PDA

View Full Version : problem or not?


liv2padl
2005-12-15, 19:17
i've been using Spybot S&D for 8 months now and have always gotten a "Congratulations! No immediate threats were found" result.

today however, in addition to the green checkmark and the Congratulations etc. result, i also got a list below the green checkmark with boxes i can check or not check. these include: Cache, Common Dialogs, Cookies, MS Search Assistant, Windows Explorer, Windows.OpenWith, Log. there's a little "plus" sign next to each box and if i click on this, i get an expanded list with a total of 40 or so entries within these headings. the entries in question all seem to be Registry keys, Registry Values or Registry changes.

my question is: i've never gotten these sub-categories before so why now? and what am i supposed to do with the results? check them and delete them? ignore them? here's the log file in question ... i'm new here so i hope this is proper procedure. i'm trying to give you all the info you'll need in order to help.

thanks very much, dan

--- Report generated: 2005-12-15 08:41 ---

Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt

Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1059259515-4042606240-933593411-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

MS Media Player: Application data file (global) () (File, nothing done)
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db

MS Media Player: Anonymous ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1059259515-4042606240-933593411-1003\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

MS Search Assistant: Typed search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1059259515-4042606240-933593411-1003\Software\Microsoft\Search Assistant\ACMru

Windows: Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources!=

Windows.OpenWith: Open with list - .ASF extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1059259515-4042606240-933593411-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASF\OpenWithList

Windows.OpenWith: Open with list - .ASX extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1059259515-4042606240-933593411-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASX\OpenWithList

Windows.OpenWith: Open with list - .BMP extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1059259515-4042606240-933593411-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: Open with list - .CDA extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1059259515-4042606240-933593411-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList

Windows.OpenWith: Open with list - .CSV extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1059259515-4042606240-933593411-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList

Windows Explorer: Recent wallpaper list (74 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1059259515-4042606240-933593411-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

Windows Explorer: Stream history (44 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1059259515-4042606240-933593411-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: User Assistant history IE (4 files) (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: User Assistant history IE (1323 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1059259515-4042606240-933593411-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: User Assistant history IE (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: User Assistant history files (1 files) (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: User Assistant history files (731 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1059259515-4042606240-933593411-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: User Assistant history files (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1059259515-4042606240-933593411-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1059259515-4042606240-933593411-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1059259515-4042606240-933593411-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cookie: Cookie (10) (Cookie, nothing done)

Congratulations!: No immediate threats were found. ()

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-07-16 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-12-09 Includes\Cookies.sbi (*)
2005-12-09 Includes\Dialer.sbi (*)
2005-12-09 Includes\Hijackers.sbi (*)
2005-12-09 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-12-09 Includes\Malware.sbi (*)
2005-12-09 Includes\PUPS.sbi (*)
2005-12-09 Includes\Revision.sbi (*)
2005-12-09 Includes\Security.sbi (*)
2005-12-09 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2005-12-09 Includes\Trojans.sbi (*)
md usa spybot fan
2005-12-15, 19:51
You are now scanning for "Usage Tracks" as well as spyware:
Go into Spybot > Mode > Advanced Mode > Settings > File Sets. The last two items are "Usage Tracks" and should only be checked if you want to check for them (I personally don't). The first of these two items (Usage Tracking) lists IE Cache (temporary internet files), Common Dialogs, Cookies and some Logs. The second item (Tracks.uti) is primarily for detecting MRU (most recently used) lists.

From Spybot's help facility:


Usage tracks

Usage tracks are your fingerprints in your system. Whenever you visit a page with your browser, or just open any file, that information is stored deep inside Windows. In most cases that is very useful – if you want to open that file again, you can select it from a list instead of typing the whole filename or browsing the whole directory structure again.

But in some cases you may want to hide your activity, because spyware and internet attackers may use that information. Spybot - Search & Destroy can remove some of the most important and common tracks on your system.
liv2padl
2005-12-15, 20:40
ah, i see ... should I/can I delete these with no problem? why do they all seem to be Registry related?

thanks again, dan
md usa spybot fan
2005-12-15, 21:33
I personally use the following program to delete IE Cache (temporary internet files), cookies and Windows temporary files:
IE Privacy Keeper
http://browsertools.net/IE-Privacy-Keeper/

I do not usually delete MRU (most recently used) lists because I find many of them useful. You should be able to delete them without causing problems, but may miss some of the lists. If you plan on deleting them, I suggest that you expand the items first (plus sign (+) in front of the item) and see if you can determine what will be deleted before you actually delete it.

Most MRU lists are stored in the system registry rather than in an application file someplace.