer: Recently opened files( (152 links)) (Directory)
    C:\Documents and Settings\Owner\Recent

    Windows Explorer: Stream history( (29 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

    Windows Explorer: User Assistant history files( (331 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

    Windows Explorer: User Assistant history IE( (72 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count


    --- Spybot-S&D version: 1.1 rel 4 ---
    2003-01-29 Includes\Cookies.sbi
    2003-01-29 Includes\Dialer.sbi
    2003-02-02 Includes\Hijackers.sbi
    2003-01-28 Includes\Keyloggers.sbi
    2003-01-30 Includes\Malware.sbi
    2003-01-08 Includes\plugin-ignore.ini
    2003-01-08 Includes\Security.sbi
    2003-01-30 Includes\Spybots.sbi
    2003-01-30 Includes\Tracks.uti
    2003-01-29 Includes\Trojans.sbi
    ed to remove. This what I got.
     
  6. suzana

    suzana Thread Starter

    Joined:
    Feb 7, 2003
    Messages:
    106
    Some of them are mark ,do I need to fix every think .Suzan...Thank you
     
  7. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Everthing that's marked with a check, yes. Then reboot and re run it. There may be more leftover which it can only remove on a second run. Post a new startuplist afterwards.

    See you later this afternoon/evening.
     
  8. suzana

    suzana Thread Starter

    Joined:
    Feb 7, 2003
    Messages:
    106
    Thank you I doing
     
  9. suzana

    suzana Thread Starter

    Joined:
    Feb 7, 2003
    Messages:
    106
    Hi..
    OkCydoor: Global settings (Registry key)
    HKEY_LOCAL_MACHINE\Software\Cydoor

    Cydoor: Internet connection library (File)
    cd_htm.dll

    Cydoor: Internet library (Replace file)
    cd_clint.dll

    Cydoor: Service settings for current user (Registry key)
    HKEY_CURRENT_USER\Software\Cydoor services

    Cydoor: Settings for current user (Registry key)
    HKEY_CURRENT_USER\Software\Cydoor

    Adobe Acrobat Reader 5: Recent file #1 (Registry key)
    HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\5.0\AVGeneral\cRecentFiles\c1

    Common Dialogs: History( (90 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

    Internet Explorer: AutoComplete data( (24 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\SPW

    Internet Explorer: Cookies( (28 cookies)) (Directory)
    C:\Documents and Settings\Owner\Cookies

    Internet Explorer: Download directory (Registry change)
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download Directory=

    Internet Explorer: Temporary internet files( (2411 entries)) (Empty cache)

    Internet Explorer: URL history #1( (4 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs

    Internet Explorer: User agent (Registry change)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent=Mozilla/4.0 (compatible; MSIE; Win32)

    Log: Activity: imsins.log (Backup file)
    C:\WINNT\imsins.log

    Log: Activity: ntbtlog.txt (Backup file)
    C:\WINNT\ntbtlog.txt

    Log: Activity: OEWABLog.txt (Backup file)
    C:\WINNT\OEWABLog.txt

    Log: Activity: SchedLgU.Txt (Backup file)
    C:\WINNT\SchedLgU.Txt

    Log: Install: comsetup.log (Backup file)
    C:\WINNT\comsetup.log

    Log: Install: Directx.log (Backup file)
    C:\WINNT\Directx.log

    Log: Install: DtcInstall.log (Backup file)
    C:\WINNT\DtcInstall.log

    Log: Install: ocgen.log (Backup file)
    C:\WINNT\ocgen.log

    Log: Install: setupact.log (Backup file)
    C:\WINNT\setupact.log

    Log: Install: setupapi.log (Backup file)
    C:\WINNT\setupapi.log

    Log: Install: setuperr.log (Backup file)
    C:\WINNT\setuperr.log

    Log: Install: setuplog.txt (Backup file)
    C:\WINNT\setuplog.txt

    Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file)
    C:\WINNT\System32\wbem\logs\mofcomp.log

    Log: Shutdown: System32\wbem\logs\setup.log (Backup file)
    C:\WINNT\System32\wbem\logs\setup.log

    Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file)
    C:\WINNT\System32\wbem\logs\wbemcore.log

    Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file)
    C:\WINNT\System32\wbem\logs\wbemess.lo_

    Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file)
    C:\WINNT\System32\wbem\logs\wbemess.log

    Log: Shutdown: System32\wbem\logs\wbemsnmp.log (Backup file)
    C:\WINNT\System32\wbem\logs\wbemsnmp.log

    Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file)
    C:\WINNT\System32\wbem\logs\winmgmt.log

    Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file)
    C:\WINNT\System32\wbem\logs\wmiadap.log

    Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file)
    C:\WINNT\System32\wbem\logs\wmiprov.log

    MS Direct3D: Most recent application (Registry change)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name=

    MS DirectDraw: Most recent application (Registry change)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name=

    MS Media Player: Application data file( ()) (File)
    Microsoft\Media Index\wmplibrary_v_0_12.db

    MS Media Player: Last opened playlist (Registry value)
    HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist

    MS Media Player: Recent file list( (9 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\RecentFileList

    MS Media Player: Recent open directory (Registry change)
    HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Settings\OpenDir=

    MS Office 10.0 (Office Startup Assistant): Last used directory (Registry change)
    HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Osa\FindFile\Place=

    MS Office 10.0 (Word): Recently used documents list (Registry value)
    HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Word\Data\Settings

    MS Office 10.0: Used cliparts( (6 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Clip Organizer\Search\Last Query

    MS Paint: Recent file list( (4 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

    MS Regedit: Recent open key (Registry change)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey=

    MS Wordpad: Recent file list( (1 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

    Windows Explorer: Last visited history( (20 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

    Windows Explorer: Program run history( (1 entries)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

    Windows Explorer: Recent file global history (Registry key)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Windows Explorer: Recent file global history (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Windows Explorer: Recently opened files( (152 links)) (Directory)
    C:\Documents and Settings\Owner\Recent

    Windows Explorer: Stream history( (29 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

    Windows Explorer: User Assistant history files( (331 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

    Windows Explorer: User Assistant history IE( (72 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count


    --- Spybot-S&D version: 1.1 rel 4 ---
    2003-01-29 Includes\Cookies.sbi
    2003-01-29 Includes\Dialer.sbi
    2003-02-02 Includes\Hijackers.sbi
    2003-01-28 Includes\Keyloggers.sbi
    2003-01-30 Includes\Malware.sbi
    2003-01-08 Includes\plugin-ignore.ini
    2003-01-08 Includes\Security.sbi
    2003-01-30 Includes\Spybots.sbi
    2003-01-30 Includes\Tracks.uti
    2003-01-29 Includes\Trojans.sbi
    . I run and fix, but I can't fix the Cydoor. what is this?
     
  10. suzana

    suzana Thread Starter

    Joined:
    Feb 7, 2003
    Messages:
    106
    StartupList report, 2/14/2003, 2:37:44 PM
    StartupList version: 1.51
    Started from : C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 3 for startuplist151.zip\StartupList.EXE
    Detected: Windows XP (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 (6.00.2600.0000)
    * Using default options
    ==================================================

    Running processes:

    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\SK9910DM.EXE
    C:\WINNT\GWMDMMSG.exe
    C:\WINNT\System32\CTHELPER.EXE
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\PhoneTools\CapFax.EXE
    C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    C:\SCANJET\PrecisionScanLT\hppwrsav.exe
    C:\Program Files\Kazaa\kazaa.exe
    C:\Program Files\microsoft hardware\dnetc.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\Program Files\ATI Multimedia\main\ATISched.EXE
    C:\Program Files\America Online 7.0b\aoltray.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\wanmpsvc.exe
    C:\Program Files\Spybot - Search & Destroy 1.1\SpybotSD.exe
    C:\Program Files\America Online 7.0b\waol.exe
    C:\Program Files\Microsoft Money\System\urlmap.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 3 for startuplist151.zip\StartupList.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\Owner\Start Menu\Programs\Startup]
    PalNetaware.lnk = C:\Program Files\morpheus\PalTalk\pnetaware.exe

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0b\aoltray.exe

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINNT\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    Hot Key Kbd 9910 Daemon = SK9910DM.EXE
    NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    GWMDMMSG = GWMDMMSG.exe
    Keyboard Preload Check = C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
    GWMDMpi = C:\WINNT\GWMDMpi.exe
    WINDVDPatch = CTHELPER.EXE
    UpdReg = C:\WINNT\UpdReg.EXE
    Jet Detection = C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    AdaptecDirectCD = "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    Microsoft Works Portfolio = C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    MoneyStartUp10.0 = "C:\Program Files\Microsoft Money\System\Activation.exe"
    WorksFUD = C:\Program Files\Microsoft Works\wkfud.exe
    NAV Agent = C:\PROGRA~1\NORTON~1\navapw32.exe
    CapFax = C:\Program Files\PhoneTools\CapFax.EXE
    LVCOMS = C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    hppwrsav = C:\SCANJET\PrecisionScanLT\hppwrsav.exe
    KAZAA = C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
    RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    Windows Update Files = C:\Program Files\microsoft hardware\dnetc.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
    Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    WebCamRT.exe =
    ATI Scheduler = C:\Program Files\ATI Multimedia\main\ATISched.EXE
    ATI Launchpad = "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\ycomp5_0_2_4.dll - {13F537F0-AF09-11d6-9029-0002B31F9E59}
    MediaLoads Enhanced - (no file) - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E}
    NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
    (no name) - C:\Program Files\Microsoft Money\System\mnyviewer.dll - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Norton AntiVirus - Scan my computer.job
    Symantec NetDetect.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [YInstStarter Class]
    InProcServer32 = C:\WINNT\Downloaded Program Files\yinsthelper.dll
    CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab

    [Create and Print ActiveX Plug-in]
    InProcServer32 = C:\WINNT\System32\AxCtp.dll
    CODEBASE = http://www.egreetings.com/cnp/Install/AxCtp.cab

    [StartFirstControl.CheckFirst]
    InProcServer32 = C:\WINNT\Downloaded Program Files\StartFirstControl.ocx
    CODEBASE = hcp://system/StartFirstControl.CAB

    [YahooYMailTo Class]
    InProcServer32 = C:\WINNT\Downloaded Program Files\ymmapi.dll
    CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0410.dll

    [Shockwave Flash Object]
    InProcServer32 = C:\WINNT\System32\macromed\flash\Flash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    --------------------------------------------------
    End of report, 6,267 bytes
    Report generated in 0.312 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  11. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Ok, that's looking much, much better. There are a couple of small items remaining and we can use another program by the author of the Startuplist to remove them.

    But first I want to strongly emphasize that Kazaa will probably not work after these removals, and even if does it will reinfest your system. You should uninstall it. There is a version known as kazaalite which will not install spy and adware, but you are still in risk of worms and trojans being downloaded with the actual file shares.

    What we want to see now is a post of the SCAN log using the program HijackThis.

    Here is a link telling how to use it. Wait until you hear back before trying to fix or remove anything with it.

    http://www.tomcoyote.org/hjt/

    Also I'm not sure why this should be in your startups and we may want to talk more about it:

    Windows Update Files = C:\Program Files\microsoft hardware\dnetc.exe

    It poses some vulnerabilty risks and is used by some trojans; although it has legit uses as well.
     
  12. suzana

    suzana Thread Starter

    Joined:
    Feb 7, 2003
    Messages:
    106
    Logfile of HijackThis v1.91.2
    Scan saved at 3:03:25 PM, on 2/14/2003
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.yahoo.com/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Companion\ycomp5_0_2_4.dll
    O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - (no file)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
    O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
    O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Windows Update Files] C:\Program Files\microsoft hardware\dnetc.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
    O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
    O4 - Startup: PalNetaware.lnk = C:\Program Files\morpheus\PalTalk\pnetaware.exe
    O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0b\aoltray.exe
    O9 - Extra button: ATI TV (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create and Print ActiveX Plug-in) - http://www.egreetings.com/cnp/Install/AxCtp.cab
    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0410.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    that how it looks,nothing was mark after I run this program
     
  13. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Ok, we definitely want to remove this remaining item:

    O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - (no file)

    I was also going to have you remove:

    O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create and Print ActiveX Plug-in) - http://www.egreetings.com/cnp/Install/AxCtp.cab

    ... thinking it might be related to the friendgreetings card worm, but it doesn't appear to be. Still, it wouldn't hurt to remove it.

    This one is unidentifiable as far as I know, and I would remove it to be safe:

    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB

    These you should uninstall from add/remove programs and only use HijackThis to remove the startups if that is not possible or the entries remain after doing so:

    O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY

    O4 - Startup: PalNetaware.lnk = C:\Program Files\morpheus\PalTalk\pnetaware.exe

    Info on this here: >> http://www.safersite.com/PestInfo/P/PalTalk.asp

    O4 - HKLM\..\Run: [Windows Update Files] C:\Program Files\microsoft hardware\dnetc.exe

    This last one, dnetc.exe, stands for Distributed Net Computing. I don't know what put it there, although it has legitimate purpoes, such as shared computing, it has been used by worms such as Bymer. You can disable it by running msconfig and unchecking it under the Startup tab. You can also remove it with HijackThis if you know of no reason for it's being there. If you disable it, you will have to later enable it to use HijackThis to see it and remove it.

    To remove items with HijackThis, check them and then click "fix selected".
     
  14. suzana

    suzana Thread Starter

    Joined:
    Feb 7, 2003
    Messages:
    106
    Hi. I did every thing you ask me to doit. But I geting a message:The System Configuration Utility is currently in Diagnostic or Selectiv Startup mode,causing the messsage to be displayed and utility to run every time windows start:
    This is a new report

    Logfile of HijackThis v1.91.2
    Scan saved at 8:36:07 PM, on 2/14/2003
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.yahoo.com/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Companion\ycomp5_0_2_4.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
    O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
    O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
    O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0b\aoltray.exe
    O9 - Extra button: ATI TV (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0410.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  15. suzana

    suzana Thread Starter

    Joined:
    Feb 7, 2003
    Messages:
    106
    Avenue A, Inc.: Tracking cookie or cookie of tracking site (File)
    [email protected][2].txt

    Commission Junction: Tracking cookie or cookie of tracking site (File)
    [email protected]www.qksrv[1].txt

    Cydoor: Global settings (Registry key)
    HKEY_LOCAL_MACHINE\Software\Cydoor

    Cydoor: Settings for current user (Registry key)
    HKEY_CURRENT_USER\Software\Cydoor

    DoubleClick: Tracking cookie or cookie of tracking site (File)
    [email protected][2].txt

    Engage, Inc.: Tracking cookie or cookie of tracking site (File)
    [email protected]yone[2].txt

    FastClick: Tracking cookie or cookie of tracking site (File)
    [email protected][2].txt

    HitsLink: Tracking cookie or cookie of tracking site (File)
    [email protected]link[2].txt

    MediaPlex: Tracking cookie or cookie of tracking site (File)
    [email protected][2].txt

    ValueClick: Tracking cookie or cookie of tracking site (File)
    [email protected][1].txt

    Adobe Acrobat Reader 5: Recent file #1 (Registry key)
    HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\5.0\AVGeneral\cRecentFiles\c1

    Common Dialogs: History( (92 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

    Internet Explorer: AutoComplete data( (24 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\SPW

    Internet Explorer: Cookies( (44 cookies)) (Directory)
    C:\Documents and Settings\Owner\Cookies

    Internet Explorer: Download directory (Registry change)
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download Directory=

    Internet Explorer: Temporary internet files( (3780 entries)) (Empty cache)

    Internet Explorer: URL history #1( (6 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs

    Internet Explorer: User agent (Registry change)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent=Mozilla/4.0 (compatible; MSIE; Win32)

    Log: Activity: imsins.log (Backup file)
    C:\WINNT\imsins.log

    Log: Activity: ntbtlog.txt (Backup file)
    C:\WINNT\ntbtlog.txt

    Log: Activity: OEWABLog.txt (Backup file)
    C:\WINNT\OEWABLog.txt

    Log: Activity: SchedLgU.Txt (Backup file)
    C:\WINNT\SchedLgU.Txt

    Log: Install: comsetup.log (Backup file)
    C:\WINNT\comsetup.log

    Log: Install: Directx.log (Backup file)
    C:\WINNT\Directx.log

    Log: Install: DtcInstall.log (Backup file)
    C:\WINNT\DtcInstall.log

    Log: Install: ocgen.log (Backup file)
    C:\WINNT\ocgen.log

    Log: Install: setupact.log (Backup file)
    C:\WINNT\setupact.log

    Log: Install: setupapi.log (Backup file)
    C:\WINNT\setupapi.log

    Log: Install: setuperr.log (Backup file)
    C:\WINNT\setuperr.log

    Log: Install: setuplog.txt (Backup file)
    C:\WINNT\setuplog.txt

    Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file)
    C:\WINNT\System32\wbem\logs\mofcomp.log

    Log: Shutdown: System32\wbem\logs\setup.log (Backup file)
    C:\WINNT\System32\wbem\logs\setup.log

    Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file)
    C:\WINNT\System32\wbem\logs\wbemcore.log

    Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file)
    C:\WINNT\System32\wbem\logs\wbemess.lo_

    Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file)
    C:\WINNT\System32\wbem\logs\wbemess.log

    Log: Shutdown: System32\wbem\logs\wbemsnmp.log (Backup file)
    C:\WINNT\System32\wbem\logs\wbemsnmp.log

    Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file)
    C:\WINNT\System32\wbem\logs\winmgmt.log

    Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file)
    C:\WINNT\System32\wbem\logs\wmiadap.log

    Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file)
    C:\WINNT\System32\wbem\logs\wmiprov.log

    MS Direct3D: Most recent application (Registry change)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name=

    MS DirectDraw: Most recent application (Registry change)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name=

    MS Media Player: Application data file( ()) (File)
    Microsoft\Media Index\wmplibrary_v_0_12.db

    MS Media Player: Last opened playlist (Registry value)
    HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist

    MS Media Player: Recent file list( (9 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\RecentFileList

    MS Media Player: Recent open directory (Registry change)
    HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Settings\OpenDir=

    MS Office 10.0 (Office Startup Assistant): Last used directory (Registry change)
    HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Osa\FindFile\Place=

    MS Office 10.0 (Word): Recently used documents list (Registry value)
    HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Word\Data\Settings

    MS Office 10.0: Used cliparts( (6 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Clip Organizer\Search\Last Query

    MS Paint: Recent file list( (4 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

    MS Regedit: Recent open key (Registry change)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey=

    MS Wordpad: Recent file list( (1 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

    Windows Explorer: Last visited history( (21 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

    Windows Explorer: Program run history( (2 entries)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

    Windows Explorer: Recent file global history (Registry key)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Windows Explorer: Recent file global history (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Windows Explorer: Recently opened files( (152 links)) (Directory)
    C:\Documents and Settings\Owner\Recent

    Windows Explorer: Stream history( (29 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

    Windows Explorer: User Assistant history files( (337 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

    Windows Explorer: User Assistant history IE( (75 files)) (Registry key)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count


    --- Spybot-S&D version: 1.1 rel 4 ---
    2003-01-29 Includes\Cookies.sbi
    2003-01-29 Includes\Dialer.sbi
    2003-02-02 Includes\Hijackers.sbi
    2003-01-28 Includes\Keyloggers.sbi
    2003-01-30 Includes\Malware.sbi
    2003-01-08 Includes\plugin-ignore.ini
    2003-01-08 Includes\Security.sbi
    2003-01-30 Includes\Spybots.sbi
    2003-01-30 Includes\Tracks.uti
    2003-01-29 Includes\Trojans.sbi
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/118783

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice