1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Help please!

Discussion in 'Virus & Other Malware Removal' started by Killazys, Feb 9, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Killazys

    Killazys Thread Starter

    Joined:
    Feb 9, 2007
    Messages:
    1,416
    I recently got a computer moved to my room and it was running slowly, so I scanned it with Windows Live OneCare (the trial version). It was found that I was infected by Trojan.Downloader.CR64Loader. I restarted my computer and scanned it with Prevx1, AdAware SE Personal, and Spybot S&D, but nothing came up. What should I do? :confused:
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi and welcome :)

    * Click here to download HJTsetup.exe.
    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. Killazys

    Killazys Thread Starter

    Joined:
    Feb 9, 2007
    Messages:
    1,416
    Sorry for the long response time, I am now actually using the infected computer!
    Logfile of HijackThis v1.99.1
    Scan saved at 5:01:29 PM, on 2/9/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$ADVANCEPRO\Binn\sqlservr.exe
    C:\Program Files\Prevx1\PXAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\Tablet.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Prevx1\PXConsole.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
    C:\Documents and Settings\username\My Documents\My Downloads\hijackthis\HijackThis.exe

    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://nefeli.com/"); (C:\Documents and Settings\username\Application Data\Mozilla\Profiles\default\6eye0hh4.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\username\Application Data\Mozilla\Profiles\default\6eye0hh4.slt\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - https://bba.bloomberg.net/Citrix/ICAWEB/en/ica32/wficat.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfrenzy/SproutLauncher.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
     
  4. Killazys

    Killazys Thread Starter

    Joined:
    Feb 9, 2007
    Messages:
    1,416
    I have made a thread about this before about the same thing called "Help please!" and was told to download HJT, but the moderator logged off. I am not sure if this is allowed but I feel the need to fix this computer ASAP. The problem was that I scanned my computer with Windows Live OneCare (browser/trial version) and it found Trojan.Downloader.CR64Loader but was unable to delete. I rescanned with Spybot S & D, AdAware SE Personal, and Prevx1, but it only found tracking cookies. What now?
    Logfile of HijackThis v1.99.1
    Scan saved at 8:50:01 PM, on 2/9/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$ADVANCEPRO\Binn\sqlservr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\Tablet.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\username\My Documents\My Downloads\hijackthis\HijackThis.exe

    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://nefeli.com/"); (C:\Documents and Settings\username\Application Data\Mozilla\Profiles\default\6eye0hh4.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\username\Application Data\Mozilla\Profiles\default\6eye0hh4.slt\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - https://bba.bloomberg.net/Citrix/ICAWEB/en/ica32/wficat.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfrenzy/SproutLauncher.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
     
  5. EAFiedler

    EAFiedler Moderator

    Joined:
    Apr 25, 2000
    Messages:
    14,160
    Hi Killazys

    I have merged your threads, only a helper with a gold shield can assist you.
    Thank you for your patience.
     
  6. Killazys

    Killazys Thread Starter

    Joined:
    Feb 9, 2007
    Messages:
    1,416
    Thank you!
     
  7. Killazys

    Killazys Thread Starter

    Joined:
    Feb 9, 2007
    Messages:
    1,416
    Bump?! C'mon someone please help me!
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    You need to be patient. This isn't live tech support.
    What location was Trojan.Downloader.CR64Loader found?
     
  9. Killazys

    Killazys Thread Starter

    Joined:
    Feb 9, 2007
    Messages:
    1,416
    Sorry. I am rescanning with Windows Live OneCare to see if it finds the Trojan again and then if it does, I will relay the file location, but it may take some time.
     
  10. Killazys

    Killazys Thread Starter

    Joined:
    Feb 9, 2007
    Messages:
    1,416
    I am really, really scared now. I scanned with Windows Live OneCare and it found no viruses or spyware. However, there were 15 missing reg items, and when I went on to fix the problem, since it was in-browser, it said "Error: Dropdown IE menu. The application could not be 'written'. Press OK to terminate the program or Cancel to debug." Scanned with Spybot S&D and found nothing except registry keys by: Ahead Nero Burning Rom, Internet Explorer, Cookies (err), Logs of system startups, shutdowns, and programs I've never heard of, MS Direct 3D, MS DirectDraw, Ms DirectInput, MS MediaPlayer, MS Office 10 (startup), MS Office 11 for excel, word, and Doc imaging, Nikon View, SmartFTP, Windows Media SDK, Windows.OpenWith, and Windows Installation Paths, what should I keep/delete? Also, I checked the startup processes and found a fake ctfmon.exe, apparently I am infected by a password stealing Trojan PWSteal.Raidys, as well as crypt32.dll, cryptnet.dll, cscdll which was not found on Bleeping Computer startup programs site, ScCertProp/wlnotify.dll was not found either, neither was Schedule/wlnotify.dll,sclgntfy,SensLogn/wlnotify.dll,termsrv/wlnotify.dll,wlballoon/wlnotify.dll,nor was WgaLogon, which should I disable?
     
  11. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    That ctfmon.exe in Startup is the legit one.

    Please post the SpyBot log.
     
  12. Killazys

    Killazys Thread Starter

    Joined:
    Feb 9, 2007
    Messages:
    1,416
    Alright, implementing new rule into head: (ALWAYS SAVE LOG FILES) I am now going to rescan with spybot, sorry so much. Also, the ctfmon.exe file path goes into system32, is that correct?
     
  13. Killazys

    Killazys Thread Starter

    Joined:
    Feb 9, 2007
    Messages:
    1,416
    There are 2 recent logs, so here is the first one.
    --- Report generated: 2007-02-10 11:13 ---

    Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2

    Common Dialogs: History (24 files) (Registry key, nothing done)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

    MS Office 9.0: Recently used files (7 files) (Directory, nothing done)
    C:\Documents and Settings\username\Application Data\Microsoft\Office\Recent\

    Log: Activity: COM+.log (Backup file, nothing done)
    C:\WINDOWS\COM+.log

    Log: Activity: SchedLgU.Txt (Backup file, nothing done)
    C:\WINDOWS\SchedLgU.Txt

    Log: Activity: imsins.log (Backup file, nothing done)
    C:\WINDOWS\imsins.log

    Log: Activity: OEWABLog.txt (Backup file, nothing done)
    C:\WINDOWS\OEWABLog.txt

    Log: Install: comsetup.log (Backup file, nothing done)
    C:\WINDOWS\comsetup.log

    Log: Install: Directx.log (Backup file, nothing done)
    C:\WINDOWS\Directx.log

    Log: Install: ocgen.log (Backup file, nothing done)
    C:\WINDOWS\ocgen.log

    Log: Install: setupact.log (Backup file, nothing done)
    C:\WINDOWS\setupact.log

    Log: Install: setupapi.log (Backup file, nothing done)
    C:\WINDOWS\setupapi.log

    Log: Install: svcpack.log (Backup file, nothing done)
    C:\WINDOWS\svcpack.log

    Log: Install: wmsetup.log (Backup file, nothing done)
    C:\WINDOWS\wmsetup.log

    Log: Install: DtcInstall.log (Backup file, nothing done)
    C:\WINDOWS\DtcInstall.log

    Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\mofcomp.log

    Log: Shutdown: System32\wbem\logs\setup.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\setup.log

    Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemcore.log

    Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemess.lo_

    Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemess.log

    Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemprox.log

    Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\winmgmt.log

    Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wmiadap.log

    Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wmiprov.log

    Ahead Nero Burning Rom: Image directory (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\Software\Ahead\Nero - Burning Rom\Settings\ImageDir!=

    Ahead Nero Burning Rom: Compilation directory (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\Software\Ahead\Nero - Burning Rom\Settings\NeroCompilation!=

    Ahead Nero Burning Rom: Image directory (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Ahead\Nero - Burning Rom\Settings\ImageDir!=

    Ahead Nero Burning Rom: Compilation directory (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Ahead\Nero - Burning Rom\Settings\NeroCompilation!=

    Ahead Nero Burning Rom: Browser directory (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Ahead\Nero - Burning Rom\Settings\BrowserDir!=

    Ahead Nero Burning Rom: Working directory (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Ahead\Nero - Burning Rom\Settings\WorkingDir!=

    Internet Explorer: Typed URL list (7 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Internet Explorer\TypedURLs

    Internet Explorer: Download directory (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Internet Explorer\Download Directory!=

    Internet Explorer: User agent (Registry change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

    Internet Explorer: User agent (Registry change, nothing done)
    HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

    Internet Explorer: User agent (Registry change, nothing done)
    HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

    Internet Explorer: User agent (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

    Internet Explorer: User agent (Registry change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

    Internet Explorer: AutoComplete data (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Internet Explorer\IntelliForms\SPW

    MS Media Player: Application data file (global) () (File, nothing done)
    C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db

    MS Media Player: Client ID (Registry change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID!=

    MS Media Player: Client ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-19\Software\Microsoft\MediaPlayer\Player\Settings\Client ID!=

    MS Media Player: Client ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-20\Software\Microsoft\MediaPlayer\Player\Settings\Client ID!=

    MS Media Player: Client ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Player\Settings\Client ID!=

    MS Media Player: Anonymous ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

    MS Direct3D: Most recent application (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name!=

    MS Direct3D: Most recent application (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Direct3D\MostRecentApplication\Name!=

    MS DirectDraw: Most recent application (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=

    MS DirectInput: Most recent application (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\DirectInput\MostRecentApplication\Name!=

    MS DirectInput: Most recent application ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\DirectInput\MostRecentApplication\Id!=

    MS Office 9.0: Internet history (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Office\9.0\Common\Internet\LocationOfComponents

    MS Office 9.0: Access recent file (25 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Office\9.0\Access\Settings

    MS Office 9.0 (Word): Recently used file list (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Office\9.0\Word\Data\Settings

    MS Office 10.0 (Office Startup Assistant): Last used directory (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Office\10.0\Osa\FindFile\Place!=

    MS Office 11.0: Last opened-from-web file (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Office\11.0\Common\Internet\UseRWHlinkNavigation

    MS Office 11.0 (Document Imaging): Persistent filename list (4 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\MSPaper 11.0\Persist File Name

    MS Office 11.0 (Document Imaging): Recent file list (4 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\MSPaper 11.0\Recent File List

    MS Office 11.0 (Excel): Recent file list (4 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Office\11.0\Excel\Recent Files

    MS Office 11.0 (Office Startup Assistant): Last search location (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Office\11.0\Osa\FindFile\Place

    MS Office 11.0 (Word): Recent file list (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Office\11.0\Word\Data\Settings

    MS Office 11.0 (Word): Letter wizard details (4 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Office\11.0\Word\Wizards\Letter Wizard\1033

    MS Search Assistant: Typed search terms history (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Search Assistant\ACMru

    Nikon View: Last used folder (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Nikon\Nikon View\Browser\LastSettings\FolderPath

    Nikon View: Recent transfer folder list (11 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Nikon\Nikon View\Common\Destination

    SmartFTP: Connection servers history (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\SmartFTP\Connection Data

    SmartFTP: Last saved queue (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\SmartFTP\Queue\Last File!=

    Windows: Drivers installation paths (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources!=

    Windows.OpenWith: Open with list - .ADP extension (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADP\OpenWithList

    Windows.OpenWith: Open with list - .AI extension (4 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AI\OpenWithList

    Windows.OpenWith: Open with list - .BIN extension (3 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BIN\OpenWithList

    Windows.OpenWith: Open with list - .BMP extension (5 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

    Windows.OpenWith: Open with list - .CSS extension (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSS\OpenWithList

    Windows.OpenWith: Open with list - .CSV extension (3 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList

    Windows Explorer: Recent wallpaper list (416 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

    Windows Explorer: Network map history (3 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Map Network Drive MRU

    Windows Explorer: Run history (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

    Windows Explorer: Stream history (127 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

    Windows Explorer: User Assistant history IE (64 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

    Windows Explorer: User Assistant history files (1849 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

    Windows Explorer: Last visited history (3 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

    Windows Explorer: Recent file global history (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Windows Explorer: Last Copy/MoveTo folder (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder

    Windows Media SDK: Computer name (Registry change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

    Windows Media SDK: Computer name (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

    Windows Media SDK: Computer name (Registry change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

    Windows Media SDK: Unique ID (Registry change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

    Windows Media SDK: Unique ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

    Windows Media SDK: Unique ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

    Windows Media SDK: Volume serial number (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Windows Media SDK: Volume serial number (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Windows Media SDK: Volume serial number (Registry value, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Cookie: Cookie (9) (Cookie, nothing done)


    Cache: Cache (1041) (Cache, nothing done)


    Cookie: Cookie (596) (Cookie, nothing done)


    Cookie: Cookie (231) (Cookie, nothing done)



    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2007-02-08 unins000.exe (51.41.0.0)
    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2005-05-31 Update.exe (1.4.0.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2007-01-15 advcheck.dll (1.2.1.0)
    2007-01-02 Tools.dll (2.0.1.0)
    2007-02-07 Includes\Cookies.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2007-02-07 Includes\Revision.sbi (*)
    2005-02-17 Includes\Tracks.uti (*)
    2007-02-07 Includes\DialerC.sbi (*)
    2007-02-07 Includes\HijackersC.sbi (*)
    2007-02-07 Includes\KeyloggersC.sbi (*)
    2007-02-07 Includes\MalwareC.sbi (*)
    2007-02-07 Includes\PUPSC.sbi (*)
    2007-02-07 Includes\SecurityC.sbi (*)
    2007-02-07 Includes\SpybotsC.sbi (*)
    2007-02-07 Includes\TrojansC.sbi (*)
    2006-12-08 Includes\Dialer.sbi (*)
    2007-02-07 Includes\Hijackers.sbi (*)
    2006-10-27 Includes\Keyloggers.sbi (*)
    2007-01-12 Includes\Malware.sbi (*)
    2007-01-19 Includes\PUPS.sbi (*)
    2006-12-08 Includes\Security.sbi (*)
    2007-02-02 Includes\Spybots.sbi (*)
    2006-12-08 Includes\Trojans.sbi (*)
    Second one coming right when it finishes!
     
  14. Killazys

    Killazys Thread Starter

    Joined:
    Feb 9, 2007
    Messages:
    1,416
    I'm including fix logs in case I deleted something that could harm my system.
    --- Report generated: 2007-02-08 20:58 ---

    Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

    Microsoft.WindowsSecurityCenter.AntiVirusOverride: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0

    Microsoft.WindowsSecurityCenter.FirewallDisableNotify: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

    Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2

    FastClick: Tracking cookie (Internet Explorer: username) (Cookie, fixed)


    DoubleClick: Tracking cookie (Internet Explorer: username) (Cookie, fixed)


    TagASaurus: Tracking cookie (Internet Explorer: username) (Cookie, fixed)


    MediaPlex: Tracking cookie (Internet Explorer: username) (Cookie, fixed)


    HitBox: Tracking cookie (Internet Explorer: username) (Cookie, fixed)


    Avenue A, Inc.: Tracking cookie (Internet Explorer: username) (Cookie, fixed)


    Advertising.com: Tracking cookie (Internet Explorer: username) (Cookie, fixed)


    HitBox: Tracking cookie (Internet Explorer: username) (Cookie, fixed)


    Marketengines: Tracking cookie (Internet Explorer: username) (Cookie, fixed)


    FastClick: Tracking cookie (Internet Explorer: username) (Cookie, fixed)


    CasaleMedia: Tracking cookie (Internet Explorer: username) (Cookie, fixed)


    TagASaurus: Tracking cookie (Firefox: default) (Cookie, fixed)


    TagASaurus: Tracking cookie (Firefox: default) (Cookie, fixed)


    TagASaurus: Tracking cookie (Firefox: default) (Cookie, fixed)


    TagASaurus: Tracking cookie (Firefox: default) (Cookie, fixed)


    AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed)


    Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)


    Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)


    Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)


    Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)


    Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)


    MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed)


    MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed)


    Avenue A, Inc.: Tracking cookie (Firefox: default) (Cookie, fixed)


    BFast: Tracking cookie (Firefox: default) (Cookie, fixed)


    CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)


    CoreMetrics: Tracking cookie (Firefox: default) (Cookie, fixed)


    DoubleClick: Tracking cookie (Firefox: default) (Cookie, fixed)


    HitBox: Tracking cookie (Firefox: default) (Cookie, fixed)


    HitBox: Tracking cookie (Firefox: default) (Cookie, fixed)


    HitBox: Tracking cookie (Firefox: default) (Cookie, fixed)


    HitBox: Tracking cookie (Firefox: default) (Cookie, fixed)


    HitBox: Tracking cookie (Firefox: default) (Cookie, fixed)


    HitBox: Tracking cookie (Firefox: default) (Cookie, fixed)


    FastClick: Tracking cookie (Firefox: default) (Cookie, fixed)


    HitBox: Tracking cookie (Firefox: default) (Cookie, fixed)


    LinkSynergy: Tracking cookie (Firefox: default) (Cookie, fixed)


    LinkSynergy: Tracking cookie (Firefox: default) (Cookie, fixed)


    MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed)


    MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, fixed)


    WebTrends live: Tracking cookie (Firefox: default) (Cookie, fixed)


    WebTrends live: Tracking cookie (Firefox: default) (Cookie, fixed)


    TargetNet: Tracking cookie (Firefox: default) (Cookie, fixed)


    Tradedoubler: Tracking cookie (Firefox: default) (Cookie, fixed)


    Mediaplex: Tracking cookie (Firefox: default) (Cookie, fixed)


    Mediaplex: Tracking cookie (Firefox: default) (Cookie, fixed)


    Mediaplex: Tracking cookie (Firefox: default) (Cookie, fixed)


    Zedo: Tracking cookie (Firefox: default) (Cookie, fixed)


    Zedo: Tracking cookie (Firefox: default) (Cookie, fixed)


    HitsLink: Tracking cookie (Firefox: default) (Cookie, fixed)


    HitsLink: Tracking cookie (Firefox: default) (Cookie, fixed)


    HitsLink: Tracking cookie (Firefox: default) (Cookie, fixed)


    HitsLink: Tracking cookie (Firefox: default) (Cookie, fixed)


    AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed)


    AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed)


    AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed)


    AdRevolver: Tracking cookie (Firefox: default) (Cookie, fixed)


    WebTrends live: Tracking cookie (Firefox: default) (Cookie, fixed)


    AdRevolver: Tracking cookie (Mozilla: default) (Cookie, fixed)


    Advertising.com: Tracking cookie (Mozilla: default) (Cookie, fixed)


    Advertising.com: Tracking cookie (Mozilla: default) (Cookie, fixed)


    Advertising.com: Tracking cookie (Mozilla: default) (Cookie, fixed)


    Advertising.com: Tracking cookie (Mozilla: default) (Cookie, fixed)


    MediaPlex: Tracking cookie (Mozilla: default) (Cookie, fixed)


    MediaPlex: Tracking cookie (Mozilla: default) (Cookie, fixed)


    Avenue A, Inc.: Tracking cookie (Mozilla: default) (Cookie, fixed)


    CasaleMedia: Tracking cookie (Mozilla: default) (Cookie, fixed)


    DoubleClick: Tracking cookie (Mozilla: default) (Cookie, fixed)


    FastClick: Tracking cookie (Mozilla: default) (Cookie, fixed)


    HitBox: Tracking cookie (Mozilla: default) (Cookie, fixed)


    HitBox: Tracking cookie (Mozilla: default) (Cookie, fixed)


    LinkSynergy: Tracking cookie (Mozilla: default) (Cookie, fixed)


    LinkSynergy: Tracking cookie (Mozilla: default) (Cookie, fixed)


    MediaPlex: Tracking cookie (Mozilla: default) (Cookie, fixed)


    MediaPlex: Tracking cookie (Mozilla: default) (Cookie, fixed)


    Mediaplex: Tracking cookie (Mozilla: default) (Cookie, fixed)


    Mediaplex: Tracking cookie (Mozilla: default) (Cookie, fixed)


    Mediaplex: Tracking cookie (Mozilla: default) (Cookie, fixed)


    Zedo: Tracking cookie (Mozilla: default) (Cookie, fixed)


    Zedo: Tracking cookie (Mozilla: default) (Cookie, fixed)


    CoreMetrics: Tracking cookie (Mozilla: default) (Cookie, fixed)


    AdRevolver: Tracking cookie (Mozilla: default) (Cookie, fixed)


    AdRevolver: Tracking cookie (Mozilla: default) (Cookie, fixed)


    AdRevolver: Tracking cookie (Mozilla: default) (Cookie, fixed)


    AdRevolver: Tracking cookie (Mozilla: default) (Cookie, fixed)


    Win32.Small.ddx: Bookmark (Mozilla: default) (Bookmark, fixed)



    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2007-02-08 unins000.exe (51.41.0.0)
    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2005-05-31 Update.exe (1.4.0.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2007-01-15 advcheck.dll (1.2.1.0)
    2007-01-02 Tools.dll (2.0.1.0)
    2007-02-07 Includes\Cookies.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2007-02-07 Includes\Revision.sbi (*)
    2005-02-17 Includes\Tracks.uti
    2007-02-07 Includes\DialerC.sbi (*)
    2007-02-07 Includes\HijackersC.sbi (*)
    2007-02-07 Includes\KeyloggersC.sbi (*)
    2007-02-07 Includes\MalwareC.sbi (*)
    2007-02-07 Includes\PUPSC.sbi (*)
    2007-02-07 Includes\SecurityC.sbi (*)
    2007-02-07 Includes\SpybotsC.sbi (*)
    2007-02-07 Includes\TrojansC.sbi (*)
    2006-12-08 Includes\Dialer.sbi (*)
    2007-02-07 Includes\Hijackers.sbi (*)
    2006-10-27 Includes\Keyloggers.sbi (*)
    2007-01-12 Includes\Malware.sbi (*)
    2007-01-19 Includes\PUPS.sbi (*)
    2006-12-08 Includes\Security.sbi (*)
    2007-02-02 Includes\Spybots.sbi (*)
    2006-12-08 Includes\Trojans.sbi (*)

    --- Report generated: 2007-02-10 11:53 ---

    Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2

    Common Dialogs: History (24 files) (Registry key, fixed)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

    MS Office 9.0: Recently used files (7 files) (Directory, nothing done)
    C:\Documents and Settings\username\Application Data\Microsoft\Office\Recent\

    Log: Activity: COM+.log (Backup file, nothing done)
    C:\WINDOWS\COM+.log

    Log: Activity: SchedLgU.Txt (Backup file, nothing done)
    C:\WINDOWS\SchedLgU.Txt

    Log: Activity: imsins.log (Backup file, nothing done)
    C:\WINDOWS\imsins.log

    Log: Activity: OEWABLog.txt (Backup file, nothing done)
    C:\WINDOWS\OEWABLog.txt

    Log: Install: comsetup.log (Backup file, nothing done)
    C:\WINDOWS\comsetup.log

    Log: Install: Directx.log (Backup file, nothing done)
    C:\WINDOWS\Directx.log

    Log: Install: ocgen.log (Backup file, nothing done)
    C:\WINDOWS\ocgen.log

    Log: Install: setupact.log (Backup file, nothing done)
    C:\WINDOWS\setupact.log

    Log: Install: setupapi.log (Backup file, nothing done)
    C:\WINDOWS\setupapi.log

    Log: Install: svcpack.log (Backup file, nothing done)
    C:\WINDOWS\svcpack.log

    Log: Install: wmsetup.log (Backup file, nothing done)
    C:\WINDOWS\wmsetup.log

    Log: Install: DtcInstall.log (Backup file, nothing done)
    C:\WINDOWS\DtcInstall.log

    Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\mofcomp.log

    Log: Shutdown: System32\wbem\logs\setup.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\setup.log

    Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemcore.log

    Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemess.lo_

    Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemess.log

    Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemprox.log

    Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\winmgmt.log

    Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wmiadap.log

    Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wmiprov.log

    Ahead Nero Burning Rom: Image directory (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\Software\Ahead\Nero - Burning Rom\Settings\ImageDir!=

    Ahead Nero Burning Rom: Compilation directory (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\Software\Ahead\Nero - Burning Rom\Settings\NeroCompilation!=

    Ahead Nero Burning Rom: Image directory (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Ahead\Nero - Burning Rom\Settings\ImageDir!=

    Ahead Nero Burning Rom: Compilation directory (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Ahead\Nero - Burning Rom\Settings\NeroCompilation!=

    Ahead Nero Burning Rom: Browser directory (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Ahead\Nero - Burning Rom\Settings\BrowserDir!=

    Ahead Nero Burning Rom: Working directory (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Ahead\Nero - Burning Rom\Settings\WorkingDir!=

    Internet Explorer: Typed URL list (7 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Internet Explorer\TypedURLs

    Internet Explorer: Download directory (Registry change, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Internet Explorer\Download Directory!=

    Internet Explorer: User agent (Registry change, fixed)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

    Internet Explorer: User agent (Registry change, fixed)
    HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

    Internet Explorer: User agent (Registry change, fixed)
    HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

    Internet Explorer: User agent (Registry change, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

    Internet Explorer: User agent (Registry change, fixed)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

    Internet Explorer: AutoComplete data (2 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Internet Explorer\IntelliForms\SPW

    MS Media Player: Application data file (global) () (File, nothing done)
    C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db

    MS Media Player: Client ID (Registry change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID!=

    MS Media Player: Client ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-19\Software\Microsoft\MediaPlayer\Player\Settings\Client ID!=

    MS Media Player: Client ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-20\Software\Microsoft\MediaPlayer\Player\Settings\Client ID!=

    MS Media Player: Client ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Player\Settings\Client ID!=

    MS Media Player: Anonymous ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

    MS Direct3D: Most recent application (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name!=

    MS Direct3D: Most recent application (Registry change, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Direct3D\MostRecentApplication\Name!=

    MS DirectDraw: Most recent application (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=

    MS DirectInput: Most recent application (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\DirectInput\MostRecentApplication\Name!=

    MS DirectInput: Most recent application ID (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\DirectInput\MostRecentApplication\Id!=

    MS Office 9.0: Internet history (Registry value, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Office\9.0\Common\Internet\LocationOfComponents

    MS Office 9.0: Access recent file (25 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Office\9.0\Access\Settings

    MS Office 9.0 (Word): Recently used file list (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Office\9.0\Word\Data\Settings

    MS Office 10.0 (Office Startup Assistant): Last used directory (Registry change, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Office\10.0\Osa\FindFile\Place!=

    MS Office 11.0: Last opened-from-web file (Registry value, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Office\11.0\Common\Internet\UseRWHlinkNavigation

    MS Office 11.0 (Document Imaging): Persistent filename list (4 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\MSPaper 11.0\Persist File Name

    MS Office 11.0 (Document Imaging): Recent file list (4 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\MSPaper 11.0\Recent File List

    MS Office 11.0 (Excel): Recent file list (4 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Office\11.0\Excel\Recent Files

    MS Office 11.0 (Office Startup Assistant): Last search location (Registry value, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Office\11.0\Osa\FindFile\Place

    MS Office 11.0 (Word): Recent file list (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Office\11.0\Word\Data\Settings

    MS Office 11.0 (Word): Letter wizard details (4 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Office\11.0\Word\Wizards\Letter Wizard\1033

    MS Search Assistant: Typed search terms history (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Search Assistant\ACMru

    Nikon View: Last used folder (Registry value, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Nikon\Nikon View\Browser\LastSettings\FolderPath

    Nikon View: Recent transfer folder list (11 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Nikon\Nikon View\Common\Destination

    SmartFTP: Connection servers history (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\SmartFTP\Connection Data

    SmartFTP: Last saved queue (Registry change, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\SmartFTP\Queue\Last File!=

    Windows: Drivers installation paths (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources!=

    Windows.OpenWith: Open with list - .ADP extension (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADP\OpenWithList

    Windows.OpenWith: Open with list - .AI extension (4 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AI\OpenWithList

    Windows.OpenWith: Open with list - .BIN extension (3 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BIN\OpenWithList

    Windows.OpenWith: Open with list - .BMP extension (5 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

    Windows.OpenWith: Open with list - .CSS extension (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSS\OpenWithList

    Windows.OpenWith: Open with list - .CSV extension (3 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList

    Windows Explorer: Recent wallpaper list (416 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

    Windows Explorer: Network map history (3 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Map Network Drive MRU

    Windows Explorer: Run history (2 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

    Windows Explorer: Stream history (127 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

    Windows Explorer: User Assistant history IE (64 files) (Registry key, fixing failed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

    Windows Explorer: User Assistant history files (1849 files) (Registry key, fixing failed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

    Windows Explorer: Last visited history (3 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

    Windows Explorer: Recent file global history (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Windows Explorer: Last Copy/MoveTo folder (Registry value, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder

    Windows Media SDK: Computer name (Registry change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

    Windows Media SDK: Computer name (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

    Windows Media SDK: Computer name (Registry change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

    Windows Media SDK: Unique ID (Registry change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

    Windows Media SDK: Unique ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

    Windows Media SDK: Unique ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

    Windows Media SDK: Volume serial number (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Windows Media SDK: Volume serial number (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Windows Media SDK: Volume serial number (Registry value, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Cookie: Cookie (9) (Cookie, fixed)


    Cache: Cache (1041) (Cache, nothing done)


    Cookie: Cookie (596) (Cookie, fixed)


    Cookie: Cookie (231) (Cookie, fixed)



    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2007-02-08 unins000.exe (51.41.0.0)
    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2005-05-31 Update.exe (1.4.0.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2007-01-15 advcheck.dll (1.2.1.0)
    2007-01-02 Tools.dll (2.0.1.0)
    2007-02-07 Includes\Cookies.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2007-02-07 Includes\Revision.sbi (*)
    2005-02-17 Includes\Tracks.uti (*)
    2007-02-07 Includes\DialerC.sbi (*)
    2007-02-07 Includes\HijackersC.sbi (*)
    2007-02-07 Includes\KeyloggersC.sbi (*)
    2007-02-07 Includes\MalwareC.sbi (*)
    2007-02-07 Includes\PUPSC.sbi (*)
    2007-02-07 Includes\SecurityC.sbi (*)
    2007-02-07 Includes\SpybotsC.sbi (*)
    2007-02-07 Includes\TrojansC.sbi (*)
    2006-12-08 Includes\Dialer.sbi (*)
    2007-02-07 Includes\Hijackers.sbi (*)
    2006-10-27 Includes\Keyloggers.sbi (*)
    2007-01-12 Includes\Malware.sbi (*)
    2007-01-19 Includes\PUPS.sbi (*)
    2006-12-08 Includes\Security.sbi (*)
    2007-02-02 Includes\Spybots.sbi (*)
    2006-12-08 Includes\Trojans.sbi (*)
     
  15. Killazys

    Killazys Thread Starter

    Joined:
    Feb 9, 2007
    Messages:
    1,416
    --- Report generated: 2007-02-10 11:53 ---

    Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2

    Common Dialogs: History (24 files) (Registry key, fixed)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

    MS Office 9.0: Recently used files (7 files) (Directory, nothing done)
    C:\Documents and Settings\username\Application Data\Microsoft\Office\Recent\

    Log: Activity: COM+.log (Backup file, nothing done)
    C:\WINDOWS\COM+.log

    Log: Activity: SchedLgU.Txt (Backup file, nothing done)
    C:\WINDOWS\SchedLgU.Txt

    Log: Activity: imsins.log (Backup file, nothing done)
    C:\WINDOWS\imsins.log

    Log: Activity: OEWABLog.txt (Backup file, nothing done)
    C:\WINDOWS\OEWABLog.txt

    Log: Install: comsetup.log (Backup file, nothing done)
    C:\WINDOWS\comsetup.log

    Log: Install: Directx.log (Backup file, nothing done)
    C:\WINDOWS\Directx.log

    Log: Install: ocgen.log (Backup file, nothing done)
    C:\WINDOWS\ocgen.log

    Log: Install: setupact.log (Backup file, nothing done)
    C:\WINDOWS\setupact.log

    Log: Install: setupapi.log (Backup file, nothing done)
    C:\WINDOWS\setupapi.log

    Log: Install: svcpack.log (Backup file, nothing done)
    C:\WINDOWS\svcpack.log

    Log: Install: wmsetup.log (Backup file, nothing done)
    C:\WINDOWS\wmsetup.log

    Log: Install: DtcInstall.log (Backup file, nothing done)
    C:\WINDOWS\DtcInstall.log

    Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\mofcomp.log

    Log: Shutdown: System32\wbem\logs\setup.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\setup.log

    Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemcore.log

    Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemess.lo_

    Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemess.log

    Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemprox.log

    Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\winmgmt.log

    Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wmiadap.log

    Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wmiprov.log

    Ahead Nero Burning Rom: Image directory (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\Software\Ahead\Nero - Burning Rom\Settings\ImageDir!=

    Ahead Nero Burning Rom: Compilation directory (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\Software\Ahead\Nero - Burning Rom\Settings\NeroCompilation!=

    Ahead Nero Burning Rom: Image directory (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Ahead\Nero - Burning Rom\Settings\ImageDir!=

    Ahead Nero Burning Rom: Compilation directory (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Ahead\Nero - Burning Rom\Settings\NeroCompilation!=

    Ahead Nero Burning Rom: Browser directory (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Ahead\Nero - Burning Rom\Settings\BrowserDir!=

    Ahead Nero Burning Rom: Working directory (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Ahead\Nero - Burning Rom\Settings\WorkingDir!=

    Internet Explorer: Typed URL list (7 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Internet Explorer\TypedURLs

    Internet Explorer: Download directory (Registry change, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Internet Explorer\Download Directory!=

    Internet Explorer: User agent (Registry change, fixed)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

    Internet Explorer: User agent (Registry change, fixed)
    HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

    Internet Explorer: User agent (Registry change, fixed)
    HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

    Internet Explorer: User agent (Registry change, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

    Internet Explorer: User agent (Registry change, fixed)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

    Internet Explorer: AutoComplete data (2 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Internet Explorer\IntelliForms\SPW

    MS Media Player: Application data file (global) () (File, nothing done)
    C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db

    MS Media Player: Client ID (Registry change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID!=

    MS Media Player: Client ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-19\Software\Microsoft\MediaPlayer\Player\Settings\Client ID!=

    MS Media Player: Client ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-20\Software\Microsoft\MediaPlayer\Player\Settings\Client ID!=

    MS Media Player: Client ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Player\Settings\Client ID!=

    MS Media Player: Anonymous ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

    MS Direct3D: Most recent application (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name!=

    MS Direct3D: Most recent application (Registry change, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Direct3D\MostRecentApplication\Name!=

    MS DirectDraw: Most recent application (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=

    MS DirectInput: Most recent application (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\DirectInput\MostRecentApplication\Name!=

    MS DirectInput: Most recent application ID (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\DirectInput\MostRecentApplication\Id!=

    MS Office 9.0: Internet history (Registry value, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Office\9.0\Common\Internet\LocationOfComponents

    MS Office 9.0: Access recent file (25 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Office\9.0\Access\Settings

    MS Office 9.0 (Word): Recently used file list (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Office\9.0\Word\Data\Settings

    MS Office 10.0 (Office Startup Assistant): Last used directory (Registry change, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Office\10.0\Osa\FindFile\Place!=

    MS Office 11.0: Last opened-from-web file (Registry value, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Office\11.0\Common\Internet\UseRWHlinkNavigation

    MS Office 11.0 (Document Imaging): Persistent filename list (4 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\MSPaper 11.0\Persist File Name

    MS Office 11.0 (Document Imaging): Recent file list (4 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\MSPaper 11.0\Recent File List

    MS Office 11.0 (Excel): Recent file list (4 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Office\11.0\Excel\Recent Files

    MS Office 11.0 (Office Startup Assistant): Last search location (Registry value, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Office\11.0\Osa\FindFile\Place

    MS Office 11.0 (Word): Recent file list (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Office\11.0\Word\Data\Settings

    MS Office 11.0 (Word): Letter wizard details (4 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Office\11.0\Word\Wizards\Letter Wizard\1033

    MS Search Assistant: Typed search terms history (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Search Assistant\ACMru

    Nikon View: Last used folder (Registry value, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Nikon\Nikon View\Browser\LastSettings\FolderPath

    Nikon View: Recent transfer folder list (11 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Nikon\Nikon View\Common\Destination

    SmartFTP: Connection servers history (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\SmartFTP\Connection Data

    SmartFTP: Last saved queue (Registry change, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\SmartFTP\Queue\Last File!=

    Windows: Drivers installation paths (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources!=

    Windows.OpenWith: Open with list - .ADP extension (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADP\OpenWithList

    Windows.OpenWith: Open with list - .AI extension (4 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AI\OpenWithList

    Windows.OpenWith: Open with list - .BIN extension (3 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BIN\OpenWithList

    Windows.OpenWith: Open with list - .BMP extension (5 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

    Windows.OpenWith: Open with list - .CSS extension (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSS\OpenWithList

    Windows.OpenWith: Open with list - .CSV extension (3 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList

    Windows Explorer: Recent wallpaper list (416 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

    Windows Explorer: Network map history (3 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Map Network Drive MRU

    Windows Explorer: Run history (2 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

    Windows Explorer: Stream history (127 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

    Windows Explorer: User Assistant history IE (64 files) (Registry key, fixing failed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

    Windows Explorer: User Assistant history files (1849 files) (Registry key, fixing failed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

    Windows Explorer: Last visited history (3 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

    Windows Explorer: Recent file global history (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Windows Explorer: Last Copy/MoveTo folder (Registry value, fixed)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder

    Windows Media SDK: Computer name (Registry change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

    Windows Media SDK: Computer name (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

    Windows Media SDK: Computer name (Registry change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

    Windows Media SDK: Unique ID (Registry change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

    Windows Media SDK: Unique ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

    Windows Media SDK: Unique ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

    Windows Media SDK: Volume serial number (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Windows Media SDK: Volume serial number (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-2000478354-329068152-725345543-1004\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Windows Media SDK: Volume serial number (Registry value, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Cookie: Cookie (9) (Cookie, fixed)


    Cache: Cache (1041) (Cache, nothing done)


    Cookie: Cookie (596) (Cookie, fixed)


    Cookie: Cookie (231) (Cookie, fixed)



    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2007-02-08 unins000.exe (51.41.0.0)
    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2005-05-31 Update.exe (1.4.0.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2007-01-15 advcheck.dll (1.2.1.0)
    2007-01-02 Tools.dll (2.0.1.0)
    2007-02-07 Includes\Cookies.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2007-02-07 Includes\Revision.sbi (*)
    2005-02-17 Includes\Tracks.uti (*)
    2007-02-07 Includes\DialerC.sbi (*)
    2007-02-07 Includes\HijackersC.sbi (*)
    2007-02-07 Includes\KeyloggersC.sbi (*)
    2007-02-07 Includes\MalwareC.sbi (*)
    2007-02-07 Includes\PUPSC.sbi (*)
    2007-02-07 Includes\SecurityC.sbi (*)
    2007-02-07 Includes\SpybotsC.sbi (*)
    2007-02-07 Includes\TrojansC.sbi (*)
    2006-12-08 Includes\Dialer.sbi (*)
    2007-02-07 Includes\Hijackers.sbi (*)
    2006-10-27 Includes\Keyloggers.sbi (*)
    2007-01-12 Includes\Malware.sbi (*)
    2007-01-19 Includes\PUPS.sbi (*)
    2006-12-08 Includes\Security.sbi (*)
    2007-02-02 Includes\Spybots.sbi (*)
    2006-12-08 Includes\Trojans.sbi (*)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/542682

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice