Help needed with Spybot S&D Results

  • Thread starter Thread starter John Latter
  • Start date Start date
J

John Latter

Usually I just use Spybot S&D to do a check all but up until a few
minutes ago I've never included 'Systems Internals', 'Usage Tracking",
and 'Tracks.uti' under the 'File Sets' options under Settings.

And now I wish I hadn't done so!

I've appended the results below, and while I don't expect anyone to go
through the lot, I would be very grateful for any advice or pointers
on what I should do!

Thankyou in advance!

Alexa Related: What's related link (Replace file, fixed)
C:\WINDOWS\Web\related.htm

Windows Registry: vemail.hlp (Missing helpfile, fixed)
C:\Program Files\NCH Swift Sound\Vemail

Windows Registry: (Missing shared DLL, nothing done)


Windows Registry: C:\WINDOWS\Downloaded Program
Files\ActiveInstall.dll (Missing shared DLL, nothing done)
ActiveInstall.dll

Windows Registry: c:\program files\AOLpress.exe (Missing shared DLL,
nothing done)
AOLpress.exe

Windows Registry: install.exe (Wrong app path, fixed)


Windows Registry: setup.exe (Wrong app path, nothing done)


Windows Registry: winnt32.exe (Wrong app path, nothing done)


Windows Registry: yourapp.Exe (Wrong app path, nothing done)
C:\Program Files\VIA Technologies, INC.\USB 2.0 Setup
program\yourapp.Exe

Windows Registry: table30.exe (Wrong app path, nothing done)


Windows Registry: Script Sentry.exe (Wrong app path, nothing done)


Windows Registry: ICQPatchManager.exe (Wrong app path, nothing done)


Windows Registry: arcsoft.exe (Wrong app path, nothing done)


Windows Registry: cmmgr32.exe (Wrong app path, nothing done)


Windows Registry: CDEngine.dll (Wrong app path, nothing done)


Windows Registry: ActiveListServer.exe (Wrong app path, nothing done)


Windows Registry: ActiveListManager.exe (Wrong app path, nothing done)


Adobe Acrobat Reader 5: Last selected preference panel (Registry
value, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Adobe\Acrobat
Reader\5.0\PrefsDialog\aLastPrefsPanel

Internet Explorer: AutoComplete data ( (1 files)) (Registry key,
nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\Internet
Explorer\IntelliForms\SPW

Internet Explorer: Cookies ( (175 cookies)) (Directory, nothing done)
C:\Documents and Settings\John Robert\Cookies

Internet Explorer: Download directory (Registry change, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\Internet
Explorer\Download Directory=

Internet Explorer: Last used directory (Registry change, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\Internet
Explorer\Main\Save Directory=

Internet Explorer: Temporary internet files ( (4613 entries)) (Empty
cache, nothing done)

Internet Explorer: URL history #1 ( (25 files)) (Registry key, nothing
done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\Internet
Explorer\TypedURLs

Internet Explorer: User agent (Registry change, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\User Agent=Mozilla/4.0 (compatible; MSIE; Win32)

Internet Explorer: User agent (Registry change, nothing done)

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\User Agent=Mozilla/4.0 (compatible; MSIE; Win32)

Internet Explorer: User agent (Registry change, nothing done)

HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\User Agent=Mozilla/4.0 (compatible; MSIE; Win32)

Internet Explorer: User agent (Registry change, nothing done)

HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\User Agent=Mozilla/4.0 (compatible; MSIE; Win32)

Internet Explorer: User agent (Registry change, nothing done)

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\User Agent=Mozilla/4.0 (compatible; MSIE; Win32)

Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log

Log: Activity: OEWABLog.txt (Backup file, nothing done)
C:\WINDOWS\OEWABLog.txt

Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log

Log: Install: Directx.log (Backup file, nothing done)
C:\WINDOWS\Directx.log

Log: Install: DtcInstall.log (Backup file, nothing done)
C:\WINDOWS\DtcInstall.log

Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log

Log: Install: setupact.log (Backup file, nothing done)
C:\WINDOWS\setupact.log

Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log

Log: Install: setuperr.log (Backup file, nothing done)
C:\WINDOWS\setuperr.log

Log: Install: setuplog.txt (Backup file, nothing done)
C:\WINDOWS\setuplog.txt

Log: Install: svcpack.log (Backup file, nothing done)
C:\WINDOWS\svcpack.log

Log: Install: wmsetup.log (Backup file, nothing done)
C:\WINDOWS\wmsetup.log

Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing
done)
C:\WINDOWS\System32\wbem\logs\mofcomp.log

Log: Shutdown: System32\wbem\logs\setup.log (Backup file, nothing
done)
C:\WINDOWS\System32\wbem\logs\setup.log

Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing
done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log

Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing
done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing
done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing
done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log

Log: Shutdown: System32\wbem\logs\wbemsnmp.log (Backup file, nothing
done)
C:\WINDOWS\System32\wbem\logs\wbemsnmp.log

Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing
done)
C:\WINDOWS\System32\wbem\logs\winmgmt.log

Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file, nothing
done)
C:\WINDOWS\System32\wbem\logs\wmiadap.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing
done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

Mozilla: browser cache ( (default)) (Directory, nothing done)
C:\Documents and Settings\John Robert\Application
Data\Mozilla\Profiles\default\g16hc9b2.slt\Cache

Mozilla: Browser history ( (default)) (File, nothing done)
C:\Documents and Settings\John Robert\Application
Data\Mozilla\Profiles\default\g16hc9b2.slt\history.dat

Mozilla: Cookies ( (default)) (Change file, nothing done)
C:\Documents and Settings\John Robert\Application
Data\Mozilla\Profiles\default\g16hc9b2.slt\cookies.txt

MS Media Player: Application data file ( ()) (File, nothing done)
C:\Documents and Settings\All Users\Application Data\Microsoft\Media
Index\wmplibrary_v_0_12.db

MS Media Player: Last CD record path (Registry change, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\MediaPlayer\Preferences\CDRecordPath=

MS Media Player: Last opened playlist (Registry value, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist

MS Media Player: Last selected track index (Registry value, nothing
done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\MediaPlayer\Preferences\LastPlaylistIndex

MS Media Player: Recent open directory (Registry change, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\MediaPlayer\Player\Settings\OpenDir=

MS Media Player: Recent URL list ( (1 files)) (Registry key, nothing
done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\MediaPlayer\Player\RecentURLList

MS Regedit: Recent open key (Registry change, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey=

MS Search Assistant: Typed search terms history (Registry key, nothing
done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\Search
Assistant\ACMru

Opera: Browser cache ( (4399 files)) (Directory, nothing done)
C:\Program Files\Opera7\Cache4\

Opera: URL history ( ()) (File, nothing done)
C:\Program Files\Opera7\global.dat

RealOne Player 2 (aka RealPlayer 6.0): Last open file directory
(Registry change, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\RealNetworks\RealPlayer\6.0\Preferences\LastOpenFileDir\=

RealOne Player 2 (aka RealPlayer 6.0): Open URL clips #1 (Registry
change, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\RealNetworks\RealPlayer\6.0\Preferences\OpenLocationClips1\=

Windows Explorer: Program run history ( (2 entries)) (Registry key,
nothing done)

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: Recent file global history (Registry key, nothing
done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005_Classes\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recent file global history (Registry key, nothing
done)

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recent file global history (Registry key, nothing
done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recent file global history (Registry key, nothing
done)

HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recent file global history (Registry key, nothing
done)

HKEY_USERS\S-1-5-20_Classes\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recent file global history (Registry key, nothing
done)

HKEY_USERS\S-1-5-19_Classes\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recent file global history (Registry key, nothing
done)

HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recent file global history (Registry key, nothing
done)

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Recently opened files ( (846 links)) (Directory,
nothing done)
C:\Documents and Settings\John Robert\Recent

Windows Explorer: Run history ( (3 files)) (Registry key, nothing
done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: Stream history ( (15 files)) (Registry key, nothing
done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: User Assistant history files ( (417 files))
(Registry key, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: User Assistant history IE ( (35 files)) (Registry
key, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows
Media\WMSDK\General\ComputerName=ComputerName

Windows Media SDK: Computer name (Registry change, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\Windows
Media\WMSDK\General\ComputerName=ComputerName

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows
Media\WMSDK\General\ComputerName=ComputerName

Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows
Media\WMSDK\General\UniqueID={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Unique ID (Registry change, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\Windows
Media\WMSDK\General\UniqueID={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows
Media\WMSDK\General\UniqueID={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows
Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: Volume serial number (Registry value, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\Windows
Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows
Media\WMSDK\General\VolumeSerialNumber

Windows.OpenWith: Open with list - .ADR extension ( (3 files))
(Registry key, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADR\OpenWithList

Windows.OpenWith: Open with list - .ASF extension ( (2 files))
(Registry key, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASF\OpenWithList

Windows.OpenWith: Open with list - .AVI extension ( (2 files))
(Registry key, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: Open with list - .BAK extension ( (2 files))
(Registry key, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BAK\OpenWithList

Windows.OpenWith: Open with list - .BAS extension ( (4 files))
(Registry key, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BAS\OpenWithList

Windows.OpenWith: Open with list - .BMP extension ( (6 files))
(Registry key, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: Open with list - .C extension ( (4 files)) (Registry
key, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.C\OpenWithList

Windows.OpenWith: Open with list - .CAB extension ( (2 files))
(Registry key, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CAB\OpenWithList

Windows.OpenWith: Open with list - .CDA extension ( (4 files))
(Registry key, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList

Windows.OpenWith: Open with list - .CFG extension ( (3 files))
(Registry key, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CFG\OpenWithList

Windows.OpenWith: Open with list - .CHM extension ( (2 files))
(Registry key, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CHM\OpenWithList

Windows.OpenWith: Open with list - .CPP extension ( (4 files))
(Registry key, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CPP\OpenWithList

Windows.OpenWith: Open with list - .CSS extension ( (3 files))
(Registry key, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSS\OpenWithList

WinZip: Add files directory (Registry change, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Nico
Mak Computing\WinZip\directories\gzAddDir=

WinZip: Add files directory (Registry change, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Nico
Mak Computing\WinZip\directories\AddDir=

WinZip: Default directory (Registry change, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Nico
Mak Computing\WinZip\directories\zDefDir=

WinZip: Default directory (Registry change, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Nico
Mak Computing\WinZip\directories\DefDir=

WinZip: Destination directory (Registry change, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Nico
Mak Computing\WinZip\directories\gzExtractTo=

WinZip: Destination directory (Registry change, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Nico
Mak Computing\WinZip\directories\ExtractTo=

WinZip: Number of times run (Registry change, nothing done)

HKEY_USERS\S-1-5-21-1282138258-1614765859-3779935395-1005\Software\Nico
Mak Computing\WinZip\rrs\Opened=


--- Spybot-S&D version: 1.2 ---
2003-01-22 Includes\plugin-ignore.ini
2003-06-24 Includes\Security.sbi
2003-06-24 Includes\Cookies.sbi
2003-07-17 Includes\Trojans.sbi
2003-08-01 Includes\Keyloggers.sbi
2003-08-28 Includes\Temporary.sbi
2003-08-31 Includes\Hijackers.sbi
2003-08-31 Includes\Spybots.sbi
2003-08-31 Includes\Malware.sbi
2003-08-31 Includes\Dialer.sbi
2003-08-31 Includes\Tracks.uti

--

John Latter

The 'Socially Acceptable Violence' website:
http://members.aol.com/jorolat/sac.html

Model of an Internal Evolutionary Mechanism
http://members.aol.com/jorolat/TEM.html
 
John said:
Usually I just use Spybot S&D to do a check all but up until a few
minutes ago I've never included 'Systems Internals', 'Usage Tracking",
and 'Tracks.uti' under the 'File Sets' options under Settings.

And now I wish I hadn't done so!

I've appended the results below, and while I don't expect anyone to go
through the lot, I would be very grateful for any advice or pointers
on what I should do!

Thankyou in advance!

Alexa Related: What's related link (Replace file, fixed)
C:\WINDOWS\Web\related.htm
Click to expand...

Replaced with a "benign" substitute I believe.
Windows Registry: vemail.hlp (Missing helpfile, fixed)
C:\Program Files\NCH Swift Sound\Vemail
Click to expand...

"Fixed" the invalid registry entry... but doesn't say how. Probably
nothing critical, since it's just a pointer to a help file.
Windows Registry: (Missing shared DLL, nothing done)
Click to expand...

Most of the rest seems to just identify "discrepencies" in the registry,
but left them alone. Sometimes these are not actually errors, just
pointers to things that aren't installed (any more or ever). I'd suggest
doing a registry clean with something like jv16 (allow it to back up
changes) and you'll be given more info on any problems found. Then rerun
this if you want. My take is that there's nothing critical there that's
amiss.
<snip scarey stuff>
 
Replaced with a "benign" substitute I believe.


"Fixed" the invalid registry entry... but doesn't say how. Probably
nothing critical, since it's just a pointer to a help file.


Most of the rest seems to just identify "discrepencies" in the registry,
but left them alone. Sometimes these are not actually errors, just
pointers to things that aren't installed (any more or ever). I'd suggest
doing a registry clean with something like jv16 (allow it to back up
changes) and you'll be given more info on any problems found. Then rerun
this if you want. My take is that there's nothing critical there that's
amiss.
<snip scarey stuff>
Click to expand...

Thanks Alan - I've got jv16 somewhere (not that I'll know what I'm
doing with it!) so I'll give it a whirl.

I asked Spybot to 'fix' the 2 entries you referred to - and then I
thought, maybe I had better ask first..!

I am a bit concerned about the AOLPress entry but I'll try
uninstall/reinstall to see what happens - thanks again!

--

John Latter

The 'Socially Acceptable Violence' website:
http://members.aol.com/jorolat/sac.html

Model of an Internal Evolutionary Mechanism
http://members.aol.com/jorolat/TEM.html
 
I am a bit concerned about the AOLPress entry but I'll try
uninstall/reinstall to see what happens - thanks again!
Click to expand...
AOLPress is a nasty WYSIWYG web page maker that I was illadvised enough to
install long ago, and needed MVP help to get rid of, as it won't
uninstall.

If you've got it, get rid, there's much better progs - if you haven't got
it, deleting that entry is fine

mike r
 
I am a bit concerned about the AOLPress entry but I'll try
uninstall/reinstall to see what happens - thanks again!
Click to expand...

AOLPress, AFAIK, is a HTML editor that (used to be) free from AOL.
 
Back
Top