View Full Version : Serious Problems with Spybot
STPCowboy
2009-06-28, 07:54
This issue all started today, I had a suspicion that there might be something wrong with my system, so I started running my anti-virus programs, avira, advanced system care, IOBit 360 and then got to super antispyware professional and then spybot.
When I got to spybot, it would not start?! red flags, tried super and it would not start..... so friend had similar issues several weeks back and had told me he changed the exe names, by adding a one and they started working and cleaning, so I did that with super started the program and while it was scanning, went to spybot.....but could not find the exe file! So I began to go to work, got a hold of my buddy, we uninstalled SB and reinstalled it.....still no exe, then I went back to the SB home page (or at least attempted to go back) and was redirected. So after several attempts, my friend got the download zipped it up, emailed it to me, I opend it and reinstalled it (#2). Still no exe. meanwhile super had found loads of trojans, I quarantined them and tried to open SB again, nothing (#3), rebooted after uninstalling, while I was rebooting I decided I would go into safe mode and install it that way....(#4), nothing, no exe. So while all of this was going on (friend) emailed me his complete program file on SB and renamed it, when I opened it on the desktop it worked fine, found a Zlob and got ride of it rebooted and took that folder and set it into my programs folder and went to start it, nothing, went back opened it and guess what, no exe. so I uninstalled (#5). and now I am running a multi virus cleaner. But it's not finding anything as of yet.
Can someone help me I have a bug that is smart and does not like SB or Super Antispyware.
STPCowboy
2009-06-28, 18:42
Got up this morning and ran 6 different Anti programs along with my Avira antivir program all came back showing no viruses of any kind.
Installed SpyBot S&D again. No exe. uninstalled rebooted ran my friends program with the 1 added to the exe and it scanned and showed no viruses. I am at my wits end with this and need some help any and all suggestions would be greatly appreciated.
STPCowboy
2009-06-29, 02:54
Advanced System Care found the following:
Logfile of Advanced SystemCare 3 Registry Scan
Scan Date: 6/28/2009
OS Platform: Windows XP
x64 Bit: No
ASC Version: 3.3.1.652
Problems Count: 283
-----------------------------
[Unused File Extensions]
HKEY_CLASSES_ROOT\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79} N/A
[MRU Cache]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU a
[MRU Cache]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU MRUList
[MRU Cache]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU b
[MRU Cache]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU c
[MRU Cache]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\* a C:\Documents and Settings\Admin\Desktop\SpywareDoctorPortable.rar
[MRU Cache]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\* MRUList fedcba
[MRU Cache]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\* b C:\Program Files\Malwarebytes' Anti-Malware1\mbam-log-2009-06-28 (15-29-53).txt
[MRU Cache]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\* c C:\Documents and Settings\Admin\Desktop\Fishin Ain_t So Bad.wmv.AVI
[MRU Cache]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\* d C:\Documents and Settings\Admin\Desktop\Ding Fries Are Done.wmv
[MRU Cache]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\* e C:\Documents and Settings\Admin\Desktop\SD.Port.5.0.1.200.ML.UpDownWorld.net.exe
[MRU Cache]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\* f C:\WINDOWS\ServicePackFiles\i386\sr.sys
[MRU Cache]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\AVI a C:\Documents and Settings\Admin\Desktop\Fishin Ain_t So Bad.wmv.AVI
[MRU Cache]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\AVI MRUList a
[MRU Cache]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe a C:\Documents and Settings\Admin\Desktop\SD.Port.5.0.1.200.ML.UpDownWorld.net.exe
[MRU Cache]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe MRUList a
[MRU Cache]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\rar a C:\Documents and Settings\Admin\Desktop\SpywareDoctorPortable.rar
[MRU Cache]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\rar MRUList a
[MRU Cache]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\sys a C:\WINDOWS\ServicePackFiles\i386\sr.sys
[MRU Cache]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\sys MRUList a
[MRU Cache]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt a C:\Program Files\Malwarebytes' Anti-Malware1\mbam-log-2009-06-28 (15-29-53).txt
[MRU Cache]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt MRUList a
[MRU Cache]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\wmv a C:\Documents and Settings\Admin\Desktop\Ding Fries Are Done.wmv
[MRU Cache]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\wmv MRUList a
[Invalid Shortcuts]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Spybot - Search & Destroy N/A
[Nonexistent File Path]
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\ C:\DOCUME~1\Admin\LOCALS~1\Temp\Set55.tmp InstallShield (R) Setup Launcher
[Nonexistent File Path]
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\ C:\Documents and Settings\Admin\Desktop\mbam-setup(2).exe Malwarebytes' Anti-Malware
[Nonexistent File Path]
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\ C:\DOCUME~1\Admin\LOCALS~1\Temp\is-MGQLT.tmp\mbam-setup(2).tmp Setup/Uninstall
[Nonexistent File Path]
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\ C:\Documents and Settings\Admin\Desktop\New Folder\SpywareDoctorPortable\SpywareDoctorPortable.exe SpywareDoctor Portable
[Nonexistent File Path]
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\ C:\Documents and Settings\Admin\Desktop\New Folder\SpywareDoctorPortable\SpywareDoctor\swdoctor.exe Spyware Doctor
[Nonexistent File Path]
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\ C:\Documents and Settings\Admin\Desktop\New Folder\SpywareDoctorPortable\SpywareDoctor\SDLoader.exe SDLoader
[Nonexistent File Path]
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\ C:\Documents and Settings\Admin\Desktop\WindowsXP-KB835935-SP2-ENU.exe Self-Extracting Cabinet
[Nonexistent File Path]
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\ f:\2f1b05c787cd61dc3992e570b264945d\i386\update\update.exe Windows Service Pack Setup
[Nonexistent File Path]
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\ f:\e15b373fc37d07606c73\i386\update\update.exe Windows Service Pack Setup
[Nonexistent File Path]
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\ C:\Documents and Settings\Admin\Desktop\SD.Port.5.0.1.200.ML.UpDownWorld.net.exe 7z SFX
[Nonexistent File Path]
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\ C:\DOCUME~1\Admin\LOCALS~1\Temp\is-QSQNV.tmp\spybotsd162.tmp Setup/Uninstall
[Nonexistent File Path]
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\ C:\Program Files\Spybot - Search & Destroy\unins000.exe Setup/Uninstall
[Unused File Extensions]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xxx N/A
[Empty Registry Key]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79} N/A
[Deep Scan]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79} N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Test-Dummy\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-19\Printers\Connections\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-20\Printers\Connections\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Printers\Connections\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Windows 3.1 Migration Status\Groups\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Windows 3.1 Migration Status\IniFiles\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Printers\Connections\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Printers\DevModePerUser\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-19\Software\Microsoft\File Manager\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-19\Software\Microsoft\Microsoft Management Console\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-20\Software\Microsoft\File Manager\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-20\Software\Microsoft\Microsoft Management Console\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Boxshot3D\BoxShot3D\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Google\SketchUpViewer7\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\LeaderTech\HasbroReg\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\LeaderTech\Infogrames\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Macromedia\FlashPlayer\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\DIRECTPLAY\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\File Manager\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Net Framework Setup\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\SAPI Layer\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows Script Host\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\WinFXDocObj\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Mootools\ProOptimizer\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\NVIDIA Corporation\NVIDIA Control Panel\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Sonic\UpdateManager\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Stardock\Object Desktop\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Yahoo\YFriendsBar\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Microsoft\File Manager\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Microsoft\Microsoft Management Console\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Microsoft\User Location Service\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Script Host\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-19\Software\Microsoft\MediaPlayer\UIPlugins\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-19\Software\Microsoft\SystemCertificates\CA\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-19\Software\Microsoft\SystemCertificates\Disallowed\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-19\Software\Microsoft\SystemCertificates\trust\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-20\Software\Microsoft\MediaPlayer\UIPlugins\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-20\Software\Microsoft\SystemCertificates\CA\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-20\Software\Microsoft\SystemCertificates\Disallowed\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-20\Software\Microsoft\SystemCertificates\trust\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Adobe\Adobe Synchronizer\9.0\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Autodesk\SubscriptionCenter\Profile\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\BVRP Software\Motorola Phone Tools\Text Settings\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\CyberDefender\AntiSpyware\ReportToServerTmp\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\CyberDefender\AntiVirus\Install Information\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\InterVideo\Common\AUDIODEC\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\InterVideo\Common\NAVIGATOR\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Mediamatics\EffectFilters\ColorEffects\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\CTF\Assemblies\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Internet Explorer\TypedURLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Microsoft Management Console\Settings\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\smallfont\shell\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\SystemCertificates\ADDRESSBOOK\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\SystemCertificates\my\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\SystemCertificates\䅃\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\SystemCertificates\奍\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\SystemCertificates\摁牤獥䉳潯k\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\UCCPlatform\WindowsLiveMessenger\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\VBA\6.0\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Visual Basic\6.0\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\VisualStudio\8.0\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\VisualStudio\9.0\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Pure Networks\Network Magic\Map\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Roxio\DiscImageLoader\10.0\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Safer Networking Limited\SpybotSnD\Download directories\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Safer Networking Limited\SpybotSnD\InfoPanels\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\SUPERAntiSpyware.com\SUPERAntiSpyware\CLSIDRestoreList\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Uniblue\Registry Booster2\SystemRestore\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Xara\XaraX1\PlugIns\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Yahoo\pager\ABook\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Yahoo\pager\FileTransfer\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Yahoo\pager\IM UI Settings\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Yahoo\pager\test\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Yahoo\pager\Voice\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Adobe\Adobe Synchronizer\9.0\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Macromedia\Shockwave 10\products\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Security\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Health\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\UIPlugins\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\ADDRESSBOOK\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\my\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Roxio\EMC11\Common SDK\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-19\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-19\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Syncmgr\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\SystemCertificates\ca\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\SystemCertificates\disallowed\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\SystemCertificates\trust\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-20\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-20\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Syncmgr\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\SystemCertificates\ca\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\SystemCertificates\disallowed\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\SystemCertificates\trust\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Adobe\Acrobat Reader\9.0\AVConversionFromPDF\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Adobe\Acrobat Reader\9.0\AVConversionToPDF\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Internet Explorer\Main\FeatureControl\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Internet Explorer\New Windows\Allow\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Internet Explorer\Recovery\Active\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Internet Explorer\Security\P3Sites\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\MediaPlayer\Monitors\//./DISPLAY1\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\SystemCertificates\CA\CRLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\SystemCertificates\CA\CTLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\SystemCertificates\Disallowed\Certificates\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\SystemCertificates\Disallowed\CRLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\SystemCertificates\Disallowed\CTLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\SystemCertificates\Root\Certificates\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\SystemCertificates\Root\CRLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\SystemCertificates\Root\CTLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\SystemCertificates\trust\Certificates\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\SystemCertificates\trust\CRLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\SystemCertificates\trust\CTLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\SystemCertificates\TrustedPublisher\CRLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\SystemCertificates\TrustedPublisher\CTLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\DIFxApp\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Syncmgr\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Winlogon\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Motion Analysis\MACFileIO\3ds max\ExportHTR\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Motion Analysis\MACFileIO\3ds max\ImportHTR\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Motion Analysis\MACFileIO\3ds max\ImportTRC\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Nero\Nero BackItUp 4\Preferences\FTP\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\WIBU-SYSTEMS\WIBU-KEY\General\CurrentVersion\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Xara\WebDesigner\5.0\PlugIns\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Xara\XaraX\Version 3.0\PlugIns\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Xara\XaraX1\Options\NewTemplates\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Xara\XaraX1\Options\Templates\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Xara\XtremePro\4.0\PlugIns\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Yahoo\pager\CallService\LogLevels\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Yahoo\Profiles\cowboyputt\Skin\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Adobe\Acrobat Reader\9.0\AVConversionFromPDF\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Adobe\Acrobat Reader\9.0\AVConversionToPDF\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\CA\CRLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\CA\CTLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\Disallowed\Certificates\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\Disallowed\CRLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\Disallowed\CTLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\Root\Certificates\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\Root\CRLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\Root\CTLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\trust\Certificates\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\trust\CRLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\trust\CTLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\TrustedPublisher\CRLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\TrustedPublisher\CTLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Syncmgr\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Logitech\MouseWare\CurrentVersion\Control Center\Win16Hacks\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Screensavers\Bubbles\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Policies\Microsoft\SystemCertificates\ca\Certificates\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Policies\Microsoft\SystemCertificates\ca\CRLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Policies\Microsoft\SystemCertificates\ca\CTLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Policies\Microsoft\SystemCertificates\disallowed\Certificates\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Policies\Microsoft\SystemCertificates\disallowed\CRLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Policies\Microsoft\SystemCertificates\disallowed\CTLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Policies\Microsoft\SystemCertificates\trust\Certificates\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Policies\Microsoft\SystemCertificates\trust\CRLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Policies\Microsoft\SystemCertificates\trust\CTLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Policies\Microsoft\Windows\System\Scripts\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Xara\XaraX\Version 3.0\Options\Templates\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Xara\XtremePro\4.0\Options\Templates\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Yahoo\pager\profiles\cowboyputt\IM Services\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Yahoo\pager\profiles\cowboyputt\PSTN\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Yahoo\pager\profiles\cowboyputt\SearchKeywords\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Yahoo\pager\profiles\cowboyputt\Webcam\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Yahoo\pager\profiles\cowboyputt\YbSkin\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Yahoo\pager\profiles\cowboyputt\YPC\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\SystemCertificates\ca\Certificates\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\SystemCertificates\ca\CRLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\SystemCertificates\ca\CTLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\SystemCertificates\disallowed\Certificates\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\SystemCertificates\disallowed\CRLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\SystemCertificates\disallowed\CTLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\SystemCertificates\trust\Certificates\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\SystemCertificates\trust\CRLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\SystemCertificates\trust\CTLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\c\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\f\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.al8\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.AVI\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.bmp\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.log\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.msg\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.png\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.rar\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.sbi\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.sbs\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.web\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.wmv\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.zip\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Telephony\HandoffPriorities\MediaModes\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\DUIBags\ShellFolders\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\DUIBags\ShellFolders\{21EC2020-3AEA-1069-A2DD-08002B30309D}\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Yahoo\pager\profiles\cowboyputt\IMVironments\Recent\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Yahoo\pager\profiles\cowboyputt\Voice\CallLog\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Telephony\HandoffPriorities\MediaModes\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\bmp\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\jpg\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\png\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\zip\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msc\OpenWithList\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xxx\OpenWithList\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\000000000001050c\StartupHasBeenRun\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\STP_Cowboy\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\iexplore\AllowedDomains\ N/A
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\iexplore\AllowedDomains\microsoft.com\ N/A
[Deep Scan]
HKEY_CURRENT_USER\Control Panel\Desktop\ SCRNSAVE.EXE C:\WINDOWS\System32\logon.scr
[Deep Scan]
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory\ 0 C:\Documents and Settings\Admin\Desktop\SpywareDoctorPortable.rar
[Deep Scan]
HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath\ 0 C:\Documents and Settings\Admin\Desktop\New Folder
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Control Panel\Desktop\ SCRNSAVE.EXE C:\WINDOWS\System32\logon.scr
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\WinRAR\ArcHistory\ 0 C:\Documents and Settings\Admin\Desktop\SpywareDoctorPortable.rar
[Deep Scan]
HKEY_USERS\S-1-5-21-1606980848-776561741-839522115-1003\Software\WinRAR\DialogEditHistory\ExtrPath\ 0 C:\Documents and Settings\Admin\Desktop\New Folder
Malwarebytes found the following on the first scan:
Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 3
6/28/2009 1:13:36 PM
mbam-log-2009-06-28 (13-13-36).txt
Scan type: Quick Scan
Objects scanned: 89577
Time elapsed: 19 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{1d4f2e55-a115-428e-98c7-975ba7f89e91} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\groovebinary (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Common Files\Groove\GrooveBinary.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> Delete on reboot.
The two trojans above are not going away!!!!
Malwarebytes' Anti-Malware 1.38
Database version: 2347
Windows 5.1.2600 Service Pack 3
6/28/2009 6:27:59 PM
mbam-log-2009-06-28 (18-27-59).txt
Scan type: Quick Scan
Objects scanned: 92756
Time elapsed: 8 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> Delete on reboot.
Malwarebytes report:
Malwarebytes' Anti-Malware 1.38
Database version: 2347
Windows 5.1.2600 Service Pack 3
6/28/2009 6:27:59 PM
mbam-log-2009-06-28 (18-27-59).txt
Scan type: Quick Scan
Objects scanned: 92756
Time elapsed: 8 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> Delete on reboot.
STPCowboy
2009-06-29, 03:20
3rd run through with Malwarebytes:
Same trojan in the same file, it is not going away. Even when I run spybot, it does not show it. (having to run spybot.exe as a spybot1.exe)
Malwarebytes' Anti-Malware 1.38
Database version: 2347
Windows 5.1.2600 Service Pack 3
6/28/2009 7:16:28 PM
mbam-log-2009-06-28 (19-16-20).txt
Scan type: Quick Scan
Objects scanned: 92626
Time elapsed: 5 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> No action taken.
Hello STPCowboy,
Unfortunately because of the volume of posts to your own topic, it would have appeared to volunteer analysts that you were already being assisted as they look for topics with no response.
If you still need help can you produce a HJT log as shown here:
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
If so please start a new topic and copy paste it into that, providing a link back to this thread.
Best regards.